American Express Global Credit Authorization Guide April 2016 Apr

User Manual:

Open the PDF directly: View PDF .
Page Count: 300

Download
Open PDF In Browser	View PDF

AMERICAN EXPRESS
GLOBAL CREDIT AUTHORIZATION GUIDE
ISO 8583:1993 (VERSION 1)
APRIL 2016

GLOBAL MERCHANT SERVICES

table of contents

Copyright © 2004-2016 American Express Travel Related Services Company, Inc. All rights reserved. This
document contains sensitive, confidential and trade secret information; and no part of it shall be disclosed to
third parties or reproduced in any form or by any electronic or mechanical means, including without limitation
information storage and retrieval systems, without the express prior written consent of American Express
Travel Related Services Company, Inc.

American Express Proprietary & Confidential

Global Credit Authorization Guide ISO Format

Summary of Changes Table
The Summary of Changes is a broad overview of technical changes made to the specification since its last
publication. This information may affect the way a Merchant, Third Party Processor or Vendor processes
American Express Card transactions. Other changes, including but not limited to, clarification and
consistency updates are included in the Revision Log located at the back of this guide.
Data Element or
Section Number

Description of Change
GENERAL CHANGES
Added verbiage for Payment Token and/or Digital Wallet functionality to the following:
• 1100 message: DF 2, DF 14, DF 22, DF 24, DF 60, DF 61
• 1110 message: DF 34, DF 60
• Section 1.5: Related Documents
• Section 5.0 Card Acceptance Supported Services
• Section 5.4.2.1 Expresspay Transit Transactions at Transit Access Terminals
• Section 5.8 Digital Wallet Payments
• Section 6.1 Payment Token Transactions
Added verbiage for Derived Unique Key Per Transaction (DUKPT) functionality to the following:
• 1100 message: DF 53
• Section 6.5.2 Derived Unique Key Per Transaction (DUKPT)
1100 AUTHORIZATION REQUEST MESSAGE

DF 22: Point of Service Data
Code

In the Point of Service Data Code tables, made the following changes and updates to include
Payment Token functionality:
• Position 1, removed value ‘X’ as a valid value.
• Position 5, value 4, at the end of the description, added ‘delayed shipment, split bill
transactions’.
• Position 6, added value ‘Z’ to identify Digital Wallet transactions.
• Position 7, removed values ‘X’ and ‘Y’ as valid values. For value 5, added verbiage for
Digital Wallet and Payment Token functionality.
Removed references to magnetic stripe signature.

DF 24: Function Code

In the description, added verbiage to the function code table for ‘196=Expresspay Translation
(PAN & Expiration Date Request)’.

DF 43: Card Acceptor
Name/Location

Updated field for clarity around formatting for Payment Service Providers (Aggregators) and
OptBlue Participants.

DF 62: Private Use Data

Removed references to magnetic stripe signature.

This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.

April 2016

Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

table of contents

this page intentionally left blank

April 2016


American Express Proprietary & Confidential

Global Credit Authorization Guide ISO Format

Table of Contents
Summary of Changes Table................................................................................................ i
1.0

About the Global Credit Authorization Guide......................................................1
1.1
1.2
1.3

1.4
1.5

2.0

Implementation Planning........................................................................................5
2.1
2.2
2.3
2.4
2.5
2.6

3.0
4.0

Overview of Implementation Planning .................................................................................... 5
Development Responsibilities ................................................................................................. 6
Development Steps.................................................................................................................. 7
Hardware Requirements .......................................................................................................... 7
Communications Options ......................................................................................................... 7
Leased Lines............................................................................................................................. 7

Card Acceptance Guidelines .................................................................................9
Guidelines for Using the GCAG ISO 8583 Message Formats ..........................11
4.1
4.2

5.0

Who Should Use the GCAG ISO .............................................................................................. 1
Document Changes .................................................................................................................. 1
Communication Process........................................................................................................... 2
1.3.1 Semi-Annual Publication Process............................................................................... 2
1.3.2 Notice of Specification Changes ................................................................................ 2
1.3.3 Technical Bulletins...................................................................................................... 2
Contact Information ................................................................................................................. 2
Related Documents.................................................................................................................. 3

Variations in Messaging ........................................................................................................ 14
ISO 8583 Message Formats................................................................................................... 14
4.2.1 Authorization Request/Response ............................................................................. 14
4.2.2 Reversal Advice Request/Response......................................................................... 15
4.2.3 Network Management Request/Response .............................................................. 16

Card Acceptance Supported Services ...............................................................17
5.1

5.2
5.3

5.4

5.5
5.6

5.7

Online Authorizations ............................................................................................................ 18
5.1.1 Non-Referral Link...................................................................................................... 18
5.1.2 Referral Queue.......................................................................................................... 20
5.1.3 Referral Queue — Referral Mode............................................................................ 22
American Express OptBlue® Program.................................................................................... 23
Prepaid Card Authorizations .................................................................................................. 24
5.3.1 Partial Authorization ................................................................................................. 24
5.3.2 Authorization with Balance Return .......................................................................... 25
Chip Card Authorizations ....................................................................................................... 26
5.4.1 AEIPS......................................................................................................................... 26
5.4.2 Expresspay ................................................................................................................ 28
Recurring Billing and Standing Authorization ....................................................................... 30
Batch Authorizations.............................................................................................................. 31
5.6.1 Message Separation................................................................................................. 32
5.6.2 Supported File Layouts ............................................................................................. 33
Authorization Amount Adjustment ........................................................................................ 39

April 2016

iii


Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

Table of Contents
5.8

5.9

6.0

Fraud Prevention Services....................................................................................43
6.1
6.2

of contents
table
es
of chang

6.3

6.4
6.5

7.0

9.0

Primary Bit Map ..................................................................................................................... 53
Secondary Bit Map................................................................................................................. 55

ISO 8583 Authorization Request/Response Message Formats.......................59
8.1
8.2

1100 Authorization Request .................................................................................................. 59
1110 Authorization Response .............................................................................................. 179

ISO 8583 Reversal Advice Request/Response Message Formats ...............219
9.1
9.2

10.0

Payment Token Transactions ................................................................................................. 43
Verification Services .............................................................................................................. 44
6.2.1 Enhanced Authorization............................................................................................ 44
Electronic Verification Services ............................................................................................. 46
6.3.1 Card Identifier (CID) Verification............................................................................... 46
6.3.2 Automated Address Verification (AAV) .................................................................... 47
6.3.3 ZIP Code Verification ................................................................................................ 47
6.3.4 Telephone Number Verification................................................................................ 48
6.3.5 Email Address Verification ....................................................................................... 49
American Express SafeKeySM................................................................................................. 50
Online PIN .............................................................................................................................. 51
6.5.1 Master/Session Key Management Methodology .................................................... 51
6.5.2 Derived Unique Key Per Transaction (DUKPT).......................................................... 52

ISO 8583 Message Bit Map Table........................................................................53
7.1
7.2

8.0

Digital Wallet Payments ........................................................................................................ 39
5.8.1 In-Store Digital Wallet Transactions........................................................................ 39
5.8.2 In-App Transactions.................................................................................................. 40
Other Authorization Services ................................................................................................. 41
5.9.1 American Express Travelers Cheque Verifications................................................... 41
5.9.2 Non-American Express Card Authorizations ............................................................ 41

1420 Reversal Advice Request ............................................................................................ 220
1430 Reversal Advice Response.......................................................................................... 237

ISO 8583 Network Management Request/Response Message Formats ....247
10.1 1804 Network Management Request.................................................................................. 248
10.2 1814 Network Management Response ............................................................................... 258

11.0

Examples of Typical Message Formats............................................................269
11.1 1100 Authorization Request Message — Card Present Transaction with
AAV & CID/4DBC/4CSC — American Express ................................................................... 269
11.2 1100 Authorization Request Message — Card Not Present Transaction with
AAV & CID/4DBC/4CSC — American Express ................................................................... 271
11.3 1110 Authorization Response Message — American Express........................................... 273
11.4 1420 Reversal Advice Request Message ............................................................................ 274
11.5 1430 Reversal Advice Response Message.......................................................................... 276
11.6 1804 Network Management Request Message.................................................................. 277

April 2016


American Express Proprietary & Confidential

Global Credit Authorization Guide ISO Format

Table of Contents
11.7 1814 Network Management Response Message ............................................................... 277

12.0

Revision Log ..........................................................................................................279

April 2016


Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

Table of Contents

of contents
table
es
of chang
vi

this page intentionally left blank

April 2016

American Express Proprietary & Confidential

1.0

Global Credit Authorization Guide ISO Format

About the Global Credit Authorization Guide
The American Express Global Credit Authorization Guide (GCAG) ISO contains software
development instructions for use of the American Express Authorization System. These instructions
enable programmers to code software in accordance with American Express requirements.
American Express will allow users that conform to this specification and pass our certification tests
to access the American Express Global Network to obtain authorizations for financial transactions.
Use of this specification prior to certification is prohibited.

1.1

Who Should Use the GCAG ISO
The GCAG ISO is written for Merchants, authorized Third Party Processors, OptBlue
Participants, Payment Service Providers (Aggregators) and Vendors.
In this guide, the terms Merchant, Seller, Service Establishment or SE, and Card Acceptor
are used interchangeably to refer to businesses that are approved to accept American
Express and/or American Express Partners' Cards as payment for goods and/or services.
The GCAG ISO is based on International Standard ISO 8583:1993, Financial Transaction
Card Originated Interchange Message Specifications.

1.2

Document Changes
Changes to the GCAG ISO are identified in various ways.
Summary of Changes Table — The GCAG ISO begins with a Summary of Changes table
that provides a broad overview of technical and/or data field changes since the last
publication. The summary includes the following:
•
•

The data field or section where revision occurred
A brief description of the revision

Revision Mark — Throughout this document, revised areas that may affect the way a
Merchant, Third Party Processor or Vendor processes transactions are indicated with a
revision mark. This mark appears in the page margin, next to where a change was made.
See example of a revision mark at left. Removed text will not have a revision mark.
Changes may or may not be indicated with a revision mark.
Revision Log — The Revision Log is the last section in this document, and it contains a
condensed overview of changes made in the last three publications.

April 2016

Global Credit Authorization Guide ISO Format

1.3

American Express Proprietary & Confidential

Communication Process
This section outlines how changes to American Express Technical Specifications are
communicated.

1.3.1

Semi-Annual Publication Process
The American Express Network publishes Technical Specifications twice each
year, in April and October. Specification changes, which will require technical
changes to implement or support, as well as any certification requirements
and/or compliance dates, will be communicated six months prior to publication
in a Notice of Specification Changes (NOSC).

table of contents

1.3.2

Notice of Specification Changes
Notice of Specification Changes (NOSC) are also published twice each year, in
April and October. In each edition, changes to existing, or the introduction of
new features and functionality will be announced. These changes will be
incorporated into the next editions of the Technical Specifications.

1.3.3

•

Changes published in the April NOSC will be incorporated into the October
editions of the Technical Specifications.

•

Changes published in the October NOSC will be incorporated into the April
editions of the Technical Specifications.

Technical Bulletins
American Express will publish any changes occurring outside of the April and
October publication schedule in Technical Bulletins. Technical Bulletins will
generally contain the same level of detail found in the NOSC, including a
description of the change, and the business and technical impacts of the change
to customers.
Technical Bulletins may also communicate changes, corrections, and
clarifications announced in previous Technical Specifications. Information
communicated in Technical Bulletins will be incorporated into the next editions
of the Technical Specifications.

1.4

Contact Information
To notify us when content clarifications are required, send an email to
SpecQuestions@aexp.com. You may also send a copy of the document page in question.
You will receive confirmation of your request in 3-5 business days. Changes, corrections,
and clarifications will be published in the next release.
For questions on modifications to existing functionality, contact your American Express
representative.

April 2016

American Express Proprietary & Confidential

1.5

Global Credit Authorization Guide ISO Format

Related Documents
•

American Express Global Financial Submission Guide (GFSG)

•

American Express Global Codes & Information Guide

•

American Express Online PIN Processing Implementation Guide for Merchants
or Third Party Processors

•

American Express Global Credit Authorization Guide ISO 8583:1993 (Version 1)
Authorization Adjustment Addendum (AAA)

•

American Express Network Communications Guide (MPLS & VPN)*

•

American Express ICC Payment (AEIPS) Chip Card Specification

•

American Express ICC Payment (AEIPS) Terminal Specification

•

American Express Merchant Regulations - U.S.

•
•

American Express SafeKey SM Acquirer — Merchant Implementation Guide
Acquirer Chip Card Implementation Guide

•

Implementing American Express EMV Acceptance on a Terminal

•

Expresspay Terminal Specification

•

Expresspay Card Specification

•

Expresspay Card Specification Dual Interface Addenda

•

Expresspay Communication Layer

•

International Standard ISO 8583:1993, Financial Transaction Card Originated
Interchange Messages — Interchange Message Specifications

•

International Standard ISO/IEC 7813, Identification Cards — Financial Transaction
Cards (Track I and Track II Specifications)

•

American National Standards Institute ANSI X4.16, Financial Transaction Cards —
Magnetic Stripe Encoding

•

American National Standards Institute ANSI X9.24, Asymmetric Techniques for the
Distribution of Symmetric Keys

•

EMVCo Payment Tokenization Specification - Technical Framework

_____________________
*USA

and Canada only. For information on connectivity solutions in other global regions, contact your American Express
representative.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.

April 2016

Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

table of contents

this page intentionally left blank

April 2016

American Express Proprietary & Confidential

2.0

Global Credit Authorization Guide ISO Format

Implementation Planning
This section addresses the requirements and procedures needed for implementing authorization
software. This section includes the following:
2.1

Overview of Implementation Planning

2.2

Development Responsibilities

2.3

Development Steps

2.4

Hardware Requirements

2.5

Communications Options

2.6

Leased Lines

2.1

Overview of Implementation Planning
Merchants and authorized Third Party Processors who are interested in developing an
interface to American Express must first contact an American Express representative. The
American Express representative will discuss the business and basic technical issues
involved with authorization, and if necessary, financial submission.
Once the business issues and decisions have been resolved, an American Express
representative calls the Merchant and acts as the primary American Express contact
during all phases of development until the software is approved for production use.
The American Express representative arranges for a technical conference call that
includes members of the Merchant's technical staff and representatives of American
Express. Prior to the first call, Merchants should become familiar with the contents of this
document, as well as the following American Express documents:
•
•

American Express Global Codes & Information Guide
American Express Global Financial Submission Guide (if implementing both
authorization and submission)

•

American Express Network Communications Guide (MPLS & VPN)*

_____________________
* USA and Canada only. For information on connectivity solutions in other global regions, contact your American Express
representative.

April 2016

Global Credit Authorization Guide ISO Format

2.1

American Express Proprietary & Confidential

Overview of Implementation Planning (continued)
During the technical conference call, Merchants may ask the American Express staff
detailed questions about hardware, communications protocol, and authorization service
options. The American Express technical staff and American Express representative will
provide detailed descriptions of processing options and message formats. The conference
concludes when the Merchant and American Express agree on the authorization service
options and interface requirements.
Following the initial conference calls, the American Express representative will arrange a
technical conference call to review, in detail, the authorization message format selected
by the Merchant.

table of contents

2.2

Development Responsibilities
The following lists outline the basic installation responsibilities for both American Express
and the Merchant.
American Express provides the following services:
•

Allows scheduled access to American Express testing facilities.

•

Allows 24-hour access to the American Express Consolidated Data Network (CDN)
after the Merchant is approved for production activities.

•

Installs and maintains circuit modems for a leased line authorization link, for
qualified Merchants only. For more information, contact your American Express
representative.

The Merchant provides the following:

April 2016

•

Develops or purchases credit authorization application and communications protocol
software.

•

Dedicates staff and computer resources to credit authorization software development
within the project schedule agreed upon by American Express and the Merchant.

American Express Proprietary & Confidential

2.3

Global Credit Authorization Guide ISO Format

Development Steps
Most Merchants develop and implement their authorization software in these steps:

2.4

Participate in the technical conference call with American Express.

Receive and review the Business Requirements Document and Application Test Plan.

Develop authorization application and communications protocol software.

Test communications protocol with American Express. After protocol approval, test
the authorization application software as stated in the Application Test Plan.

Receive American Express approval for production processing.

Hardware Requirements
The requirements for the hardware used by the Merchant are dependent on the types of
products and services to be supported by the Merchant. For this reason, hardware
requirements are established during conversations with the American Express
representative.

2.5

Communications Options
For details, refer to the American Express Network Communications Guide (MPLS & VPN)*

2.6

Leased Lines
Merchants who wish to use a leased line must qualify by transaction volume. This
qualification is negotiated between the Merchant and the American Express
representative. Qualified Merchants who choose a leased line may either use online or
batch services.
The costs associated with using a leased line are contractually established between the
Merchant and American Express. Merchants using their leased line to obtain MasterCard
and VISA authorizations through the American Express authorizations system are assessed
a small fee per transaction.

_____________________
* USA and Canada only. For information on connectivity solutions in other global regions, contact your American Express
representative.

April 2016

Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

table of contents

this page intentionally left blank

April 2016

American Express Proprietary & Confidential

3.0

Global Credit Authorization Guide ISO Format

Card Acceptance Guidelines
American Express enables Merchants and Third Party Processors to obtain financial transaction
authorizations for the following:
•

American Express Cards

•

American Express-supported Network Cards

•

American Express Prepaid Cards

•

American Express Travelers Cheques

The Merchant or Third Party Processor must develop authorization software to enable the Merchant
to collect Point of Sale (POS) information in any manner chosen by the Merchant's development
team and also to submit that data to American Express in a format prescribed by this document.
American Express requires all Merchants and service providers, as part of their Card Acceptance or
servicing agreements, to adhere to the American Express Data Security Operating Policy (DSOP).
The policy requires Merchants to comply with the Payment Card Industry Security Standard to
process, store or transmit Cardmember payment information. More information on the American
Express DSOP and the PCI Data Security Standard can be found at
www.americanexpress.com/datasecurity.
Users of this specification are often classified by regions which allow data field requirements and
certification requirements to be applied to a specific region. When no country or region is listed for
a requirement it is assumed to be a global requirement for all regions otherwise, the requirement
applies to the countries and/or regions listed. The following acronyms are the recognized regional
definitions:
•
•
•
•
•

APA — Asia Pacific and Australia
Canada — Canada
EMEA — Europe, Middle East and Africa
LA/C — Latin America and Caribbean
USA — United States

For a complete list of regions and applicable countries, refer to the American Express Global Codes
& Information Guide.

April 2016

Global Credit Authorization Guide ISO Format

3.0

American Express Proprietary & Confidential

Card Acceptance Guidelines (continued)
Data from the following data fields in approved Authorization Request (1100) and Authorization
Response (1110) messages should be retained by the Merchant since this information is required
for financial submission:
• Primary Account Number (PAN)

• Approval Code

• Amount, Transaction

• Acquirer Reference Data (Transaction Identifier/TID)

• Date and Time, Local Transaction
Note: Other data may also be required. For more information on data requirements for financial
submission, refer to the American Express Global Financial Submission Guide (GFSG).

table of contents
10

April 2016

American Express Proprietary & Confidential

4.0

Global Credit Authorization Guide ISO Format

Guidelines for Using the GCAG ISO 8583 Message Formats
ISO 8583 standard provides for variable length messages that are bit map driven. A bit map
consists of a 64-bit string contained within an eight-byte data field. The data content of a message
is determined by the value (1) or (0) in a bit map data field. Each bit is associated with a unique data
field. If the data content for a data field is available, the bitmap position should be set to one (1)
and the respective data field should be sent. If the data content for a data field is not available, the
bitmap position should be set to zero (0) and the respective data field should not be sent.
Data fields can be either fixed-length or variable-length. The Variable Length Indicator (VLI)
indicates how many bytes of data will follow it. A length subfield or Variable Length Indicator (VLI)
precedes the variable length data subfields. The length of the VLI will be encoded in either two or
three character bytes. The length of the VLI is not included in the length of the variable data
subfield it describes.
For example:
LLVAR — When present with a variable length data field specification, this indicates that the data
field contains two subfields:
•

“LL” indicates the number of positions in the VLI, and the value in the VLI shows the length
of the variable-length data subfield that follows. The length may be 01 to 99 unless
otherwise restricted.

•

“VAR” is the variable length data subfield.

Example: A 27-byte data field with LLVAR indicates a VLI of 2 bytes with a maximum length of 25
bytes of variable data.
LLLVAR — When present with a variable length specification, this indicates that the data field
contains two subfields:
•

“LLL” indicates the number of positions in the variable-length data subfield that follows.
Length may be 001 to 999, unless otherwise restricted.

•

“VAR” is the variable length data subfield.

Example: A 503-byte data field with LLLVAR indicates a VLI of 3 bytes with a maximum length of
500 bytes of variable data.

April 2016

Global Credit Authorization Guide ISO Format

4.0

table of contents
12

American Express Proprietary & Confidential

Guidelines for Using the GCAG ISO 8583 Message Formats (continued)
•

Unless otherwise specified, all fixed-length numeric data fields should be right justified and
zero filled. Fixed-length alphanumeric data fields should be left justified and character
space filled. Binary data fields should be in eight-bit blocks that are left justified and zero
filled.

•

The message content must be configured in the EBCDIC character set unless otherwise
noted in the data field details.

•

The communications protocol must support Transparency, due to the presence of binary
data (e.g., bitmaps) that may be mistaken for communications control information.

•

Some data fields are not supported in this version of the American Express ISO 8583
interface. However, to allow all processes to consistently and accurately deal with all data
fields, all the attributes of all 64 data fields in the primary bit map are supplied beginning
on page 53 and must be allowed while developing the interface. This allows a message to
be sent even when it contains unsupported data. The data will not be processed by the
recipient nor returned to the sender, but the definitions allow each system to step past
unsupported data fields.

•

Some data fields of the message are required to process the message while others are not
required to process the message. Some data fields may be required in the response when
present in the request. Data field requirements are as follows:

Mandatory

Data field and contents are required to process this message. Data field
must contain the appropriate text or numeric information as indicated.

Mandatory - Echo returned

Data field is mandatory for processing this message; and whenever
included in an originating request message, it will be preserved and
returned in the response message without alteration.

Optional

Data field and contents are not mandatory for processing the message, but
should be provided if available.

Optional - Echo returned

Data field is optional for processing this message; and whenever included
in an originating request message, it will be preserved and returned in the
response message without alteration.

Conditional

A data field may be conditional if it is only used in certain circumstances.
See Data Field Descriptions for specific details.

Conditional - Echo returned

Data field is conditional for processing this message; and whenever
included in an originating request message, it will be preserved and
returned in the response message without alteration.

April 2016

American Express Proprietary & Confidential

4.0

Global Credit Authorization Guide ISO Format

Guidelines for Using the GCAG ISO 8583 Message Formats (continued)
When Track 1 and/or Track 2 data is read from a magnetic stripe, the Merchant, their devices,
systems, software, Vendors and Third Party Processors should capture all characters between the
start and end sentinels, strip off the sentinels and LRC, and forward the remainder to American
Express in the appropriate ISO 8583 Track 1 and/or Track 2 data field without regard to the specific
lengths referenced in these sections. For more information, refer to the American Express
Magnetic Stripe Formats in the American Express Global Codes & Information Guide.
Both Track 1 and Track 2 must be converted from ASCII to EBCDIC, and character spaces must not
be stripped. In addition, data must not be padded to standardize track lengths, and it must be
transmitted as read.
The Authorization Request (1100) message contains a data field that describes point-of-service
processing capabilities (Data Field 22). Merchants and Third Party Processors must ensure that
authorization data in Data Field 22 is accurate. Specifically, accuracy of Card Present, Cardholder
Present and Track Data Indicators can significantly affect message processing, decrease POS
disruptions and maximize customer satisfaction.
For more information, contact your American Express representative.

April 2016

Global Credit Authorization Guide ISO Format

4.1

American Express Proprietary & Confidential

Variations in Messaging
No individual data field should exceed 290 bytes, except where specifically noted.
Messages transmitted to American Express must not exceed 900 bytes in total length.
For assistance in selecting optional data fields and determining the appropriate formats
and variable data field lengths to use, contact your American Express representative.
American Express reserves the right to modify data field parameters (e.g., changing Data
Field Type from numeric to alphanumeric, or vice-versa) to meet specific business and/or
internal data and system requirements.

table of contents

American Express Card creation standards for magnetic stripe layouts may include
additional data undefined in currently published American Express implementations of
ANSI X4.16 and ISO 7813 formats. Magnetic stripe data fields in current use will not be
moved; however, discretionary or unused data fields may be redefined for use with future
American Express Card products. Therefore, the data field definitions referenced in the
American Express Magnetic Stripe and Expresspay Pseudo-Magnetic Stripe Formats are
for reference only and may not reflect all American Express Card variations that may be
encountered.
For additional information, refer to American Express Magnetic Stripe and Expresspay
Pseudo-Magnetic Stripe Formats in the American Express Global Codes & Information
Guide.

4.2

ISO 8583 Message Formats
American Express supports the International Organization for Standardization ISO 8583
format to exchange messages for authorizations.

4.2.1

Authorization Request/Response
•

1100 Message is used for Authorization Request messages

•

1110 Message is used for Authorization Response messages

Figure 1-1. ISO 8583 Authorization Message Exchange

April 2016

American Express Proprietary & Confidential

4.2.1

Global Credit Authorization Guide ISO Format

Authorization Request/Response (continued)
Merchants use the Authorization Request (1100) message to transmit credit
authorization and/or Automated Address Verification (AAV) request messages
to American Express. American Express uses the Authorization Response (1110)
message to respond to a Merchant's Authorization Request (1100) message.
American Express places the credit analysis results for the request in the
Authorization Response (1110) message.
Merchant time-out values are determined during the technical conference call.

4.2.2

Reversal Advice Request/Response
•

1420 Message is used for Reversal Advice Request messages

•

1430 Message is used for Reversal Advice Response messages

Figure 1-2. ISO 8583 Reversal Advice Message Exchange

These messages are constructed as specified in the ISO 8583-1993 standard. If
your system supports a different version of ISO 8583, notify your American
Express representative.
The Reversal Advice Request (1420) message allows the acquiring source to
cancel the effects of a previous authorization transaction, completely. For more
information, see page 219.

April 2016

Global Credit Authorization Guide ISO Format

4.2.3

American Express Proprietary & Confidential

Network Management Request/Response
•

1804 Message is used for Network Management Request messages

•

1814 Message is used for Network Management Response messages

table of contents

Figure 1-3. ISO 8583 Administration/Network Message Exchange

Network management messages are used to control the system security and
operating condition of the interchange network and may be initiated by any
interchanging party.
The Network Management Request (1804) message allows for either dynamic
key exchange, an echo test or a signon/signoff request. When the Network
Management Request (1804) message is received, it should be responded to by
transmitting a Network Management Response (1814) message.

April 2016

American Express Proprietary & Confidential

5.0

Global Credit Authorization Guide ISO Format

Card Acceptance Supported Services
American Express offers the following services for the products it supports:
•

Online Authorizations — A Merchant who uses the online authorization service can
transmit an authorization request and receive an authorization response, all in one
individual session.

•

American Express OptBlue Program— The American Express OptBlue Program is a program
designed to increase acceptance of Cards among small Merchants by offering an integrated
service and pricing through certain eligible third party Acquirers and payment processing
companies.

•

Prepaid Card Authorizations — This service allows a Merchant to accept and process an
authorization request for American Express Prepaid Cards.

•

Chip Card Authorizations (ICC) — American Express issues cards that in addition to a
magnetic stripe, also contain an integrated chip that conforms to the industry EMV
specifications.

•

Recurring Billing and Standing Authorization — Recurring Billing transactions include
periodic billings for regularly scheduled charges while Standing Authorization allows a
Merchant to automatically charge a Cardmember’s American Express Card.

•

Batch Authorizations — A Merchant who uses the batch authorization service can
transmit authorization request files containing multiple authorization request
transactions periodically during a day or at the end of the business day. All
authorization response transactions are batched into files and returned.

•

Authorization Amount Adjustment — The Authorization Amount Adjustment can be used by
any Merchant, Third Party Processor or Vendors that supports Automated Fuel Dispensers.
This functionality allows for the release of held funds due to the actual sale amount being
less than the original authorized amount.

•

Digital Wallet Payments — This service allows Merchants to accept Digital Wallet
transactions which provide Cardmembers a quick and flexible way to pay in store and within
Mobile Applications (App) via various devices that Cardmembers frequently use.

•

Other Authorization Services — A Merchant may process other financial transaction cards,
as well as American Express Travelers Cheque authorizations.

April 2016

Global Credit Authorization Guide ISO Format

5.1

American Express Proprietary & Confidential

Online Authorizations
The American Express online authorization process begins when a Cardmember uses the
American Express Card to purchase goods or services from a Merchant. The purchase could
occur at the physical location of the Merchant or remotely (e.g., a purchase through the
internet, by mail-order or by telephone-order).
If the purchase occurs at the Merchant's location, the card is either swiped so that the Point
of Sale terminal can read the magnetic stripe, inserted into a Chip Card capable terminal so
the card data can be read from the embedded chip, tapped against the contactless
interface, or manually keyed. If the purchase is made remotely, the Cardmember is required
to provide their Card data to the Merchant to obtain authorization.

table of contents

Once the information is complete, the data is transmitted to American Express. There are
two services offered to Merchants who use online authorization:
•

Non-Referral Link

•

Referral Queue

5.1.1

Non-Referral Link
Non-Referral Link is the primary processing method used by most Merchants
that accept the American Express Card and transmit authorization requests to
American Express. Non-Referral Link allows an authorization to be processed
without electronically referring the request to an American Express-employee
Authorizer. When the electronic authorization request is transmitted to
American Express via a non-referral link, American Express evaluates various
information, which may include the Cardmember's spending, payment and
credit history and risk criteria associated with the transaction. If the request
passes this evaluation, the American Express authorization system approves the
request, and returns an “APPROVED” message and approval code to the
Merchant's system.
If the authorization request is not automatically approved, a message equivalent
to “DENY” or “PLEASE CALL” is returned to the Merchant's system. When a
Merchant receives a “PLEASE CALL” message, the POS Device Operator at the
establishment must call American Express and speak to an Authorizer, who will
verbally approve or deny the authorization request.

April 2016

American Express Proprietary & Confidential

5.1.1

Global Credit Authorization Guide ISO Format

Non-Referral Link (continued)

Figure 1-1. Non-Referral Link Processing

A POS Device Operator enters a transaction at the Merchant's system.

The Merchant's computer processes the transaction data and transmits an
authorization request message to American Express.

American Express receives and processes the request then sends a
response message to the Merchant's computer.

The Merchant's computer receives and processes the response message,
then displays the response on the Merchant's system.

If American Express approves the request, an “APPROVED” message and
an approval code are displayed at the Merchant's system.
If American Express declines the request, a message equivalent to “DENY”
is displayed at the Merchant's system.
If American Express cannot make a decision, a “PLEASE CALL” message is
displayed at the Merchant's system, and the POS Device Operator must
then call an American Express Authorizer, who will analyze the transaction
and verbally approve or deny the request.

April 2016

Global Credit Authorization Guide ISO Format

5.1.2

American Express Proprietary & Confidential

Referral Queue
The referral queue option is available for both referral and non-referral
processing links. The referral queue system assigns a four-digit referral number
to each request that receives a “PLEASE CALL” authorization response, and
places the request in a queue. The referral queue number is then included in the
“PLEASE CALL” response message transmitted to the Merchant's system.
The POS Device Operator calls American Express and provides the referral
queue number. Based on the referral queue number, the call is transferred to the
assigned Authorizer, who reviews the information and either approves or denies
the transaction. This procedure eliminates the re-entry of transaction data
during the authorization call.

table of contents

Illustrations of referral queue processing for non-referral links are shown on the
next few pages.

5.1.2.1

Referral Queue — Non-Referral Mode

Figure 1-2. Referral Queue for Non-Referral Mode

April 2016

American Express Proprietary & Confidential

5.1.2.1

Global Credit Authorization Guide ISO Format

Referral Queue — Non-Referral Mode (continued)
1. A POS Device Operator enters a transaction at the Merchant's
system.
2. The Merchant's computer processes the transaction data and
transmits an authorization request message to American
Express.
3. American Express receives and processes the request then
sends a response message to the Merchant's computer.
4. The Merchant's computer receives and processes the response
message, then displays the response on the Merchant's system.
5. If American Express approves the request, an “APPROVED”
message and an approval code are displayed at the Merchant's
system.
6. If American Express declines the request, a message equivalent
to “DENY” is displayed at the Merchant’s system.
7. If American Express cannot make a decision, a “PLEASE CALL”
message is displayed at the Merchant’s system, and the POS
Device Operator must then call an American Express Authorizer,
who will analyze the transaction and verbally approve or deny
the request.
8. The POS Device Operator calls American Express and provides
the referral number. That number provides access to an
American Express Authorizer.

April 2016

Global Credit Authorization Guide ISO Format

5.1.3

American Express Proprietary & Confidential

Referral Queue — Referral Mode

table of contents

Figure 1-3. Referral Queue for Referral Mode

April 2016

American Express Proprietary & Confidential

5.1.3

Global Credit Authorization Guide ISO Format

Referral Queue — Referral Mode (continued)
1.

A POS Device Operator enters a transaction at the Merchant's system.

The Merchant's computer processes the transaction data and transmits an
authorization request message to American Express.

American Express receives and processes the request then sends a
response message to the Merchant's computer.

The Merchant's computer receives and processes the response message,
then displays the response on the Merchant's system.

If American Express approves the request, an “APPROVED” message and
an approval code are displayed at the Merchant's system.

If the Authorizer approves the request, an “APPROVED” response and an
approval code are transmitted to the Merchant's computer. That computer
processes the American Express response and sends the message to the
Merchant's system.

If the Authorizer does not approve the request automatically, a referral
number is assigned to the “PLEASE CALL” response message. The request
is placed in the referral queue for easy access by American Express
Authorizers.

8. The “PLEASE CALL” response message (with the referral number) is
transmitted to the Merchant's computer, and both “PLEASE CALL” and the
referral number are displayed on the Merchant's system.
9. The POS Device Operator calls American Express and provides the referral
number. That number provides access to an American Express Authorizer.
10. After examining the request, spending history and payment history of the
Cardmember, the Authorizer will verbally approve or deny the request.

5.2

American Express OptBlue® Program
The American Express OptBlue Program is designed to increase acceptance of Cards
among small Merchants by offering integrated service and pricing through certain eligible
third party Acquirers and payment processing companies. Program participants will be
eligible to provide a full one-stop servicing solution for American Express Card acceptance
to eligible small Merchants, including the flexibility to provide Merchants the benefit of a
single statement, one settlement process, and one contact for all the major Card brands.
For information on how to participate in the OptBlue program, contact your American
Express representative.

April 2016

Global Credit Authorization Guide ISO Format

5.3

American Express Proprietary & Confidential

Prepaid Card Authorizations
The Prepaid Card Partial Authorization and Authorization with Balance Return features are
designed to help Merchants provide Card balance information to American Express Prepaid
Cardholders at the point of sale. The Authorization Request/Response messages are
exchanged to determine available funds to help the Merchant successfully complete
Prepaid Card transactions in a timely manner.
Partial Authorization and Authorization with Balance Return features only apply to Prepaid
Cards. Merchants who participate are not required to know which American Express
products are prepaid. American Express will return the specified information for
transactions that qualify otherwise, the responses will be the same as those they receive
today.

table of contents

5.3.1

Partial Authorization
American Express strongly recommends Partial Authorization, because it
approves a request for the remaining balance rather than declining it when
there are insufficient funds to cover the original amount.
The Partial Authorization feature allows American Express to authorize a
transaction for an amount less than the original Merchant requested amount.
Partial Authorization is used in circumstances where the Prepaid Card has
insufficient funds to cover the original amount of the request. Rather than
receiving a denial message, the transaction will be approved for the remaining
balance of the Card. The Cardholder can then pay the Merchant the outstanding
amount of the transaction via another form of payment.
Data Field 24 (Function Code) of the Authorization Request (1100) message is
used to identify a Merchant that accepts partial authorizations. The approved
amount is returned in Data Field 4 (Amount, Transaction) of the Authorization
Response (1110) message. The original requested authorization amount is
returned in Data Field 30 (Amounts, Original); and the available amount
remaining on the Card (including a zero balance) may be returned in Data Field
54 (Amounts, Additional).
Merchants should develop internal instructions for using the Prepaid Card
Partial Authorization or Authorization with Balance Return features at their
point of sale. American Express will allow authorized Merchants that conform to
this specification and pass our certification tests to access the American
Express network to acquire Partial Authorization or Authorization with Balance
Return.
Third Party Processors must develop support for both Partial Authorization and
Authorization with Balance Return functionalities in order to provide the ability
for their Merchants to utilize either feature. Additional information may be
obtained from your American Express representative.
Balances may not be returned for some Prepaid Cards.

April 2016

American Express Proprietary & Confidential

5.3.2

Global Credit Authorization Guide ISO Format

Authorization with Balance Return
In addition, American Express offers the Authorization with Balance Return
feature.
The Authorization with Balance Return feature allows Merchants that choose
not to use the Partial Authorization feature to receive the Prepaid Card balance
on the Authorization Response (1110) message. Systems that do not support
split tender capability which is required for Partial Authorizations can receive a
response message containing the remaining balance (Authorization with
Balance Return), This enables the customer to submit a new request for an
amount less than or equal to the funds available or they can choose an alternate
form of payment for the transaction.
Data Field 24 (Function Code) of the Authorization Request (1100) message is
used to identify an Authorization with Balance Return request. The available
balance may be returned to the Merchant in Data Field 54 (Amounts, Additional)
in the Authorization Response (1110) message, even if the transaction is denied.
Transactions that are denied for insufficient funds can be resubmitted for an
amount equal to or less than the remaining balance provided in the
Authorization Response (1110) message.
Prepaid Card Balance Inquiry may also be performed utilizing either the Partial
Authorization or the Authorization with Balance Return feature. This can be
done by simply entering an amount of zero in the Data Field 4 (Amount,
Transaction). The transaction will be approved, and the available balance is
returned in Data Field 54 (Amounts, Additional). A new authorization request
can then be created for an amount equal to or less than the remaining balance.
Balances may not be returned for some Prepaid Cards.

April 2016

Global Credit Authorization Guide ISO Format

5.4

American Express Proprietary & Confidential

Chip Card Authorizations
Two types of Chip Cards are issued by American Express, Contact (AEIPS) and Contactless
(Expresspay):
•

AEIPS — A Contact Chip Card is physically inserted into a Card Reader to enable it
to communicate with the Terminal. The American Express contact solution is called
AEIPS (American Express ICC Payment Specifications).

•

Expresspay — A Contactless Chip Card uses radio frequency technology to
communicate with the Terminal, and the card does not need to be inserted into a
reader. Contactless transactions are typically faster than Contact transactions. The
American Express contactless solution is called Expresspay.

table of contents

In order to submit transactions from American Express Chip Cards for authorization and
submission, the Merchant, authorized Third Party Processor or Vendor must submit data to
American Express in the formats prescribed by the GCAG ISO and the American Express
Global Financial Submission Guide.
Note: American Express requires chip card accepting devices to be approved by EMVCo.
EMVCo approval can be obtained at an EMVCo approved laboratory. Further details can be
obtained from the EMVCo website (www.emvco.com) or from your local American Express
representative.

5.4.1

AEIPS
In an AEIPS transaction, the Card is inserted into the Card Reader in the
terminal; and the Card data is read directly from the chip. Transaction data is
created and populated in Data Field 55 (Integrated Circuit Card System Related
Data) - special certification is required. For more information on the breakdown
of Data Field 55, see page 138.
American Express mandates that in addition to populating Data Field 55, AEIPS
transactions must include Data Field 35 (Track 2 Data).
For terminals that are EMV-enabled but not yet certified or for terminals that are
EMV-enabled for other payment brands but not yet for American Express
(AEIPS), transactions must be processed using any of the other non-EMV
methods.

April 2016

American Express Proprietary & Confidential

5.4.1

Global Credit Authorization Guide ISO Format

AEIPS (continued)
When submitting AEIPS transactions, Data Field 22 (Point of Service Data Code)
must be populated based on acquiring method and adhere to the following
guidelines:
•

Position 1: Card Data Input Capability - Transactions must not be
processed using value 5 (Integrated Circuit Card - ICC) unless the terminal
and link are certified by American Express for EMV processing.

•

Position 7: Card Data Input Mode o

Transactions must not be processed using value 5 (Integrated
Circuit Card - ICC) unless the terminal and link are certified by
American Express for EMV processing.

Transactions must not be processed using value 9 (Technical
Fallback) unless the terminal and link are certified by American
Express for EMV processing and used to indicate a fallback
transaction.

•

Position 9: Cardmember Authentication Entity- Transactions must not be
processed using value 1 (Integrated Circuit Card - ICC) unless the terminal
and link are certified by American Express for EMV processing.

•

Position: 10: Card Data Output Capability - Transactions must not be
processed using value 3 (Integrated Circuit Card - ICC) unless the terminal
and link are certified by American Express for EMV processing.

April 2016

Global Credit Authorization Guide ISO Format

5.4.2

American Express Proprietary & Confidential

Expresspay
In an Expresspay transaction, the data is passed between the chip and the
terminal using Radio Frequency (RF) technology. Expresspay has two different
modes in which the Card and Terminal can operate:
• Expresspay EMV Mode - This mode of operation is designed for those
Issuers and Acquirers that support EMV data in the authorization
messages. EMV capable terminals support both EMV and Magstripe
Modes.
• Expresspay Magstripe Mode- This mode of operation is designed for both
Issuers who can accept EMV data as well as Issuers and Acquirers who
have not implemented EMV acceptance. Magstripe capable terminals only
support Magstripe Mode.

table of contents

If supporting Expresspay, Merchants, authorized Third Party Processors and
Vendors must support EMV and Magstripe Mode including the Expresspay
Pseudo-Magnetic Stripe Format. It is mandatory for all Third Party Processors
and Vendors to certify they can pass Expresspay data. Refer to Expresspay
Pseudo-Magnetic Stripe Formats in the American Express Global Codes &
Information Guide.
In order to submit transactions from Expresspay Cards for authorization and
submission, the Merchant, authorized Third Party Processor or Vendors must
submit data to American Express in the formats prescribed by the GCAG ISO and
the American Express Global Financial Submission Guide.
Expresspay Requirements
Magstripe Capable Terminals

EMV Capable Terminals

• Track 1 (Data Field 45) and/or Track 2 (Data
Field 35) must be present. For information on
Expresspay Pseudo-Magnetic Stripe Formats,
refer to the American Express Global Codes
& Information Guide.

• ICC System Related Data (Data Field 55) must 
be present.

• POS Data Code (Data Field 22)
o Position 6 = “X”
(Contactless transactions,
including American Express
Expresspay)
o Position 7= “2” (Magnetic
stripe read; Track 1 and/or
Track 2) or “W” (Swiped
transaction with keyed
CID/4DBC/4CSC)

• Track 2 Data (Data Field 35)

• POS Data Code (Data Field 22)
o Position 6 = “X” (Contactless transactions,
including American Express Expresspay)
o Position 7 = “5” (Integrated Circuit Card 
[ICC]; EMV and Track 2 data captured from 
chip)

Notes:
1. Expresspay transactions must originate at a contactless reader and cannot be manually keyed.
2. It is important to note that pseudo-magnetic stripe data from a chip card contactless reader differs
slightly from track data obtained from a magnetic stripe read. For this reason, when Magstripe-Capable
Terminals, Track 1 and/or Track 2 pseudo-magnetic stripe data is supplied intact, the start and end
sentinels should be stripped off; and all remaining characters between the sentinels (including the
Interchange Designator and Service Code) should be forwarded to American Express without
alteration, in the appropriate ISO 8583 Track 1 and/or Track 2 data field (Data Fields 45 and/or 35,
respectively). For complete lists of allowable Interchange Designator/Service Code combinations, refer
to the American Express Global Codes & Information Guide.
28

April 2016

American Express Proprietary & Confidential

5.4.2.1

Global Credit Authorization Guide ISO Format

Expresspay Transit Transactions at Transit Access
Terminals
The American Express Expresspay Transit solution will supplement
existing American Express Network functionality to meet the transit
industry's need for high speed, low risk transactions. The resulting
service enables the customer to experience American Express
acceptance at a transit fare gate like any other retail Merchant's
contactless POS terminal.
Technical coding components of Expresspay Transit transactions at
Transit Access Terminals (TAT) include:
1. Data Field 26 -Card Acceptor Business Codes (Merchant
Category Code)
One of the five transit specific Card Acceptor Business Codes
(Merchant Category Code) must be populated for Transit - TAT
transactions:
• 4111 - Local and Suburban Commuter Passenger
Transportation, including Ferries
• 4112 - Passenger Railways
• 4131 - Bus Lines
• 4784 - Tolls and Bridge Fees
• 7523 - Parking Lots and Garages
2.

Data Field 22 - Point of Service Data Code
In the Authorization Request (1100) message - Position
4, Value Z for Transit Access Terminal - TAT must be populated
for Transit -TAT transactions.

3. Data Field 24 - Function Code
There are several Function Codes available for Transit -TAT
transactions.
• Function Code 190 = Account Status Check
• Used when requesting a check on the Cardmember's
account for viability.
• The outcome of the request will be an Action Code
provided in Data Field 39 of the Authorization Response
(1110) message.
• Function Code 191 = ATC Synchronization
• Used to indicate an Application Transaction Counter
(ATC) value is being provided to the Issuer.
• The outcome of the request will be an Action Code
provided in Data Field 39 of the Authorization Response
(1110) message.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.

April 2016

Global Credit Authorization Guide ISO Format

5.4.2.1

American Express Proprietary & Confidential

Expresspay Transit Transactions at Transit Access
Terminals (continued)

table of contents

• Function Code 194 = Expresspay Translation (PAN request)
• Used to indicate that the Primary Account Number (PAN)
associated with an Expresspay-enabled card is being
requested from the Issuer.
• The response will be provided in Data Field 34 -
Primary Account Number, Extended in the Authorization
Response (1110) message.
• Function Code 196 = Expresspay Translation (PAN and 
Expiration Date request)
• Used to indicate the Primary Account Number (PAN)
and Expiration Date associated with an
Expresspay-enabled card/device is being requested
from the Merchant.
• The response will be provided in Data Field 34 -
Primary Account Number, Extended in the Authorization
Response (1110) message.
4.

5.5

Data Field 34 - Primary Account Number, Extended in the
Authorization Response (1110) message.

Recurring Billing and Standing Authorization
Recurring Billing transactions include periodic billings such as membership fees to health
clubs, magazine subscriptions, insurance premiums and other regularly scheduled
charges. These transactions are typically requested the same time every month for the
same dollar amount.
Standing Authorization allows a Merchant to automatically charge a Cardmember’s
American Express Card, when the Cardmember’s billing information is on file, and goods
have been delivered/ or services have been rendered. Billing frequency and amount can be
variable (e.g., travel, car rental, lodging, frequent customer, etc.).

April 2016

American Express Proprietary & Confidential

5.6

Global Credit Authorization Guide ISO Format

Batch Authorizations
The American Express Batch Authorization System accepts and processes files containing
multiple authorization transactions; and the structure, content and format of batch
Authorization Request (1100) messages are detailed in this specification. All Authorization
Request (1100) message files submitted for batch processing must contain valid, properly
constructed, Authorization Request (1100) message records.
The American Express batch authorization process begins when a Cardmember uses the
American Express Card to purchase goods or services from a Merchant. The Merchant's
point of sale (POS) operator enters purchase information into the POS device. This may or
may not include keyboard entry of Cardmember account information and/or swiping the
Card so that the POS device can read data stored in the magnetic stripe. More information
on the American Express Data Security Operating Policy (DSOP) and the PCI Data Security
Standard can be found at www.americanexpress.com/datasecurity.
Upon completion of data entry (which may occur periodically during the workday, or at the
end of shift or business day), information accumulated from numerous transactions is
transmitted to American Express in a file. The American Express Batch Authorization
processor manages the exchange of request and response transactions between
Merchant's system and American Express. Once processing of a file is completed, the
Merchant retrieves the response batch file from American Express.
Message format errors or communication problems between Merchant and/or Authorized
Third Party Processor systems and the American Express Batch Authorization System, may
result in original, authorization request messages being returned in batch authorization
response files.
Therefore, when processing responses from American Express, Merchant and/or Authorized
Third Party Processor systems must recognize and separate original authorization requests,
for retransmission (in a new batch authorization request file) or voice authorization.
Important Note: The Internet Direct IP Payments Gateway does not support the American
Express Batch Authorization process. For more information, contact your American Express
representative.

April 2016

Global Credit Authorization Guide ISO Format

5.6.1

American Express Proprietary & Confidential

Message Separation
ISO 8583 messages are variable length and contain a combination of binary and
character-encoded (primarily EBCDIC) text and numeric values. As a result, an
ISO 8583 message must be treated as a stream of bytes in a file, rather than
sequences of characters. Also, the binary data in some data fields makes it
impractical to use end-of-record terminator characters as delimiters to separate
sequential records in the stream of data that comprises a file. However, the last
two bytes of a fixed length file layout, Authorization Request (1100) message
are reserved and echo returned as the last two bytes in the corresponding
Authorization Response (1110) message; and these two characters may be used
as Merchant-specified, end-of-line (EOL) terminators, if necessary. For more
information, see page 36.

table of contents

American Express utilizes a Message Length Indicator (MLI), transmitted as a
prefix to each individual authorization request, to specify the exact message
length. The MLI is not part of the ISO 8583 Authorization Request (1100)
message defined in this specification. Instead, it is considered part of the
communication/transport mechanism.
The Message Length Indicator (MLI) is a two-byte, unsigned, short integer in
binary, network short/ big-endian format (i.e., most significant byte, followed by
least significant byte), which reflects the combined length of the two-byte MLI
and the individual Authorization Request (1100) message that immediately
follows.
MLI

ISO 8583 Authorization Request (1100) Message

Figure 1-4. Message Length Indicator & ISO 8583 Authorization

Messages in the batch response file are similarly formatted and contain a
two-byte MLI that indicates the combined length of the MLI and the
Authorization Response (1110) message.

April 2016

American Express Proprietary & Confidential

5.6.2

Global Credit Authorization Guide ISO Format

Supported File Layouts
The American Express Batch Authorization System supports two file layout
formats:
•

Variable Length Format

•

Fixed Length Format

During certification, Merchants must indicate which format they wish to use,
and once certified, all files must be submitted in that format. Merchants
wishing to change formats must recertify. American Express uses the same
format for a batch response file as was used for the corresponding batch
request file.
For both layouts, the Batch Authorization System uses the MLI to determine
actual message length.
The following table contains sample message data that appears on the
following pages in both variable- and fixed-length formats. Note that ISO 8583
defines some data fields as variable length, with data in these data fields
preceded by a Variable Length Indicator (VLI), in much the same manner as each
message is preceded by an MLI. For this reason, individual message length
varies in actual production files.
Data
Field


Name


Required

Data Field
Length


Sample Data


Hex Value

—

MESSAGE TYPE IDENTIFIER

4 bytes, fixed

1100

F1 F1 F0 F0

—

BIT MAP

8 bytes, 64 bits

703425C000408000

70 34 25 C0 00 40 80 00

PRIMARY ACCOUNT NUMBER (PAN)

21 bytes, LLVAR

370012345612345

F1 F5 F3 F7 F0 F0 F1 F2
F3 F4 F5 F6 F1 F2 F3 F4
F5*

PROCESSING CODE

6 bytes, fixed

004000

F0 F0 F4 F0 F0 F0

AMOUNT, TRANSACTION

12 bytes, fixed

000000000100

F0 F0 F0 F0 F0 F0 F0 F0
F0 F1 F0 F0

SYSTEMS TRACE AUDIT NUMBER

6 bytes, fixed

000001

F0 F0 F0 F0 F0 F1

DATE AND TIME, LOCAL TRANSACTION

12 bytes, fixed

090100000000

F0 F9 F0 F1 F0 F0 F0 F0
F0 F0 F0 F0

DATE, EXPIRATION

4 bytes, fixed

1301

F1 F3 F0 F1

COUNTRY CODE, ACQUIRING
INSTITUTION

3 bytes, fixed

840

F8 F4 F0

POINT OF SERVICE DATA CODE

12 bytes, fixed

101150600120

F1 F0 F1 F1 F5 F0 F6 F0
F0 F1 F2 F0

Figure 5-5. Authorization Request Sample Data

_____________________
*

This data field contains the Cardmember Account Number, preceded by a two-digit, Variable Length Indicator (VLI). The VLI
must indicate the exact length of the account number, and no additional characters should be added to this data field.

April 2016

Global Credit Authorization Guide ISO Format

5.6.2

American Express Proprietary & Confidential

Supported File Layouts (continued)
.

Data
Field


Name


Required

Data Field
Length


Sample Data


Hex Value

FUNCTION CODE

3 bytes, fixed

180

F1 F8 F0

MESSAGE REASON CODE

4 bytes, fixed

1234*

F1 F2 F3 F4

CARD ACCEPTOR BUSINESS CODE

4 bytes, fixed

5399

F5 F3 F9 F9

CARD ACCEPTOR IDENTIFICATION CODE

15 bytes, fixed

12345678

F0 F0 F0 F0 F0 F0 F0 F1
F2 F3 F4 F5 F6 F7 F8

CURRENCY CODE, TRANSACTION

3 bytes, fixed

840

F8 F4 F0

Figure 1-5. Authorization Request Sample Data (continued)

table of contents

Note: Sample data in the preceding table and the following examples show
values in hexadecimal notation for illustration purposes only. Actual batch
authorization messages are transmitted as raw binary data. Total length of
sample data is 113 bytes.

5.6.2.1

Variable Length Layout
The variable length file layout is preferred for batch authorization
files. Variable length files have no padding, nor end-of-record
terminators; and, as a result, they are smaller than fixed length files
that transport the same data.
The Message Length Indicator (MLI) is used in exactly the same
manner in both the variable and fixed length file layouts, and the MLI
indicates the combined length of the MLI and the variable data that
comprises the actual Authorization Request (1100) message.
Variable Length Layout (113 bytes to 122 bytes, Variable Message
Length)

Message 1

MLI (2 bytes)

Authorization Request (1100) Message (113 bytes)

Message 2

MLI (2 bytes)

Authorization Request (1100) Message (120 bytes)

Message 3

MLI (2 bytes)

Authorization Request (1100) Message (115 bytes)

Message 4

MLI (2 bytes)

Authorization Request (1100) Message (110 bytes)

Figure 1-6. Variable Length Layout

Message 1 is composed of a two-byte MLI preceding a 113-byte
Authorization Request (1100) message. The MLI value is “115” (“00
73", hex).
_____________________
* “1234” is sample data only. Actual Message Reason Code is provided during Merchant certification.

April 2016

American Express Proprietary & Confidential

Global Credit Authorization Guide ISO Format

5.6.2.1

Variable Length Layout (continued)
Message 2 is 120 bytes in length. The MLI is “122” (“00 7A”, hex).

00
F3
F0
F0
F0
40
F7

73
F4
F0
F1
F1
40
F0

F1
F5
F1
F3
F9
F8
F0

F1
F6
F0
F0
F0
F4
F1

F0
F1
F0
F1
F0
F0
F2

F0
F2
F0
F8
F5
00
F3

70
F3
F0
F4
F3
7A
F4

34
F4
F0
F0
F9
F1
F5

25
F5
F0
F1
F9
F1
F6

C0
F0
F0
F0
F1
F0
F1

00
F0
F1
F1
F2
F0
F2

40 80 00 F1 F5
F4 F0 F0 F0 F0
F0 F9 F0 F1 F0
F1 F5 F0 F6 F0
F3 F4 F5 F6 F7
70 30 25 40 00
F3 F4 F5 ...

F3
F0
F0
F0
F8
40

F7
F0
F0
F1
40
80

F0
F0
F0
F2
40
00

F0
F0
F0
F0
40
F1

F1
F0
F0
F1
40
F5

F2
F0
F0
F8
40
F3

Figure 1-7. Sample Data in Variable Length Format

In the example above:
•

Message 2 is shown in shaded text.

•

There is no padding, nor end-of-record terminator, between
messages.

April 2016

Global Credit Authorization Guide ISO Format

5.6.2.2

American Express Proprietary & Confidential

Fixed Length Layout
The fixed length file layout may be used by Merchants who utilize
record-based file systems (e.g., a mainframe computer). In addition,
Merchants who have difficulty creating files that conform to variable
length file layout requirements may also use this alternate format.
However, during certification, those Merchants must specify the
fixed record length they will use (see 150-byte example in Figure
5-8). A subsequent change to this fixed record length requires
recertification.

table of contents

The Message Length Indicator (MLI) is used in exactly the same
manner in both the fixed and variable length file layouts, and the MLI
indicates the combined length of the MLI and the variable message
data that comprises the actual Authorization Request (1100)
message without padding.
The fixed length file layout requires that messages of different
lengths each be padded to the merchant-specified, fixed record
length using EBCDIC character spaces (0x40). In addition, the fixed
record length must be at least four bytes longer than the maximum
message length that will populate the file, to allow for the two-byte
MLI, plus two-bytes for padding or an end-of-line (EOL) terminator.
When calculating maximum message length, the combined lengths
of all fixed-length data fields and maximum lengths of all
variable-length data fields used in a message must be accounted for.
In Figure 5-8, the fixed record length is 150 bytes, which means that
the maximum message length used to populate a file must not
exceed 146 bytes.
The last two bytes of a fixed length request record are reserved and
echo returned as the last two bytes in the corresponding response.
These two characters must be present; and they may be a
Merchant-specified EOL terminator or padded spaces if an EOL
terminator is not used. Typical EOL values may include the following:
• “0D 0A” hex ("EOL", Windows character set)
• “20 0A” hex ("Space/EOL", Unix character set)
• “40 25” hex ("Space/EOL", EBCDIC character set)

April 2016

American Express Proprietary & Confidential

Global Credit Authorization Guide ISO Format

5.6.2.2

Fixed Length Layout (continued)
Fixed Length Layout (150 Bytes, Fixed Record Length)

Message 1

MLI (2 bytes)

Authorization Request (1100) Message (113 bytes)

Padding (33 bytes)

Padding/EOL (2 bytes)

Message 2

MLI (2 bytes)

Authorization Request (1100) Message (120 bytes)

Padding (26 bytes)

Padding/EOL (2 bytes)

Message 3

MLI (2 bytes)

Authorization Request (1100) Message (115 bytes)

Padding (31 bytes)

Padding/EOL (2 bytes)

Message 4

MLI (2 bytes)

Authorization Request (1100) Message (110 bytes)

Padding (36 bytes)

Padding/EOL (2 bytes)

Figure 1-8. Fixed Length Layout

Message 1 is composed of a two-byte MLI preceding a 113-byte
Authorization Request (1100) message. The MLI value is “115” (“00
73”, hex).
Message 2 is 120 bytes in length. The MLI is “122” (“00 7A”, hex).
00
F3
F0
F0
F0
40
40
F0
F1

73
F4
F0
F1
F1
40
40
F0
F2

F1
F5
F1
F3
F9
F8
40
70
F3

F1
F6
F0
F0
F0
F4
40
30
F4

F0
F1
F0
F1
F0
F0
40
25
F5

F0 70
F2 F3
F0 F0
F8 F4
F5 F3
40 40
40 40
40 00
...

34
F4
F0
F0
F9
40
40
40

25
F5
F0
F1
F9
40
40
80

C0
F0
F0
F0
F1
40
40
00

00
F0
F1
F1
F2
40
40
F1

40
F4
F0
F1
F3
40
40
F5

80
F0
F9
F5
F4
40
40
F3

00
F0
F0
F0
F5
40
40
F7

F1
F0
F1
F6
F6
40
40
F0

F5
F0
F0
F0
F7
40
40
F0

F3
F0
F0
F0
F8
40
40
F1

F7
F0
F0
F1
40
40
40
F2

F0
F0
F0
F2
40
40
00
F3

F0
F0
F0
F0
40
40
7A
F4

F1
F0
F0
F1
40
40
F1
F5

F2
F0
F0
F8
40
40
F1
F6

Figure 1-9. Sample Data in Fixed Length Format, without EOL Terminator

In the example above:
• The file is composed of variable length messages, each padded to
exactly 150-bytes.
• Message 2 is shown in shaded text.
• A minimum of two padded spaces (shown in reversed text) are
used between messages in lieu of an EOL terminator.

April 2016

Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

5.6.2.2
00
F3
F0
F0
F0
40
40
F0
F1

73
F4
F0
F1
F1
40
40
F0
F2

F1
F5
F1
F3
F9
F8
40
70
F3

F1
F6
F0
F0
F0
F4
40
30
F4

F0
F1
F0
F1
F0
F0
40
25
F5

F0 70
F2 F3
F0 F0
F8 F4
F5 F3
40 40
40 40
40 00
...

34
F4
F0
F0
F9
40
40
40

Fixed Length Layout (continued)
25
F5
F0
F1
F9
40
40
80

C0
F0
F0
F0
F1
40
40
00

00
F0
F1
F1
F2
40
40
F1

40
F4
F0
F1
F3
40
40
F5

80
F0
F9
F5
F4
40
40
F3

00
F0
F0
F0
F5
40
40
F7

F1
F0
F1
F6
F6
40
40
F0

F5
F0
F0
F0
F7
40
40
F0

F3
F0
F0
F0
F8
40
0D
F1

F7
F0
F0
F1
40
40
0A
F2

F0
F0
F0
F2
40
40
00
F3

F0
F0
F0
F0
40
40
7A
F4

F1
F0
F0
F1
40
40
F1
F5

F2
F0
F0
F8
40
40
F1
F6

table of contents

Figure 1-10. Sample Data in Fixed Length Format, with EOL Terminator

In the example above:
• The file is composed of variable length messages, each
padded to exactly 150-bytes.
• Message 2 is shown in shaded text.
• An EOL terminator (shown in reversed text) is used
between messages.

April 2016

American Express Proprietary & Confidential

5.7

Global Credit Authorization Guide ISO Format

Authorization Amount Adjustment
The authorization amount adjustment is designed to release funds held when the actual
sale amount is less than the original amount authorized. This ISO 8583 message can be
leveraged by Merchants to advise American Express of the exact amount of the completed
sale. The Authorization Adjustment will release the difference between the original amount
authorized and the final sale amount to the Cardmember’s available credit or “open to buy”.
Merchants must only send an adjustment advice if the final sale amount is less than the
original, approved authorized amount.
This is an optional message format, but American Express strongly recommends its use.
The authorization amount adjustment applies to any Merchant, Third Party Processor or
Vendor that supports Automated Fuel Dispensers. For details on specific authorization
amount adjustment requirements, contact your American Express representative and
request the American Express Global Credit Authorization Guide ISO 8583:1993 (Version 1)
Authorization Adjustment Addendum (AAA).

5.8

Digital Wallet Payments
Digital Wallet functionality allows for the processing of transactions initiated through the
use of Mobile Apps or Digital Wallets found on Cardmember devices. Digital Wallet
transactions can occur in store or through In-App transactions initiated in any location. All
Digital Wallet transactions must be identified through the correct use of the Point of
Service Data Codes in order to process properly.

5.8.1

In-Store Digital Wallet Transactions
In-Store Digital Wallet Transactions are considered Card Present and can be
Contactless or Magnetic Secure Transmission (MST).
•

Contactless Near Field Communications (NFC) Transactions — The
Mobile NFC capable device completes a Card Present charge by tapping
the device in close proximity to a Contactless NFC enabled POS system.
Technical coding components of Contactless NFC transactions utilizing
Payment Tokenization include:
Data Field 22 - Point of Service Data Code Values
-

Position 6 - Card Present must be X
(Contactless transactions, including American Express Expresspay)

Position 7 - Card Data Input Mode, must be one of the following:
o Value 2 (Magnetic stripe read; Track 1 and /or Track 2)
o Value 5 (Integrated Circuit Card [ICC], EMV and Track 2 data
captured from chip)
o Value W (Swiped transaction with keyed CID/4CSC)

April 2016

Global Credit Authorization Guide ISO Format

5.8.1

In-Store Digital Wallet Transactions (continued)
•

5.8.2

American Express Proprietary & Confidential

Magnetic Secure Transmission (MST) Transactions — The Mobile
NFC and MST capable device completes a Card Present charge by tapping
the device in close proximity to a Magnetic Swipe enabled POS device.
MST can be utilized at almost any POS capable of accepting Magnetic
Stripe. The Point of Service Data Code should reflect an MST transaction
in the same manner as a typical Magnetic Stripe transaction.

In-App Transactions

table of contents

The Cardmember initiates a Card Not Present charge using a software
application loaded onto their mobile device. In-App transactions utilize Payment
Tokenization and must be coded accordingly. Technical coding components of InApp transactions utilizing Payment Tokenization include:
Authorization Request (1100) Message
1. Data Field 22 - Point of Service Data Code Values
• Position 6 - Card Present must be Z (Digital Wallet - application initiated
(including application initiated Payment Token)) transactions
• Position 7 - Card Data Input Mode, must be 5 (Integrated Circuit Card [ICC])
2. Data Field 60 - National Use Data
3. Data Field 61 - National Use Data
Authorization Response (1110) Message
Data Field 34 - Primary Account Number, Extended

For further information on Payment Tokenization see Section 6.1 Payment Token
Transactions.

April 2016

American Express Proprietary & Confidential

5.9

Global Credit Authorization Guide ISO Format

Other Authorization Services
American Express offers its Merchants authorization services for products other than
American Express Cards. Those services are:
•

American Express Travelers Cheque verifications

•

Non-American Express card authorizations

5.9.1

American Express Travelers Cheque Verifications
American Express Travelers Cheques can be verified through the American
Express system to ensure that the Travelers Cheque is not lost or stolen.

5.9.2

Non-American Express Card Authorizations
American Express will forward MasterCard, VISA, Diners Club and JCB
transactions to the appropriate Issuer for authorization and return the response
from the Issuer to the Merchant's system at the establishment.
Authorized Third Party Processors are specifically excluded from this function.
Merchants must notify American Express of their intent to implement this
function before it is used, as transaction data for non-American Express
supported bankcards are normally rejected upon receipt. In addition, American
Express cannot guarantee bankcard interchange compliance. For more
information, contact your American Express representative.
Limited processing instructions for non-American Express-supported bankcards
are included in this guide. This information is provided for Merchants routing
transactions via American Express during bankcard network outages and is not
intended as an alternative path for traditional bankcard transaction processing.

April 2016

Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

table of contents

this page intentionally left blank

April 2016

American Express Proprietary & Confidential

6.0

Global Credit Authorization Guide ISO Format

Fraud Prevention Services
A Merchant may send key data fields with the authorization request that can help prevent fraud at
the point of authorization. Some of these services include Payment Token, Verification Services and
Electronic Verification Services.

6.1

Payment Token Transactions
All Payment Token transactions must be identified through the correct use of Point of
Service Data Codes in order to process properly.
Payment Tokens - Contactless1 transactions:
•

Position 6 - Card Present must be X (Contactless transactions, including American
Express Expresspay)

•

Position 7 - Card Data Input Mode, must be one of the following:
o Value 2 (Magnetic stripe read; Track 1 and/or Track 2)
o

Value 5 (Integrated Circuit Card [ICC], EMV and Track 2 data captured from chip)

Value W (Swiped transaction with keyed CID/4DBC/4CSC)

Payment Tokens - Application Initiated transactions / Digital Wallet - application
initiated (including application initiated Payment Token) transactions:
•

Position 6 - Card Present, must be Z (Digital Wallet - application initiated (including
application initiated Payment Token)) transactions2

•

Position 7 - Card Data Input Mode, must be 5 (Integrated Circuit Card [ICC])

Payment Tokens - Card on File/Recurring Billing:
•

•

Position 5 - Cardholder Present, must be either:
o

Value 4 (Cardmember not present, standing authorization) or

Value 9 (Cardmember not present, recurring billing)

Position 6 - Card Present, must be 0 (Card not present)

_____________________
1

Contactless transaction processing remains unchanged, utilizing track data and the existing authorization process. There are no
Merchant or Third Party Processor changes for Contactless.
2

If populated with value “Z”, Data Field 61, National Use Data, is required.

April 2016

Global Credit Authorization Guide ISO Format

6.2

American Express Proprietary & Confidential

Verification Services
American Express offers a number of tools by which Merchants can electronically verify
information in the authorization process for Card Present and Card Not Present
transactions. These tools enable comparison of customer provided data with Cardmember
information on file with the Issuer. American Express recommends these verification tools
be used simultaneously with other fraud mitigation tools such as Enhanced Authorization
in multiple layers to help a Merchant mitigate the risk of fraud. These tools are not a
guarantee that the transaction is in fact bona fide, or that the Merchant will not be subject
to a Chargeback. For policy questions regarding transaction processing, refer to one or
more of the following:

table of contents

•
•
•

American Express Merchant Regulations - U.S.
Canada Merchant Operating Manual (MOM)
Local market Terms of Conditions or Contracts for those markets outside of the 
U.S. and Canada

6.2.1

Enhanced Authorization
The Enhanced Authorization tool helps mitigate fraud before a transaction is
authorized by analyzing key transaction data fields submitted with authorization
requests. When these additional data fields are included in authorization
requests, the Issuer can make a more thorough risk assessment, enabling a
more informed authorization decision.
Merchants may already capture Enhanced Authorization data fields and other
Card information as part of the ordering process. While sending all data fields is
the most effective use of Enhanced Authorization, any additional data fields can
provide a more informed authorization response.

April 2016

American Express Proprietary & Confidential

6.2.1

Global Credit Authorization Guide ISO Format

Enhanced Authorization (continued)
Enhanced data fields may include:

Data Type

Data Element Supported

Location

Internet Data

• IP address
• Email address
• Product SKU (Stock Keeping Unit)

ITD format, Data Field 47

Phone Data

Order telephone number

205-byte format, Data Field 63

Airline Data

•
•
•
•
•

Shipping Data

• Ship-to address
• Postal code
• Country code

Goods Sold Data

Gift Cards in Card Present transactions

Passenger Name
Origin airport
Destination airport
Travel date
Routing

• Class of service/Fare
Basis
• Number of passengers
• Airline carrier codes
• Email address
• IP address

IAC format, Data Field 47

• Telephone number
• First and last name
• Shipping method

205-byte format, Data Field 63

Goods Sold format, Data Field 47

April 2016

Global Credit Authorization Guide ISO Format

6.3

American Express Proprietary & Confidential

Electronic Verification Services
The Electronic Verification Services supported include the following:
•

Card Identification (CID) Verification

•

Automated Address Verification (AAV)

•

ZIP Code Verification

•

Telephone Number Verification

•

Email Address Verification

6.3.1

Card Identifier (CID) Verification

table of contents

The Card Identifier (CID; a.k.a., 4DBC or 4CSC) Verification tool helps mitigate
fraud on keyed and swiped transactions. The CID number is associated with
each individual Card. Merchants request the four-digit CID printed on the Card
from the Cardmember at the time of purchase and then submit the CID with the
Authorization request. Verification of the CID is one method to authenticate
whether an individual making a purchase has possession of the Card.
The CID is a four-digit, (flat) number that is printed on every American Express
Card. The CID is usually located above the Cardmember Account Number on the
face of the Card. In each of the following illustrations of American Express Card
products, the CID is circled. For details on CID/ 4DBC/4CSC entry in the
Authorization Request (1100) message, see page 135. See also, related topics
on pages 82 and 194.
For more information on American Express Keyed CID/4DBC/4CSC, contact your
American Express representative.

April 2016

American Express Proprietary & Confidential

6.3.2

Global Credit Authorization Guide ISO Format

Automated Address Verification (AAV)
The Automated Address Verification tool compares the name, street address,
and Zip Code provided by the customer with the Cardmember's information on
file with the Issuer.
Merchants, especially those operating in a Card Not Present environment (e.g.,
mail-order, telephone-order and Internet), use Automated Address Verification
(AAV) to evaluate Cardmember identity by comparing information provided by
the customer at the point of sale with Cardmember information on file with the
Issuer.
Merchants use the Authorization Request (1100) message to transmit an
independent AAV request, or a combination authorization/AAV request. To use
AAV, a Merchant transmits a Cardmember's name as it appears on the Card,
street address, and/or postal code for Issuer verification.
Issuer systems compare the information provided by the Merchant with
Cardmember data listed in the card Issuer's records, and transmit a response in
Data Field 44, Additional Response Data, of the Authorization Response (1110)
message, indicating if all information is valid or if the Cardmember name,
address, and/or postal code do not match. American Express does not return
Cardmember data to the Merchant.
American Express encourages Merchants who physically deliver merchandise to
include Ship-to address information as part of Enhanced Authorization tool (EA),
which is available in the 205-byte version of Data Field 63 of the Authorization
Request (1100) message.
AAV Response Data
Merchants certified for AAV must use Data Field 63, Private Use Data, in the
Authorization Request (1100) message. After processing, American Express
returns the AAV Response Code in Data Field 44, Additional Response Data, or
Data Field 62, Private Use Data, of the corresponding Authorization Response
(1110) message. For more information, see pages 158, 198 and 212.

6.3.3

ZIP Code Verification
In the United States, the ZIP Code Verification tool is part of Automated Address
Verification (AAV). It compares the ZIP Code provided by the Cardmember with
the ZIP Code on file with the Issuer. The Cardmember is prompted to enter the
ZIP Code at the point of sale.
Care should be taken when implementing this feature, because postal codes are
not associated with all American Express Card numbers. One example of an
American Express Card with no associated address would be a non-personalized
American Express Prepaid Card. Improper Automated Address Verification
programming can disrupt POS authorizations; for example, when no postal code
is on file.

April 2016

Global Credit Authorization Guide ISO Format

6.3.3

American Express Proprietary & Confidential

ZIP Code Verification (continued)
ZIP Code Response Data
Merchants certified for ZIP Code verification must use Data Field 63, Private Use
Data, in the Authorization Request (1100) message. After processing, American
Express returns the ZIP Code Response Code in Data Field 44, Additional
Response Data, or Data Field 62, Private Use Data, of the corresponding
Authorization Response (1110) message. For more information, see pages 158,
198 and 212.

6.3.4

Telephone Number Verification

table of contents

The Telephone Number Verification tool compares the telephone number
provided by the Customer at the point of sale with the Cardmember's telephone
number on file with the Issuer. This tool helps Merchants evaluate the validity of
a charge by reviewing information about the Cardmember not available on the
Card.
Telephone Number Response Data
Telephone Number Verification works much the same as Automated Address
Verification (AAV). However, a certified Merchant transmits a telephone number
in the Authorization Request (1100) message, Data Field 63, Private Use Data.
The Issuer compares the information provided by the Merchant with the
Cardmember's records, and returns the Response Code for Cardmember Phone
Number in the Authorization Response (1110) message, Data Field 62, Private
Use Data. Data Field 62 also contains the matching results for the additional
Automated Address Verification (AAV) subfields (i.e., Cardmember postal code,
street address, and name) and Email Address verification. For more information,
see pages 158 and 212. As with all verification services, American Express does
not return Cardmember data to the Merchant.

April 2016

American Express Proprietary & Confidential

6.3.5

Global Credit Authorization Guide ISO Format

Email Address Verification
The Email Address Verification tool compares the email address provided by the
Customer at the point of sale, with the Cardmember's email address on file with
the Issuer. This tool helps Merchants evaluate the validity of a charge by
reviewing information about the Cardmember not available on the Card.
Email Address Response Data
A certified Merchant transmits the Cardmember Email Address in the
Authorization Request (1100) message in Data Field 47, Additional Data National, using Card Not Present - Internet Telephone Data [ITD] or Internet
Airline Customer [IAC] formats, and the formats of Data Field 63, Private Use
Data, with RTI = “AE”, to receive a response code for Email Address
Verification. The Issuer compares the information provided by the Merchant with
the Cardmember's records, and returns the Response Code for Email Address in
Data Field 62, Private Use Data, in the Authorization Response (1110) message.
Matching results for additional Automated Address Verification (AAV) subfields
(i.e., Cardmember postal code, street address and name) and Telephone number
verification are also provided. For more information, see pages 117, 158 and
212. As with all verification services, American Express does not return
Cardmember data to the Merchant.

6.4

American Express SafeKeySM
American Express SafeKey enables online authentication of Cardmember transactions.
American Express SafeKey works by providing an additional layer of security in online
transactions as the Cardmember enters their payment information. American Express
SafeKey helps prevent unauthorized online use before it happens by confirming the
Cardmember's identity with an additional password or unique value.
American Express SafeKey is based on the 3-D Secure® protocol, which provides an
additional level of security for online transactions. American Express continues to expand
American Express SafeKey functionality into additional countries. Refer to the following
website: AmexSafeKey for the most current enablement updates.

April 2016

Global Credit Authorization Guide ISO Format

6.5

American Express Proprietary & Confidential

Online PIN
Online Personal Identification Number (PIN) validation is a Cardholder Verification Method
(CVM) used to authenticate the Cardmember at the Point of Sale (POS). This will provide
the ability for Third Party Processors and Merchants to allow the use of an online PIN as
an acceptable CVM to complete a Card Present transaction. This method entails sending
an online Authorization Request (1100) message which carries encrypted PIN data entered
by the Cardmember at the POS to American Express for validation during Authorization
processing.

6.5.1

Master/Session Key Management Methodology

table of contents

The Master/Session Key management method is used to encrypt online PIN
data. Master Key is the key exchange key also known as the Zone Master Key
(ZMK). Session Key refers to the PIN encryption key also known as the Zone PIN
Key (ZPK).
American Express supports two different implementations, Static and Dynamic,
of the Master/Session methodology. Both of these implementations support
Merchants and Third Party Processors at the host-link level..
Implementation

Description

STATIC

• Unique fixed key applied to all PINs.
• Master key is exchanged manually as
part of initial setup.
• Session keys are refreshed every three
years or upon request.

DYNAMIC

• Unique session key applied to all PINs.
• Master key is exchanged manually as
part of initial setup to protect exchange
of session key.
• Session key is frequently exchanged via
network messaging.
• Session key is refreshed on an agreed
period (e.g., daily).

*STATIC Key Exchange:
1.

Manual key exchange for ZMK and ZPK. Refer to the American Express
Online PIN Processing Implementation Guide for Merchants or Third Party
Processors.

Merchant sends Authorization Request (1100) message with encrypted
block in Data Field 52 - Personal Identification Number (PIN) Data.

_____________________
*For the American Express Online PIN Processing Implementation Guide for Merchants or Third Party Processors, contact your
American Express representative.

April 2016

American Express Proprietary & Confidential

6.5.1

Global Credit Authorization Guide ISO Format

Master/Session Key Management Methodology (continued)
*DYNAMIC Key Exchange:
1.

Merchant or Third Party Processor successfully requests a session key
exchange in the Network Management Request (1804) message:
• Data Field 24 – Function Code 811 = Dynamic key exchange request

New PIN key and Key Check Values (KCV) are returned for a successful
exchange in the Network Management Response (1814) message:
• Data Field 39 – Action Code = 800 (Accepted)
• Data Field 96 – Key Management Data - New PIN key and Key Check
Values (KCV)

Merchant sends Authorization Request (1100) message with PIN and KCV:
• Data Field 52 – Personal Identification Number (PIN) Data =
Encrypted PIN block encrypted using the Key that was exchanged
from subfield SESSION PIN KEY in Data Field 96 - Key Management
Data, in the Network Management Response (1814) message.
• Data Field 96 – Key Management Data = In subfield, SESSION PIN
KEY CHECK VALUE, the value found in Data Field 96 of the Network
Management Response (1814) message must be copied, without
alteration, into Data Field 96 of the Authorization Request (1100)
message. This value is used to identify the Key used.

_____________________
*For the American Express Online PIN Processing Implementation Guide for Merchants or Third Party Processors, contact your
American Express representative.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.

April 2016

Global Credit Authorization Guide ISO Format

6.5.2

American Express Proprietary & Confidential

Derived Unique Key Per Transaction (DUKPT)
American Express supports the Derived Unique Key Per Transaction (DUKPT)
implementation. The DUKPT encryption methodology is preferred for Terminal to
Host connectivity. Refer to the ANSI X9.24 Standard for further details on
DUKPT implementation and associated requirements.
.
Implementation
DUKPT

Description

table of contents

• A base key is provided by American
Express to Key Injection Facility (KIF).
• Base key is used to derive a key which is
injected into the terminal.
• Terminal key is used with terminal data
to derive a unique key which is applied
to each PIN transaction.
• A unique key applied to each PIN
transaction encrypts the data from the
domain of the Secure PIN entry device
through to the American Express
network.

*DUKPT (Derived Unique Key Per Transaction) Exchange:
1.

A base key is provided by American Express to Key Injection Facility (KIF).
For additional information, contact your American Express representative.

Merchant sends Authorization Request (1100) message with Key Serial
Number (KSN):
• Merchant sends Authorization Request (1100) message with
encrypted block in Data Field 52 - Personal Identification Number
(PIN) Data.
• Data Field 53 - Security Related Control Information = Key Serial
Number (KSN) provided for PIN translation

_____________________
*For the American Express Online PIN Processing Implementation Guide for Merchants or Third Party Processors, contact your
American Express representative.

April 2016

American Express Proprietary & Confidential

7.0

Global Credit Authorization Guide ISO Format

ISO 8583 Message Bit Map Table
ISO 8583 supports two 64-position bit maps, which are designated as the Primary and Secondary
Bit Maps, to indicate which of up to 128 data fields are contained in a message. All 128 data fields
and bit positions are listed in the following tables.
Note: Data fields shown in reversed text (white letters on a black background) are not used by
American Express, and unauthorized use of these data fields may cause message rejection.

7.1

Primary Bit Map


Data Field Name

Max. Data Field
Length


Data Field Type

---

MESSAGE TYPE IDENTIFIER (MTI)

4 bytes, fixed

Numeric

---

BIT MAP - PRIMARY

8 bytes, 64 bits

Binary

BIT MAP - SECONDARY

8 bytes, 64 bits

Binary

PRIMARY ACCOUNT NUMBER (PAN)

21 bytes, LLVAR

Numeric

PROCESSING CODE

6 bytes, fixed

Numeric

AMOUNT, TRANSACTION

12 bytes, fixed

Numeric

AMOUNT, RECONCILIATION

12 bytes, fixed

Numeric

AMOUNT, CARDHOLDER BILLING

12 bytes, fixed

Numeric

DATE AND TIME, TRANSMISSION

10 bytes, fixed

Numeric

AMOUNT, CARDHOLDER BILLING FEE

8 bytes, fixed

Numeric

CONVERSION RATE, RECONCILIATION

8 bytes, fixed

Numeric

CONVERSION RATE, CARDHOLDER BILLING

8 bytes, fixed

Numeric

SYSTEMS TRACE AUDIT NUMBER

6 bytes, fixed

Alphanumeric & special characters

DATE AND TIME, LOCAL TRANSACTION

12 bytes, fixed

Numeric

DATE, EFFECTIVE

4 bytes, fixed

Numeric

DATE, EXPIRATION

4 bytes, fixed

Numeric

DATE, SETTLEMENT

6 bytes, fixed

Numeric

DATE, CONVERSION

4 bytes, fixed

Numeric

DATE, CAPTURE

4 bytes, fixed

Numeric

MERCHANT TYPE

4 bytes, fixed

Numeric

COUNTRY CODE, ACQUIRING INSTITUTION

3 bytes, fixed

Numeric

COUNTRY CODE, PRIMARY ACCOUNT NUMBER

3 bytes, fixed

Numeric

COUNTRY CODE, FORWARDING INSTITUTION

3 bytes, fixed

Numeric

POINT OF SERVICE DATA CODE

12 bytes, fixed

Alphanumeric

CARD SEQUENCE NUMBER

3 bytes, fixed

Numeric

FUNCTION CODE

3 bytes, fixed

Numeric

MESSAGE REASON CODE

4 bytes, fixed

Numeric

Data
Field

April 2016

Global Credit Authorization Guide ISO Format

7.1

Primary Bit Map (continued)


Data Field Name

Max. Data Field
Length


Data Field Type

CARD ACCEPTOR BUSINESS CODE

4 bytes, fixed

Numeric

APPROVAL CODE LENGTH

1 byte, fixed

Numeric

DATE, RECONCILIATION

6 bytes, fixed

Numeric

RECONCILIATION INDICATOR

3 bytes, fixed

Numeric

AMOUNTS, ORIGINAL

24 bytes, fixed

Numeric

ACQUIRER REFERENCE DATA

50 bytes, LLVAR

Alphanumeric & special characters

ACQUIRING INSTITUTION IDENTIFIFCATION CODE

13 bytes, LLVAR

Numeric

FORWARDING INSTITUTION IDENTIFICATION CODE

13 bytes, LLVAR

Numeric

PRIMARY ACCOUNT NUMBER, EXTENDED

30 bytes, LLVAR

Numeric

TRACK 2 DATA

39 bytes, LLVAR

Alphanumeric & special characters

TRACK 3 DATA

107 bytes, LLLVAR

Numeric & special characters

RETRIEVAL REFERENCE NUMBER

12 bytes, fixed

Alphanumeric & special characters

APPROVAL CODE

6 bytes, fixed

Alphanumeric & spaces

ACTION CODE

3 bytes, fixed

Numeric

SERVICE CODE

3 bytes, fixed

Numeric

CARD ACCEPTOR TERMINAL IDENTIFICATION

8 bytes, fixed

Alphanumeric & special characters

CARD ACCEPTOR IDENTIFICATION CODE

15 bytes, fixed

Alphanumeric & special characters

CARD ACCEPTOR NAME/LOCATION

101 bytes, LLVAR

Alphanumeric & special characters

ADDITIONAL RESPONSE DATA

27 bytes, LLVAR

Alphanumeric & special characters

TRACK 1 DATA

78 bytes, LLVAR

Alphanumeric & special characters

AMOUNTS, FEES

207 bytes, LLLVAR

Alphanumeric

ADDITIONAL DATA - NATIONAL

304 bytes, LLLVAR

Alphanumeric & special characters

ADDITIONAL DATA - PRIVATE

43 bytes, LLLVAR

Alphanumeric & special characters

CURRENCY CODE, TRANSACTION

3 bytes, fixed

Numeric

CURRENCY CODE, RECONCILIATION

3 bytes, fixed

Alpha or Numeric

CURRENCY CODE, CARDHOLDER BILLING

3 bytes, fixed

Alpha or Numeric

PERSONAL IDENTIFICATION NUMBER (PIN) DATA

8 bytes, 64 bits

Binary

SECURITY RELATED CONTROL INFORMATION

19 bytes, LLVAR

Alphanumeric

AMOUNTS, ADDITIONAL

123 bytes, LLLVAR

Alphanumeric & special characters

INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA

259 bytes, LLLVAR

Alphanumeric & special characters,
BCD or binary

ORIGINAL DATA ELEMENTS

37 bytes, LLVAR

Numeric

AUTHORIZATION LIFE CYCLE CODE

3 bytes, fixed

Numeric

AUTHORIZING AGENT INSTITUTION IDENTIFICATION CODE

13 bytes, LLVAR

Numeric

Data
Field

table of contents
54

American Express Proprietary & Confidential

April 2016

American Express Proprietary & Confidential

7.1

Global Credit Authorization Guide ISO Format

Primary Bit Map (continued)

Data
Field


Data Field Name

Max. Data Field
Length


Data Field Type

TRANSPORT DATA

1002 bytes, LLLVAR

Alphanumeric & special characters

NATIONAL USE DATA

106 bytes, LLLVAR

Alphanumeric & special characters

NATIONAL USE DATA

103 bytes, LLLVAR

Alphanumeric & special characters

PRIVATE USE DATA

63 bytes, LLLVAR

Alphanumeric & special characters
or binary

PRIVATE USE DATA

208 bytes, LLLVAR

Alphanumeric & special characters

MESSAGE AUTHENTICATION CODE FIELD

8 bytes, 64 bits

Binary


Data Field Name

Max. Data Field
Length


Data Field Type

RESERVED FOR ISO USE

8 bytes, 64 bits

Binary

AMOUNTS, ORIGINAL FEES

204 bytes, LLLVAR

Alphanumeric & special characters

EXTENDED PAYMENT DATA

2 bytes, fixed

Numeric

COUNTRY CODE, RECEIVING INSTITUTION

3 bytes, fixed

Numeric

COUNTRY CODE, SETTLEMENT INSTITUTION

3 bytes, fixed

Numeric

COUNTRY CODE, AUTHORIZING AGENT INSTITUTION

3 bytes, fixed

Numeric

MESSAGE NUMBER

8 bytes, fixed

Numeric

DATA RECORD

999 bytes, LLLVAR

Alphanumeric & special characters

DATE, ACTION

6 bytes, fixed

Numeric

CREDITS, NUMBER

10 bytes, fixed

Numeric

CREDITS, REVERSAL NUMBER

10 bytes, fixed

Numeric

DEBITS, NUMBER

10 bytes, fixed

Numeric

DEBITS, REVERSAL NUMBER

10 bytes, fixed

Numeric

TRANSFER, NUMBER

10 bytes, fixed

Numeric

TRANSFER, REVERSAL NUMBER

10 bytes, fixed

Numeric

INQUIRIES, NUMBER

10 bytes, fixed

Numeric

AUTHORIZATIONS, NUMBER

10 bytes, fixed

Numeric

INQUIRIES, REVERSAL NUMBER

10 bytes, fixed

Numeric

PAYMENTS, NUMBER

10 bytes, fixed

Numeric

PAYMENTS, REVERSAL NUMBER

10 bytes, fixed

Numeric

FEE COLLECTIONS, NUMBER

10 bytes, fixed

Numeric

7.2

Data
Field

Secondary Bit Map

April 2016

Global Credit Authorization Guide ISO Format

7.2

American Express Proprietary & Confidential

Secondary Bit Map (continued)

table of contents

Data
Field


Data Field Name

Max. Data Field
Length


Data Field Type

CREDITS, AMOUNT

16 bytes, fixed

Numeric

CREDITS, REVERSAL AMOUNT

16 bytes, fixed

Numeric

DEBITS, AMOUNT

16 bytes, fixed

Numeric

DEBITS, REVERSAL AMOUNT

16 bytes, fixed

Numeric

AUTHORIZATIONS, REVERSAL NUMBER

10 bytes, fixed

Numeric

COUNTRY CODE, TRANSACTION DESTINATION
INSTITUTION

3 bytes, fixed

Numeric

COUNTRY CODE, TRANSACTION ORIGINATOR
INSTITUTION

3 bytes, fixed

Numeric

TRANSACTION DESTINATION INSTITUTION
IDENTIFICATION CODE

11 bytes, LLVAR

Numeric

TRANSACTION ORIGINATOR INSTITUTION IDENTIFICATION
CODE

11 bytes, LLVAR

Numeric

CARD ISSUER REFERENCE DATA

99 bytes, LLVAR

Alphanumeric & special characters

KEY MANAGEMENT DATA

999 bytes, LLLVAR

Binary

AMOUNT, NET RECONCILIATION

16 bytes, fixed

X + N (see note at end of table)

PAYEE

25 bytes, LLVAR

Alphanumeric & special characters

SETTLEMENT INSTITUTION IDENTIFICATION CODE

11 bytes, LLVAR

Alphanumeric

100

RECEIVING INSTITUTION IDENTIFICATION CODE

11 bytes, LLVAR

Numeric

101

FILE NAME

17 bytes, LLVAR

Alphanumeric & special characters

102

ACCOUNT IDENTIFICATION 1

28 bytes, LLVAR

Alphanumeric & special characters

103

ACCOUNT IDENTIFICATION 2

28 bytes, LLVAR

Alphanumeric & special characters

104

TRANSACTION DESCRIPTION

100 bytes, LLLVAR

Alphanumeric & special characters

105

CREDITS, CHARGEBACK AMOUNT

16 bytes, fixed

Numeric

106

DEBITS, CHARGEBACK AMOUNT

16 bytes, fixed

Numeric

107

CREDITS, CHARGEBACK NUMBER

10 bytes, fixed

Numeric

108

DEBITS, CHARGEBACK NUMBER

10 bytes, fixed

Numeric

109

CREDITS, FEE AMOUNTS

84 bytes, LLVAR

Alphanumeric & special characters

110

DEBITS, FEE AMOUNTS

84 bytes, LLVAR

Alphanumeric & special characters

111

RESERVED FOR ISO USE

999 bytes, LLLVAR

Alphanumeric & special characters

112

RESERVED FOR ISO USE

999 bytes, LLLVAR

Alphanumeric & special characters

113

RESERVED FOR ISO USE

999 bytes, LLLVAR

Alphanumeric & special characters

Note: For Data Field 97, X = “C” credit or “D” debit, concatenated with “N”
numeric amount.

April 2016

American Express Proprietary & Confidential

7.2

Global Credit Authorization Guide ISO Format

Secondary Bit Map (continued)


Data Field Name

Max. Data Field
Length


Data Field Type

114

RESERVED FOR ISO USE

999 bytes, LLLVAR

Alphanumeric & special characters

115

RESERVED FOR ISO USE

999 bytes, LLLVAR

Alphanumeric & special characters

116

RESERVED FOR NATIONAL USE

999 bytes, LLLVAR

Alphanumeric & special characters

117

RESERVED FOR NATIONAL USE

999 bytes, LLLVAR

Alphanumeric & special characters

118

RESERVED FOR NATIONAL USE

999 bytes, LLLVAR

Alphanumeric & special characters

119

RESERVED FOR NATIONAL USE

999 bytes, LLLVAR

Alphanumeric & special characters

120

RESERVED FOR NATIONAL USE

999 bytes, LLLVAR

Alphanumeric & special characters

121

RESERVED FOR NATIONAL USE

999 bytes, LLLVAR

Alphanumeric & special characters

122

RESERVED FOR NATIONAL USE

999 bytes, LLLVAR

Alphanumeric & special characters

123

RESERVED FOR PRIVATE USE

999 bytes, LLLVAR

Alphanumeric & special characters

124

RESERVED FOR PRIVATE USE

999 bytes, LLLVAR

Alphanumeric & special characters

125

RESERVED FOR PRIVATE USE

999 bytes, LLLVAR

Alphanumeric & special characters

126

RESERVED FOR PRIVATE USE

999 bytes, LLLVAR

Alphanumeric & special characters

127

RESERVED FOR PRIVATE USE

999 bytes, LLLVAR

Alphanumeric & special characters

128

MESSAGE AUTHENTICATION CODE FIELD

8 bytes, 64 bits

Binary

Data
Field

April 2016

Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

table of contents

this page intentionally left blank

April 2016

American Express Proprietary & Confidential

8.0

Global Credit Authorization Guide ISO Format

ISO 8583 Authorization Request/Response Message Formats
This section describes the Authorization Request (1100) and Authorization Response (1110)
messages, as defined for the ISO 8583 format. These messages are constructed as specified in the
ISO 8583-1993 standard. If your system supports a different version of ISO 8583, notify your
American Express representative.

8.1

1100 Authorization Request

Length of Record:

900 bytes maximum (recommended)
Note: Messages transmitted to American Express must not exceed
900 bytes in total length. Since all data fields in the Authorization
Request (1100) message section are not used for a given transaction,
this maximum would not be exceeded. For example, Data Fields 45
and 35 (Track 1 Data and Track 2 Data) are not used in Card Not
Present transactions. For assistance in selecting optional data fields,
and determining the appropriate formats and variable data field
lengths to use, contact your American Express representative.
Any attempt to use the Authorization Request (1100) message as a
preauthorization, will be treated as a normal authorization transaction.

Description:

This message is used to transmit an Authorization and/or Automated
Address Verification (AAV) Request to American Express.
.

Data
Field



Data Field Name

Max. Data
Field
Length
4 bytes, fixed



Data Field Type



Data Field Requirements



Page

Numeric

Mandatory

—

MESSAGE TYPE IDENTIFIER

—

BIT MAP - PRIMARY

8 bytes, 64
bits

Binary

Mandatory

BIT MAP - SECONDARY

8 bytes, 64
bits

Binary

See page 

PRIMARY ACCOUNT NUMBER (PAN)

21 bytes,
LLVAR

Numeric

Mandatory

PROCESSING CODE

6 bytes, fixed

Numeric

Mandatory

AMOUNT, TRANSACTION

12 bytes, fixed

Numeric

Mandatory

DATE AND TIME, TRANSMISSION

10 bytes, fixed

Numeric

Optional

SYSTEMS TRACE AUDIT NUMBER

6 bytes, fixed

Alphanumeric &
special characters

Mandatory

DATE AND TIME, LOCAL TRANSACTION

12 bytes, fixed

Numeric

Mandatory

DATE, EFFECTIVE

4 bytes, fixed

Numeric

See page 

April 2016

Global Credit Authorization Guide ISO Format

8.1

table of contents
60

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data
Field



Data Field Name

Max. Data
Field
Length



Data Field Type



Data Field Requirements

DATE, EXPIRATION

4 bytes, fixed

Numeric

See page 

DATE, SETTLEMENT

6 bytes, fixed

Numeric

N/A

MERCHANT TYPE

4 bytes, fixed

Numeric

N/A

COUNTRY CODE, ACQUIRING
INSTITUTION

3 bytes, fixed

Numeric

Mandatory

POINT OF SERVICE DATA CODE

12 bytes, fixed

Alphanumeric

Mandatory

FUNCTION CODE

3 bytes, fixed

Numeric

See page 

MESSAGE REASON CODE

4 bytes, fixed

Numeric

See page 

CARD ACCEPTOR BUSINESS CODE

4 bytes, fixed

Numeric

Mandatory

APPROVAL CODE LENGTH

1 byte, fixed

Numeric

Optional

ACQUIRER REFERENCE DATA

50 bytes,
LLVAR

Alphanumeric &
special characters

N/A

ACQUIRING INSTITUTION
IDENTIFICATION CODE

13 bytes,
LLVAR

Numeric

Optional

FORWARDING INSTITUTION
IDENTIFICATION CODE

13 bytes,
LLVAR

Numeric

Optional

TRACK 2 DATA

39 bytes,
LLVAR

Alphanumeric &
special characters

Conditional

RETRIEVAL REFERENCE NUMBER

12 bytes, fixed

Alphanumeric &
special characters

Optional

100

CARD ACCEPTOR TERMINAL
IDENTIFICATION

8 bytes, fixed

Alphanumeric &
special characters

See page 

101

CARD ACCEPTOR IDENTIFICATION CODE

15 bytes, fixed

Alphanumeric &
special characters

Mandatory

102

CARD ACCEPTOR NAME/LOCATION

101 bytes,
LLVAR

Alphanumeric &
special characters

See page 

104

TRACK 1 DATA

78 bytes,
LLVAR

Alphanumeric &
special characters

See page 

109

ADDITIONAL DATA - NATIONAL

304 bytes,
LLLVAR

Alphanumeric &
special characters

See page 

113

April 2016



Page

American Express Proprietary & Confidential

8.1

Data
Field

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)



Data Field Name

Max. Data
Field
Length



Data Field Type



Data Field Requirements



Page

43 bytes,
LLLVAR

Alphanumeric &
special characters

See page 

130

Numeric

Mandatory

133

Binary

See page 

134

ADDITIONAL DATA - PRIVATE

CURRENCY CODE, TRANSACTION

PERSONAL IDENTIFICATION NUMBER
(PIN) DATA

SECURITY RELATED CONTROL
INFORMATION

19 bytes,
LLVAR

Alphanumeric

See page 

135

INTEGRATED CIRCUIT CARD SYSTEM
RELATED DATA

259 bytes,
LLLVAR

Alphanumeric &
special characters

See page 

138

NATIONAL USE DATA

106 bytes,
LLLVAR

Alphanumeric &
special characters

See page 

143

NATIONAL USE DATA

103 bytes,
LLLVAR

Alphanumeric,
special characters
& binary

See page 

149

PRIVATE USE DATA

103 bytes,
LLLVAR

Alphanumeric,
special characters
& binary

See page 

153

PRIVATE USE DATA

103 bytes,
LLLVAR

Alphanumeric &
special characters

See page 

157

KEY MANAGEMENT DATA

17 bytes,
LLLVAR

Binary

See page 

177

128

MESSAGE AUTHENTICATION CODE FIELD

8 bytes, 64
bits

Binary

N/A

178

3 bytes, fixed
8 bytes, 64
bits

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field — None

MESSAGE TYPE IDENTIFIER

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

1100

Field Requirement:

Mandatory

Description:

The constant literal “1100” signifies the ISO 8583
Authorization Request message.

Data Field — None

BIT MAP - PRIMARY

Length of Field:

8 bytes, 64 bits, fixed length for each bit map

Field Type:

Binary (hexadecimal configuration)

Constant:

None

Field Requirement:

Mandatory

Description:

Each bit in this data field signifies the presence (value 1) or
absence (value 0) of a data field in the Authorization Request
(1100) message.
If the data field is mandatory, or is optional and the Merchant
elects to use that data field, its assigned bit map position must
contain a value of “1”, to indicate the data field is present. If
the data field is optional and not used, its assigned bit map
position must contain a value of “0”, to indicate the data field
is omitted.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field — None

BIT MAP - PRIMARY (continued)

The following diagram illustrates a 64-bit string contained within an eight-byte data field. Each bit
signifies the presence (1) or absence (0) of the data field used within the Authorization Request
(1100) message format:
1
2
3
4

0
1
1
1

9
10
11
12

0
0
1
1

17
18
19
20

0
0
1
0

25
26
27
28

1
1
1
0

33
34
35
36

1
0
1
0

41
42
43
44

1
1
1
0

49
50
51
52

1
0
0
0

57
58
59
60

0
0
0
0

5
6
7
8

0
0
1
0

13
14
15
16

1
1
0
0

21
22
23
24

0
1
0
1

29
30
31
32

0
0
0
1

37
38
39
40

1
0
0
0

45
46
47
48

1
0
1
1

53
54
55
56

1
0
0
0

61
62
63
64

0
0
1
0

The following diagram illustrates how to calculate the hexadecimal equivalent of the bit map from
the table shown above:
Position 1-8
0111 = 7
0010 = 2

Position 17-24
0010 = 2
0101 = 5

Position 33-40
1010 = A
1000 = 8

Position 49-56
1000 = 8
1000 = 8

Position 9-16
0011 = 3
1100 = C

Position 25-32
1110 = E
0001 = 1

Position 41-48
1110 = E
1011 = B

Position 57-64
0000 = 0
0010 = 2

Hexadecimal equivalents for bit map:
0000 = 0 1000 = 8
0001 = 1 1001 = 9
0010 = 2 1010 = A
0011 = 3 1011 = B
0100 = 4 1100 = C
0101 = 5 1101 = D
0110 = 6 1110 = E
0111 = 7 1111 = F
The hexadecimal equivalent for the bit map in this Authorization Request (1100) message (as
shown above) is:
72 3C 25 E1 A8 EB 88 02

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 1

BIT MAP - SECONDARY

Length of Field:

8 bytes, 64 bits, fixed length for each bit map

Field Type:

Binary (hexadecimal configuration)

Constant:

None

Field Requirement:

Mandatory — For Data Fields 65 through 128

Description:

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 2

PRIMARY ACCOUNT NUMBER (PAN)

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 21 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
19 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

• Mandatory — American Express Card transactions, other
Card products and bankcard transactions
1. American Express supports Diner's Club, JCB, VISA
and MasterCard processing. For details, contact your
American Express representative.
2. Vendors and Third Party Processors doing business in
Australia, Canada, India, Mexico and New Zealand
must be certified to process JCB transactions.
• Not used — American Express Travelers Cheques

Description:

This data field contains the Cardmember Account Number, or
Payment Token Account Number, preceded by a two-digit,
Variable Length Indicator (VLI). The VLI must indicate the exact
length of the account number, and no additional characters
should be added to this data field.
For example, the 15-digit American Express Account Number
derived from an ANSI track data field that has embedded
spaces (e.g., “3714 496353 11004”) would have the
spaces removed and appear as:
0
1
12345678901234567
15371449635311004
Check digit validation is required. For details, refer to Check
Digit Validation in the American Express Global Codes &
Information Guide.
Note: This data field is mandatory for processing this
message, and it will be preserved and returned in the response
message without alteration.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 3

PROCESSING CODE

Length of Field:

6 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field indicates the financial service being requested.
Valid Processing Codes:
004000 = Card Authorization Request
004800 = Combination Automated Address Verification
(AAV) and Authorization
034000 = AMEX Emergency Check Cashing
064000 = AMEX Travelers Cheque Encashment
174800 = Transaction for Automated Address Verification
(AAV) Only
Note: This data field is mandatory for processing this
message, and it will be preserved and returned in the response
message without alteration.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 4

AMOUNT, TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, right justified, zero filled

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains the total transaction amount (including
tax), in the currency designated by the Currency Code
Transaction (Data Field 49).
For example, for U.S. Dollar (840) transactions, two decimal
places are implied. Thus, the value $100.00 would be entered
as:
“000000010000”
For Japanese Yen (392) transactions, zero decimal places are
implied. Thus, the value ¥10,000 would be entered as:
“000000010000”
American Express limits the maximum allowable value in this
data field based on the U.S. Dollar equivalent calculated by
American Express. Transmitted transaction amounts greater
than the maximum allowed will result in an “invalid amount”
edit error. For more information on maximum allowable values,
refer to Country and Currency Codes for Authorizations in the
American Express Global Codes & Information Guide.

April 2016

Global Credit Authorization Guide ISO Format

8.1

Data Field 4

American Express Proprietary & Confidential

1100 Authorization Request (continued)

AMOUNT, TRANSACTION (continued)
Notes:
1. If Data Field 3, Processing Code, is “174800”
(Transaction for Automated Address Verification [AAV]
Only), then this data field must be zero filled.

table of contents

2. A Prepaid Card Balance Inquiry for American Express
Prepaid Card products can be submitted by zero filling Data
Field 4 (Amount, Transaction), if Data Field 24 (Function
Code) value is “181” (Partial Authorization) or “182”
(Authorization with Balance Return). The available balance
is returned in Data Field 54 (Amounts, Additional) of the
Authorization Response (1110) message. However, balance
inquiries cannot be processed for Card products other than
American Express Prepaid Cards.
3. If this data field is zero filled for transactions other than for
American Express Prepaid Card products, and Data Field 3
(Processing Code) is “004000” (Card Authorization) or
“004800” (Combination AAV and Authorization), an edit
error will result. Consequently, any supplemental data field
verification requests, such as AAV (Automated Address
Verification) or CID (Card Identifier), will not be performed.
For these invalid requests, Data Field 54 will not be
returned and Data Field 39 (Action Code) will contain an
edit error code in the corresponding Authorization
Response (1110) message.
4. This data field is mandatory for processing this message,
and it will be preserved and returned in the response
message without alteration, except for Prepaid Card
transactions. For more information, see page 183.
American Express Travelers Cheque Encashment
For American Express Travelers Cheques, this data field is used
to capture the total amount of Travelers Cheques that will be
encashed by a single customer, in the currency designated by
the Currency Code, Transaction (Data Field 49). Processing
Code (Data Field 3) must be “064000”.
For example, if a customer presents five, $100 USD Travelers
Cheques for encashment, this entry would be
“000000050000” ($500.00).

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 7

DATE AND TIME, TRANSMISSION

Length of Field:

10 bytes, fixed length

Field Type:

Numeric, MMDDhhmmss

Constant:

None

Field Requirement:

Optional

Description:

This data field contains the system date and time (e.g., GMT)
when the Merchant transmits the transaction information to
American Express. The format is MMDDhhmmss. The value of
this data field must be a valid date and time.
Subfield

Definition

Digits

Range

Month

01-12

Day

01-31

Hour

00-23

Minute

00-59

Second

00-59

Note: This data field is not required for processing this
message; however, if included in an originating request
message, it will be preserved and returned in the response
message without alteration.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 11

SYSTEMS TRACE AUDIT NUMBER

Length of Field:

6 bytes, fixed length

Field Type:

Alphanumeric (upper case) & special characters

Constant:

None

Field Requirement:

Mandatory

Description:

This data field must contain a unique trace number, assigned
by the Merchant, to help identify an individual transaction. A
different number must be assigned to each transaction.
Note: This data field is mandatory for processing this message
and it will be preserved and returned in the response message
without alteration.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 12

DATE AND TIME, LOCAL TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, YYMMDDhhmmss

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains the year, month, day and local time
when the transaction took place at the card acceptor location.
The format is YYMMDDhhmmss. The value of this data field
must be a valid date and time:
Subfield

Definition

Digits

Range

Year

Last 2 only

00-99

Month

01-12

Day

01-31

Hour

00-23

Minute

00-59

Second

00-59

Note: This data field is mandatory for processing this
message, and it will be preserved and returned in the response
message without alteration.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 13

DATE, EFFECTIVE

Length of Field:

4 bytes, fixed length

Field Type:

Numeric, YYMM

Constant:

None

Field Requirement:

• Conditional — American Express Card transactions

table of contents

• Not applicable — Other transactions
Description:

This data field contains the effective date embossed on the
face of the American Express or American Express-supported
Card. If entered manually, the format is YYMM.
The value of this data field must be a valid date. If the effective
date is unavailable, omit this data field. No default values or
all zeros will be accepted (e.g., “0000”).
Subfield

Definition

Digits

Range

Year

Last 2 only

00-99

Month

01-12

Notes:
1. Most American Express Card products are embossed with
the effective and/or expiration dates in format MMYY. This
requires the Acquirer, their devices, systems, Vendor
software and Third Party Processors that prompt for or
accept these dates in MMYY format, to convert this data by
reversing the month and year values, so that the entry in
this data field appears in YYMM format.
2. This data field is not required if the message contains
Track 1 (preferred) or Track 2 data.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 14

DATE, EXPIRATION

Length of Field:

4 bytes, fixed length

Field Type:

Numeric, YYMM

Constant:

None

Field Requirement:

• Conditional — American Express and American Express
supported Cards
• Mandatory — Digital Wallet - application initiated
(including application initiated Payment Token)
transactions
• Mandatory — VISA

Description:

This data field contains the expiration date embossed on the
face of the American Express or American Express-supported
Card. If entered manually, the format is YYMM.
For Digital Wallet - application initiated (including application
initiated Payment Token) transactions, the Payment Token
Expiration Date will be passed through the Authorization
Request (1100) message in lieu of Primary Account Number
(PAN) Expiration Date.
Note: This data field is not required if the message contains
Track 1 (preferred) or Track 2 data successfully read from a
valid Card swipe or read; or if this is a recurring billing or
standing authorization transaction. For more information, see
page 30.
The value of this data field must be a valid date. No default
values or all zeros will be accepted (e.g., “0000”).
Subfield

Definition

Digits

Range

Year

Last 2 only

00-99

Month

01-12

VISA Transactions Only
This data field is mandatory for Merchants routing VISA
transactions via the American Express Card Acceptance and
Processing Network to non-American Express networks, during
bankcard network outages. While American Express does not
verify or validate this entry, VISA may reject transactions that
do not include a valid card expiration date. For more
information, contact your VISA representative.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 15

DATE, SETTLEMENT

Length of Field:

6 bytes, fixed length

Field Type:

Numeric, YYMMDD

Constant:

None

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 18

MERCHANT TYPE

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Not used — All transactions

Description:

This data field is reserved for internal American Express use
only.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.

Data Field 19

COUNTRY CODE, ACQUIRING INSTITUTION

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains the numeric country code
corresponding to the country in which the Merchant is located.
For example, the numeric country code for a Merchant located
in the USA is “840”.
For more information on numeric country codes, refer to
Country and Currency Codes for Authorizations in the American
Express Global Codes & Information Guide.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 22

POINT OF SERVICE DATA CODE

Length of Field:

12 bytes, fixed length

Field Type:

Alphanumeric, upper case

Constant:

None

Field Requirement:

Mandatory

Description:

The Point of Service (POS) Data Code is a series of codes that
identify terminal capability, security data and specific
conditions present at the time the transaction occurred at the
point of service. The POS Data Code consists of twelve
positions, each with its own list of values. For example,
Position 1 indicates the Card Data Input Capability, which may
be one of several values such as Magnetic Stripe Read,
Integrated Circuit Card (ICC), Key Entered and so on. Similarly,
each of the other positions identifies a particular value related
to the transaction.
Merchants must populate all positions in Data Field 22 with
valid data. However, if the applicable information is
unavailable or unknown, the Merchant should consult with
their American Express representative to determine the
appropriate value.
The POS Data Code must be determined from the table of
values listed on page 78.
0
1
123456789012
261101200120
In the above example:

April 2016

Position 1= 2

Position 5 = 0

Position 9 = 0

Position 2= 6

Position 6 = 1

Position 10 = 1

Position 3= 1

Position 7 = 2

Position 11 = 2

Position 4= 1

Position 8 = 0

Position 12 = 0

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 22

POINT OF SERVICE DATA CODE (continued)

Description:

Important notes for POS Data Code tables that follow:
1. Values shown in reversed text (white letters on a black
background) are defined by ISO, but are reserved for future
use or not currently defined by American Express. For
information on these values, contact your American
Express representative.
2. The POS Data Codes used in this data field must also be
included in the corresponding submission file.
3. For recurring billing and standing authorization
information, see page 30.

April 2016

Global Credit Authorization Guide ISO Format

8.1

Data Field 22

American Express Proprietary & Confidential

1100 Authorization Request (continued)

POINT OF SERVICE DATA CODE (continued)

POS. 1  Card Data Input Capability — This subfield indicates the maximum capability of the device
used to originate this transaction.
Code

table of contents

0
1
2
3
4
5

Unknown
Manual, no terminal
Magnetic stripe read
Bar code
Optical Character Recognition (OCR)
Integrated Circuit Card (ICC)
Note: American Express-certified EMV terminal and link
Key entered
Reserved for ISO use
Reserved for national use
Reserved for private use
Reserved for ISO use
Reserved for national use
Reserved for private use

6
7
8
9
A-I
J-R
S-Z

Note: For information on how to properly identify American Express ICC transactions, see Section
5.4.1 AEIPS
.

POS. 2  Cardholder Authentication Capability — This subfield indicates the primary means used to
verify the Cardmember’s identity at this terminal.
Code
0
1
2
3
4
5
6
7
8
9
A-I
J-R
S-Z

No electronic authentication or unknown
PIN
Electronic signature analysis
Biometrics
Biographic
Electronic authentication inoperative
Other
Reserved for ISO use
Reserved for national use
Reserved for private use
Reserved for ISO use
Reserved for national use
Reserved for private use

April 2016

American Express Proprietary & Confidential

8.1

Data Field 22

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

POINT OF SERVICE DATA CODE (continued)

POS. 3 Card Capture Capability — This subfield indicates if the terminal is capable of capturing
card data.
Code
0
1
2-4
5-7
8-9
A-I
J-R
S-Z

None or unknown (Card Capture Capability unknown to Acquirer)
Capture
Reserved for ISO use
Reserved for national use
Reserved for private use
Reserved for ISO use
Reserved for national use
Reserved for private use

POS. 4  Operating Environment — This subfield indicates the terminal’s location, and if it is attended
by the card acceptor.
Code
0
1
2
3
4
5
6-7
8
9
A-I
J-R
S
T
U-W
X-Y
Z

No terminal used or unknown
On premises of card acceptor, attended
On premises of card acceptor, unattended (e.g., Oil CAT/Customer Activated Terminals, kiosks, self-checkout, etc.)
Off premises of card acceptor, attended (e.g., portable POS device at trade shows, service calls, taxis, etc.)
Off premises of card acceptor, unattended (e.g., Food/Beverage vending machines, DVD vending machines, etc.)
On premises of Cardmember, unattended
Reserved for ISO use
Reserved for national use
Delivery mode unknown, unspecified
Reserved for ISO use
Reserved for national use
Electronic delivery of product (e.g., music, software, electronic tickets, etc., downloaded via Internet)
Physical delivery of product (e.g., music, software, tickets, etc., delivered by mail/courier)
Reserved for American Express network use
Reserved for private use
Transit Access Terminal - TAT

April 2016

Global Credit Authorization Guide ISO Format

8.1
Data Field 22

American Express Proprietary & Confidential

1100 Authorization Request (continued)
POINT OF SERVICE DATA CODE (continued)

POS. 5 Cardholder Present — This subfield indicates if the Cardmember is present at the point of
service; and if not, the reason why.
Code
0
1
2
3
4

table of contents

5-6
7-8
9

A-I
J-R
S
T
U-Z

Cardmember present
Cardmember not present, unspecified, unknown
Cardmember not present, mail order
Cardmember not present, telephone
Cardmember not present, standing authorization - To be used for situations where Cardmember information is on
record (card on file); however, the billing frequency and amount are variable (e.g., travel, car rental, lodging,
preferred clubs, frequent customer, delayed shipment, split bill transactions, etc.).
Reserved for ISO use
Reserved for national use
Cardmember not present, recurring billing - Used for regular recurring transactions, such as periodic billings (e.g.,
membership dues, subscribed services, insurance premiums, wireless services, newspaper and other regularly
scheduled charges). The recurring billing amount can vary.
Reserved for ISO use
Reserved for national use
Cardmember not present, electronic transaction (e.g., Internet)
Reserved for American Express network use
Reserved for private use

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 22

POINT OF SERVICE DATA CODE (continued)

POS. 6  Card Present — This subfield indicates if the card is present at the point of service.
Code
0
1
2-4
5-7
8-9
A-I
J-R
S-V
W

Card not present
Card present
Reserved for ISO use
Reserved for national use
Reserved for private use
Reserved for ISO use
Reserved for national use
Reserved for private use
Transponder (RFID token) — For transactions initiated by an electronic, radio-frequency device (transponder or
RFID, e.g., Speedpass), this value may be used alone, or in conjunction with Data Field 62 transponder security/ID
(code AXTN). Alternately, a transponder security/ID code may be entered in Data Field 62 without Value W in Data
Field 22, Position 6. Ideally, both items are transmitted. For more details, see Section 5.4.2 Expresspay.
Note: Do not use this value for American Express Expresspay transactions.
Contactless transactions, including American Express Expresspay. For more information, see Section 5.4.2
Expresspay.

Y
Z

Mobile Proximity Payment - American Express internal use only
Digital Wallet - application initiated (including application initiated Payment Token) transactions
Note: Position 6, value Z must be used with Position 7, value 5.

Note: For additional information on Payment Token processing, see page 43.

April 2016

Global Credit Authorization Guide ISO Format

8.1

Data Field 22

American Express Proprietary & Confidential

1100 Authorization Request (continued)

POINT OF SERVICE DATA CODE (continued)

POS. 7 Card Data Input Mode — This subfield indicates the method used to capture information
from the card.
Code
0
1
2

table of contents

3
4
5

6
7
8
9
A-I
J-R
S
T-U
V
W
X-Z

Unspecified, unknown, track data present but incomplete or truncated
Manual, no terminal
Magnetic stripe read. (Note: Byte 7 = 2 only if this transaction contains Track 1 [preferred] and/or Track 2 data
captured intact from the magnetic stripe.)
Bar code
Optical Character Recognition (OCR)
Integrated Circuit Card (ICC).
Notes:
1. Byte 7 = 5 only if this transaction contains EMV and Track 2 data captured intact from the chip (non-Payment
Token transactions).
2. If value Z is present in Position 6 Digital wallet - application initiated Payment Token) transactions, then Position
7, value 5 (Integrated Circuit Card ICC) must be present.
3. American Express-certified EMV terminal and link.
Key entered
Reserved for ISO use
Reserved for national use
Technical fallback - Transaction initiated as chip but was processed using an alternative technology (such as
magnetic stripe).
Reserved for ISO use
Reserved for national use
Manually entered or keyed transaction with keyed CID/4DBC/4CSC. Data Field 53, Security Related Control
Information must be present.
Reserved for private use
Reserved for American Express network use
Swiped transaction with keyed CID/4DBC/4CSC. Data Field 53, Security Related Control Information must be
present.
Reserved for private use

Notes:
• See CID/4DBC/4CSC location on typical American Express Card products.
• For more information on how to properly identify American Express ICC transactions, see Section 5.4.1
- AEIPS.
• For additional information on Payment Token processing, see page 43.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 22

POINT OF SERVICE DATA CODE (continued)

POS. 8 Cardmember Authentication Method — This subfield indicates the method for verifying the
Cardmember identity.
Code
0

Not authenticated, unknown

Electronic signature analysis

Biometrics

Biographic

Manual signature verification

Other manual verification (e.g., drivers license)

Reserved for ISO use

Reserved for national use

Reserved for private use

A-I

Reserved for ISO use

J-R

Reserved for national use

Electronic Ticket Environment

T-Z

Reserved for private use

POS. 9 Cardmember Authentication Entity — This subfield indicates component or person who
verified Cardmember identity reported in Cardmember Authentication (Position 8).
Code
0

Not authenticated, unknown

Integrated Circuit Card (ICC)
Note: American Express-certified EMV terminal and link

Card Acceptor Device (CAD)

Authorizing agent (identified in authorizing agent institution identification code)

By Merchant

Other

Reserved for ISO use

Reserved for national use

8-9

Reserved for private use

A-I

Reserved for ISO use

J-R

Reserved for national use

S-Z

Reserved for private use

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 22

POINT OF SERVICE DATA CODE (continued)

POS. 10 Card Data Output Capability — This subfield indicates the ability of the terminal to update
the card.
Code

table of contents

Unknown

None

Magnetic stripe write

Integrated Circuit Card (ICC)
Note: American Express-certified EMV terminal and link

4-5

Reserved for ISO use

6-7

Reserved for national use

8-9

Reserved for private use

A-I

Reserved for ISO use

J-R

Reserved for national use

S-Z

Reserved for private use

POS. 11 Terminal Output Capability — This subfield indicates the ability of the terminal to print
and/or display messages.
Code

Unknown

None

Printing

Display

Printing and display

5-6

Reserved for ISO use

7-8

Reserved for national use

Reserved for private use

A-I

Reserved for ISO use

J-R

Reserved for national use

S-Z

Reserved for private use

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 22

POINT OF SERVICE DATA CODE (continued)

POS. 12 PIN Capture Capability — This subfield indicates the PIN length that the terminal is capable
of capturing.
Code
0

No PIN capture capability

Device PIN capture capability unknown

2-3

Reserved for ISO use

Four characters

Five characters

Six characters

Seven characters

Eight characters

Nine characters

Ten characters

Eleven characters

Twelve characters

D-I

Reserved for ISO use

J-R

Reserved for national use

S-Z

Reserved for private use

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 24

FUNCTION CODE

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

• Optional — Batch Authorization transactions

table of contents

• Mandatory — Specific Merchants identified for Prepaid
Card functionality. All identified Merchants are informed
by their American Express representative.
• Optional — All other Merchants for Prepaid Card
functionality, but strongly recommended.
• Mandatory — Transit transactions at Transit Access
Terminals (TAT)
Certification Requirement:

USA & Canada
Mandatory — Third Party Processors and/or Vendors must be
certified to pass Prepaid Card data, Function Codes 181 and
182, in this data field. After certification, all
Merchant-provided Prepaid Card data must be forwarded in
this data field.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 24

FUNCTION CODE (continued)

Description:

This data field contains a value that indicates the specific
purpose of this message, within its message class. The
following table lists the valid codes:
Function Code
100 - Authorization Request
180 - Batch Authorization
181 - Prepaid Card Partial Authorization
182 - Prepaid Card Authorization with Balance Return
190 - Account Status Check
191 - ATC Synchronization
194 - Expresspay Translation (PAN Request)
196 - Expresspay Translation (PAN & Expiration Date
Request)
See the following for more detailed information.
100 = Authorization Request - This transaction can be used
for normal Authorization Requests, including those
used for processing a Payment Plan Authorization such
as DPP or EPP. Use of code “100” is optional.
180 = Batch Authorization -— This transaction is part of a
batch of non-time-critical authorization requests,
which do not require the rapid response normally
provided for real-time transactions. Use of code
“180” for batch processing allows American Express
to assign an appropriate priority in relation to
transactions submitted from real-time POS
environments. Typically, a Merchant utilizing Batch
Authorization would not also participate in the special,
Prepaid Card Partial Authorization services, described
on the next page. A Merchant using Batch
Authorization can accept American Express Prepaid
Cards as normal authorizations.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

FUNCTION CODE (continued)

Description (continued):

The following codes enhance acceptance, functionality and
usage of American Express Prepaid Card products at the POS.
For these special Prepaid Card services, authorized Third Party
Processors and Vendor software are required to support both
Prepaid Card functions, specifically Partial Authorization and
Authorization with Balance Return. This enables their
Merchants to select either option. Direct Link Merchants have
the choice of selecting the feature(s) they want to support.
American Express strongly recommends Partial Authorization,
because it approves a request for the remaining balance rather
than declining it when there are insufficient funds to cover the
original amount.

table of contents

Data Field 24

181 = Prepaid Card Partial Authorization Supported Indicates that the Merchant's system accepts and
processes Prepaid Card response messages for partial
authorization of transaction amounts less than the full
value originally submitted for authorization. Note that
the Merchant must collect the remainder from the
Cardmember via another form of payment.
Merchants certified for Prepaid Card Partial
Authorization should use code “181” for all
transactions, and American Express systems will
determine which Card products require a partial
authorization response. Specifically, non-Prepaid Card
products are ineligible for Partial Authorization; and
using code “181” will not affect normal authorization
requests.
When applicable, Partial Authorization-related data is
returned in the following Authorization Response
(1110) message Data Fields:
• Data Field 4 — Amount, Transaction
• Data Field 30 — Amounts, Original
• Data Field 39 — Action Code
• Data Field 54 — Amounts, Additional
Balances may not be returned for some Prepaid Cards.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 24

FUNCTION CODE (continued)

Description (continued):

181 = (continued)
These data fields represent the amount authorized, the
amount requested, the action taken and the balance
remaining on the Prepaid Card. For details, see pages
183, 187, 194 and 203, respectively.
182 = Prepaid Card Authorization with Balance Return
Supported - Indicates that the Merchant's system
and/or POS device accepts and processes Prepaid Card
balances in response messages. This alternative for
systems that do not support partial authorizations
returns the Prepaid Card balance to the Merchant so
that an authorization request can be resubmitted for
the available amount when transactions are denied for
insufficient balance. Another form of payment (i.e.,
split tender) can be requested for the remainder.
Merchants certified for Prepaid Card Authorization
with Balance Return should use code “182” for all
transactions, and American Express systems will
determine which Card products require a response
related to Authorization with Balance Return.
Specifically, non-prepaid Card products are ineligible
for Authorization with Balance Return; and using code
“182” will not affect normal authorization requests.
Using code “182” indicates that the Merchant is
requesting an authorization for the full amount, and
that their system supports the return of Prepaid Card
balance information from American Express.
When applicable, Authorization with Balance
Return-related data is returned in the following
Authorization Response (1110) message Data Fields:
• Data Field 39 — Action Code
• Data Field 54 — Amounts, Additional
These data fields represent the action taken and
the balance remaining on the Prepaid Card. For
details, see pages 194 and 203, respectively.
Balances may not be returned for some Prepaid Cards.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 24

FUNCTION CODE (continued)

Description (continued):

182 = (continued)

table of contents

Note: A Prepaid Card Balance Inquiry for American
Express Prepaid Card products can be submitted by
zero filling Data Field 4 (Amount, Transaction), if Data
Field 24, Function Code, value is “181” (Partial
Authorization) or “182” (Authorization with Balance
Return). The available balance is returned in Data Field
54, Amounts, Additional, of the Authorization
Response (1110) message. However, balance inquiries
cannot be processed for Card products other than
American Express Prepaid Cards.
190 = Account Status Check — Transit Merchants requesting
an account status check on transit transactions only.
191 = ATC Synchronization — Indicates an Application
Transaction Counter (ATC) value is being provided to
the Issuer. Issuers can use this synchronization feature
to maintain their internal ATC data.
194 = Expresspay Translation (PAN request) — Indicates the
Primary Account Number (PAN) associated with an
Expresspay-enabled card/device is being requested
from the Issuer. The response will be returned in Data
Field 34,Primary Account Number, Extended, for
Transit transactions only.
196 = Expresspay Translation (PAN & Expiration Date
request) — Indicates the Primary Account Number
(PAN) and Expiration Date associated with an
Expresspay-enabled card/device is being requested
from the Issuer. The response will be returned in Data
Field 34,Primary Account Number, Extended, for Transit
transactions only.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 25

MESSAGE REASON CODE

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

• Mandatory — American Express Card (and American
Express-supported Card) transactions
• Optional — VISA, MasterCard and JCB transactions
• Optional — American Express Travelers Cheques

Description:

This data field contains a four-digit Message Reason Code,
which is provided by American Express during certification.
The code used varies with the type of request submitted for
processing by the Merchant or Third Party Processor. Proper
use of this data field indicates that the Authorization Request
is certified by American Express.
For information on valid codes and their use, contact your
American Express representative.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 26

CARD ACCEPTOR BUSINESS CODE

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains the Merchant Category Code (MCC)
that corresponds to the Merchant's type of business.
If the Merchant is considered a Payment Service Provider
(Aggregator) or an OptBlue Participant, billing for
services/goods rendered by another entity, the MCC code
should reflect the classification for the specific entity
rendering the goods or services. Therefore, this value may vary
for each transaction dependent on the category applicable to
the Payment Service Provider (Aggregator) or OptBlue
Participant’s specific Sellers.
For a list of Merchant Category Codes, refer to the American
Express Global Codes & Information Guide.
Notes:
1.

For Oil Company Industry Merchants, the Card Acceptor
Business Code data field should reflect the specific type
of business conducted (e.g., 5542 - Automated Fuel
Dispensers or 5541 - Service Stations, including in-store
transactions). Oil Company Industry Merchants that use a
single Merchant ID for more than one business type
should populate this data field with the appropriate
Merchant Category Code (MCC), for each transaction. For
more information, contact your American Express
representative.

For Transit - TAT transactions, the Card Acceptor Business
Code data field must be populated by one of the following
Merchant Category Codes:
4111 = Local and Suburban Commuter Passenger
Transportation, including Ferries
4112 = Passenger Railways
4131 = Bus Lines
4784 = Tolls and Bridge Fees
7523 = Parking Lots and Garages

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 27

APPROVAL CODE LENGTH

Length of Field:

1 byte, fixed length

Field Type:

Numeric

Constant:

6 or 2

Field Requirement:

Optional

Description:

The American Express preferred standard Approval Code for
the Authorization Response (1110) message is a six-digit
approval code. U.S. and Canadian Merchants must comply
with this standard. However, for all other global regions,
American Express has the ability to provide either a two-digit
or a six-digit approval code.
When applicable, American Express representatives must be
informed during the initial setup of the Merchant interface,
that Data Field 27 will be used to determine the Approval Code
length in the Authorization Response (1110) message.
American Express will then set up procedures to check the
value in Data Field 27 and provide the appropriate Approval
Code length in the Authorization Response (1110) message.
When the valid values of either “2” or “6” are present in this
data field, American Express will honor the request to send an
Approval Code of the appropriate length.
If the Merchant or Third Party Processor then submits the data
field with no value, American Express will follow additional
rules to determine the proper length of the Approval Code. This
procedure allows the Approval Code length to vary, which may
suit the Merchant's specific business rules.
If the Merchant or Third Party Processor prefers not to use
Data Field 27, American Express will still set up the link to
return either a two-digit or six-digit Approval Code.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 31

ACQUIRER REFERENCE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 50 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
48 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Not used — All transactions

Description:

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 32

ACQUIRING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Optional

Description:

This data field contains the identification code of the party
processing the request, preceded by a two-digit, Variable
Length Indicator (VLI).
For example, the 11-digit acquiring institution identification
code “45678912345” would appear as:
0
1
1234567890123
1145678912345
Note: This data field is not required for processing this
message; however, if included in an originating request
message, it will be preserved and returned in the response
message without alteration.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 33

FORWARDING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Optional

Description:

This data field contains the forwarding institution's
identification code, preceded by a two-digit Variable Length
Indicator (VLI).
For example, the 11-digit, forwarding institution identification
code “45678912345” would appear as:
0
1

1234567890123
1145678912345
Note: In certain unique implementations, this data field may
be redefined. For example, in the U.S., for non-American
Express (i.e., bankcard) requests, this data field may contain
the ID number assigned to the POS network by the
non-American Express service association (i.e., the ID number
assigned by the network provider processing transactions on
the acquiring bank's behalf).
If you wish to populate this data field with data outside the
basic definition of “the forwarding institution's identification
code”, contact your American Express representative for
assistance in determining the appropriate value to use.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 35

TRACK 2 DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 39 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
37 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Conditional

Certification Requirement:

Global — All regions
During certification, Merchants must demonstrate the ability
to populate and transmit Track 1, Track 2 and/or Integrated
Circuit Card (ICC) Data (Data Fields 45, 35 and 55, respectively,
for Card Present transactions when track or ICC data is
successfully read from a valid Card swipe, EMV card read or
Contactless card read.
Similarly, authorized Third Party Processors and Vendors must
demonstrate the ability to populate and transmit Track 1, Track
2 and/or ICC Data, Data Fields 45, 35 and 55, respectively, for
Card Present transactions when track or ICC data is
successfully read from a valid Card swipe, EMV card read or a
Contactless card read. After certification, Merchants, Third
Party Processors and Vendors must forward all Point of
Sale-provided track and/or ICC data in the appropriate data
field(s).

Description:

This data field contains the information encoded in a valid
Track 2 magnetic stripe, an Integrated Circuit Card (ICC) or a
Contactless card, preceded by a two-digit Variable Length
Indicator (VLI). Actual Track 2 data is composed of the EBCDIC
digits 0 9 and a data field separator value.
If POS Data Code, Position 7 = “2”, “5” or “W”, then the full
Track Data must be present. If Position 7 = “9”, then the full
Track Data may or may not be present. Data Field 45 must be
present if Data Field 35 is not present.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 35

TRACK 2 DATA (continued)

Description (continued):

If Data Field 45, Track 1, is not present, Data Field 35, Track 2,
must be populated with either the information encoded in a Track
2 magnetic stripe read for swiped transactions, or the Track 2
data stored on the chip of a Chip Card for ICC transactions.

table of contents

Note: Track 1 and Track 2 data formats may vary slightly between
various American Express products. The data field definitions
referenced in the American Express Magnetic Stripe and
Expresspay Pseudo-Magnetic Stripe Formats are for reference
only and may not reflect all variations that may be encountered.
For this reason, when Track 1 or Track 2 data is supplied intact,
the Acquirer, their devices, systems, Vendor software and
authorized Third Party Processors should capture all characters
between the start and end sentinels, strip off the sentinels and
LRC, and forward the remainder to American Express in the
appropriate ISO 8583 Track 1 or Track 2 data field, without regard
to the specific lengths referenced in these sections.
For more information, refer to the American Express Magnetic
Stripe Formats and Expresspay Pseudo-Magnetic Stripe Formats
in the American Express Global Codes & Information Guide.
ANSI X4.16 Format

In the following example below, the two-digit VLI is “29” and the
digits that follow are the 29 bytes of Track 2 data in ANSI X4.16
format. The character “=” is used to depict the data field
separator. The total length of this example is 31 bytes.
0
1
2
3
1234567890123456789012345678901
29371449635311004=1211081112345

ISO 7813 Format

In the following example, the two-digit VLI is “37” and the digits
that follow are the 37 bytes of Track 2 data in ISO 7813 format.
The character “=” is used to depict the data field separator. The
total length of this example is 39 bytes.
0
1
2
3
123456789012345678901234567890123456789
37371449635311004=021110108111234567800

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 35

TRACK 2 DATA (continued)

Expresspay Pseudo-Magnetic Stripe
Format

In the following example, the two-digit VLI is “37” and the digits
that follow are the 37 bytes of Track 2 data shown in Expresspay
Pseudo-Magnetic Stripe Format. The character “=” is used to
depict the data field separator. The total length of this example is
39 bytes.
0
1
2
3
123456789012345678901234567890123456789
37371449635311004=111270212342474312345
Notes:
1. If Tracks 1 and 2 are both captured, both should be
forwarded. If only one track is captured, Track 1 is preferred
(see page 109). For systems that capture only Track 2, this
less desirable alternative may be supplied in lieu of Track 1.
2. American Express security requirements prohibit the storage
of track data within Merchant or processor systems.

April 2016

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 37

RETRIEVAL REFERENCE NUMBER

Length of Field:

12 bytes, fixed length

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Optional

Description:

This data field contains a unique, 12-character reference
number.
Note: This data field is not required for processing this
message; however, if included in an originating request
message, it will be preserved and returned in the response
message without alteration.

100

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 41

CARD ACCEPTOR TERMINAL IDENTIFICATION

Length of Field:

8 bytes, fixed length

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Mandatory — American Express transactions in EMEA,
LA/C & APA
Note: Merchants in EMEA & LA/C that are unable to
provide a unique value for each terminal, can provide a 
central location Terminal ID
• Optional — American Express transactions in the USA and
Canada (strongly recommended), and non-VISA
transactions
• Mandatory — VISA PS2000

Description:

This data field contains a unique code that identifies a specific
terminal at a Merchant location. It is used when Data Field 42,
Card Acceptor Identification Code, does not uniquely identify
the physical location of this transaction.
Note: This data field may or may not be mandatory for
processing this message; however, if included in an originating
request message, it will be preserved and returned in the
response message without alteration.

April 2016

101

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 42

CARD ACCEPTOR IDENTIFICATION CODE

Length of Field:

15 bytes, fixed length

Field Type:

Alphanumeric & special characters, left justified, character
space filled

Constant:

None

Field Requirement:

Mandatory

Description:

This data field identifies the Merchant in a POS transaction
and is required for ALL requests. The Merchant ID assigned to
the POS location shall be one of the following, and must be left
justified and character space filled:
• 10-digit American Express SE Number.
• Two-character alphanumeric Airline Code.
• IATA1 Travel Agent ID (T + 5-8 digits).
If the American Express SE Number is used in this data field,
check digit validation is required. For details, refer to SE
Number Check Digit Computation (Modulus 9 Check) in the
American Express Global Codes & Information Guide.
Airline Code
If a two-character alphanumeric Airline Code is used in this
data field, additional information may be included using the
following format:
XX~T12345678
See Airline Code instructions on the next page.

_____________________
1

IATA = International Air Transport Association.

102

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 42

CARD ACCEPTOR IDENTIFICATION CODE (continued)

Description (continued):

In the example on the previous page, “XX” is the
two-character alphanumeric Airline Code, “~” is a character
space, the alpha character “T” is a constant that indicates that
the value that follows is a travel agent number, and
“12345678” is a 7-8 digit IATA Travel Agent ID, where the
eight digits have the following significance:
12

34567 =
8

Two-digit State or Country Code
Five-digit Core Number
Check Digit (optional). If unused, pad with a
character space.

Notes:
1. For American Express transactions, use of formats other
than the 10-digit American Express SE Number requires
additional certification.
2. This data field is mandatory for processing this message,
and it will be preserved and returned in the response
message without alteration.

April 2016

103

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 43

CARD ACCEPTOR NAME/LOCATION

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 101 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
99 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Global — All regions
• Mandatory — Oil Company Industry, including Card
Acceptor Terminal (CAT) transactions where a single
Service Establishment Number is not used for each
physical location
• Mandatory — Payment Service Providers (Aggregators) &
OptBlue Participants
• Mandatory — VISA PS2000
• Optional — All other transactions

Certification Requirement:

Global — All regions
Mandatory — Third Party Processors and/or Vendors must be
certified to pass data in this data field. After certification, all
Merchant-provided data must be forwarded in this data field.
Note: While this data field is optional for many transactions,
American Express strongly recommends that all Merchants
populate this data field in every authorization request.

Description:

This data field contains the card acceptor name and location,
which consists of six data elements with up to 99 characters
total, preceded by a two-digit, Variable Length Indicator. The
first three elements (subfield 1) are variable length and are
separated from each other and the remaining elements by a
back slash (\). Maximum allowable values include backslashes.
See Subfield Table on the next page.

104

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 43

CARD ACCEPTOR NAME/LOCATION (continued)



Oil Co.
CAT



VISA
PS2000

Payment
Service
Provider
(Aggregator)
and OptBlue
Participants



Other
Trans.



Subfield
Length



Subfield
Type




Description

LLVAR

2 bytes

Numeric

Variable Length Indicator

Subfield 1

N/A2

83 bytes 
max.

Alphanumeric & special
characters

Oil Co. CAT1 
Name \ \ \
Must replace Name with unique
merchant-assigned, station location
code.
Payment Service Providers
(Aggregators) and OptBlue
Participants3 
Payment Service Provider:
PSP’s supported within an OptBlue
Participant must follow the Payment
Service Provider format:
Payment Service Provider
(Aggregator)=Seller DBA\Seller
Street\Seller City\
A. Payment Service Provider
(Aggregator) and Seller Name -
38 bytes (max.) and should be
constructed of two elements
separated by an “=” delimiter:
1. Payment Service Provider
(Aggregator) 
2. Seller Name 
B. Street - 30 bytes (max.)
C. City - 15 bytes (max.)

OptBlue Participants:
= Seller DBA\Seller Street\Seller
City\ 
A. =Seller Name - 38 bytes (max.)
and should always begin with an
“=”
B. Street - 30 bytes (max.)
C. City - 15 bytes (max.)

M = Mandatory

O = Optional

N/A = Subfield is unused

April 2016

105

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 43



Oil Co.
CAT

CARD ACCEPTOR NAME/LOCATION (continued)



VISA
PS2000

Payment
Service
Provider
(Aggregator)
and OptBlue
Participants



Other
Trans.



Subfield
Length



Subfield
Type

table of contents

Subfield 1
(continued)




Description

Note: The elements provided in this
subfield should be spelled out
completely. If necessary, truncate
the information to meet the length
requirements rather than using
abbreviations.
Additional data requirements are
found in Data Field 60, National Use
Data.
All Other Merchants - Optional
Name\Street\City\

Subfield 2

10 bytes
Fixed

Alphanumeric & special
characters, left justified

Postal Code

Subfield 3

N/A5

N/A4

3 bytes
Fixed

Alphanumeric & special
characters, left justified

Region Code must correspond to the
Country Code provided.
For information on country and
region codes, refer to the American
Express Global Codes & Information
Guide.

Subfield 4

N/A5

3 bytes
Fixed

Alphanumeric

Country Code must correspond to
the Region Code provided.
For information on country and
region codes, refer to the American
Express Global Codes & Information
Guide.

M = Mandatory

O = Optional

106

April 2016

N/A = Subfield is unused

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 43

CARD ACCEPTOR NAME/LOCATION (continued)

Notes:
1. For Oil Company Industry CAT transactions, Subfield 1 must contain a unique, Merchant-assigned,
station location code in format “S#nnnnnnnnnnn\\\”. While the previous example shows an
11-byte station location code, the actual value may vary in length within the 83-byte maximum allowed.
2. For VISA PS2000, Subfield 1 is omitted, indicated by three back slashes (\\\), one per element (Name,
Street and City).
3. Payment Service Providers (Aggregators) and OptBlue Participants:
a. For Payment Service Providers (Aggregators) - Subfield 1 must include the Payment Service Provider
(Aggregator) as well as the Seller DBA. Both elements should be separated by an “=”delimiter. The
Payment Service Provider (Aggregator) must also provide the Seller's Street and Seller's City.
Example of typical entry for Subfield 1:
ANY~AGGREGATOR=KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\
ANYTOWN\
b. For OptBlue Participants - Subfield 1 must include the Seller DBA preceded by an “=” delimiter. The
OptBlue Participant must also provide the Seller’s Street and Seller’s City.
Example of typical entry for Subfield 1:
=KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\ANYTOWN\
Notes for #3a and #3b:
1. In the example above, tilde (~) characters represent character spaces and the equal sign (=)
represents a delimiter.
2. Payment Service Providers (Aggregators) supported within an OptBlue Participant must follow
the Payment Service Provider (Aggregator) format.
4. Subfields 2, 3 and 4 are mandatory for Payment Service Providers (Aggregators) and OptBlue
Participants. Should data be unavailable, omitted subfields are indicated by character spaces. See
examples on the next page.
5. Subfields 3 and 4 are omitted for Oil Company Industry CAT transactions. For all other Merchants
subfields 3 and 4 are optional. Omitted subfields are indicated by back slashes (\), one per subfield. See
examples on the next page.
See all examples on the next page.

April 2016

107

Global Credit Authorization Guide ISO Format

8.1

Data Field 43

American Express Proprietary & Confidential

1100 Authorization Request (continued)

CARD ACCEPTOR NAME/LOCATION (continued)

Typical example for entry of Oil Company Industry “Station Location Code”
1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
28S#12345678901\\\85054~~~~~\\

table of contents

Typical example for entry of Payment Service Provider (Aggregator) and OptBlue
Participants “Payment Service Provider (Aggregator)=Seller DBA”,”Seller Street”,
“Seller City”, “Seller Postal Code”, “Seller Region”, and “Seller Country Code”
1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
77ANY~AGGREGATOR=KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\ANYTO

1
1
1
7
8
9
0
1
2
123456789012345678901234567890123456789012345678901234567890
WN\85054~~~~~AZ~840

Typical example for entry of Payment Service Provider (Aggregator) and OptBlue
Participants “Payment Service Provider (Aggregator)=Seller DBA”,”Seller Street”,
“Seller City”, and omitted “Seller Postal Code”, “Seller Region”, and “Seller Country
Code”
1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
77ANY~AGGREGATOR=KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\ANYTO

1
1
1
7
8
9
0
1
2
123456789012345678901234567890123456789012345678901234567890
WN~~~~~~~~~~~~~~~~

Typical example for all other Merchants
1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
58KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\ANYTOWN\85054~~~~~\\

Note: In the examples above, tilde (~) characters represent character spaces and the equal sign (=)
represents a delimiter.

108

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 45

TRACK 1 DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 78 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
76 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Global — All regions
• Mandatory — Oil Company Industry, Card Acceptor
Terminal (CAT) transactions
• Conditional — All other transactions with POS Data Code
values noted in description

Certification Requirement:

Global — All regions
During certification, Merchants must demonstrate the ability
to populate and transmit Track 1 or Track 2 data, Data Fields
45 and 35, respectively, for Card Present transactions when
track data is successfully read from a valid Card swipe or a
Contactless card read.
Similarly, authorized Third Party Processors and Vendors must
demonstrate the ability to populate and transmit Track 1 and
Track 2 data, Data Fields 45 and 35, respectively, for Card
Present transactions when track data is successfully read from
a valid Card swipe or a Contactless card read. After
certification, Merchants, Third Party Processors and Vendors
must forward all Point of Sale-provided track data in the
appropriate data field(s).

Description:

This data field contains the information encoded in a valid
Track 1 magnetic stripe or a Contactless card, preceded by a
two-digit, Variable Length Indicator (VLI). The actual Track 1
data is composed of EBCDIC alphanumeric and special
characters, and a data field separator value.

April 2016

109

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 45

TRACK 1 DATA (continued)

Description (continued):

If POS Data Code, Position 7 = “2”, “5” or “W”, then the full
Track Data must be present. If Position 7 = “9”, then the full
Track Data may or may not be present. Data Field 35 must be
present, if Data Field 45 is not present.

table of contents

If Data Field 35, Track 2, is not present, Data Field 45, Track 1,
must be populated with the information encoded in a Track 1
magnetic stripe read for swiped transactions, or Pseudo-Track
1 or the Track 1 data stored on a Contactless card for
contactless transactions.
Note: Track 1 and Track 2 formats may vary slightly between
various American Express products. The data field definitions
referenced in the American Express Magnetic Stripe and
Expresspay Pseudo-Magnetic Stripe Formats are for reference
only and may not reflect all variations that may be
encountered. For this reason, when Track 1 or Track 2 data is
supplied intact, the Acquirer, their devices, systems, Vendor
software and authorized Third Party Processors should capture
all characters between the start and end sentinels, strip off the
sentinels and LRC, and forward the remainder to American
Express in the appropriate ISO 8583 Track 1 or Track 2 data
field, without regard to the specific lengths referenced in these
sections.
For more information, refer to the American Express Magnetic
Stripe Formats and Expresspay Pseudo-Magnetic Stripe
Formats in the American Express Global Codes & Information
Guide.
Oil Company CAT Transactions
This data field is required for Oil Company Industry Card
Acceptor Terminal (CAT) transactions. (Forwarding Track 1
data, which includes primary account number, effective and
expiration dates, and Cardmember name, reduces fraud by
allowing comparison of actual card data to the American
Express database.)

110

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 45

TRACK 1 DATA (continued)

Examples:

See the following examples.
ANSI X4.16 Format
In the following example, the two-digit VLI is “59” and the
digits that follow are the 59 bytes of Track 1 data in ANSI
X4.16 format. The character “^” is used to depict the data field
separator, and tildes (~) represent character spaces. The total
length of this example is 61 bytes.

0
1
2
3
4
5
6
1234567890123456789012345678901234567890123456789012345678901
59B3714~49653~11004^FROST/CHARLES~F.JR~~~~~~~~^9403910112345

ISO 7813 Format
In the following example, the two-digit VLI is “76” and the
digits that follow are the 76 bytes of Track 1 data in ISO 7813
format. The character “^” is used to depict the data field
separator, and tildes (~) represent character spaces. The total
length of this example is 78 bytes.
0
1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
76B371449635311004^FROST/CHARLES~F.JR~~~~~~~~^94031019101123
6
7
123456789012345678
456789012345678901

April 2016

111

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 45

TRACK 1 DATA (continued)
Expresspay Pseudo-Magnetic Stripe Format
In the following example, the two-digit VLI is “60” and the
digits that follow are the 60 bytes of Track 1 data shown in
Expresspay Pseudo-Magnetic Stripe Format. The character “^”
is used to depict the data field separator. The total length of
this example is 62 bytes.

table of contents

0
1
2
3
4
5
6
12345678901234567890123456789012345678901234567890123456789012
60B371449635311004^VALUED/CARDMEMBER~~~~12345^1211702123424743

Notes:

112

If Tracks 1 and 2 are both captured, both should be forwarded. If only one track is captured,
Track 1 is preferred. For systems that capture only Track 2, this less desirable alternative may
be supplied in lieu of Track 1 (see page 97).

American Express security requirements prohibit the storage of track data within Merchant or
processor systems.

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL

Length of Field:
Variable Length Indicator:
Length of Variable Data:

19 bytes minimum, 304 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
301 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Optional — Merchants in mail-, telephone- and
internet-order industries that pass Card Not Present Internet Telephone Data (ITD).
• Optional — Merchants in the airline industry that pass
Card Not Present Internet Airline Customer (IAC) data or
Card Not Present - Airline Passenger Data (APD).
• Optional — Merchants in Card Present transactions that
pass Card Present - Goods Sold data.

Certification Requirement:

USA, Canada, EMEA & LA/C
• Mandatory — Third Party Processors and/or Vendors must
be certified to pass Card Not Present - Internet Telephone
Data (ITD) in this data field. After certification, all
Merchant-provided ITD data must be forwarded in this
data field.
• Mandatory — Third Party Processors and/or Vendors must
be certified to pass Card Not Present Internet Airline
Customer (IAC) data in this data field. After certification,
all Merchant-provided IAC data must be forwarded in this
data field.
• Mandatory — Third Party Processors and/or Vendors must
be certified to pass Card Not Present - Airline Passenger
Data (APD) in this data field. After certification, all
Merchant-provided APD data must be forwarded in this
data field.

April 2016

113

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Certification Requirement (continued):

• Mandatory — Third Party Processors and/or Vendors must
be certified to pass Card Present - Goods Sold data in this
data field. After certification, all Merchant-provided Card
Present - Goods Sold data must be forwarded in this data
field.

Description:

This data field is composed of four formats:

table of contents

• The first format is for Merchants in mail-, telephone- and
internet-order industries that submit Card Not Present Internet Telephone Data (ITD).
For Merchants using this format, ITD subfields may contain
source data, including the Cardmember's Web and email
addresses, host computer name, HTTP browser, product
SKU (Stock Keeping Unit) inventory reference number,
shipping method and country to which product will be
shipped.
• The second format is specific to airline industry Merchants
that submit Card Not Present - Internet Airline Customer
(IAC) data.
For these Merchants, IAC subfields may contain additional
travel-specific information, including the departure date,
passenger name, travel origin and destination, routing
cities, airline carriers, fare basis, number of passengers,
and customer IP and email addresses.

114

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Description:

• The third format is specific to airline industry Merchants
that submit Card Not Present - Airline Passenger Data
(APD).
For these Merchants, APD subfields may contain additional
travel-specific information, including the departure date,
passenger and Cardmember names, travel origin and
destination, routing cities, airline carriers, fare basis,
number of passengers, e-ticket indicator and reservation
code.
Note: Within the Airline Industry, the IAC format is
recommended over the APD format, as it is more
comprehensive. The APD format has been retained for
Merchants, Processors and Vendor software currently
sending data in this format.
Merchants that could fall under ITD, IAC or APD categories
should contact their American Express representative, to
determine which format is appropriate for their business.
• The fourth format is specific to Card Present Goods Sold
data. The Card Present - Goods Sold subfields contain Card
Present information identifying the product being
purchased which is Gift Cards.

April 2016

115

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Description (continued):

Notes:

table of contents

1. Only one of the four formats may be used for a given
transaction. The ITD format has a minimum length of 74
bytes and a maximum of 265, including VLI. The IAC format
has a minimum of 132 bytes and a maximum of 304,
including VLI. The APD format has a minimum of 151 bytes
and a maximum of 290, including VLI. The Card Present Goods Sold format has a minimum length of 19 bytes and a
maximum of 19, including the VLI.
2. For all formats, unused fixed-length subfields must be
character space or zero filled, as appropriate.
3. Unless otherwise indicated, for all formats, unused
variable-length subfields must be a minimum of one byte,
composed of a character space or zero, as appropriate.
This is in addition to providing the preceding ID and VLI
bytes. For example, the three-byte ID would be sent with
two-byte VLI “01”, and the one-byte subfield would
contain a single character space or a zero, as appropriate.
4. Unless otherwise indicated, alphanumeric subfields are
left justified, character space filled and not case sensitive;
and numeric subfields are right justified and zero filled, as
necessary.

116

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present - Internet Telephone Data (ITD) For the Mail-, Telephone- and Internet-Order
Industries Format Table
Relative
Position


Subfield Name

Subfield
Length


Subfield Type


Description

1-3

VARIABLE LENGTH INDICATOR
(VLI)

3 bytes

Numeric (EBCDIC)

VLI indicates total length of variable data in this
data field (not including VLI).

4-5

PRIMARY ID

2 bytes

Alphanumeric

Primary ID (Card Type Code) is constant literal
“AX” (American Express).

6-8

SECONDARY ID

3 bytes

Alphanumeric

Secondary ID (Data Type Code). Valid IDs include:
ITD = Card Not Present Data

9-11

CUSTOMER EMAIL ID (CE ID)

3 bytes

Alphanumeric

Customer Email ID is constant literal “CE~”
(Customer Email).

12-13

VARIABLE LENGTH INDICATOR
(CE VLI)

2 bytes

Numeric

CE VLI indicates length of CUSTOMER EMAIL
variable data (not including CE ID or VLI).

14-37

CUSTOMER EMAIL

Alphanumeric &
special characters

Customer's email address. Example:

1-60 bytes

CFFROST@EMAILADDRESS.COM

38-40

CUSTOMER HOSTNAME ID (CH
ID)

3 bytes

Alphanumeric

Customer HostName ID is constant literal “CH~”
(Customer HostName).

41-42

VARIABLE LENGTH INDICATOR
(CH VLI)

2 bytes

Numeric

CH VLI indicates length of CUSTOMER
HOST-NAME variable data (not including CH ID
or VLI).

43-56

CUSTOMER HOSTNAME

Alphanumeric &
special characters

Name of server to which customer is connected.
Example: PHX.QW.AOL.COM

57-59

HTTP BROWSER TYPE ID (HBT ID)

3 bytes

Alphanumeric

HTTP Browser Type ID is constant literal “HBT”
(HTTP Browser Type).

60-61

VARIABLE LENGTH INDICATOR
(HBT VLI)

2 bytes

Numeric

HBT VLI indicates length of HTTP BROWSER
TYPE variable data (not including HBT ID or VLI).

62-107

HTTP BROWSER TYPE

Alphanumeric &
special characters

Customer's HTTP browser type.

1-60 bytes

Example:
MOZILLA/4.0~(COMPATIBLE;
~MSIE~5.0;~WINDOWS~95)

108-110

SHIP TO COUNTRY ID (STC ID)

3 bytes

Alphanumeric

Ship To Country ID is constant literal “STC”
(Ship To Country).

111-112

VARIABLE LENGTH INDICATOR
(STC VLI)

2 bytes

Numeric

STC VLI indicates length of SHIP TO COUNTRY
variable data. Must be constant literal “03”.

Note: ~ = character space.
See example on page 120.

April 2016

117

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present - Internet Telephone Data (ITD) For the Mail-, Telephone- and Internet-Order
Industries Format Table (continued)
Relative
Position


Subfield Name

table of contents

Subfield
Length


Subfield Type


Description

113-115

SHIP TO COUNTRY

3 bytes

Alphanumeric

Three-byte, numeric Country Code. Refer to
Country Codes in the Global Codes & Information
Guide. Example for U.S.: 840

116-118

SHIPPING METHOD ID (SM ID)

3 bytes

Alphanumeric

Shipping Method ID is constant literal “SM~”
(Shipping Method).

119-120

VARIABLE LENGTH INDICATOR
(SM VLI)

2 bytes

Numeric

SM VLI indicates length of SHIPPING METHOD
variable data (not including SM ID or VLI). Must
be constant literal “02”.

121-122

SHIPPING METHOD

2 bytes

Alphanumeric

Two-byte, shipment-type code:
01
02
03
04
05
06
07-ZZ

=
=
=
=
=
=
=

Same Day
Overnight / Next Day
Priority, 2-3 days
Ground, 4 or more days
Electronic Delivery
Ship-to Store*
Reserved for future use

123-125

MERCHANT PRODUCT SKU ID
(MPS ID)

3 bytes

Alphanumeric

Merchant Product SKU ID is constant literal
“MPS” (Merchant Product SKU).

126-127

VARIABLE LENGTH INDICATOR
(MPS VLI)

2 bytes

Numeric

MPS VLI indicates length of MERCHANT
PRODUCT SKU variable data (not including MPS
ID or VLI).

128-135

MERCHANT PRODUCT SKU

Alphanumeric &
special characters

Unique SKU (Stock Keeping Unit) inventory
reference number of product associated with this
authorization request. For multiple items, enter
SKU for single, most expensive item.

1-15 bytes

Example: TKDC315U
136-150

CUSTOMER IP

15 bytes

Alphanumeric &
special characters

Customer's Internet IP address, left justified and
character space filled (as necessary) to 15 bytes.
Example 1: 127.142.151.223
Example 2: 127.142.5.56~~~
Example 3: 12.142.49.190~~

Note: ~ = character space.
See example on page 120.
* Merchants populating the Shipping Method, using shipment-type code (06) Ship-to Store, are strongly encouraged to populate
the address of the store location in Data Field 63 (Private Use Data) Ship-to Address in the 205-byte format.

118

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present - Internet Telephone Data (ITD) For the Mail-, Telephone- and Internet-Order
Industries Format Table (continued)
Relative
Position


Subfield Name

Subfield
Length


Subfield Type


Description

151-160

CUSTOMER ANI

10 bytes

Alphanumeric &
special characters

ANI (Automatic Number Identification) specified
10-digit phone number that customer used to
place order with Merchant. Leading or trailing
zeros and/or virgules (/) are not permitted as
filler. However, phone numbers less than 10digits should be left justified and character space
filled. USA, Canada and other countries that
follow the NANP phone numbering system
should send all 10-digits of the phone number,
including the area code. For countries that do not
follow this system, send the last 10-digits.
Examples: United States of America (USA) phone
number “602-555-1212” would be entered as
“6025551212”.
United Kingdom (UK) phone number
“44-1234-123456” would be entered as
“1234123456”.

161-162

CUSTOMER II DIGITS

2 bytes

Alphanumeric &
special characters

Telephone company-provided ANI Information
Identifier (II) digits associated with CUSTOMER
ANI. II digits indicate call type. For example,
cellular (61-63), payphone (27), toll free (24, 25),
etc.

See example on the next page.

April 2016

119

Global Credit Authorization Guide ISO Format

8.1

Data Field 47

American Express Proprietary & Confidential

1100 Authorization Request (continued)

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present - Internet Telephone Data (ITD) For the Mail-, Telephone- and Internet-Order
Industries Example
The following example corresponds to the ITD Position Format Table on the preceding pages, and illustrates
a data field entry for mail-, telephone- and internet-order Merchants that submit Card Not Present - Internet
Telephone Data (Data Type Code “ITD”).

table of contents

1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
159AXITDCE~24CFFROST@EMAILADDRESS.COMCH~14PHX.QW.AOL.COMHBT4
1
1
1
6
7
8
9
0
1
2
123456789012345678901234567890123456789012345678901234567890
6MOZILLA/4.0~(COMPATIBLE;~MSIE~5.0;~WINDOWS~95)STC03840SM~02
1
1
1
1
1
2
3
4
5
6
123456789012345678901234567890123456789012
02MPS08TKDC315U127.142.005.056602555121200

Notes:
1. In the example above, tilde (~) characters represent character spaces.
2. This example represents data for multiple scenarios of a Card Not Present - Internet Telephone Data
(ITD) transaction. A typical transaction will probably not include all subfields (e.g., an Internet-order
would not include Customer ANI and Customer II Digits; and a phone-order would not include Customer
Hostname or Customer IP).

120

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present Internet Airline Customer (IAC) Format Table
Relative
Position


Subfield Name

Subfield
Length


Subfield Type


Description

1-3

VARIABLE LENGTH INDICATOR
(VLI)

3 bytes

Numeric (EBCDIC)

VLI indicates total length of variable data in this
data field (not including VLI).

4-5

PRIMARY ID

2 bytes

Alphanumeric

Primary ID (Card Type Code) is constant literal
“AX” (American Express).

6-8

SECONDARY ID

3 bytes

Alphanumeric

Secondary ID (Data Type Code). Valid IDs include:
IAC = Internet Airline Customer

9-16

DEPARTURE DATE

8 bytes

Numeric

Departure Date (format CCYYMMDD).
Example: 20030101

17-19

AIRLINE PASSENGER NAME ID
(APN ID)

3 bytes

Alphanumeric

Airline Passenger Name ID is constant literal
“APN” (Airline Passenger Name).

20-21

VARIABLE LENGTH INDICATOR
(APN VLI)

2 bytes

Numeric

APN VLI indicates length of Airline PASSENGER
NAME variable data (not including APN ID or VLI).

22-44

PASSENGER NAME

23-40 bytes

Alphanumeric &
special characters

Passenger Name in format: SURNAME~
FIRSTNAME~MIDDLEINITIAL~TITLE
Use character space as sub-element separator.
Variable data must be 23-bytes minimum, space
filled as necessary, 40-bytes maximum. Truncate
at 40 bytes, if necessary.
Example: FROST~JANE~M~MRS~~~~~~~

45-49

ORIGIN (Origin Airport)

5 bytes

Alphanumeric &
special characters

First segment travel origination Airport,
Note: Five-byte code sequence allows for
anticipated expansion of present, three-character
Airport Code. If necessary, left justify codes and
character space fill each code sequence to five
bytes.
Example: ABC~~

50-54

DEST (First Segment Travel
Destination Airport)

5 bytes

Alphanumeric &
special characters

Destination Airport for first travel segment of
trip; not necessarily the final destination. For
example, if passenger flies from STL to MIA with
layover at JFK, Destination Airport for first
segment is JFK.
Note: Five-byte code sequence allows for
anticipated expansion of present, three-character
Airport Code. If necessary, left justify codes and
character space fill each code sequence to five
bytes.
Example: XYZ~~

Note: ~ = character space.
See example on page 124.

April 2016

121

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present Internet Airline Customer (IAC) Format Table (continued)
Relative
Position


Subfield Name

Subfield
Length


Subfield Type


Description

table of contents

55-57

ROUTING ID (RTG ID)

3 bytes

Alphanumeric

Routing ID is constant literal “RTG” (Routing).

58-59

VARIABLE LENGTH INDICATOR
(RTG VLI)

2 bytes

Numeric

RTG VLI indicates combined length of NUMBER
OF CITIES and ROUTING CITIES variable data (not
including RTG ID or VLI).

60-61

NUMBER OF CITIES

2 bytes

Numeric

Number of Airports or Cities on ticket (10 max).

62-120

ROUTING CITIES

Alphanumeric &
virgule (/)

Routing Airport or City Codes for each leg on
ticket (including ORIGIN and DEST) in five-byte
segments with virgule (/) separator. Example:

11-59 bytes

ABC~~/DEF~~/GHI~~/JKL~~/MNO~~
/PQR~~/STU~~/VWX~~/YZA~~/XYZ~
~
121-123

AIRLINE CARRIERS ID (ALC ID)

3 bytes

Alphanumeric

Airline Carriers ID is constant literal “ALC”
(Airline Carrier).

124-125

VARIABLE LENGTH INDICATOR
(ALC VLI)

2 bytes

Numeric

ALC VLI indicates combined length of NUMBER
OF AIRLINE CARRIERS and AIRLINE CARRIERS
variable data (not including ALC ID or VLI).

126-127

NUMBER OF AIRLINE CARRIERS

2 bytes

Numeric

Number of Airline Carriers entered in AIRLINE
CARRIERS subfield (9 max). Example: 09

128-180

AIRLINE CARRIERS

Alphanumeric &
virgule (/)

Airline Carrier Code for each leg on ticket
(including ORIGIN and DEST) in five-byte
segments with virgule (/) separator. Example:

5-53 bytes

AB~~~/XY~~~/BC~~~/CD~~~/DE~~~
/DE~~~/CD~~~/BC~~~/AB~~~
Each leg must have Airline Carrier Code entry,
even if multiple (or all) legs are on same Airline.
181-204

FARE BASIS

24 bytes

Alphanumeric &
special characters

Primary & secondary discount codes indicate
class of service and fare level associated with
ticket. Truncate at 24 bytes, if necessary.
Example:
ABC123DEF456GHI789JKL012

205-207

NUMBER OF PASSENGERS

3 bytes

Numeric

Number of passengers in party. Example: 001

Note: ~ = character space.
See example on page 124.

122

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present Internet Airline Customer (IAC) Format Table (continued)
Relative
Position


Subfield Name

Subfield
Length


Subfield Type


Description

208-222

CUSTOMER IP

15 bytes

Alphanumeric &
special characters

Customer's Internet IP address, left justified and
character space filled (as necessary) to 15 bytes.
Example 1: 127.142.151.223
Example 2: 127.142.5.56~~~
Example 3: 12.142.49.190~~

223-225

CUSTOMER EMAIL ID (CE ID)

3 bytes

Alphanumeric

Customer Email ID is constant literal “CE~”
(Customer Email).

226-227

VARIABLE LENGTH INDICATOR

2 bytes

Numeric

CE VLI indicates length of CUSTOMER EMAIL
variable data (not including CE ID or VLI).

228-251

CUSTOMER EMAIL

Alphanumeric &
special characters

Customer's email address. Example:
CFFROST@EMAILADDRESS.COM

1-60 bytes

Note: ~ = character space.
See example on the next page.

April 2016

123

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present Internet Airline Customer (IAC) Example
The following example corresponds to the IAC Position Format Table on the preceding pages, and illustrates
a data field entry for airline industry Merchants that submit Card not Present Internet Airline Customer data
(Data Type Code “IAC”).

table of contents

1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
248AXIAC20030101APN23FROST~JANE~M~MRS~~~~~~~ABC~~XYZ~~RTG611
1
1
1
6
7
8
9
0
1
2
123456789012345678901234567890123456789012345678901234567890
0ABC~~/DEF~~/GHI~~/JKL~~/MNO~~/PQR~~/STU~~/VWX~~/YZA~~/XYZ~~
1
1
1
1
1
1
1
2
3
4
5
6
7
8
123456789012345678901234567890123456789012345678901234567890
ALC5509AB~~~/XY~~~/BC~~~/CD~~~/DE~~~/DE~~~/CD~~~/BC~~~/AB~~~
1
1
2
2
2
2
2
8
9
0
1
2
3
4
123456789012345678901234567890123456789012345678901234567890
ABC123DEF456GHI789JKL012001127.142.005.056CE~24CFFROST@EMAIL
2
2
4
5
12345678901
ADDRESS.COM

Note: In the example above, the tilde (~) characters represent character spaces.

124

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present - Airline Passenger Data (APD) Format Table
Relative
Position


Subfield Name

Subfield
Length


Subfield Type


Description

1-3

VARIABLE LENGTH INDICATOR
(VLI)

3 bytes

Numeric (EBCDIC)

VLI indicates total length of variable data in this
data field (not including VLI).

4-5

PRIMARY ID

2 bytes

Alphanumeric

Primary ID (Card Type Code) is constant literal
“AX” (American Express).

6-8

SECONDARY ID

3 bytes

Alphanumeric

Secondary ID (Data Type Code). Valid IDs include:
APD = Internet Airline Customer

9-16

DEPARTURE DATE

8 bytes

Numeric

Departure Date (format CCYYMMDD).
Example: 20030101

17-19

AIRLINE PASSENGER NAME ID
(APN ID)

3 bytes

Alphanumeric

Airline Passenger Name ID is constant literal
“APN” (Airline Passenger Name).

20-21

VARIABLE LENGTH INDICATOR
(APN VLI)

2 bytes

Numeric

APN VLI indicates length of Airline PASSENGER
NAME variable data (not including APN ID or VLI).

22-44

PASSENGER NAME

Alphanumeric &
special characters

45-47

CARDMEMBER NAME ID (CN ID)

3 bytes

Alphanumeric

Cardmember Name ID is constant literal “CN~”
(Cardmember Name).

48-49

VARIABLE LENGTH INDICATOR
(CN VLI)

2 bytes

Numeric

CN VLI indicates length of CARDMEMBER NAME
variable data (not including CN ID or VLI).

50-72

CARDMEMBER NAME

Alphanumeric &
special characters

Cardmember Name in format: SURNAME~
FIRSTNAME~MIDDLEINITIAL~TITLE
Use character space as sub-element separator.
Variable data must be 23-bytes minimum, space
filled as necessary, 40-bytes maximum. Truncate
at 40 bytes, if necessary.

23-40 bytes

Example: FROST~CHARLES~F~MR~~~~~

Note: ~ = character space.
See example on page 128.

April 2016

125

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present - Airline Passenger Data (APD) Format Table (continued)
Relative
Position
73-77


Subfield Name
ORIGIN (Origin Airport)

Subfield
Length
5 bytes


Subfield Type


Description

Alphanumeric &
special characters

First segment travel origination Airport,

table of contents

Note: Five-byte code sequence allows for
anticipated expansion of present, three-character
Airport Code. If necessary, left justify codes and
character space fill each code sequence to five
bytes.
Example: ABC~~

78-82

DEST (First Segment Travel
Destination Airport)

5 bytes

Alphanumeric &
special characters

Destination Airport for first travel segment of trip;
not necessarily the final destination. For example,
if passenger flies from STL to MIA with layover at
JFK, Destination Airport for first segment is JFK.
Note: Five-byte code sequence allows for
anticipated expansion of present, three-character
Airport Code. If necessary, left justify codes and
character space fill each code sequence to five
bytes.
Example: XYZ~~

83-85

ROUTING ID (RTG ID)

3 bytes

Alphanumeric

Routing ID is constant literal “RTG” (Routing).

86-87

VARIABLE LENGTH INDICATOR
(RTG VLI)

2 bytes

Numeric

RTG VLI indicates combined length of NUMBER OF
CITIES and ROUTING CITIES variable data (not
including RTG ID or VLI).

88-89

NUMBER OF CITIES

2 bytes

Numeric

Number of Airports or Cities on ticket (10 max).

90-148

ROUTING CITIES

11-59
bytes

Alphanumeric &
virgule (/)

Routing Airport or City Codes for each leg on ticket
(including ORIGIN and DEST) in five-byte segments
with virgule (/) separator. Example:
ABC~~/DEF~~/GHI~~/JKL~
/MNO~~/PQR~~/STU~~/VWX~~/YZA~~
/XYZ~~

149-151

AIRLINE CARRIERS ID (ALC ID)

3 bytes

Alphanumeric

Airline Carriers ID is constant literal “ALC”
(Airline Carrier).

152-153

VARIABLE LENGTH INDICATOR
(ALC VLI)

2 bytes

Numeric

ALC VLI indicates combined length of NUMBER OF
AIRLINE CARRIERS and AIRLINE CARRIERS
variable data (not including ALC ID or VLI).

154-155

NUMBER OF AIRLINE CARRIERS

2 bytes

Numeric

Number of Airline Carriers entered in AIRLINE
CARRIERS subfield (9 max). Example: 09

Note: ~ = character space.
See example on page 128.

126

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present - Airline Passenger Data (APD) Format Table (continued)
Relative
Position


Subfield Name

Subfield
Length


Subfield Type


Description

156-208

AIRLINE CARRIERS

5-53 bytes

Alphanumeric &
virgule (/)

Airline Carrier Code for each leg on ticket
(including ORIGIN and DEST) in five-byte segments
with virgule (/) separator. Example:
AB~~~/XY~~~/BC~~~/CD~~~/DE~~~/
DE~~~/CD~~~/BC~~~/AB~~~
Each leg must have Airline Carrier Code entry,
even if multiple (or all) legs are on same Airline.

209-232

FARE BASIS

24 bytes

Alphanumeric &
special characters

Primary & secondary discount codes indicate class
of service and fare level associated with ticket.
Truncate at 24 bytes, if necessary. Example:
ABC123DEF456GHI789JKL012

233-235

NUMBER OF PASSENGERS

3 bytes

Numeric

Number of passengers in party. Example: 001

E-TICKET INDICATOR

1 byte

Alphanumeric &
special characters

Indicates if ticket is electronic.

236

E = E-Ticket
~ = Other ticket types (non-electronic ticket)

237-239

RESERVATION CODE ID
(RES ID)

3 bytes

Alphanumeric

Reservation Code ID is the constant literal “RES”.
(Reservation Code).

240-241

VARIABLE LENGTH INDICATOR
(RES VLI)

2 bytes

Numeric

RES VLI indicates length of Reservation Code
variable data (not including RES ID or VLI).
Example: 15

242-256

RESERVATION CODE

6-15 bytes

Alphanumeric &
special characters

Reservation Code (a precursor to a ticket number)
corresponds to an airline ticket purchase
reservation made by an airline or Global
Distribution System (GDS).
Example: ABCDE1234567890

Note: ~ = character space.
See example on the next page.

April 2016

127

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Not Present - Airline Passenger Data (APD) Example
The following example corresponds to the APD Position Format Table on the preceding pages, and illustrates
a data field entry for airline industry Merchants that submit Airline Passenger Data (Data Type Code “APD”).

table of contents

1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
253AXAPD20030101APN23FROST~JANE~M~MRS~~~~~~~CN~23FROST~CHARL
1
1
1
6
7
8
9
0
1
2
123456789012345678901234567890123456789012345678901234567890
ES~F~MR~~~~~ABC~~XYZ~~RTG6110ABC~~/DEF~~/GHI~~/JKL~~/MNO~~/P
1
1
1
1
1
1
1
2
3
4
5
6
7
8
123456789012345678901234567890123456789012345678901234567890
QR~~/STU~~/VWX~~/YZA~~/XYZ~~ALC5509AB~~~/XY~~~/BC~~~/CD~~~/D
1
1
2
2
2
2
2
8
9
0
1
2
3
4
123456789012345678901234567890123456789012345678901234567890
E~~~/DE~~~/CD~~~/BC~~~/AB~~~ABC123DEF456GHI789JKL012001ERES1
2
2
4
5
1234567890123456
5ABCDE1234567890

Note: In the example above, tilde (~) characters represent character spaces.

128

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 47

ADDITIONAL DATA - NATIONAL (continued)

Card Present - Goods Sold Format Table
Relative
Position


Subfield Name

Subfield
Length


Subfield Type


Description

1-3

VARIABLE LENGTH INDICATOR
(VLI)

3 bytes

Numeric (EBCDIC)

VLI indicates total length of variable data in this
data field (not including VLI).

4-5

PRIMARY ID

2 bytes

Alphanumeric

Primary ID (Card Type Code) is constant literal
“AX” (American Express).

6-8

SECONDARY ID

3 bytes

Alphanumeric

Secondary ID (Data Type Code). Valid IDs include:
CPD = Card Present Data

9-10

VERSION NUMBER

2 bytes

Numeric

Card Present - Goods Sold data version. Valid
numbers include:
01 - Version 1

11-13

GOODS SOLD ID
(GS ID)

3 bytes

Alphanumeric

Goods Sold Code is constant literal “GS~”
(Goods Sold).

14-15

VARIABLE LENGTH INDICATOR
(GS VLI)

2 bytes

Numeric (EBCDIC)

GS VLI indicates length of GOODS SOLD variable
data (not including GS ID or VLI)

16-19

GOODS SOLD PRODUCT CODE

4 bytes

Alphanumeric

Four-byte goods product indicator code. Valid
codes include:
1000 = Gift Card

Note: ~ = character space.
Card Present - Goods Sold Example
The following example corresponds to the Goods Sold Format Table on the preceding pages, and illustrates
a data field entry for Goods Sold Merchants that submit Card Present Gift Card data.
1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
016AXCPD01GS~041000

In the example above, tilde (~) characters represent character spaces.

April 2016

129

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 48

ADDITIONAL DATA - PRIVATE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 43 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
40 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Optional — American Express installment plan programs,
(special certification required)
• Optional — Other bankcards

Description:

This data field contains the American Express Extended
Payment Indicator, which consists of the Plan Type and the
Number of Installments, preceded by a three-digit, Variable
Length Indicator (VLI).
0

1234567
LLLPPNN
In the above example:
LLL = Variable Length Indicator (VLI)
PP = Plan Type
NN = Number of Installments

130

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 48

ADDITIONAL DATA - PRIVATE (continued)

Description (continued):

Plan Type — The Plan Type is used to indicate which
payment plan is applicable to this transaction. Valid entries
include:
03 = Legacy Plan N
05 = Legacy American Express Deferred Payment Plan (DPP)
and Extended Payment Plan (EPP) - Merchant Deferred
Payment Plan
Number of Installments — The Number of Installments is
used to indicate the number of installment payments
applicable to this transaction.
Note: In some global regions, these subfields are further
defined to transport data that is used only in those areas. See
regional definitions for Plan N, EPP and DPP below and on the
following pages.
Plan N — LA/C
For transactions processed per Plan N, Merchants receive
deferred payment installments from American Express, and
Cardmembers are billed in deferred billing installments. By
processing transactions using Plan N, the Merchant absorbs
any interest accrual. See the following example for Plan N:
0 
1234567
0040303
In the example above:
004 =

VLI — Indicates that data length is 4 bytes.

03 =

Plan Type — ”03” = Plan N

03 = Number of Installments — ”03” = 3 installments

April 2016

131

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 48

ADDITIONAL DATA - PRIVATE (continued)



Deferred Payment Plan (DPP) — LA/C & APA
Extended Payment Plan (EPP) — APA
For transactions processed per the Deferred Payment Plan
(DPP) or the Extended Payment Plan (EPP), Merchants are paid
in one installment; and American Express bills Cardmembers in
deferred billing installments, with or without interest.

table of contents

Additional requirement for DPP or EPP transactions:
• Function Code (Data Field 24) must be “100”.
See the following DPP/EPP example:
0
1234567



0040503
In the example above:
004 = VLI — Indicates that data length is 4 bytes.
05 =

Plan Type — ”05” = DPP or EPP

03 =

Number of Installments — ”03” = 3 installments

Note: The Number of Installments default value (which varies
by region and country) is specified during terminal or system
setup. For more information, contact your American Express
representative.

132

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 49

CURRENCY CODE, TRANSACTION

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains the numeric code that describes the
currency used in this transaction. For example, the numeric
currency code for U.S. Dollars is “840”.
For more information on numeric currency codes and decimal
point positions, refer to Country and Currency Codes for
Authorizations in the American Express Global Codes &
Information Guide.
Notes:
1. If Data Field 55 is populated, the currency code entries in
Data Fields 49 and 55 (Transaction Currency Code
subfield, Positions 72-73) must match.
2. This data field is mandatory for processing this message,
and it will be preserved and returned in the response
message without alteration.

April 2016

133

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 52

PERSONAL IDENTIFICATION NUMBER (PIN) DATA

Length of Field:

8 bytes, 64 bits

Field Type:

Binary

Constant:

None

Field Requirement:

Conditional — Used only when PIN is available

Certification Requirement:

Mandatory — Third Party Processors and/or Vendors must be
certified to pass data in this data field. After certification, all
Merchant-provided data must be forwarded in this data field.

Description:

This data field is for use in markets that support online PIN
verification, and it will transport encrypted PIN data for
PIN-based Point of Sale (POS) transactions.Unauthorized use
of this data field may cause message rejection.

134

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 53

SECURITY RELATED CONTROL INFORMATION

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 19 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
17 bytes maximum, EBCDIC or Binary

Field Type:

Alphanumeric or unsigned binary numbers

Constant:

None

Field Requirement:

• Mandatory — PIN Transactions using DUKPT
• Optional — American Express transactions
• Not used — Other bankcards

Certification Requirement:

Global - All regions
Mandatory — Third Party Processors and/or Vendors must be
certified to pass data in this data field. After certification, all
Merchant-provided data must be forwarded in this data field.

Description:

This field is used for American Express keyed Card Identifier
(CID) code or Derived Unique Key Per Transaction (DUKPT) Key
Serial Number (KSN) processing only.
Keyed 4 digit CID Code (a.k.a 4DBC or 4CSC)
This data field contains the American Express Card Identifier
(CID) code (a.k.a., 4DBC or 4CSC), preceded by a two-digit
Variable Length Indicator (VLI). If Data Field 53 is present, then
POS Data Code, Data Field 22, Position 7, must be set to value
“9”, “S”, “W” or “Y”. Extract of POS Data Code table appears
below, or see Data Field 22, Position 7.
9

Technical fallback - Transaction initiated as chip, but was
processed using an alternative technology (such as magnetic
stripe).

Manually entered or keyed transaction with keyed
CID/4DBC/4CSC, Data Field 53 (Security Related Control
Information) must be present.

Swiped transaction with keyed CID/4DBC/4CSC. Data Field 53
(Security Related Control Information) must be present.

April 2016

135

Global Credit Authorization Guide ISO Format

8.1

Data Field 53

American Express Proprietary & Confidential

1100 Authorization Request (continued)

SECURITY RELATED CONTROL INFORMATION
(continued)
Keyed 4 digit CID Code (a.k.a 4DBC or 4CSC) (continued):
This value is manually entered by keying the four-digit CID/
4DBC/4CSC, which is printed on the face of the American
Express Card. See the following formatting details for Manual
Entry.

table of contents

Format for Manual Entry - “04XXXX” where “04” is the
Variable Length Indicator (VLI) and “XXXX” is the four-digit
CID/4DBC/4CSC code from the face of the American Express
Card. Note: See CID/4DBC/4CSC location on typical American
Express Card products.
The following requirements must be met prior to sending a
keyed CID/4DBC/4CSC value that will be actioned by American
Express:
• From the Authorization Response (1110) message, system is
prepared to accept all possible Action Codes found in Data
Field 39 and all possible Response Indicators found in byte 2
of Data Field 44, and in any combination.
• System is prepared to send a second authorization request
with revised 4DBC/4CSC value, if a response is not
approved; or if it is treated as not approved due to a CID
mismatch.
Notes:
1. American Express security requirements prohibit
storage of keyed CID/4DBC/4CSC data within
Merchant or Third Party Processor systems.
2. CID and KSN cannot be used in the same
Authorization Request (1100) message
DUKPT KSN
This value is the Derived Unique Key Per Transaction (DUKPT)
Key Serial Number (KSN). The Key Serial Number (KSN)
ensures that each DUKPT transaction has a unique key.
Refer to the ANSI X9.24 Standard for additional details on the
KSN format.
Note: CID and KSN cannot be used in the same
Authorization Request (1100) message.

136

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 53

SECURITY RELATED CONTROL INFORMATION
(continued)

DUKPT KSN Format Table

Subfield Name

Subfield
Length


Subfield Type


Description

VARIABLE LENGTH INDICATOR
(VLI)

2 bytes

Numeric (EBCDIC)

VLI indicates total length of variable data in this data field (not
including VLI).

PRIMARY ID

2 bytes

Alphanumeric

Primary ID (Card Type Code) is constant literal “AX”
(American Express).

SECONDARY ID

3 bytes

Alphanumeric

Secondary ID (Data Type Code). Valid IDs include:
KSN = Key Serial Number Data

VARIABLE LENGTH INDICATOR
(VLI)

2 bytes

Numeric (EBCDIC)

VLI indicates the total length of variable data for KSN data (not
including the VLI).

KSN

10 bytes

Binary

The Key Serial Number (KSN) ensures that each DUKPT
transaction has a unique key.

April 2016

137

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 55

INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 259 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
256 bytes maximum, EBCDIC, BCD or binary

Field Type:

Alphanumeric & special characters, and binary coded decimal
(BCD) or unsigned binary numbers

table of contents

Note: Data Field 55 contains some subfields that are
forwarded for transmission to an integrated circuit card or
terminal, and are specified as binary. This data is in binary
format in 8 bit blocks, right justified and zero filled, per the
following:
1. Binary Coded Decimal (BCD)* - Data items whose original
formats are defined as numeric are represented with two
digits per byte (“00” to “99”). Each digit is stored on four
bits (one nibble) resulting in each byte storing two digits.
For example, a date subfield containing numerals
representing the date November 30, 2006 in YYMMDD
format would be three-bytes holding the six digits “06
11 30". A numeric subfield with an odd number of digits
is padded with a leading zero before packing.
2. Unsigned Binary Number† - Data items whose original
formats are defined as binary are mapped directly as eight
bits per byte, with the value for any binary byte of data
varying from hexadecimal “00” to “FF”.
For example, the Application Transaction Counter (ATC) is
defined as a two-byte, unsigned binary number. Thus, the
ATC value “26” would be stored as “00 1A” hex.
Constant:

None

_____________________
*
†

Also referred to as binary numeric in some American Express documentation.
Also referred to as binary hexadecimal in some American Express documentation.

138

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 55

INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA
(continued)

Field Requirement:

• Mandatory — AEIPS transactions (special certification
required)
• Mandatory — Expresspay EMV* transactions
• Not used — Other transactions

Certification Requirement:

Global - All regions
Mandatory — Third Party Processors and/or Vendors must be
certified to pass Card Present transactions for Integrated
Circuit Cards (ICCs) in this data field. After certification, all
Merchant-provided ICC related data must be forwarded in this
data field.

Description:

This data field contains Integrated Circuit Card (ICC) Related
Data defined in the subfield table on the next page.
If Data Field 22 (POS Data Code) Position 7 = “5”, then this
data field must be present. Data Field 22 describes the
interaction between Data Field 22 and Data Field 55.
Before Merchants may use this data field, special certification
is required to process AEIPS or Expresspay transactions. For
more information, reference the AEIPS Chip Card Specification
and AEIPS Terminal Specification, in addition to contacting
your American Express representative.
Note: For Merchants who have not completed this
certification, no data can be transmitted in this data field to
American Express. Unauthorized use of this data field may
result in message rejection.
See table containing subfield details on the next page.

_____________________
* EMV is the abbreviation for Europay/MasterCard/VISA, joint sponsors of the global standard for electronic financial
transactions using "chip card" technology.

April 2016

139

Global Credit Authorization Guide ISO Format

8.1

1100 Authorization Request (continued)

Data Field 55

EMV
Tags

American Express Proprietary & Confidential

Relative
Position

INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA
(continued)

Subfield
Name

Subfield
Length

Subfield
Type

Required


Description

table of contents

1-3

VARIABLE LENGTH
INDICATOR (VLI)

3 bytes

Numeric 
(EBCDIC)

Yes

VLI indicates total length of
variable data in this data field (not
including VLI).

4-7

ICC HEADER VERSION
NAME

4 bytes

Alphanumeric
(EBCDIC)

Yes

Data Field 55 Version Header is
constant literal “AGNS”.

8-9

ICC HEADER VERSION
NUMBER

2 bytes

Binary coded
decimal (BCD)

Yes

Data Field 55 Version Number is
constant literal “0001”.

8 bytes

Unsigned
binary number

Yes

The Application Cryptogram
generated by the chip card in
response to GENERATE AC
Command. In an online
authorization message, this will be
the Authorization Request
Cryptogram (ARQC).

33 bytes,
max
(LLVAR)

Unsigned
binary number

Yes

One byte, unsigned-binary-number
VLI indicates subfield length, and
precedes up to 32 bytes of variable
data. For example, the VLI for 32
bytes of variable data is = “20”
(one byte) in hex. See explanation
of unsigned binary number format
on page 138.

9F26

10-17

APPLICATION
CRYPTOGRAM

9F10

18-50

ISSUER APPLICATION
DATA (IAD)

Note: This subfield contains
proprietary, Issuer-defined
application data transmitted from
card to Issuer. For details, refer to
the American Express AEIPS Chip
Card Specification. Only card Issuer
needs to know how to interpret.
Networks and systems need only
forward IAD in its entirety, without
alteration, to card Issuer.
9F37

140

51-54

April 2016

UNPREDICTABLE
NUMBER

4 bytes

Unsigned
binary number

Yes

A terminal-generated
Unpredictable Number, which is a
randomly generated value that
adds variability and uniqueness to
the creation of the application
cryptogram value in the preceding
APPLICATION CRYPTOGRAM data
field.

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 55

EMV
Tags

Relative
Position

9F36

55-56

INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA
(continued)

Subfield
Name


Description

Subfield
Length

Subfield
Type

APPLICATION
TRANSACTION
COUNTER (ATC)

2 bytes

Unsigned
binary number

Yes

Counter maintained by application
on the card. Chip Card increments
this value for each transaction.
Because counter includes failed
transactions, this value cannot be
used alone to track last transaction.

57-61

TERMINAL
VERIFICATION RESULTS
(TVR)

5 bytes

Unsigned
binary number

Yes

Status of various functions, as
determined by terminal. For details,
refer to the American Express
AEIPS Terminal Specification.

62-64

TRANSACTION DATE

3 bytes

Binary coded
decimal (BCD)

Yes

Terminal-generated Transaction
Date, in format “YY MM DD”.
Example: 
Jan. 1, 2007 = “07 01 01".

TRANSACTION TYPE

1 byte

Binary coded
decimal (BCD)

Yes

Code indicates type of financial
transaction represented by the first
two digits of the ISO 8583
Processing Code. Valid entries
include:

Required

00 = Debit
9F02

66-71

AMOUNT AUTHORIZED

6 bytes

Binary coded
decimal (BCD)

Yes

Authorization amount of
transaction, provided by terminal to
the card.
Note: This value is used in
cryptogram generation, and it may
differ from other amount data fields
in this request message.

5F2A

72-73

TRANSACTION
CURRENCY CODE

2 bytes

Binary coded
decimal (BCD)

Yes

ISO currency code for this
transaction. Example: “124”
(Canadian Dollars) is entered as
“01 24" in 2-byte, BCD format.
Note: The currency code entries in
this subfield and Data Field 49
(Currency Code, Transaction) must
match.

9F1A

74-75

TERMINAL COUNTRY
CODE

2 bytes

Binary coded
decimal (BCD)

Yes

ISO country code for terminal
location. Example: “124” (Canada)
is entered as “01 24" in 2-byte,
BCD format.

April 2016

141

Global Credit Authorization Guide ISO Format

8.1

1100 Authorization Request (continued)

Data Field 55

table of contents

EMV
Tags

Relative
Position

76-77

9F03

78-83

5F34

9F27

INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA
(continued)

Subfield
Type

APPLICATION
INTERCHANGE PROFILE
(AIP)

2 bytes

Unsigned
binary number

Yes

Bitmap that indicates ability of the
card to support specific functions.
Contents of this subfield are
described in the American Express
AEIPS Chip Card Specification.

AMOUNT, OTHER

6 bytes

Binary coded
decimal (BCD)

Yes

Secondary amount associated with
transaction representing a
cashback amount. Zero-fill, if
cashback is not supported.

APPLICATION PAN
SEQUENCE NUMBER

1 byte

Binary coded
decimal (BCD)

Yes

Identifies and differentiates card
applications with same PAN. Both
PAN & PAN Sequence Number are
required to validate Application
Cryptogram.

CRYPTOGRAM
INFORMATION DATA
(CID)

1 byte

Unsigned
binary number

Yes

Indicates type of cryptogram (TC,
ARQC or AAC) returned by the card,
and actions to be performed by
terminal. Formatted per the
American Express AEIPS Chip Card
Specification.

N/A

This subfield is reserved for future
use and should be completely
omitted (including LLVAR).
Specifically, no information should
be forwarded, as all data will be
ignored by both network and Issuer.

April 2016

Subfield
Name


Description

Subfield
Length

86-259

142

American Express Proprietary & Confidential

RESERVED FOR FUTURE
USE

174 bytes,
max
(LLVAR)

Required

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 60

NATIONAL USE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

13 bytes minimum, 106 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
103 bytes maximum, EBCDIC or Binary

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Global — All regions
• Mandatory — Payment Service Providers (Aggregators) &
OptBlue Participants
• Mandatory — Payment Token transactions where the Token
Requester ID (TRID) is available
• Not used — All other transactions

Certification Requirement:

• Global — All regions
• Mandatory — Third Party Processors and/or Vendors must
be certified to pass data in this data field. After
certification, all Merchant-provided data must be forwarded
in this data field.

Description:

This data field supports two types of transaction processing:
Payment Service Provider (Aggregator)/OptBlue and Payment
Token. These two types of transactions can be sent together or
separately. This field currently consists of five bitmap subfields
proceeded by a three-digit, Variable Length Indicator.
Payment Service Provider (Aggregator) and OptBlue
Participants
Subfields 2, 3 and 4 support Payment Service Provider
(Aggregator) and OptBlue Participant data. These subfields
include Seller ID, Seller Email Address, and Seller Telephone
Number. These subfields should be used in conjunction with
Data Field 43, Card Acceptor Name/Location, Payment Service
Provider (Aggregator) and OptBlue Participant format.

April 2016

143

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 60

NATIONAL USE DATA

Description (continued):

Payment Token Transactions
Subfields 5 and 6 support Payment Token transaction
processing. These subfields include Token Requestor ID (TRID)
and Last 4 PAN Return Indicator.
• Token Requestor ID — Received by the Merchant from the
mobile device.

table of contents

• Last 4 PAN Return Indicator — Enables a Merchant to
request the last four digits of the PAN be returned in Data
Field 34, Primary Account Number, Extended of the
Authorization Response (1110) message.
See Subfield Table on the next page.

144

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 60

Relative
Position



Subfield Name

NATIONAL USE DATA (continued)

Subfield
Length



Subfield
Type


Required
(M/O/C)



Description

1-3

VARIABLE LENGTH
INDICATOR (VLI)

3 bytes

Numeric 
(EBCDIC)

VLI indicates total length of variable data in
this data field (not including VLI).

4-5

PRIMARY ID

2 bytes

Alphanumeric

Primary ID (Card Type Code) is constant
literal “AX” (American Express).

6-8

SECONDARY ID

3 bytes

Alphanumeric

Secondary ID (Data Type Code) is constant
literal “AAD” (Additional Authorization
Data)

9-12

BITMAP IDENTIFIER

4 bytes

Binary
(hexadecimal
configuration)

Bitmap Identifier
Each bit in this data element identifies the
presence (value 1) or absence (value 0) of a
subfield.
Following the Bitmap, the layout consists of
at least (1) of the following subfields. Each
bit position of the 32 bit/4-byte bitmap
represents which market specific data are
present. If a bit is “ON” in the bitmap, that
corresponding subfield will be present.

Subfield
1

Reserved for American
Express Internal Use

Seller ID

20 bytes
fixed

Alphanumeric

20-digit, numeric, Seller ID, that uniquely
identifies a Payment Service Provider's
(Aggregators) or OptBlue Participant's
specific Seller or Vendor. Left justified,
character space filled.

Variable Length
Indicator

2 bytes

Numeric

VLI indicates total length of Seller Email
Address variable data.

Seller Email Address

40 bytes
max

Alphanumeric
& special
characters

Email of the Payment Service Provider’s
(Aggregators) or OptBlue Participant’s Seller.

Seller Telephone

20 bytes
fixed

Alphanumeric

Telephone number of the Payment Service
Provider’s (Aggregators) or OptBlue
Participant’s Seller. Left justified, character
space filled.

LLVAR

N/A

C1 = Mandatory for Payment Service Providers (Aggregators) and OptBlue Participants
C2 = Mandatory if populating Subfield 3, Seller Email Address

April 2016

145

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 60

Relative
Position

NATIONAL USE DATA (continued)



Subfield Name

Subfield
Length



Subfield
Type


Required
(M/O/C)



Description

Subfield (continued)

table of contents

TOKEN REQUESTOR ID
(TRID)

LAST 4 PAN RETURN
INDICATOR

11 bytes,
fixed

Alphanumeric

Token Requestor ID (TRID) contains the
11-byte numeric value that uniquely
identifies the Payment Token requestor.
Refer to the EMVCo Payment Tokenization
Specification - Technical Framework
specification for additional information.

1 byte

Alphanumeric

Last 4 PAN Return Indicator is constant
literal “Y”.

C3 = Mandatory for Payment Token transactions where the Token Requestor ID (TRID) is available

146

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 60

NATIONAL USE DATA (continued)

Data Field 60

NATIONAL USE DATA (continued)

Illustration of 32 Bit String Contained Within Four Byte Data Field
Subfield
Subfield
Subfield
Subfield
Subfield
Subfield

1
2
3
4
5
6

Reserved
Seller ID
Seller Email Address
Seller Telephone
TRID
Last 4 PAN Return Indicator

0000 0000 0000 0000 0000 0000 0000 0000

Following example includes Seller ID, Seller Email Address and Seller Telephone:
Position

Value

1-3

070

4-5

6-8

AAD

9-12

01110000000000000000000000000000
X’70000000’

Subfields 2-4

222222222222222222221933333333333@33333334444444444~~~~~~~~~~

Following example includes Seller ID, Seller Email Address and Seller Telephone, TRID and LAST 4
Pan Return Indicator:
Position

Value

1-3

082

4-5

6-8

AAD

9-12

01111100000000000000000000000000
X’7C000000’

Subfields 2-4

222222222222222222221933333333333@33333334444444444~~~~~~~~~~555555555556

April 2016

147

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 60

NATIONAL USE DATA (continued)

Following example includes Seller TRID and Last 4 PAN Return Indicator:

table of contents

Position

Value

1-3

021

4-5

6-8

AAD

9-12

00001100000000000000000000000000
X'0C000000'

Subfields 2-4

148

April 2016

555555555556

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 61

NATIONAL USE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 103 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
100 bytes maximum, EBCDIC & Binary

Field Type:

Alphanumeric, special characters and unsigned binary
numbers
Note: Data Field 61 contains some subfields that are specified
as binary. This data is in binary format in 8-bit blocks, right
justified and zero filled.
Unsigned Binary Number* - Data items whose original
formats are defined as binary are mapped directly as eight
bits per byte, with the value for any binary byte of data
varying from hexadecimal “00” to “FF”.

Constant:

None

Field Requirement:

• Mandatory — American Express SafeKey transactions
(special certification required)
• Mandatory — Digital Wallet - application initiated
(including application initiated Payment Token) transactions
• Not used — Other transactions

Certification Requirement:

See Section 6.4 for the website link to American Express
SafeKey enabled countries.
• Mandatory — Third Party Processors and/or Vendors must
be certified to pass American Express SafeKey
authentication data in this data field.
• Mandatory — Third Party Processors and/or Vendors must
be certified to pass Merchant-provided Payment Token data
in this data field.

_____________________
*

Also referred to as binary hexadecimal in some American Express documentation.

April 2016

149

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 61

NATIONAL USE DATA (continued)

Description:

American Express SafeKey is an industry-standard
Authentication method that provides greater security by
authenticating the Cardmember during an online purchase and
protecting payment card information as it is transmitted via the
Internet.

table of contents

Before Merchants may use this data field, special certification
is required to process American Express SafeKey transactions.
For more information, refer to the American Express SafeKeySM
Acquirer - Merchant Implementation Guide, in addition to
contacting your American Express representative.
For American Express SafeKey transaction processing subfield
details, see page 151.
The American Express Payment Token transaction processing
solution is based on an industry aligned and interoperable
tokenization system that offers increased protection against
fraud through the use of a Payment Token. A Payment Token
will be used in place of sensitive Cardmember data such as
Primary Account Number (PAN) to originate payment
transactions.
For American Express Payment Token transaction processing
subfield details, see page 146.
Note: For Merchants who have not completed certification for
American Express SafeKey and/or Payment Token
transactions, no data can be transmitted in this data field to
American Express. Unauthorized use of this data field may
result in message rejection.

150

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 61

NATIONAL USE DATA (continued)

American Express SafeKey Format Table
Relative
Position



Subfield Name

Subfield
Length



Subfield Type

Required
(M/O/C)



Description

1-3

VARIABLE LENGTH
INDICATOR (VLI)

3 bytes

Numeric (EBCDIC)

VLI indicates total length of variable data in
this data field (not including VLI).

4-5

PRIMARY ID

2 bytes

Alpha

Primary ID (Card Type Code) is constant
literal “AX” (American Express).

6-8

SECONDARY ID

3 bytes

Alpha

Secondary ID (Data Type Code) is constant
literal “ASK” (American Express SafeKey)

9-10

ELECTRONIC COMMERCE
INDICATOR (ECI)

2 bytes

Alphanumeric

ECI is the level of security used when
Cardmember provides payment information
to the Merchant during American Express
SafeKey authentication. Valid values
include:
05

= Authenticated with AEVV

= Attempted with AEVV

= Not Authenticated

11-14

AMERICAN EXPRESS
VERIFICATION VALUE (AEVV)
ID

4 bytes

Alpha

AEVV ID is constant literal “AEVV”.

15-34

AMERICAN EXPRESS
VERIFICATION VALUE (AEVV)

20 bytes

Unsigned binary
number

AEVV is a cryptographic value derived by
the Issuer during the American Express
SafeKey payment authentication that can
provide evidence of the results of payment
authentication during an online purchase.

35-37

AMERICAN EXPRESS
SAFEKEY TRANSACTION ID
(XID)

3 bytes

Alpha

American Express SafeKey Transaction ID
is constant literal “XID”.

AMERICAN EXPRESS
SAFEKEY TRANSACTION ID
VALUE

20 bytes

38-57

Note: The XID Value is an optional
Merchant-populated value.
Unsigned binary
number

American Express SafeKey Transaction
Identifier is determined by the Merchant
during the American Express SafeKey
payment authentication.
Note: The American Express SafeKey
Transaction ID is not the same as the
Acquirer Reference Data - Transaction
Identifier in Data Field 31 of the
1100/1110.

C1 = Conditional - required if AEVV is present
C2 = Conditional - required if the ECI is not “07”
C3 = Conditional - required if American Express SafeKey Transaction ID Value is present

April 2016

151

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 61

NATIONAL USE DATA (continued)

American Express Payment Token Format Table
Relative
Position



Subfield Name

Subfield
Length



Subfield Type

Required
(M/O/C)



Description

table of contents

1-3

VARIABLE LENGTH
INDICATOR (VLI)

3 bytes

Numeric (EBCDIC)

VLI indicates total length of variable data in
this data field (not including VLI).

4-5

PRIMARY ID

2 bytes

Alpha

Primary ID (Card Type Code) is constant
literal “AX” (American Express).

6-8

SECONDARY ID

3 bytes

Alpha

Secondary ID (Data Type Code) is constant
literal “TKN” (Tokenization)
Note: When using “TKN”, Data Field 61
will not appear in the Authorization
Response (1110) message.

9-10

ELECTRONIC COMMERCE
INDICATOR (ECI)

2 bytes

Alphanumeric

ECI is the level of security used when
Cardmember provides payment information
to the Merchant during American Express
authentication. Valid value includes:
20

= Payment Token data present

11-14

Token Data Block A ID

4 bytes

Alpha

Token Data Block A ID is constant literal
“TDBA”.

15-34

Token Data Block A

20 bytes

Unsigned binary
number

Token Data Block A contains bytes 1-20 of
the cryptographic value.

35-37

Token Data Block B ID

3 bytes

Alpha

Token Data Block B ID is constant literal
“DBB”.

38-57

Token Data Block B

20 bytes

Unsigned binary
number

Token Data Block B contains bytes 21-40 of
the cryptographic value.

C1 = Conditional - required if Token Data Block B is present
C2 = Conditional - required if the cryptographic value is greater than 20 bytes

152

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 62

PRIVATE USE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 63 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
60 bytes maximum, coding determined by data field use

Field Type:

Alphanumeric & special characters, and binary coded decimal
(BCD) or unsigned binary numbers

Constant:

None

Field Requirement:

• Mandatory — American Express Travelers Cheques
• Optional — Transponder transactions
• Mandatory — VISA PS2000 transactions
• Not used — Other transactions

Description:

This data field is used for American Express Travelers
Cheques, Transponder or VISA PS2000 processing only.
Note: Transactions containing Transponder data are
considered Card Not Present transactions.
American Express Travelers Cheque Encashment
For American Express Travelers Cheques (TC), this data field is
used to capture the denomination (face value) of the individual
TC to be encashed, when the Travelers Cheque Number is
manually entered in Data Field 63 (see page 157). This data
field must contain the denomination of the Travelers Cheque,
in whole currency units (no decimals), in the currency
designated by the Currency Code, Transaction data field (Data
Field 49). For Example, for a $50 USD Travelers Cheque, the
variable data in this entry would be “50”; and for a $100
Travelers Cheque, it would be “100”, etc.
If multiple Travelers Cheques are presented for encashment,
the entry in this data field must correspond to the Travelers
Cheque Number entered in Data Field 63, Private Use Data.

April 2016

153

Global Credit Authorization Guide ISO Format

8.1

Data Field 62

American Express Proprietary & Confidential

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
American Express Travelers Cheque Encashment
(continued)
For American Express Travelers Cheques, the maximum length
of variable data that can be transported in this data field is 11
bytes.
See the following examples:

table of contents

0
1
12345678901234



LLLSSRRDDDDDDD
• “LLL” is the three-digit, Variable Length Indicator (VLI),
right justified and zero filled, if necessary.
• “SS” is the two-character, Service Identifier (SI).
• “RR” is the two-character, Request Type Identifier (RTI).
• “DDDDDDD” is the Travelers Cheque denomination
(seven-bytes, maximum).
American Express Travelers Cheque Example
123456789
006AXTC50
• “006” is the Variable Length Indicator (VLI).
• “AX” is the Service Identifier (constant literal “AX” =
American Express).
• “TC” is the Request Type Identifier (constant literal “TC”
= Travelers Cheque).
• “50” is the Travelers Cheque denomination ($50 USD).

154

April 2016

American Express Proprietary & Confidential

8.1

Data Field 62

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
Transponder Transactions
This data field may contain a Merchant-captured,
security/identification code associated with processing
Authorization Request (1100) messages initiated by electronic,
radio-frequency devices (transponders or RFIDs; e.g.,
Speedpass™). This unique, transponder-Issuer assigned code
corresponds to a customer-designated form of payment and
Cardmember Account Number, on the transponder-Issuer's
system.
Note: For transactions initiated by an electronic,
radio-frequency device (transponder or RFID, e.g., Speedpass),
Data Field 62 (AXTN + transponder security/ID code) may be
used alone or in conjunction with POS Data Code (Data Field
22), Position 6, value “W”. Alternately, POS Data Code (Data
Field 22), Position 6, value “W” may be used without a
transponder security/ID entered in Data Field 62. Ideally, both
items are transmitted. For more details, see page 81.
Card Type (primary) and Device Type (secondary) identifiers
precede a variable-length security/identification code (19 bytes
maximum), as illustrated in the following format:
0
1
2
12345678901234567890123456
LLLCCDDsssssssssssssssssss
• “LLL” is the three-digit, Variable Length Indicator (VLI).
• “CC” is the two-character, Card Type code (always “AX”).
• “DD” is the two-character, Device Type code (always “TN”).
• “sssssssssssssssssss” is the variable-length,
security/ identification code (19 characters maximum, no
padding).
Transponder Data Example
In the following example, “023” is the three-digit, Variable
Length Indicator (VLI); “AX” is the two-character, Card Type
code (AX = American Express); “TN” is the two-character,
Device Type code (TN = transponder); and “1234567890
123456789" is the 19 character security/identification code.
0
1
2
12345678901234567890123456
023AXTN1234567890123456789

April 2016

155

Global Credit Authorization Guide ISO Format

8.1

Data Field 62

American Express Proprietary & Confidential

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
VISA PS2000 Transactions
The following code is entered in this data field, if the
transaction Acquirer wishes to have this Authorization Request
(1100) message considered for VISA PS2000:
001Y

table of contents

In this example, “001” is the Variable Length Indicator (VLI),
and the “Y” indicates that this transaction is being submitted
for VISA PS2000 qualification.
Note: Additional sub-element values may exist, subject to
VISA requirements.

156

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 63

PRIVATE USE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 208 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
205 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Mandatory — American Express Travelers Cheques
• Optional — To participate in Automated Address
Verification (AAV), ZIP Code Verification, Enhanced
Authorization (Shipping), and Telephone Number
Verification
• Conditional — To participate in Email Address Verification
(if RTI = "AE" and Data Field 47 is present)
• Not used — Other transactions

Certification Requirement:

Global - All regions
Mandatory — Third Party Processors and/or Vendors must be
certified to pass 33-, 78- and 205-byte formats and Request
Type Identifier (RTI) "AD" and "AE" of Automated Address
Verification (AAV) and Telephone Number Verification data in
this data field. After certification, all Merchant-provided AAV
and Telephone Number data must be forwarded in this data
field.

Description:

This data field contains data required to process certain types
of Authorization Request (1100) messages, such as American
Express Travelers Cheque, and verifications for Cardmember
Name, Address, ZIP Code, and Telephone Number.

April 2016

157

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 63

PRIVATE USE DATA (continued)

Description:

Combination Address Verification & Authorization

Authorization Verification Only

table of contents

The format for this data field must be consistent with
Processing Code, Data Field 3, codes “004800”
(Combination Address Verification and Authorization) and
“174800” (Address Verification Only). For details, see page
212.
See descriptions and examples below and on the following
pages.
Electronic Verification
American Express supports Automated Address Verification
(AAV) and Telephone Number Verification.
The three formats that correspond to the length of variable
data in this data field (not including the three-digit VLI) are:
• 33-Byte Format — AAV
• 78-Byte Format — AAV
• 205-Byte Format — AAV, Enhanced Authorization
(Shipping) and Telephone Number Verification
These three formats transport different combinations of
Cardmember and/or Ship-to data in various subfields, as
specified by a three-digit Variable Length Indicator (VLI).
Descriptions of AAV-types with corresponding VLIs appear on
the next few pages, with tables that illustrate how the three
formats are utilized to transmit different amounts of data. On
page 163, a summary table lists Data Field 63 subfield names,
relative positions, lengths, data field types and usage.

158

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 63

PRIVATE USE DATA (continued)
Data Field 63 descriptions for Cardmember information
subfields appear on page 164, followed by Ship-to descriptions
on page 168.
Finally, examples of typical 33-, 78- and 205-byte format data
appear on page 171 with an accompanying explanation.

AAV (RTI=AD)
Optional Subfields:
• CM Billing Postal Code
• CM Billing Address
• CM First & Last Name
• CM Billing Phone Number
• Ship-to Postal Code
• Ship-to Address
• Ship-to First & Last Name
• Ship-to Phone Number
• Ship-to Country Code

AAV with Request Type Identifier “AD” is used to submit
various levels of Cardmember and shipping data for
verification, as determined by the total data length of this data
field (not including VLI). All subfields are optional, but within a
given format, unused subfields must be character space filled.
33-Byte Format — Used to forward the Cardmember's Billing
Postal Code and/or Street Address.
78-Byte Format — Used to append the Cardmember's First
and Last Name to the preceding data.
205-Byte Format — Used to append the Cardmember's
Billing Telephone Number and Enhanced Authorization
shipping information to the preceding data. Ship-to subfields
may be populated for all shipping addresses.
See typical examples of these three formats on page 171.
Merchants are encouraged to use the 205-byte format to
include the telephone number and shipping data on all
shipments, even if Cardmember and Ship-to addresses are
identical, because this data enhances the American Express
ability to assess risk.
Merchants populating Data Field 47 (Additional
Data-National), ITD format, Shipping Method, using
shipping-type code (06), Ship-to Store, are strongly encouraged
to populate the address of the store location in the Ship-to
Address in the 205-byte format.
An AAV response is returned in the Authorization Response
(1110) message in Data Field 44, Additional Response Data,
relative position 3, as a one-byte code that indicates if the
Cardmember Billing Postal Code, Address and/or First and Last
Name match American Express records. For details, see page
197.

April 2016

159

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 63

PRIVATE USE DATA (continued)
AAV
The basic differences in AAV variants are illustrated in the
following tables.

Length of Variable Data

Ship-to Country Code

Ship-to Phone

Ship-to Name

Ship-to Address

Ship-to Postal Code

CM Billing Phone Number

CM Name

CM Billing Address

CM P Billing Postal Code

Data Field 3 Processing Code

Authorization Request

table of contents

Request Type Identifier (RTI)

For AAV, the Request Type Identifier (RTI) is “AD”.


33-Byte Format

YES

004800

174800


78-Byte Format

YES

004800

174800

YES

004800

205

174800

205


205-Byte Format

In the table, above:
O =

Optional - Subfield may be populated.

Note: Optional subfields including CM Billing Phone Number,
that are not populated, must be character space filled to meet
33-, 78- or 205-byte variable data length specified. For
summary of subfield positions and lengths, see table on page
163.

160

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 63

PRIVATE USE DATA (continued)
Telephone Number Verification (RTI=AE)
Merchants must submit Telephone Number data using the
205-byte format and Request Type Indicator (RTI) “AE”.
In addition to AAV subfields, the CM Phone Number is also an
optional subfield.


205-Byte Format

Length of Variable Data

Ship-to Country Code

Ship-to Phone

Ship-to Name

Ship-to Address

Ship-to Postal Code

CM Billing Phone Number

CM Name

CM Billing Address

CM Billing Postal Code

Data Field 3 Processing Code

Authorization Request

Request Type Identifier (RTI)

The Telephone Number Verification response is returned in the
Authorization Response (1110) message in Data Field 62, as a
series of one-byte codes that indicate if the Customer
telephone number, in addition to Postal Code, Address and
Name match Cardmember information on file with the Issuer.
For details, see page 211.

YES

004800

205

174800

205

In the table, above:
O =

Optional - Subfield may be populated.

April 2016

161

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

Data Field 63

PRIVATE USE DATA (continued)
Email Address Verification (RTI=AE)*

Length of Variable Data

Ship-to Country Code

Ship-to Phone

Ship-to Name

Ship-to Address

Ship-to Postal Code

CM Billing Phone Number

CM Name

CM Billing Address

CM Billing Postal Code

Data Field 3 Processing Code

Authorization Request

table of contents

Request Type Identifier (RTI)

For Email Address Verification, Merchants must submit the
33-, 78- or 205-byte format with Request Type Indicator (RTI)
“AE”.


33-Byte Format

YES

004800

174800


78-Byte Format

YES

004800

174800

YES

004800

205

174800

205


205-Byte Format

In the table, above:
O =

Optional - Subfield may be populated.

* In order to use Email Address Verification, the RTI in this data field must be AE. However, Email Address is
a subfield of Data Field 47, Additional Data - Private, in the ITD Format. For more information on Email
Address, see page 117.

162

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 63

PRIVATE USE DATA (continued)
Data Field 63 Subfield Summary Table
Note: RTI = AD or AE
See detailed descriptions of each subfield on the following
pages.

Pos.


Data Field 63 Subfield Name

Length


Subfield Type

1-3

VARIABLE LENGTH INDICATOR (VLI)

3 bytes

Numeric (EBCDIC)

4-5

SERVICE IDENTIFIER

2 bytes

Alphanumeric

6-7

REQUEST TYPE IDENTIFIER

2 bytes

Alphanumeric

8-16

CARDMEMBER BILLING POSTAL CODE

9 bytes

Alphanumeric

17-36

CARDMEMBER BILLING ADDRESS

20 bytes

Alphanumeric

37-51

CARDMEMBER FIRST NAME

15 bytes

Alphanumeric

52-81

CARDMEMBER LAST NAME

30 bytes

Alphanumeric

82-91

CARDMEMBER BILLING PHONE NUMBER

10 bytes

Alphanumeric

92-100

SHIP-TO POSTAL CODE

9 bytes

Alphanumeric

101-150

SHIP-TO ADDRESS

50 bytes

Alphanumeric

151-165

SHIP-TO FIRST NAME

15 bytes

Alphanumeric

166-195

SHIP-TO LAST NAME

30 bytes

Alphanumeric

196-205

SHIP-TO PHONE NUMBER

10 bytes

Alphanumeric

206-208

SHIP-TO COUNTRY CODE

3 bytes

Numeric

M = Mandatory

Subfield
Requirement

O = Optional

Optional subfields that are not populated must be character space filled to meet 33-, 78- or
205-byte length specified.

April 2016

163

Global Credit Authorization Guide ISO Format

8.1

Data Field 63

American Express Proprietary & Confidential

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
AAV & Telephone Number Verification Subfield
Descriptions
The following are detailed descriptions for the subfields that
may be present in Data Field 63.
VLI, SI and RTI

table of contents

The first 7 digits of the American Express Automated Address
Verification (AAV) and Telephone Number Verification request
are as follows:
0
1234567
LLLSSRR
• “LLL” is the three-digit, Variable Length Indicator (VLI),
right justified and zero filled, if necessary.
• “SS” is the two-character, Service Identifier (SI).
• “RR” is the two-character, Request Type Identifier (RTI).
Cardmember Information Subfields
The following are detailed descriptions for the subfields that
may be present in Data Field 63.
Cardmember Billing Postal Code
For non-U.S. addresses, the postal code may vary in length and
contain alpha characters. Non-U.S. postal codes must be
padded with character spaces to nine characters, left justified.
Case-sensitive characters (those that have both upper and
lower case options) must be upper case.
Merchant and Third Party Processor systems must be capable
of submitting both numeric ZIP and alphanumeric non-U.S.
postal codes in this subfield.

164

April 2016

American Express Proprietary & Confidential

8.1

Data Field 63

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
If a Cardmember Billing Postal Code is not entered, this
subfield must be character space filled.
0 1

890123456
NNNNNNNNN
“NNNNNNNNN” is the nine-character, Cardmember Billing
Postal Code. For addresses in the U.S., this is a numeric 5+4
ZIP; or a five-digit ZIP, left justified and character space filled
to nine characters.
Cardmember Billing Address
If a Cardmember Billing Address is not entered, this subfield
must be character space filled.
1 2
3

78901234567890123456
AAAAAAAAAAAAAAAAAAAA
“AAAAAAAAAAAAAAAAAAAA” is the first 20 characters of
the Cardmember Billing Address (including the unit, apartment,
flat or suite number), left justified and character space filled, if
necessary. Case-sensitive characters (those that have both
upper and lower case options) must be upper case. Leading or
trailing zeros and/or virgules (/) are not permitted as filler.
Note: For 33-byte format, Cardmember Billing Address is the
last item in Data Field 63. See table on page 160.

April 2016

165

Global Credit Authorization Guide ISO Format

8.1

Data Field 63

American Express Proprietary & Confidential

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
Cardmember First and Last Name
Cardmember First Name and Last Name (as it appears on the
Card) is left justified and character space filled, if necessary.

table of contents

Case-sensitive characters (those that have both upper and
lower case options) must be upper case. Leading or trailing
zeros and/or virgules (/) are not permitted as filler. If a
Cardmember First and Last Name are not entered, this subfield
must be character space filled.
3 4
5
6
7
8
789012345678901234567890123456789012345678901
FFFFFFFFFFFFFFFLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL

• “FFFFFFFFFFFFFFF” is the 15-character,
Cardmember First Name
• “LLLLLLLLLLLLLLLLLLLLLLLLLLLLLL” is the
30-character, Cardmember Last Name
Note: For 78-byte format, Cardmember Last Name is the last
item in Data Field 63. See table on page 160.

166

April 2016

American Express Proprietary & Confidential

8.1

Data Field 63

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
Cardmember Billing Phone Number — Use for
Telephone Number Verification
USA, Canada and other countries that follow the NANP phone
numbering system should send all 10 digits of the phone
number, including the area code. For countries that do not
follow this system, send the last 10 digits.
8
9
2345678901
PPPPPPPPPP
“PPPPPPPPPP” is the 10-digit, Cardmember Billing Phone
Number. Leading or trailing zeros and/or virgules (/) are not
permitted as filler. However, phone numbers less than 10
digits should be left justified and character space filled.
If a Cardmember Billing Phone Number is not entered, this
subfield must be character space filled.
For example:
• United Kingdom (UK) phone number “44-1234-123456”
would be entered as “1234123456”.
• “Australia (AU) phone number “61292-11-1234” would be
entered as “1292111234”.
• “Portugal (PT) phone number “351-911-444-555” would be
entered as “1911444555”.

April 2016

167

Global Credit Authorization Guide ISO Format

8.1

Data Field 63

American Express Proprietary & Confidential

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
Ship-to Subfields
The following are detailed descriptions for the Ship-to
subfields that may be present in Data Field 63.
Ship-to Postal Code

table of contents

For non-U.S. addresses, the postal code may vary in length and
contain alpha characters. Non-U.S. postal codes must be
padded with character spaces to nine characters left justified
and character space filled to nine characters. Case-sensitive
characters (those that have both upper and lower case options)
must be upper case.
Merchant and Third Party Processor systems must be capable
of submitting both numeric ZIP and alphanumeric non-US
postal codes in this subfield.
If a Ship-to Postal Code is not entered, this subfield must be
character space filled.
1
9
0
234567890
ZZZZZZZZZ
“ZZZZZZZZZ” is the nine-character, Ship-to Postal Code.
For addresses in the U.S., this is a numeric 5+4 ZIP; or a
five-digit ZIP, left justified and character space filled to nine
characters.

168

April 2016

American Express Proprietary & Confidential

8.1

Data Field 63

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
Ship-to Address
Case-sensitive characters (those that have both upper and
lower case options) must be upper case. Leading or trailing
zeros and/or virgules (/) are not permitted as filler.
If a Ship-to Address is not entered, this subfield must be
character space filled.

1
1
1
1
1
1
0
1
2
3
4
5
12345678901234567890123456789012345678901234567890
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

“A...A” (50 characters) is the 50-character, Ship-to
Address, left justified and character space filled, if necessary.
Ship-to First and Last Name
Ship-to First Name and Last Name, is left justified and
character space filled, if necessary.
Case-sensitive characters (those that have both upper and
lower case options) must be upper case. Leading or trailing
zeros and/or virgules (/) are not permitted as filler. If a Ship-to
First and Last Name are not entered, this subfield must be
character space filled.

1
1
1
1
1
5
6
7
8
9
123456789012345678901234567890123456789012345
SSSSSSSSSSSSSSSNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

• “SSSSSSSSSSSSSSS” is the first 15 characters of the
Ship-to First Name
• “N...N” (30 characters) is the first 30 characters of the
Ship-to Last Name

April 2016

169

Global Credit Authorization Guide ISO Format

8.1

Data Field 63

American Express Proprietary & Confidential

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
Ship-to Phone Number
Leading or trailing zeros and/or virgules (/) are not permitted as
filler. However, phone numbers less than 10 digits should be
left justified and character space filled.
If a Ship-to Phone Number is not entered, this subfield must be
character space filled.

table of contents

USA, Canada and other countries that follow the NANP phone
numbering system should send all 10 digits of the phone
number, including the area code.
For countries that do not follow this system, send the last 10
digits.
1
2

9
0

6789012345
LLLLLLLLLL
“LLLLLLLLLL” is the 10-digit, Ship-to Phone Number. 
For example:
• United Kingdom (UK) phone number “44-1234-123456”
would be entered as “1234123456”.
• “Australia (AU) phone number “61292-11-1234” would be
entered as “1292111234”.
• “Portugal (PT) phone number “351-911-444-555” would be
entered as “1911444555”.

170

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 63

PRIVATE USE DATA (continued)
Ship-to Country Code
If a Ship-to Country Code is not entered, this subfield must be
character space filled.
2
0
678
CCC
“CCC” is the three-digit, numeric, Ship-to Country Code. For
more information on numeric country codes, refer to Country
and Currency Codes for Authorizations in the American Express
Global Codes & Information Guide.
Note: For 205-byte format, Ship-to Country Code is the last
item in Data Field 63. See table on page 160.

Examples of Data Field 63 Formats
Unused and Optional subfields that are not populated must be character space filled to meet 33-, 78- or
205-byte format specified. Unit, apartment, flat and suite numbers are included in street addresses, in
positions 17-36.
33-Byte Format (plus three-byte VLI) - AAV (RTI=AD) or Email Verification (RTI=AE)
0
1
2
3
123456789012345678901234567890123456
033AXAD85054450018850~N~56~ST~#301~~

78-Byte Format (plus three-byte VLI) -AAV (RTI=AD) or Email Verification (RTI=AE)
1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
078AXAD85054450018850~N~56~ST~#301~~JANE~~~~~~~~~~~SMITH~~~~
6
7
8
123456789012345678901
~~~~~~~~~~~~~~~~~~~~~

April 2016

171

Global Credit Authorization Guide ISO Format

8.1

Data Field 63

American Express Proprietary & Confidential

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)

205-Byte Format (plus three-byte VLI) - AAV (RTI=AD) or Email Verification (RTI=AE)
0
1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
205AXAD85054450018850~N~56~ST~#301~~JANE~~~~~~~~~~~SMITH~~~~

table of contents

1
1
1
6
7
8
9
0
1
2
123456789012345678901234567890123456789012345678901234567890
~~~~~~~~~~~~~~~~~~~~~12345678908502218004102~N~289~PL~~~~~~~
1
1
1
1
1
1
1
2
3
4
5
6
7
8
123456789012345678901234567890123456789012345678901234567890
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ROBERT~~~~~~~~~JONES~~~~~~~~~~
1
1
2
8
9
0
1234567890123456789012345678
~~~~~~~~~~~~~~~5555370000840

205-Byte Format (plus three-byte VLI) - Telephone Number and/or Email Verification (RTI=AE)
0
1
2
3
4
5
6
123456789012345678901234567890123456789012345678901234567890
205AXAE85054450018850~N~56~ST~#301~~JANE~~~~~~~~~~~SMITH~~~~
1
1
1
6
7
8
9
0
1
2
123456789012345678901234567890123456789012345678901234567890
~~~~~~~~~~~~~~~~~~~~~12345678908502218004102~N~289~PL~~~~~~~
1
1
1
1
1
1
1
2
3
4
5
6
7
8
123456789012345678901234567890123456789012345678901234567890
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ROBERT~~~~~~~~~JONES~~~~~~~~~~
1
1
2
8
9
0
1234567890123456789012345678
~~~~~~~~~~~~~~~5555370000840

172

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

Data Field 63

PRIVATE USE DATA (continued)
In the preceding examples:
• “033”, “078” and “205” are the three-byte, Variable
Length Indicators (VLI)1.
• “AX” is the two-byte, Service Identifier (constant literal
“AX” = American Express).
• “AD” is the two-byte, Request Type Identifier.
“AD” = American Express AAV.

•
•

•
•
•
•
•
•
•

“AE” = American Express Telephone Number Verification
and/or Email Address Verification.
“850544500” is the nine-byte, Cardmember Billing Postal
Code.
“18850~N~56~ST~#301~~” is the first 20 bytes of
Cardmember Billing Address. Note that unit, apartment,
flat or suite number must be included in street address, if
applicable. See the following notes.
“JANE~…~SMITH~…~” is the 15-byte, Cardmember First
Name; and 30-character, Cardmember Last Name.
“1234567890” is the 10-byte, Cardmember Billing
Phone Number (used for Telephone Number Verification).
“850221800” is the nine-byte, Ship-to Postal Code.
“4102~N~289~PL~…~” is the 50-byte, Ship-to
Address.
“ROBERT~…~JONES~…~” is the 15-byte, Ship-to First
Name; and 30-byte, Ship-to Last Name.
“1234567890” is the 10-byte, Ship-to Phone Number.
“840” is the three-digit, numeric, Ship-to Country Code.
For more information on numeric country codes, refer to
Country and Currency Codes for Authorizations in the
American Express Global Codes & Information Guide

Notes:
1. Tilde (~) characters represent character spaces.
2. Refer to Street Codes in the American Express Global
Codes & Information Guide.
3. See Data Field 63 Subfield Summary Table on page 163.
_____________________
1 Not counting the Variable Length Indicator (VLI) that populates the first three positions in this data field.

April 2016

173

Global Credit Authorization Guide ISO Format

8.1

Data Field 63

American Express Proprietary & Confidential

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
American Express Travelers Cheque Format
For American Express Travelers Cheque (TC) transactions, TC
data may be machine read or manually entered.
The following are detailed descriptions for the subfields used
to transmit TC information in Data Field 63.

table of contents

TC Data — MICR Entry
For TC transactions in which the MICR (Magnetic Ink Character
Recognition) data is machine read, this data field must contain
the MICR data printed along the bottom edge of the TC.
0
1
2
3
1234567890123456789012345678901
LLLSSRRNNNNNNNNNNNNNNNNNNNNNNNN
• “LLL” is the three-digit, Variable Length Indicator (VLI),
right justified and zero filled, if necessary.
• “SS” is the two-character, Service Identifier (SI).
• “RR” is the two-character, Request Type Identifier (RTI).
• “NNN...” is the 24-character, TC MICR line entry.
Example of TC MICR Line TC Data
0
1
2
3
1234567890123456789012345678901
028AXTC123456789T12D12345678901
• “028” is the Variable Length Indicator (VLI).
• “AX” is the two-byte, Service Identifier (constant literal
“AX” = American Express).
• “TC” is the two-byte, Request Type Identifier (constant
literal “TC” = Travelers Cheque, MICR line data).
• “123...” is the 24-character, TC MICR line entry.
Note: Some symbols in the printed MICR line are data field
separators, which are translated to alpha characters when
machine read.

174

April 2016

American Express Proprietary & Confidential

8.1

Data Field 63

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
TC Data — Manual Entry
For TC transactions in which the Travelers Cheque Number is
manually entered, this data field must contain the TC Alpha
Prefix and Serial Number from the upper, right-hand corner of
Travelers Cheque.
Note: For manually entered TC Numbers only, the
corresponding TC denomination must be forwarded in Data
Field 62.
The TC Alpha Prefix (leading alpha characters) must be
converted to numbers prior to populating this data field,
because the TC Alpha Prefix and Serial Number must be
transmitted as numerals. See the following Travelers Cheque
Alpha Prefix Conversion Table:
Travelers Cheque Alpha Prefix Conversion Table
A
B
C
D
E
F
G
H
I

=
=
=
=
=
=
=
=
=

1
2
3
4
5
6
7
8
9

J
K
L
M
N
O
P
Q
R

=
=
=
=
=
=
=
=
=

1
2
3
4
5
6
7
8
9

S
T
U
V
W
X
Y
Z

=
=
=
=
=
=
=
=

2
3
4
5
6
7
8
9

Note: Bullet characters (used as separators) are not
transmitted.
0
1

123456789012345678
LLLSSRRNNNNNNNNNNN
• “LLL” is the three-digit, Variable Length Indicator (VLI),
right justified and zero filled, if necessary.
• “SS” is the two-character, Service Identifier (SI).
• “RR” is the two-character, Request Type Identifier (RTI).
• “NNNNNNNNNNN” is the 11-digit concatenation of the 2
digit numeric equivalent of the TC Alpha Prefix and the 9
digit, manually entered, Travelers Cheque Number.

April 2016

175

Global Credit Authorization Guide ISO Format

8.1

Data Field 63

American Express Proprietary & Confidential

1100 Authorization Request (continued)

PRIVATE USE DATA (continued)
Example of Manually Entered TC Data
0
1

123456789012345678
015AXTS12123456789
• “015” is the Variable Length Indicator (VLI).

table of contents

• “AX” is the two-byte, Service Identifier (constant literal
“AX” = American Express).
• “TS” is the two-byte, Request Type Identifier (constant
literal “TS” = Travelers Cheque, manually entered data).
• “12123456789” is the manually entered, TC Prefix
(converted) and Travelers Cheque Number.

176

April 2016

American Express Proprietary & Confidential

8.1

Global Credit Authorization Guide ISO Format

1100 Authorization Request (continued)

DATA FIELD 96

KEY MANAGEMENT DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 17 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
14 bytes maximum, EBCDIC & Binary

Field Type:

Unsigned binary number - Data items whose original formats
are defined as binary are mapped directly as eight bits per
byte, with the value of any binary byte of data varying from
hexadecimal “00” to “FF”.

Field Requirement:

• Mandatory — PIN, MAC or DATA encryption transactions
using dynamic key exchange.
• Not used — Other transactions

Description:

This data field contains information on cryptographic keys to
support transactional encrypted data.

American Express Session Key Identifier Format Table
Relative
Position


Subfield Name

Subfield
Length


Subfield Type

Required
(M/O/C)


Description

1-3

VARIABLE LENGTH
INDICATOR (VLI)

3 bytes

Numeric
(EBCDIC)

VLI indicates total length of variable
data in this data field (not including
VLI).

4-5

PRIMARY ID

2 bytes

Alpha

Primary ID (Card Type Code) is
constant literal “AX” (American
Express).

6-8

SECONDARY ID

3 bytes

Alpha

Secondary ID (Data Type Code) is
constant literal “KCV” (Key Check
Value).

9-11

SESSION PIN KEY CHECK
VALUE

3 bytes

Binary

Check value is to be copied from the
value found in the SESSION PIN KEY
CHECK VALUE subfield in Data Field
96, Key Management Data, Network
Management Response (1814)
message.

12-14

SESSION MAC KEY CHECK
VALUE

3 bytes

Binary

Binary-zero filled

15-17

SESSION DATA KEY CHECK
VALUE

3 bytes

Binary

Binary-zero filled

April 2016

177

Global Credit Authorization Guide ISO Format

8.1

American Express Proprietary & Confidential

1100 Authorization Request (continued)

table of contents

Data Field 128

MESSAGE AUTHENTICATION CODE FIELD

Length of Field:

8 bytes, 64 bits

Field Type:

Binary

Constant:

None

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
This data field is used for the data value that protects both a
message's integrity, as well as its authenticity, by allowing
verifiers the ability to detect any changes to the message
content.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.

178

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response

Length of Record:

801 bytes maximum

Description:

This message is used by American Express to transmit an
Authorization and/or Automated Address Verification (AAV) Response
(1110) message to a Merchant.

Data
Field



Data Field Name



Data Field Type



Data Field Requirements

Numeric

Mandatory

181

Binary

Mandatory

181

21 bytes,
LLVAR

Numeric

Mandatory - Echo returned

182

Max. Data
Field
Length
4 bytes, fixed



Page

—

MESSAGE TYPE IDENTIFIER

—

BIT MAP - PRIMARY

PRIMARY ACCOUNT NUMBER (PAN)

PROCESSING CODE

6 bytes, fixed

Numeric

Mandatory - Echo returned

182

AMOUNT, TRANSACTION

12 bytes, fixed

Numeric

See page 

183

DATE AND TIME, TRANSMISSION

10 bytes, fixed

Numeric

Conditional - Echo returned

184

SYSTEMS TRACE AUDIT NUMBER

6 bytes, fixed

Alphanumeric &
special characters

Mandatory - Echo returned

184

8 bytes, 64
bits

DATE AND TIME, LOCAL TRANSACTION

12 bytes, fixed

Numeric

Mandatory - Echo returned

185

DATE, SETTLEMENT

6 bytes, fixed

Numeric

See page 

186

AMOUNTS, ORIGINAL

24 bytes, fixed

Numeric

See page 

187

ACQUIRER REFERENCE DATA

50 bytes,
LLVAR

Alphanumeric &
special characters

Mandatory

188

ACQUIRING INSTITUTION
IDENTIFICATION CODE

13 bytes,
LLVAR

Numeric

Conditional - Echo returned

189

30 bytes,
maximum

Alphanumeric

See page 

190

12 bytes, fixed

Alphanumeric &
special characters

Conditional - Echo returned

192

6 bytes, fixed

Alphanumeric

See page 

193

PRIMARY ACCOUNT NUMBER,
EXTENDED

RETRIEVAL REFERENCE NUMBER

APPROVAL CODE

April 2016

179

Global Credit Authorization Guide ISO Format

8.2

Data
Field

table of contents
180

American Express Proprietary & Confidential

1110 Authorization Response (continued)



Data Field Name

Max. Data
Field
Length



Data Field Type



Data Field Requirements



Page

ACTION CODE

3 bytes, fixed

Numeric

Mandatory

194

CARD ACCEPTOR TERMINAL
IDENTIFICATION

8 bytes, fixed

Alphanumeric &
special characters

See page 

196

CARD ACCEPTOR IDENTIFICATION CODE

15 bytes, fixed

Alphanumeric &
special characters

Mandatory - Echo returned

196

ADDITIONAL RESPONSE DATA

27 bytes,
LLVAR

Alphanumeric &
special characters

See page 

197

CURRENCY CODE, TRANSACTION

Numeric

Mandatory - Echo returned

203

AMOUNTS, ADDITIONAL

123 bytes,
LLVAR

Alphanumeric &
special characters

See page 

203

INTEGRATED CIRCUIT CARD SYSTEM
RELATED DATA

259 bytes,
LLLVAR

Alphanumeric,
special characters
& binary

See page 

205

NATIONAL USE DATA

106 bytes,
LLLVAR

Alphanumeric &
special characters

See page 

208

NATIONAL USE DATA

103 bytes,
LLLVAR

Alphanumeric

See page 

209

PRIVATE USE DATA

63 bytes,
LLLVAR

Alphanumeric,
special characters
& binary

See page 

211

PRIVATE USE DATA

103 bytes,
LLLVAR

Alphanumeric &
special characters

See page 

217

MESSAGE AUTHENTICATION CODE
FIELD

8 bytes, 64
bits

Binary

N/A

217

April 2016

3 bytes, fixed

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field — None

MESSAGE TYPE IDENTIFIER

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

1110

Field Requirement:

Mandatory

Description:

The constant literal “1110” signifies the ISO 8583
Authorization Response message.

Data Field — None

BIT MAP - PRIMARY

Length of Field:

8 bytes, 64 bits, fixed length for each bit map

Field Type:

Binary (hexadecimal configuration)

Constant:

None

Field Requirement:

Mandatory

Description:

See Bit Map - Primary description on page 62 of the
Authorization Request (1100) message.

April 2016

181

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

table of contents

Data Field 2

PRIMARY ACCOUNT NUMBER (PAN)

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 21 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
19 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Authorization Request
(1100) message, and is echo returned without alteration in the
Authorization Response (1110) message.

Data Field 3

PROCESSING CODE

Length of Field:

6 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Authorization Request
(1100) message, and is echo returned without alteration in the
Authorization Response (1110) message.

182

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 4

AMOUNT, TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, right justified, zero filled

Constant:

None

Field Requirement:

• Mandatory — Echo returned for Non-Prepaid Card
Authorization Requests
• Conditional — Prepaid Card Partial Authorization Requests

Description:

This data field is mandatory in the Authorization Request
(1100) message, and is generally echo returned without
alteration in the Authorization Response (1110) message.
Partial Authorization - Prepaid Cards Only
If Function Code (Data Field 24) is “181” (Partial
Authorization) in the Authorization Request (1100) message,
and Action Code (Data Field 39) is “002” in this Authorization
Response (1110) message, then this Amount, Transaction data
field contains the approved, authorized amount, which will be
less than the Amount, Transaction entry transmitted in the
originating Authorization Request (1100) message.
Note: Merchant certification is required to receive partial
authorization responses.

April 2016

183

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

table of contents

Data Field 7

DATE AND TIME, TRANSMISSION

Length of Field:

10 bytes, fixed length

Field Type:

Numeric, MMDDhhmmss

Constant:

None

Field Requirement:

Conditional — Echo returned

Description:

This data field is not required for processing this message;
however, if included in an originating request message, it will
be preserved and returned in the response message, without
alteration.

Data Field 11

SYSTEMS TRACE AUDIT NUMBER

Length of Field:

6 bytes, fixed length

Field Type:

Alphanumeric (upper case) & special characters

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Authorization Request
(1100) message, and is echo returned without alteration in the
Authorization Response (1110) message.

184

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 12

DATE AND TIME, LOCAL TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, YYMMDDhhmmss

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Authorization Request
(1100) message, and is echo returned without alteration in the
Authorization Response (1110) message.

April 2016

185

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

Data Field 15

DATE, SETTLEMENT

Length of Field:

6 bytes, fixed length

Field Type:

Numeric, YYMMDD

Constant:

None

Field Requirement:

• Mandatory — MasterCard transactions

table of contents

• Not used — Other transactions
Description:

This data field is used for MasterCard processing only.
This data field contains the BankNet Settlement Date of the
card, as returned by MasterCard.
The format is: YYMMDD

186

April 2016

YY =

Year (last two digits only) - Optional

MM =

Month (two digits)

DD =

Day (two digits)

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 30

AMOUNTS, ORIGINAL

Length of Field:

24 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

• Conditional — Some American Express Prepaid Card
transactions
• Not used — All others

Description:

This data field contains the original amount requested when a
partial amount is approved.
Merchants must be certified for Partial Authorization for the
original amount to be returned in this data field. See additional
information on partial authorizations in Authorization Request
(1100) message, Data Field 24, Function Code, on page 86.
Positions 1-12 of this data field are the original transaction
amount from Data Field 4, Amount, Transaction, in the
originating Authorization Request (1100) message.
Positions 13-24 are zero filled and reserved for future use.

April 2016

187

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

table of contents

Data Field 31

ACQUIRER REFERENCE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 50 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
48 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Mandatory
Note: This data field is mandatory and created by the
American Express Global Network, and always appears in
response messages returned to Merchants and/or Third Party
Processors.

Description:

This data field contains the 15-digit, numeric, Transaction
Identifier (TID), a unique, American Express-assigned tracking
number. The TID is used to identify and track a Cardmember
transaction throughout its life cycle.
The value in this data field must be retained by the Merchant’s
system and returned to American Express in the Transaction
Advice Basic (TAB), Transaction Advice Detail (TAD) and
Transaction Advice Addendum (TAA) financial submission
records that correspond to this authorization response. For
more information, refer to the American Express Global
Financial Submission Guide.
See the following example of a typical TID entry:
0
1 
12345678901234567
15123456789012345
• “15” is the two-byte, Variable Length Indicator (VLI).
• “123456789012345” is the 15-byte, numeric TID.

188

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 32

ACQUIRING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Conditional — Echo returned

Description:

This data field is not required for processing this message;
however, if included in an originating request message, it will
be preserved and returned in the response message, without
alteration.

April 2016

189

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

table of contents

Data Field 34

PRIMARY ACCOUNT NUMBER, EXTENDED

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 30 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
28 bytes maximum, EBCDIC

Field Type:

Alphanumeric

Constant:

None

Field Requirement:

• Mandatory — Expresspay Translation (PAN request)
transactions
• Mandatory — Expresspay Translation (PAN & Expiration
Date request) transactions
• Conditional — Payment Token transactions
• Not used — Other transactions

Description:

For Expresspay Translation (PAN request or PAN and Expiration
Date request), in order to receive a response in this data field,
Function Code 194 Expresspay Translation (PAN request) or
Function Code 196, Expresspay Translation (PAN and Expiration
Date request), must be populated in Data Field 24, Function
Code in the request message.
Payment Token transactions
This field contains the last four digits of the PAN when
Subfield 6 in Data Field 60, National Use Data, is populated in
the Authorization Request (1100) message.
Merchant's system(s) should be prepared to accept and
process the responses detailed on the following page.
When the Primary Account Number (PAN) is provided, this data
field contains the disposition for the PAN. The first two digits
are the Variable Length Indicator (VLI) followed by one digit
alpha PAN request result followed by the PAN if valid.

190

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 34

PRIMARY ACCOUNT NUMBER, EXTENDED (continued)

Description:

Valid PAN response codes:
Y =

PAN returned

N =

PAN not found/does not exist

R =

Reattempt PAN request

Last four digits of the Primary Account Number

E =

PAN and Expiration Date returned

Examples of PAN Responses:
PAN Returned
LLY123456789012345
LL = Two-digit, Variable Length Indicator (VLI), right justified,
and zero filled
Y= One-character, PAN response code
123456789012345 = PAN
Payment Token transactions
LLF1234
LL = Two-digit, Variable Length Indicator (VLI), right justified,
and zero filled
F = One-character, PAN response code
1234 = PAN
Last 4 digits of the Primary Account Number
05F1234
PAN and Expiration Date Returned:
LLE1601123456789012345
LL = Two-digit, Variable Length Indicator (VLI), right justified,
and zero filled
E= One-character, PAN response code
where “1601” = Expiration Date (YYMM)
and “123456789012345” = PAN

20E1601123456789012345

April 2016

191

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

Data Field 34

PRIMARY ACCOUNT NUMBER, EXTENDED (continued)

Description:

PAN Not Found/Does not exist
O1N
Reattempt PAN Request
O1R

table of contents

Data Field 37

RETRIEVAL REFERENCE NUMBER

Length of Field:

12 bytes, fixed length

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Conditional — Echo returned

Description:

This data field is not required for processing this message;
however, if included in an originating request message, it will
be preserved and returned in the response message, without
alteration.

192

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 38

APPROVAL CODE

Length of Field:

6 bytes, fixed length

Field Type:

Alphanumeric, left justified, character space filled

Constant:

None

Field Requirement:

• Mandatory — “Approved” transactions
• Optional — “Please Call Issuer” - American Express
• Not used — Other transactions

Description:

If Action Code (Data Field 39) is an approval, this data field
contains an “authorization code” that corresponds to the
Authorization Request (1100) message or Automated Address
Verification (AAV) request in the originating request message.
Formats include:
NNNNNN =

Authorization code for all U.S., Canadian and
some regional American Express Merchants.
Note: All U.S. and Canadian Merchants must
comply with the American Express Six-Digit
Approval Code policy.

NN~~~~ =

Authorization code for American Express
Travelers Cheques.

NN~~~~ =

Authorization code for some regional
American Express Merchants, only.

NNNNNN =

Authorization code for MasterCard, VISA and
American Express-supported Cards.

NN~~~~ =

Authorization code for Diners Club.
If Action Code is “107 - Please Call Issuer”,
this data field may optionally contain a
four-digit, American Express (AMEX) Referral
Queue Number.

NNNN~~ =

AMEX Referral Queue Number (American
Express option only - Not provided for all
American Express products (e.g., Gift Cards).

See Notes on the next page.

April 2016

193

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

Data Field 38

APPROVAL CODE (continued)

Description (continued):

Notes:
1. All Approval Codes are numeric for American Express
transactions, except for Address Verification Only
transactions, when the Approval Code data field is blank.
2. For more information on the AMEX Referral Queue
Number, see page 20.

table of contents

3. In the examples above, “N” is an alphanumeric character,
and the tilde (~) represents a character space.

Data Field 39

ACTION CODE

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains the Action Code, indicating the
American Express disposition for this transaction.
See valid Action Codes on the next page.

194

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 39

ACTION CODE (continued)

Description (continued):

Valid Action Codes:
000
001
002
100
101
106
107
109
110
111
115
117
119
122
125
181
183
187
189
200
900
909
912

Approved
Approve with ID
Partial Approval (Prepaid Cards only)
Deny
Expired Card / Invalid Expiration Date
Exceeded PIN attempts
Please Call Issuer
Invalid merchant
Invalid amount
Invalid account / Invalid MICR (Travelers Cheque)
Requested function not supported
Invalid PIN
Cardmember not enrolled / not permitted
Invalid card security code (a.k.a., CID, 4DBC, 4CSC)
Invalid effective date
Format error
Invalid currency code
Deny - New card issued
Deny - Canceled or Closed Merchant/SE
Deny - Pick up card
Accepted - ATC Synchronization
System Malfunction (Cryptographic error)
Issuer not available

Notes:
1. The following requirement must be met prior to sending a
keyed CID/4DBC/4CSC value that will be actioned by
American Express. The system is prepared to accept all
possible Action Codes found in Data Field 39 and all
possible Response Indicators found in byte 2 of Data Field
44, and in any combination.
2. While Action Code “115” (Requested function not
supported) means the Issuer does not support the
requested function, it can also mean “Service not
permitted” (i.e., the Merchant or Third Party Processor has
requested an authorization feature or function for which it
is not certified).
3. Action Code “122” indicates keyed four-digit CID/4DBC/
4CSC failed validation. For CID/4DBC/ 4CSC location on
Cards, see page 46.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.

April 2016

195

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

Data Field 41

CARD ACCEPTOR TERMINAL IDENTIFICATION

Length of Field:

8 bytes, fixed length

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Mandatory — Echo returned for VISA PS2000

table of contents

• Conditional — Echo returned for American Express
transactions in the USA and Canada, and non-VISA
transactions
Description:

This data field may or may not be required for processing this
message; however, if included in an originating request
message, it will be preserved and returned in the response
message without alteration.

Data Field 42

CARD ACCEPTOR IDENTIFICATION CODE

Length of Field:

15 bytes, fixed length

Field Type:

Alphanumeric & special characters, left justified, character
space filled

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Authorization Request
(1100) message, and is echo returned without alteration in the
Authorization Response (1110) message.

196

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 44

ADDITIONAL RESPONSE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 27 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
25 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Conditional — American Express Automated Address
Verification (AAV) Validation
• Conditional — Keyed CID/4DBC/4CSC Validation
• Optional — American Express Dial Transfer
• Not used — Other transactions

Description:

This data field contains additional response data for certain
Authorization Request (1100) messages; and it is mandatory if
American Express Automated Address Verification (AAV)
and/or Keyed CID/4DBC/4CSC validation is requested in Data
Field 63 and/or 53 (respectively) of the Authorization Request
(1100) message. However, this data field may not be returned
when certain error Action Codes (Data Field 39) are returned in
the Authorization Response (1110) message (e.g., a “181”
Format Error).
Merchants that submit 33-, 78- or 205-byte format, Automated
Address Verification (AAV) Requests in Authorization Request
(1100) messages may receive the AAV responses described for
this data field and in the table on the next page. Therefore, the
Merchant's system(s) should be prepared to accept and
process all of the responses detailed on the following pages.
For more information on Automated Address Verification
formats, see page 157.

April 2016

197

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

Data Field 44

ADDITIONAL RESPONSE DATA (continued)


Description

78-Byte
Format

205-Byte
Format

Code

Yes, CM Address and Postal Code are both correct.

No, CM Address and Postal Code are both incorrect.

CM Address only correct.

CM Postal Code only correct.

Information unavailable.

SE not allowed AAV function.

System unavailable; retry.

CM Name and Postal Code match.

CM Name, Address and Postal Code match.

CM Name and Address match.

CM Name matches.

CM Name incorrect, Postal Code matches.

CM Name incorrect, Address and Postal Code match.

CM Name incorrect, Address matches.

No, CM Name, Address and Postal Code are all incorrect.

table of contents

33-Byte
Format

X = Possible response for indicated format.

198

April 2016

American Express Proprietary & Confidential

8.2

Data Field 44

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

ADDITIONAL RESPONSE DATA (continued)
Variable Length Indicator (VLI)
The first two digits in this data field are the Variable Length
Indicator (VLI). Besides indicating variable data length, the VLI
is a key to the contents of this data field.
01 =

Variable data in the form of a one-byte response is
used for American Express AAV. Example: “01Y”.

02 =

Variable data in the form of a two-byte response,
where the first byte (relative position 3) contains
Address Verification results; and the second byte
(relative position 4) contains Keyed CID/4DBC/4CSC
Validation results. Example: “02NY”.

15 =

Variable data as a 15-byte data field is reserved for
American Express Dial Transfer, Relay Phone
Number data. This rarely used option transports a
phone number dial-string to a terminal, to facilitate
autodialing to an American Express U.S.
Authorizations Center (so that the Merchant can
speak to an Authorizer). For more information on this
option, contact your American Express
representative.

Note: See subfield layouts and examples that follow.
VLI = “01” Format
For AAV responses, the format for this data field is:
123
LLX
LL

= Two-digit, Variable Length Indicator (VLI), right
justified and zero filled.

One-character, Address Verification response code
for American Express AAV requests.

April 2016

199

Global Credit Authorization Guide ISO Format

8.2

Data Field 44

American Express Proprietary & Confidential

1110 Authorization Response (continued)

ADDITIONAL RESPONSE DATA (continued)
VLI = “01” Format (continued)
Valid Address Verification response codes include the
following:

table of contents

Y =

Yes, CM Address and Postal Code are both correct.

N =

No, CM Address and Postal Code are both incorrect.

A =

CM Address only correct.

Z =

CM Postal Code only correct.

U =

Information unavailable.

S =

SE not allowed AAV function.

R =

System unavailable; retry.

L =

CM Name and Postal Code match.

M =

CM Name, Address and Postal Code match.

O =

CM Name and Address match.

K =

CM Name matches.

D =

CM Name incorrect, Postal Code matches.

E =

CM Name incorrect, Address and Postal Code
match.

F =

CM Name incorrect, Address matches.

W =

No, CM Name, Address and Postal Code are all
incorrect.

Example of VLI = “01”
The following is a typical example of an AAV, one-byte
response:
123
01Y
01 = Two-digit, Variable Length Indicator (VLI).
Y =

200

April 2016

One-character, Address Verification response code.

American Express Proprietary & Confidential

8.2

Data Field 44

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

ADDITIONAL RESPONSE DATA (continued)
VLI = “02” Format
For AAV and/or Keyed CID/4DBC/4CSC Validation responses,
the format for this data field is:
1234
LLXB
LL = Two-digit, Variable Length Indicator (VLI), right justified
and zero filled.
X =

One-character, Address Verification response code for
American Express AAV requests. See valid codes on
previous page.
Note: A character space in relative position 3, in lieu
of an Address Verification response code, indicates
that Data Field 63 (containing AAV data) was not
present in the originating Authorization Request (1100)
message.

B =

One-character, CID/4DBC/4CSC response code for
American Express Keyed CID/4DBC/4CSC Validation
requests.

Valid CID/4DBC/4CSC response codes include the following:
Y =

CID/4DBC/4CSC matched

N =

CID/4DBC/4CSC did not match

U =

CID/4DBC/4CSC was not checked

Example #1 of VLI = “02”
The following is a typical example of an AAV with Keyed
CID/4DBC/4CSC Validation, two-byte response to an
Authorization Request (1100) message that contained both
Data Field 53 (CID/4DBC/ 4CSC from the face of the Card) and
Data Field 63 (address verification information):
1234
02YN
02 = Two-digit, Variable Length Indicator (VLI).
Y = One-character, AAV response code.
N =

One-character, Keyed CID/4DBC/4CSC Validation
response code.

April 2016

201

Global Credit Authorization Guide ISO Format

8.2

Data Field 44

American Express Proprietary & Confidential

1110 Authorization Response (continued)

ADDITIONAL RESPONSE DATA (continued)
Example #2 of VLI = “02”
The following is a typical example of a Keyed CID/4DBC/4CSC
Validation, two-byte response to an Authorization Request
(1100) message that contained Data Field 53 (CID/4DBC/4CSC
from the face of the Card) and not Data Field 63 (address
verification information):

table of contents

1234
02~N
02 = Two-digit, Variable Length Indicator (VLI).
~ = Character space.
N = One-character, Keyed CID/4DBC/4CSC Validation
response code.
Example of VLI = “15”
The following is a typical example of an American Express Dial
Transfer, Relay Phone Number, 15 byte response:
0

12345678901234567
15441101234567890
15 =

Two-byte, Variable Length Indicator (VLI).

441101234567890 = 15-byte, telephone number.

202

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 49

CURRENCY CODE, TRANSACTION

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Authorization Request
(1100) message, and is echo returned without alteration in the
Authorization Response (1110) message.
For more information on numeric currency codes and decimal
point positions, refer to Country and Currency Codes for
Authorizations in the American Express Global Codes &
Information Guide.

Data Field 54

AMOUNTS, ADDITIONAL

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 123 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
120 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Optional — American Express Prepaid Cards
• Not used — All others

Description:

This data field contains the available amount remaining on
certain American Express Prepaid Card products. The amount
is present in the response message, when Data Field 24,
Function Code in the originating request message, contains
codes “181” or “182”. Merchants may wish to display this
value on the POS terminal or print it on the customer receipt.
For more information, see page 86.
Note: Balances may not be returned for some Prepaid Cards.

April 2016

203

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

Data Field 54

AMOUNTS, ADDITIONAL (continued)

Description (continued):

This data field is composed of a three-byte Variable Length
Indicator (VLI) and 20 bytes of coded data that specifies the
Account Type, Amount Type, Currency Code, Credit status and
the Prepaid Card remaining balance. The format is:
1
2
12345678901234567890123

table of contents

VVVAABBCCCD123456789012

Length

Pos.

Description

VVV

3 bytes

1-3

VLI / Variable Length Indicator (always
“020”)

2 bytes

4-5

Account Type Code (always “00”)

2 bytes

6-7

Amount Type Code (always “05”)

CCC

3 bytes

8-10

Numeric Currency Code (e.g., U.S.
Dollars = “840”). For more information
on numeric currency codes and decimal
point positions, refer to Country and
Currency Codes for Authorizations in the
American Express Global Codes &
Information Guide.

1 byte

123...

12 bytes

12-23

Credit Code (“C” = Credit)
12-digit, Prepaid Card balance, right
justified, zero filled, with corresponding
decimal implied (e.g., 840 / U.S. Dollars
= two decimal places).

For example, a credit (remaining balance) of $10.00 in U.S.
Dollars (840) would appear as:
1
2
12345678901234567890123
0200005840C000000001000

204

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 55

INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 259 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
256 bytes maximum, EBCDIC, BCD or binary

Field Type:

Alphanumeric & special characters, and binary coded decimal
(BCD) or unsigned binary numbers
Note: Data Field 55 contains some subfields that are
forwarded for transmission to an integrated circuit card or
terminal, and are specified as binary. This data is in binary
format in 8 bit blocks, right justified and zero filled, per the
following:
1. Data originally transmitted as numeric is formatted as
binary coded decimal (BCD) with two digits per byte (“00”
to “99”). Numeric subfields with an odd number of digits
are padded with leading zeros.
2. Data originally transmitted as binary is mapped directly as
eight bits per byte, with the value for any binary byte of
data varying from hexadecimal “00” to “FF”.
For more information, see page 138.

Constant:

None

Field Requirement:

• Mandatory — ICC (EMV*) transactions (special
certification required)
• Not used — Other transactions

_____________________
*EMV is the abbreviation for Europay/MasterCard/VISA, joint sponsors of the global standard for electronic financial transactions using "chip card" technology

April 2016

205

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

Data Field 55

INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA
(continued)

Certification Requirement:

Global - All regions
Mandatory — Third Party Processors and/or Vendors must be
certified to pass Card Present transactions for Integrated
Circuit Cards (ICCs) in this data field. After certification, all
card Issuer-provided ICC related data must be forwarded in
this data field.

table of contents

Description:

This data field contains Integrated Circuit Card (ICC) Related
Data that is forwarded for transmission to the integrated
circuit on a chip card. If ICC data was read from the Card and
included in the originating request message, some subfields
are echo returned in this response.
Before Merchants may use this data field, special certification
is required to process ICC transactions. For more information
on ICC support, reference the American Express AEIPS Chip
Card Specification and American Express AEIPS Terminal
Specification, in addition to contacting your American Express
representative.
Note: For Merchants who have not completed this
certification, no data will be transmitted in this data field from
American Express.
See subfield details on the next page:

206

April 2016

American Express Proprietary & Confidential

8.2

1110 Authorization Response (continued)

Data Field 55

EMV
Tags

Global Credit Authorization Guide ISO Format

Relative
Position

INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA
(continued)

Subfield
Name

Subfield
Length

Subfield
Type

1-3

VARIABLE LENGTH
INDICATOR (VLI)

3 bytes

Numeric
(EBCDIC)

4-7

ICC HEADER VERSION
NAME

4 bytes

Alphanumeric
(EBCDIC)

Required


Description

Yes

VLI indicates total length of
variable data in this data field (not
including VLI).

Mandatory
echo

Version header of the bit contents.
Must be echoed without alteration
from Network to Issuer Request,
even if Bit 55 data (Issuer
Authentication Data/ Issuer Script
Data) is not present in the
response.
Required value: “AGNS”

8-9

ICC HEADER VERSION
NUMBER

2 bytes

Binary coded
decimal (BCD)

Mandatory
echo

Version number of the bit contents.
Must be echoed without alteration
from Network to Issuer Request,
even if Bit 55 data (Issuer
Authentication Data/ Issuer Script
Data) is not present in the
response.
Required value: “0001”

10-26

ISSUER
AUTHENTICATION
DATA

17 bytes,
max
(LLVAR)

Unsigned
binary number

Conditional

One byte, unsigned-binary-number
VLI indicates subfield length, and
precedes up to 16 bytes of variable
data. For example, the VLI for 16
bytes of variable data is = “10”
(one byte) in hex. See explanation
of unsigned binary number format
on page 138. Note: This subfield
contains proprietary, Issuer-defined
authentication data transmitted
from Issuer to card. For details,
refer to the AEIPS Chip Card
Specification.

27-155

ISSUER SCRIPT DATA

129 bytes,
max
(LLLVAR)

Unsigned
binary number

Conditional

This subfield may be used only if
Subfield 3, Issuer Authentication
Data, is present. This subfield
contains Issuer Script Template(s)
and Command(s) to be
communicated in the ICC Chip. The
subfield length is the first byte,
binary hexadecimal.

156-259

RESERVED FOR FUTURE
USE

104 bytes,
max
(LLVAR)

N/A

This subfield is reserved for future
use and is completely omitted
(including LLVAR).

April 2016

207

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

table of contents

Data Field 60

NATIONAL USE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

13 bytes minimum, 106 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
103 bytes maximum, EBCDIC or Binary

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Conditional — Echo returned

Description:

This data field is mandatory for Payment Service Providers
(Aggregators), OptBlue Participants and Payment Token
transactions and not used for all other transactions in the
Authorization Request (1100) message.
This message is echo returned without alteration in the
Authorization Response (1110) message (if previously
submitted).

208

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 61

NATIONAL USE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 103 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
100 bytes maximum, EBCDIC & Binary

Field Type:

Alphanumeric

Constant:

None

Field Requirement:

• Mandatory — American Express SafeKey transactions
(special certification required)
• Not used — Other transactions

Certification Requirement:

See Section 6.4 for the website link to American Express
SafeKey enabled countries.
Mandatory — Third Party Processors and/or Vendors must be
certified to pass American Express SafeKey authentication
data in this data field. After certification, all
Merchant-provided American Express SafeKey authentication
related data must be forwarded in this data field.

Description:

American Express SafeKey is an industry-standard
Authentication method that provides greater security, by
authenticating the Cardmember during an online purchase and
protecting payment card information as it is transmitted via the
Internet.
Before Merchants may use this data field, special certification
is required to process American Express SafeKey transactions.
For more information, reference the American Express
SafeKeySM Acquirer - Merchant Implementation Guide, in
addition to contacting your American Express representative.
Note: For Merchants who have not completed this
certification, no data will be transmitted in this data field from
American Express.
See table containing subfield details on the next page.

April 2016

209

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

Data Field 61

NATIONAL USE DATA (continued)

American Express SafeKey Format Table:
Relative
Position

Subfield
Length



Subfield Type

Required
(M/O/C)



Description

table of contents

1-3

VARIABLE LENGTH
INDICATOR (VLI)

3 bytes

Numeric
(EBCDIC)

VLI indicates total length of variable data in this
data field (not including VLI).

4-5

PRIMARY ID

2 bytes

Alpha

Primary ID (Card Type Code) is constant literal
“AX” (American Express).

6-8

SECONDARY ID

3 bytes

Alpha

Secondary ID (Data Type Code) is constant liter
“ASK” (American Express SafeKey)

AMERICAN EXPRESS
VERIFICATION VALUE
(AEVV) VALIDATION
RESULT

1 byte

Alphanumeric

Valid values include:

210



Subfield Name

April 2016

0 = Reserved for future use
1 =

AEVV Failed - Authentication, Issuer Key

2 =

AEVV Passed - Authentication, Issuer
Key

3 =

AEVV Passed - Attempt, Issuer Key

4 =

AEVV Failed - Attempt, Issuer Key

5 =

Reserved for future use

6 =

Reserved for future use

7 =

AEVV Failed - Attempt, Issuer not
participating, Network Key

8 =

AEVV Passed - Attempt, Issuer not
participating, Network Key

9 =

AEVV Failed - Attempt, Participating,
Access Control Server (ACS) not
available, Network Key

A =

AEVV Passed - Attempt, Participating,
Access Control Server (ACS) not
available, Network Key

B =

Reserved for future use

C =

Reserved for future use

D =

Reserved for future use

U =

AEVV Unchecked

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 62

PRIVATE USE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 63 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
60 bytes maximum, coding determined by data field use

Field Type:

Alphanumeric & special characters, and binary coded decimal
(BCD) or unsigned binary numbers

Constant:

None

Field Requirement:

• Mandatory — American Express transactions, Telephone
Number and Email Verification
• Mandatory — VISA PS2000 transactions, PS2000
requested
• Not used — Other transactions

Certification Requirement:

Global - All regions
Mandatory — All Third Party Processors and/or Vendors must
certify to this data field. Merchants that submit Telephone
Number and/or Email Address data in Data Field 63 and/or 47,
respectively, in the Authorization Request (1100) message,
must also certify to this data field. Therefore, the Merchant's
system(s) should be prepared to accept and process all of the
responses detailed on the following pages. For more
information on Automated Address Verification (AAV),
Telephone Number Verification and/or Email Address
Verification formats, see pages 159, 161 and/or 162,
respectively.

Description:

This data field is used for American Express Telephone
Number Verification and/or Email Address Verification and
VISA transaction responses. However, this data field may not
be returned when certain error Action Codes in Data Field 39
are returned in the Authorization Response (1110) message
(e.g., a “181” Format Error).
American Express strongly recommends that
Merchant/processor systems be capable of supporting the full
60-byte (variable data) maximum length specified for this data
field for future expansion.

April 2016

211

Global Credit Authorization Guide ISO Format

8.2

Data Field 62

American Express Proprietary & Confidential

1110 Authorization Response (continued)

PRIVATE USE DATA (continued)
Telephone Number and/or Email Address Verification
Transactions:

table of contents

This data field contains response codes that indicate if
Cardmember information forwarded in an Address Verification
Only (Processing Code “174800”) or a Combination Address
Verification and Authorization (Processing Code “004800”)
Authorization Request (1100) message is valid. In addition to
Automated Address Verification (AAV) responses, this data
field also provides Cardmember Telephone Number and Email
Address verification.
Combination Address Verification & Authorization
- Processing Code “004800”
The Cardmember Postal Code, Street Address, Name,
Telephone Number and Email Address response codes
returned in this data field, correspond to data transmitted by
the Merchant for Combination Address Verification and
Authorization (Processing Code “004800”) in the
Authorization Request (1100) message, Data Fields 63 and 47.
For more information, see pages referenced in the table on the
next page.
This response is composed of a series of response codes,
preceded by a three-digit, Variable Length Indicator (VLI).
Currently, the typical variable data portion of the response is
only five characters.
Each character in the five-byte variable data response
indicates the status for specific Cardmember (CM) data
submitted in the Authorization Request (1100) message. For
more information on the original data sent, see pages
indicated in the table on the next page.

212

April 2016

Global Credit Authorization Guide ISO Format

8.2

American Express Proprietary & Confidential

1110 Authorization Response (continued)

Data Field 62

PRIVATE USE DATA (continued)
American Express AAV, Telephone Number and Email
Address Verification Response Message Subfields

table of contents

Pos.


Subfield Name

Length


Comments (Message / Data Field Reference)


Page

1-3

VLI

3 bytes

3-digit Variable Length Indicator

—

4-5

SERVICE IDENTIFIER

2 bytes

Constant literal “AX” = American Express

—

6-7

REQUEST TYPE IDENTIFIER

2 bytes

Constant literal “AE” = Telephone Number and Email Address
Verification Response

—

CARDMEMBER POSTAL
CODE

1 byte

Authorization Request (1100) message / Data Field 63 — 33-, 78and 205-byte format

164

CARDMEMBER STREET
ADDRESS

1 byte

Authorization Request (1100) message / Data Field 63 — 33-, 78and 205-byte format

165

CARDMEMBER FIRST AND
LAST NAME

1 byte

Authorization Request (1100) message / Data Field 63 — 78- and
205-byte format

166

CARDMEMBER PHONE
NUMBER

1 byte

Authorization Request (1100) message / Data Field 63 —
205-byte format

167

CUSTOMER EMAIL
ADDRESS

1 byte

Authorization Request (1100) message / Data Field 47 — ITD and
IAC

117

Valid response codes for subfield positions 8-12 include:
Y = Yes, data matches
N = No, data does not match
~ = Data not sent. Note: Tilde (~) represents character space.
U = Data unchecked
R = Retry
S = Service not allowed

213

April 2016

Global Credit Authorization Guide ISO Format

8.2

Data Field 62

American Express Proprietary & Confidential

1110 Authorization Response (continued)

PRIVATE USE DATA (continued)
Layout for American Express AAV, Telephone Number
and Email Address Verification Response
0
1
123456789012
LLLSSRRABCDE

table of contents

• “LLL” is the three-digit, Variable Length Indicator (VLI),
right justified and zero filled, if necessary.
• “SS” is the two-character, Service Identifier (SI).
• “RR” is the two-character, Request Type Identifier (RTI).
• “ABCDE” are the five response codes, where:
A =

Response code for Cardmember Postal Code.

B =

Response code for Cardmember Street
Address.

C =

Response code for Cardmember First and Last
Name.

D =

Response code for Cardmember Phone Number.

E =

Response code for Customer Email Address.

Note: American Express strongly recommends that Merchant/
processor systems be capable of supporting the full 60-byte
(variable data) maximum length specified for this data field, for
future expansion.

214

April 2016

American Express Proprietary & Confidential

8.2

Data Field 62

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

PRIVATE USE DATA (continued)
Sample Data for American Express AAV, Telephone
Number and Email Address Verification Response
1

1234567890123
009AXAEYYNYY
• “009” is the Variable Length Indicator (VLI).
• “AX” is the Service Identifier (constant literal “AX” =
American Express).
• “AE” is the Request Type Identifier (constant literal “AE”
= American Express Telephone Number and Email Address
Verification).
• “YYNYY” are the five response codes, where:
Y

= Yes, Customer Postal Code matches
Cardmember information on file with the Issuer.

= Yes, Customer Street Address matches
Cardmember information on file with the Issuer.

= No, Customer First and Last Name does not match
Cardmember information on file with the Issuer.

= Yes, Customer Phone Number matches
Cardmember information on file with the Issuer.

= Yes, Customer Email Address data matches
Cardmember information on file with the Issuer.

April 2016

215

Global Credit Authorization Guide ISO Format

8.2

Data Field 62

American Express Proprietary & Confidential

1110 Authorization Response (continued)

PRIVATE USE DATA (continued)
VISA PS2000 Transactions
When used for VISA processing, this data field contains the
authorization response to the VISA card transaction data
transmitted in the corresponding data field in the originating
Authorization Request (1100) message.

table of contents

If a VISA transaction is approved but it does not meet the VISA
qualified rate requirements, this data field contains the
Variable Length Indicator (VLI) “001” followed by the
one-byte, payment service indicator “N”.
Example: 001N
If a VISA transaction is approved and it does meet the VISA
qualified rate requirements, this data field contains the
following response:
0
1
2
3
4
1234567890123456789012345678901234567890
020Annnnnnnnnnnnnnnvvvv

In the example above, “020” is the three-digit, Variable
Length Indicator (VLI); “A” is the one-byte, payment service
indicator; “n...n” is the 15-digit transaction identifier; and
“vvvv” is the four-digit, alphanumeric validation code.
If a VISA transaction is denied, this data field is omitted in the
Authorization Response (1110) message.

216

April 2016

American Express Proprietary & Confidential

8.2

Global Credit Authorization Guide ISO Format

1110 Authorization Response (continued)

Data Field 63

PRIVATE USE DATA

Length of Field
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 103 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
100 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Mandatory — MasterCard transactions
• Not used — Other transactions

Description

This data field contains the BankNet Reference Number
(assigned by MasterCard) for a MasterCard transaction. This is
a nine-digit alphanumeric number (preceded by a three-digit
VLI/Variable Length Indicator) that must be passed to the
submission record.

Data Field 64

MESSAGE AUTHENTICATION CODE FIELD

Length of Field:

8 bytes, 64 bits

Field Type:

Binary

Constant:

None

Field Requirement:

• Not used — All transactions

Description

This data field is unused and reserved for future use.
This data field is used for the data value that protects both a
message’s integrity, as well as its authenticity, by allowing
verifiers the ability to detect any changes to the message
content.

April 2016

217

Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

table of contents

this page intentionally left blank

218

April 2016

American Express Proprietary & Confidential

9.0

Global Credit Authorization Guide ISO Format

ISO 8583 Reversal Advice Request/Response Message Formats
This section describes the Reversal Advice Request (1420) message and the Reversal Advice
Response (1430) message, as defined for the ISO 8583 format. These messages are constructed as
specified in the ISO 8583-1993 standard. If your system supports a different version of ISO 8583,
notify your American Express representative.
The Reversal Advice Request/Response (1420/1430) message is mandatory for Merchant Initiated
Reversals for U.S. Third Party Processors only and is an optional message for System Generated
Reversals.
The Reversal Advice Request (1420) message can be generated by the Merchant in the following
two situations:
•

Merchant Initiated Reversal (Mandatory for U.S. Third Party Processors only): This is the
cancellation of an already approved transaction that has not yet been submitted by the
Merchant and which must equal the amount originally approved. This type of reversal can
only be submitted after an Authorization Response (1110) message has been received.
Merchants or Processors that certify for this feature can use it for all American Express
products and any transaction for which they have received a prior approval that has not
yet been submitted by the Merchant.

•

System Generated Reversal (Optional): An Authorization Response (1110) message has
not been received to an Authorization Request (1100) message within the transaction
timeout period. This type of reversal indicates that a request has been forwarded by the
card acceptance device and no response has been received within the allocated time out
period.

The Reversal Advice Request (1420) message should be created by the electronic medium used to
enter the original Authorization Request (1100) message. Only the original data field values used to
generate the original Authorization Request (1100) message can be used to populate the data field
values in the reversal message except for the System Trace Audit Number (Data Field 11) which
should be a new value.
The acquiring source will receive a Reversal Advice Response (1430) message from the card
Issuer's system indicating acknowledgement of the reversal request. This acknowledgement does
not imply that any financial action has been taken to adjust the Cardmember's account standing. If
the Merchant system does not get a Reversal Advice Response (1430) message to their initial
Reversal Advice Request (1420) message, then resending the Reversal Advice Request (1420)
message should not exceed more than three attempts.
The Reversal Advice Request (1420) message is not intended for debit or credit adjustments, for
transactions that have already been settled, or for amounts other than the original approved
amount.
Notes:
1.

Reversals, of any type, are not allowed for Travelers Cheque transactions.

The Reversal Advice Request (1420) message contains many of the same data fields found in
an Authorization Request (1100) message. When submitting a Reversal Advice Request (1420)
message, only the defined data fields for that message should be sent.

April 2016

219

Global Credit Authorization Guide ISO Format

9.1

American Express Proprietary & Confidential

1420 Reversal Advice Request

Length of Record:

318 bytes maximum

Description:

This message is used by a Merchant to transmit a Reversal Advice
Request (1420) message to American Express.

table of contents

Data
Field

220



Data Field Name



Data Field Type



Data Field Requirements

Numeric

Mandatory

222

Binary

Mandatory

222

21 bytes,
LLVAR

Numeric

See page 

223

Max. Data
Field
Length

—

MESSAGE TYPE IDENTIFIER

—

BIT MAP - PRIMARY

PRIMARY ACCOUNT NUMBER (PAN)

PROCESSING CODE

6 bytes, fixed

Numeric

Mandatory

224

AMOUNT, TRANSACTION

12 bytes, fixed

Numeric

Mandatory

225

SYSTEMS TRACE AUDIT NUMBER

6 bytes, fixed

Alphanumeric &
special characters

Mandatory

225

DATE AND TIME, LOCAL TRANSACTION

12 bytes, fixed

Numeric

Mandatory

226

DATE, EXPIRATION

4 bytes, fixed

Numeric

Optional

227

COUNTRY CODE, ACQUIRING
INSTITUTION

3 bytes, fixed

Numeric

Mandatory

228

POINT OF SERVICE DATA CODE

12 bytes, fixed

Alphanumeric

Mandatory

228

MESSAGE REASON CODE

4 bytes, fixed

Numeric

See page 

229

CARD ACCEPTOR BUSINESS CODE

4 bytes, fixed

Numeric

Mandatory

229

ACQUIRER REFERENCE DATA

50 bytes,
LLVAR

Alphanumeric &
special characters

Mandatory

230

ACQUIRING INSTITUTION
IDENTIFICATION CODE

13 bytes,
LLVAR

Numeric

Optional

231

FORWARDING INSTITUTION
IDENTIFICATION CODE

13 bytes,
LLVAR

Numeric

Optional

232

April 2016

4 bytes, fixed



Page

8 bytes, 64
bits

American Express Proprietary & Confidential

9.1

Global Credit Authorization Guide ISO Format

1420 Reversal Advice Request (continued)
.

Data
Field



Data Field Name

Max. Data
Field
Length



Data Field Type



Data Field Requirements



Page

RETRIEVAL REFERENCE NUMBER

12 bytes, fixed

Alphanumeric &
special characters

Optional

232

CARD ACCEPTOR TERMINAL
IDENTIFICATION

8 bytes, fixed

Alphanumeric &
special characters

See page 

233

CARD ACCEPTOR IDENTIFICATION CODE

15 bytes, fixed

Alphanumeric &
special characters

Mandatory

234

CURRENCY CODE, TRANSACTION

3 bytes, fixed

Numeric

Mandatory

234

ORIGINAL DATA ELEMENTS

37 bytes,
LLVAR

See page 

Mandatory

235

PRIVATE USE DATA

63 bytes,
LLLVAR

Alphanumeric &
special characters

N/A

236

MESSAGE AUTHENTICATION CODE
FIELD

Binary

N/A

236

8 bytes, 64
bits

April 2016

221

Global Credit Authorization Guide ISO Format

9.1

American Express Proprietary & Confidential

1420 Reversal Advice Request (continued)

table of contents

Data Field — None

MESSAGE TYPE IDENTIFIER

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

1420

Field Requirement:

Mandatory

Description:

The constant literal “1420” signifies the ISO 8583 Reversal
Advice Request message.

Data Field — None

BIT MAP - PRIMARY

Length of Field:

8 bytes, 64 bits, fixed length for each bit map

Field Type:

Binary (hexadecimal configuration)

Constant:

None

Field Requirement:

Mandatory

Description:

See Bit Map - Primary description on page 62 of the
Authorization Request (1100) message.

222

April 2016

American Express Proprietary & Confidential

9.1

Global Credit Authorization Guide ISO Format

1420 Reversal Advice Request (continued)

Data Field 2

PRIMARY ACCOUNT NUMBER (PAN)

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 21 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
19 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

• Mandatory — American Express Card transactions
• Mandatory — Other Card products and bankcard
transactions
Note: American Express supports Diner's Club, JCB, VISA
and MasterCard processing. For details, contact your
American Express representative.
• Not used - American Express Travelers Cheques

Description:

This data field must contain the same Primary Account Number
(PAN) value used in the original Authorization Request (1100)
message.
See Primary Account Number (PAN) description on page 65 of
the Authorization Request (1100) message.

April 2016

223

Global Credit Authorization Guide ISO Format

9.1

American Express Proprietary & Confidential

1420 Reversal Advice Request (continued)

table of contents

Data Field 3

PROCESSING CODE

Length of Field:

6 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field indicates the financial service being requested.
Valid Processing Codes:
004000 = Card Reversal Advice — System Generated
Reversal
024000 = Merchant Initiated Reversal
Notes:
1. Reversals, of any type, are not allowed for Travelers
Cheque transactions.
2. This data field is mandatory for processing this message,
and it will be preserved and returned in the response
message without alteration.

224

April 2016

American Express Proprietary & Confidential

9.1

Global Credit Authorization Guide ISO Format

1420 Reversal Advice Request (continued)

Data Field 4

AMOUNT, TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, right justified, zero filled

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains the original transmitted amount. The
decimal point is determined by the Currency Code, Transaction
data field (Data Field 49).
See Amount, Transaction description on page 67 of the
Authorization Request (1100) message.
Note: This data field is mandatory for processing this
message, and it will be preserved and returned in the response
message without alteration.

Data Field 11

SYSTEMS TRACE AUDIT NUMBER

Length of Field:

6 bytes, fixed length

Field Type:

Alphanumeric (upper case) & special characters

Constant:

None

Field Requirement:

Mandatory

Description:

This data field must contain a unique trace number, assigned
by the Merchant, to help identify an individual transaction. A
different number must be assigned to each transaction.
Note: American Express returns this number without
alteration in the Systems Trace Audit Number data field of the
Reversal Advice Response (1430) message.

April 2016

225

Global Credit Authorization Guide ISO Format

9.1

American Express Proprietary & Confidential

1420 Reversal Advice Request (continued)

table of contents

Data Field 12

DATE AND TIME, LOCAL TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, YYMMDDhhmmss

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains the year, month, day and local time
when the Reversal Advice Request (1420) message took place.
The format is YYMMDDhhmmss. The value of this data field
must be a valid date and time.
Subfield

Definition

Digits

Range

Year

Last 2 only

00-99

Month

01-12

Day

01-31

Hour

00-23

Minute

00-59

Second

00-59

Note: This data field is mandatory for processing this
message, and it will be preserved and returned in the response
message without alteration

226

April 2016

American Express Proprietary & Confidential

9.1

Global Credit Authorization Guide ISO Format

1420 Reversal Advice Request (continued)

Data Field 14

DATE, EXPIRATION

Length of Field:

4 bytes, fixed length

Field Type:

Numeric, YYMM

Constant:

None

Field Requirement:

Optional

Description:

See Date, Expiration description on page 73 of the
Authorization Request (1100) message.

April 2016

227

Global Credit Authorization Guide ISO Format

9.1

American Express Proprietary & Confidential

1420 Reversal Advice Request (continued)

table of contents

Data Field 19

COUNTRY CODE, ACQUIRING INSTITUTION

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field must contain the same Country Code, Acquiring
Institution value used in the original Authorization Request
(1100) message.
See Country Code, Acquiring Institution description on page 75
of the Authorization Request (1100) message.

Data Field 22

POINT OF SERVICE DATA CODE

Length of Field:

12 bytes, fixed length

Field Type:

Alphanumeric, upper case

Constant:

None

Field Requirement:

Mandatory

Description:

This data field must contain the same Point of Service Data
Code values used in the original Authorization Request (1100)
message.
See Point of Service Data Code description on page 76 of the
Authorization Request (1100) message.

228

April 2016

American Express Proprietary & Confidential

9.1

Global Credit Authorization Guide ISO Format

1420 Reversal Advice Request (continued)

Data Field 25

MESSAGE REASON CODE

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

• Mandatory — American Express Card (and American
Express-supported Card) transactions.
• Optional — VISA, MasterCard and JCB transactions
• Optional — American Express Travelers Cheques

Description:

See Message Reason Code description on page 91 of the
Authorization Request (1100) message.

Data Field 26

CARD ACCEPTOR BUSINESS CODE

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field must contain the same Card Acceptor Business
Code value used in the original Authorization Request (1100)
message.
See Card Acceptor Business Code description on page 92 of
the Authorization Request (1100) message.

April 2016

229

Global Credit Authorization Guide ISO Format

9.1

American Express Proprietary & Confidential

1420 Reversal Advice Request (continued)

table of contents

Data Field 31

ACQUIRER REFERENCE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 50 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
48 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Conditional — Merchant systems
• System Generated Reversal — This data field is unused by
Merchants and/or Third Party Processors.
• Merchant Initiated Reversal — This data field must
contain the same 15-digit Transaction Identifier provided in
Data Field 31 of the Authorization Response (1110)
mesage.

Description:

This data field contains the 15-digit, numeric, Transaction
Identifier (TID), a unique, American Express-assigned tracking
number. The TID is used to identify and track a Cardmember
transaction throughout its life cycle.
See the following example of a typical TID entry:
0
1 
12345678901234567
15123456789012345
• “15” is the two-byte, Variable Length Indicator (VLI).
• “123456789012345” is the 15-byte, numeric TID.

230

April 2016

American Express Proprietary & Confidential

9.1

Global Credit Authorization Guide ISO Format

1420 Reversal Advice Request (continued)

Data Field 32

ACQUIRING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Optional

Description:

This data field must contain the same Acquiring Institution
Identification Code value used in the original Authorization
Request (1100) message.
See Acquiring Institution Identification Code description on
page 95 of the Authorization Request (1100) message.
Note: This data field may not be required for processing this
message; however, if included in an originating request
message, it will be preserved and returned in the response
message, without alteration.

April 2016

231

Global Credit Authorization Guide ISO Format

9.1

American Express Proprietary & Confidential

1420 Reversal Advice Request (continued)

table of contents

Data Field 33

FORWARDING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Optional

Description:

This data field must contain the same Forwarding Institution
Identification Code value used in the original Authorization
Request (1100) message.
See Forwarding Institution Identification Code description on
page 96 of the Authorization Request (1100) message.

Data Field 37

RETRIEVAL REFERENCE NUMBER

Length of Field:

12 bytes, fixed length

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Optional

Description:

See Retrieval Reference Number description on page 100 of
the Authorization Request (1100) message.

232

April 2016

American Express Proprietary & Confidential

9.1

Global Credit Authorization Guide ISO Format

1420 Reversal Advice Request (continued)

Data Field 41

CARD ACCEPTOR TERMINAL IDENTIFICATION

Length of Field:

8 bytes, fixed length

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

• Optional — American Express transactions in the USA and
Canada, and non-VISA transactions
• Mandatory — VISA PS2000

Description:

This data field must contain the same Card Acceptor Terminal
Identification value used in the original Authorization Request
(1100) message.
See Card Acceptor Terminal Identification description on page
101 of the Authorization Request (1100) message.
Note: This data field may or may not be mandatory for
processing this message; however, if included in an originating
request message, it will be preserved and returned in the
response message without alteration.

April 2016

233

Global Credit Authorization Guide ISO Format

9.1

American Express Proprietary & Confidential

1420 Reversal Advice Request (continued)

table of contents

Data Field 42

CARD ACCEPTOR IDENTIFICATION CODE

Length of Field:

15 bytes, fixed length

Field Type:

Alphanumeric & special characters, left justified, character
space filled

Constant:

None

Field Requirement:

Mandatory

Description:

This data field must contain the same Card Acceptor
Identification Code value used in the original Authorization
Request (1100) message.
See Card Acceptor Identification Code description on page 102
of the Authorization Request (1100) message.

Data Field 49

CURRENCY CODE, TRANSACTION

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field must contain the same Currency Code,
Transaction value used in the original Authorization Request
(1100) message.
See Currency Code, Transaction description on page 133 of the
Authorization Request (1100) message.
Note: This data field is mandatory for processing this
message, and it will be preserved and returned in the response
message without alteration.

234

April 2016

American Express Proprietary & Confidential

9.1

Global Credit Authorization Guide ISO Format

1420 Reversal Advice Request (continued)

Data Field 56

ORIGINAL DATA ELEMENTS

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 37 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
35 bytes maximum, EBCDIC

Field Type:

See individual subfields for Data Field Type

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains four data subfields from the original
transaction being reversed. These four subfields may total up
to 35 characters, and they are preceded by a two-digit,
Variable Length Indicator (VLI). See the following table:


Subfield Name


Description


Subfield Type


Subfield Length

VARIABLE LENGTH INDICATOR (VLI)

Numeric (EBCDIC)

2 bytes

Subfield 1

MESSAGE TYPE IDENTIFIER *

Numeric

4 bytes

Subfield 2

SYSTEM TRACE AUDIT NUMBER *

Alphanumeric &
special characters

6 bytes

Subfield 3

DATE AND TIME, LOCAL TRANSACTION *

Numeric

12 bytes

Subfield 4

ACQUIRING INSTITUTION IDENTIFICATION CODE *

Numeric or special
characters

13 bytes (max.) LLVAR

*This subfield must contain the same value used in the original Authorization Request (1100) message.

Note: If subfield 4 (in above table) is unused, this is indicated
by one backslash (\).

April 2016

235

Global Credit Authorization Guide ISO Format

9.1

American Express Proprietary & Confidential

1420 Reversal Advice Request (continued)

table of contents

Data Field 62

PRIVATE USE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 63 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
60 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
If included in an originating request, it will not be preserved;
and it may not be returned in the response. However, as long
as it is properly formatted per this specification, its presence
will not interfere with message processing.

Data Field 64

MESSAGE AUTHENTICATION CODE FIELD

Length of Field:

8 bytes, 64 bits

Field Type:

Binary

Constant:

None

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
See Message Authentication Code data field description on
page 178 of the Authorization Request (1100) message.

236

April 2016

American Express Proprietary & Confidential

9.2

Global Credit Authorization Guide ISO Format

1430 Reversal Advice Response

Length of Record:

181 bytes maximum

Description:

This message is used by American Express to transmit a Reversal
Advice Response (1430) message to a Merchant.

Data
Field



Data Field Name

Max. Data
Field
Length
4 bytes, fixed



Data Field Type



Data Field Requirements



Page

Numeric

Mandatory

238

—

MESSAGE TYPE IDENTIFIER

—

BIT MAP - PRIMARY

8 bytes, 64 bits

Binary

Mandatory

238

PRIMARY ACCOUNT NUMBER (PAN)

21 bytes, LLVAR

Numeric

Mandatory - Echo returned

239

PROCESSING CODE

6 bytes, fixed

Numeric

Mandatory - Echo returned

239

AMOUNT, TRANSACTION

12 bytes, fixed

Numeric

Mandatory - Echo returned

240

SYSTEMS TRACE AUDIT NUMBER

6 bytes, fixed

Alphanumeric &
special characters

Mandatory - Echo returned

240

DATE AND TIME, LOCAL TRANSACTION

12 bytes, fixed

Numeric

Mandatory - Echo returned

241

ACQUIRER REFERENCE DATA

50 bytes, LLVAR

Alphanumeric &
special characters

See page 

242

ACQUIRING INSTITUTION
IDENTIFICATION CODE

13 bytes, LLVAR

Numeric

Conditional - Echo returned

243

RETRIEVAL REFERENCE NUMBER

12 bytes, fixed

Alphanumeric &
special characters

Conditional - Echo returned

243

ACTION CODE

3 bytes, fixed

Numeric

Mandatory

244

CARD ACCEPTOR TERMINAL
IDENTIFICATION

8 bytes, fixed

Alphanumeric &
special characters

Conditional - Echo returned

244

CARD ACCEPTOR IDENTIFICATION CODE

15 bytes, fixed

Alphanumeric &
special characters

Mandatory - Echo returned

245

CURRENCY CODE, TRANSACTION

3 bytes, fixed

Numeric

Mandatory - Echo returned

245

MESSAGE AUTHENTICATION CODE
FIELD

8 bytes, 64 bits

Binary

N/A

246

April 2016

237

Global Credit Authorization Guide ISO Format

9.2

American Express Proprietary & Confidential

1430 Reversal Advice Response (continued)

table of contents

Data Field — None

MESSAGE TYPE IDENTIFIER

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

1430

Field Requirement:

Mandatory

Description:

The constant literal “1430” signifies the ISO 8583 Reversal
Advice Response message.

Data Field — None

BIT MAP - PRIMARY

Length of Field:

8 bytes, 64 bits, fixed length for each bit map

Field Type:

Binary (hexadecimal configuration)

Constant:

None

Field Requirement:

Mandatory

Description:

See Bit Map - Primary description on page 62 of the
Authorization Request (1100) message.

238

April 2016

American Express Proprietary & Confidential

9.2

Global Credit Authorization Guide ISO Format

1430 Reversal Advice Response (continued)

Data Field 2

PRIMARY ACCOUNT NUMBER (PAN)

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 21 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
19 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Reversal Advice Request
(1420) message, and is echo returned without alteration in the
Reversal Advice Response (1430) message.

Data Field 3

PROCESSING CODE

Length of Field:

6 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Reversal Advice Request
(1420) message, and is echo returned without alteration in the
Reversal Advice Response (1430) message.

April 2016

239

Global Credit Authorization Guide ISO Format

9.2

American Express Proprietary & Confidential

1430 Reversal Advice Response (continued)

table of contents

Data Field 4

AMOUNT, TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, right justified, zero filled

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Reversal Advice Request
(1420) message, and is echo returned without alteration in the
Reversal Advice Response (1430) message.

Data Field 11

SYSTEMS TRACE AUDIT NUMBER

Length of Field:

6 bytes, fixed length

Field Type:

Alphanumeric (upper case) & special characters

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Reversal Advice Request
(1420) message, and is echo returned without alteration in the
Reversal Advice Response (1430) message.

240

April 2016

American Express Proprietary & Confidential

9.2

Global Credit Authorization Guide ISO Format

1430 Reversal Advice Response (continued)

Data Field 12

DATE AND TIME, LOCAL TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, YYMMDDhhmmss

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Reversal Advice Request
(1420) message, and is echo returned without alteration in the
Reversal Advice Response (1430) message.

April 2016

241

Global Credit Authorization Guide ISO Format

9.2

American Express Proprietary & Confidential

1430 Reversal Advice Response (continued)

table of contents

Data Field 31

ACQUIRER REFERENCE DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 50 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
48 bytes maximum, EBCDIC

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Mandatory
• System Generated Reversal — This data field is
mandatory and created by the American Express Global
Network, and it always appears in response messages
returned to Merchants and/or Third Party Processors.
• Merchant Initiated Reversal — This data field is
mandatory in the Reversal Advice Request (1420) message
and echo returned without alteration in the Reversal
Advice Response (1430) message.

Description:

This data field contains the 15-digit, numeric, Transaction
Identifier (TID), a unique, American Express-assigned tracking
number. The TID is used to identify and track a Cardmember
transaction throughout its life cycle.
See the following example of a typical TID entry:
0
1 
12345678901234567
15123456789012345
• “15” is the two-byte, Variable Length Indicator (VLI).
• “123456789012345” is the 15-byte, numeric TID.

242

April 2016

American Express Proprietary & Confidential

9.2

Global Credit Authorization Guide ISO Format

1430 Reversal Advice Response (continued)

Data Field 32

ACQUIRING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Conditional — Echo returned

Description:

This data field is not required for processing this message;
however, if included in an originating request message, it will
be preserved and returned in the response message, without
alteration.

Data Field 37

RETRIEVAL REFERENCE NUMBER

Length of Field:

12 bytes, fixed length

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Conditional — Echo returned

Description:

This data field is not required for processing this message;
however, if included in an originating request message, it will
be preserved and returned in the response message, without
alteration.

April 2016

243

Global Credit Authorization Guide ISO Format

9.2

American Express Proprietary & Confidential

1430 Reversal Advice Response (continued)

table of contents

Data Field 39

ACTION CODE

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

400

Field Requirement:

Mandatory

Description:

This data field contains the Action Code, indicating the
American Express disposition for this transaction.
Valid Action Code:
400 = Reversal Accepted
Note: American Express uses the Reversal Advice Response
(1430) message as a response to Reversal Advice Request
(1420) message reversals. This acknowledgement does not
imply that financial action(s) have been taken to adjust the
Cardmember's account standing.

Data Field 41

CARD ACCEPTOR TERMINAL IDENTIFICATION

Length of Field:

8 bytes, fixed length

Field Type:

Alphanumeric & special characters

Constant:

None

Field Requirement:

Conditional — Echo returned

Description:

This data field is not required for processing this message;
however, if included in an originating request message, it will
be preserved and returned in the response message, without
alteration.

244

April 2016

American Express Proprietary & Confidential

9.2

Global Credit Authorization Guide ISO Format

1430 Reversal Advice Response (continued)

Data Field 42

CARD ACCEPTOR IDENTIFICATION CODE

Length of Field:

15 bytes, fixed length

Field Type:

Alphanumeric & special characters, left justified, character
space filled

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Reversal Advice Request
(1420) message, and is echo returned without alteration in the
Reversal Advice Response (1430) message.

Data Field 49

CURRENCY CODE, TRANSACTION

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Reversal Advice Request
(1420) message, and is echo returned without alteration in the
Reversal Advice Response (1430) message.
For more information on numeric currency codes and decimal
point positions, refer to Country and Currency Codes for
Authorizations in the American Express Global Codes &
Information Guide.

April 2016

245

Global Credit Authorization Guide ISO Format

9.2

American Express Proprietary & Confidential

1430 Reversal Advice Response (continued)

table of contents

Data Field 64

MESSAGE AUTHENTICATION CODE FIELD

Length of Field:

8 bytes, 64 bits

Field Type:

Binary

Constant:

None

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
See Message Authentication Code Data Field description on
page 178 of the Authorization Request (1100) message.

246

April 2016

American Express Proprietary & Confidential

10.0

Global Credit Authorization Guide ISO Format

ISO 8583 Network Management Request/Response Message Formats
This section describes the Network Management Request (1804) message and the Network
Management Response (1814) message, as defined for the ISO 8583 format. These messages are
constructed as specified in the ISO 8583-1993 standard. If your system supports a different version
of ISO 8583, notify your American Express representative.
The Network Management Request (1804) message allows for a Dynamic Key Exchange, Echo Test
or Sign On/Sign Off request. When the Network Management Request (1804) message is received,
it should be responded to by transmitting a Network Management Response (1814) message.
The Network Management Request (1804) message can be generated by the Merchant in the
following situations:
•
•
•

Dynamic Key Exchange: The Merchant must send in a Function Code (Data Field 24) of
“811” requesting dynamic key exchange from American Express.
Echo Test: Allows the Merchant to query American Express as to its availability.
Sign On/Sign Off: This is only available in China. Indicates American Express readiness to
transmit or stop transmitting financial transactions.

April 2016

247

Global Credit Authorization Guide ISO Format

10.1

American Express Proprietary & Confidential

1804 Network Management Request

Length of Record:

1113 bytes maximum

Description:

This message is used by a Merchant to transmit a Network
Management Request (1804) message to American Express.

table of contents

Data
Field

248



Data Field Name

Max. Data
Field
Length



Data Field Requirements



Page

Numeric

Mandatory

249

—

MESSAGE TYPE IDENTIFIER

—

BIT MAP - PRIMARY

8 bytes, 64 bits

Binary

Mandatory

249

BIT MAP - SECONDARY

8 bytes, 64 bits

Binary

N/A

250

PROCESSING CODE

6 bytes, fixed

Numeric

Mandatory

250

SYSTEMS TRACE AUDIT NUMBER

6 bytes, fixed

Alphanumeric &
special characters

Mandatory

251

DATE AND TIME, LOCAL TRANSACTION

12 bytes, fixed

Numeric

Mandatory

252

FUNCTION CODE

3 bytes, fixed

Numeric

Mandatory

253

MESSAGE REASON CODE

4 bytes, fixed

Numeric

Mandatory

254

FORWARDING INSTITUTION
IDENTIFICATION CODE

13 bytes, LLVAR

Numeric

Optional

255

TRANSACTION DESTINATION
INSTITUTION IDENTIFICATION CODE

11 bytes, LLVAR

Numeric

N/A

255

TRANSACTION ORIGINATOR
INSTITUTION IDENTIFICATION CODE

11 bytes, LLVAR

Numeric

N/A

256

KEY MANAGEMENT DATA

Binary

N/A

256

100

RECEIVING INSTITUTION
IDENTIFICATION CODE

11 bytes, LLVAR

Numeric

N/A

257

128

MESSAGE AUTHENTICATION CODE
FIELD

8 bytes, 64 bits

Binary

N/A

257

April 2016

4 bytes, fixed



Data Field Type

999 bytes,
LLLVAR

American Express Proprietary & Confidential

10.1

Global Credit Authorization Guide ISO Format

1804 Network Management Request (continued)

Data Field — None

MESSAGE TYPE IDENTIFIER

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

1804

Field Requirement:

Mandatory

Description:

The constant literal “1804” signifies the ISO 8583 Network
Management Request (1804) message.

Data Field — None

BIT MAP - PRIMARY

Length of Field:

8 bytes, 64 bits, fixed length for each bit map

Field Type:

Binary (hexadecimal configuration)

Constant:

None

Field Requirement:

Mandatory

Description:

See Bit Map - Primary description on page 62 of the
Authorization Request (1100) message.

April 2016

249

Global Credit Authorization Guide ISO Format

10.1

American Express Proprietary & Confidential

1804 Network Management Request (continued)

table of contents

Data Field 1

BIT MAP - SECONDARY

Length of Field:

8 bytes, 64 bits, fixed length for each bit map

Field Type:

Binary (hexadecimal configuration)

Constant:

None

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
Bit Map - Secondary supports ISO Data Fields 65 through 128.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.

Data Field 3

PROCESSING CODE

Length of Field:

6 bytes, fixed length

Field Type:

Numeric

Constant:

000000

Field Requirement:

Mandatory

Description:

This data field indicates the processing service being
requested.
At the present time, the only code being used is for
communications verification.
Valid Processing Code:
000000 = System Audit Control/Echo Message
“Are you there?”
Note: This data field is mandatory for processing this message
and it will be preserved and returned in the response message
without alteration.

250

April 2016

American Express Proprietary & Confidential

10.1

Global Credit Authorization Guide ISO Format

1804 Network Management Request (continued)

Data Field 11

SYSTEMS TRACE AUDIT NUMBER

Length of Field:

6 bytes, fixed length

Field Type:

Alphanumeric (upper case) & special characters

Constant:

None

Field Requirement:

Mandatory

Description:

April 2016

251

Global Credit Authorization Guide ISO Format

10.1

American Express Proprietary & Confidential

1804 Network Management Request (continued)

table of contents

Data Field 12

DATE AND TIME, LOCAL TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, YYMMDDhhmmss

Constant:

None

Field Requirement:

Mandatory

Description:

Definition

Digits

Range

Year

Last 2 only

00-99

Month

01-12

Day

01-31

Hour

00-23

Minute

00-59

Second

00-59

Note: This data field is mandatory for processing this message,
and it will be preserved and returned in the response message
without alteration.

252

April 2016

American Express Proprietary & Confidential

10.1

Global Credit Authorization Guide ISO Format

1804 Network Management Request (continued)

Data Field 24

FUNCTION CODE

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains a three-digit code indicating the
specific purpose of the message, within its message class.
The standard value for this data field is:
811 Dynamic Key Exchange
831 = System Audit Control / Echo Message
“Are you there?”
The following additional values are accepted in China
only:
801 = Acquirer Session “Sign On”
Indicator of Acquirer readiness to transmit financial
transactions.
802 = Acquirer Session “Sign Off” 
Indicator that Acquirer will no longer be transmitting
financial transactions.
Note: This data field is mandatory for processing this message
and it will be preserved and returned in the response message
without alteration.

April 2016

253

Global Credit Authorization Guide ISO Format

10.1

American Express Proprietary & Confidential

1804 Network Management Request (continued)

table of contents

Data Field 25

MESSAGE REASON CODE

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains a four-digit Message Reason Code,
which is provided by American Express during certification.
The code used varies with the type of request submitted for
processing by the Merchant or Third Party Processor. Proper
use of this data field indicates that the Network Management
Request is certified by American Express.
For information on valid codes and their use, contact your
American Express representative.

254

April 2016

American Express Proprietary & Confidential

10.1

Global Credit Authorization Guide ISO Format

1804 Network Management Request (continued)

Data Field 33

FORWARDING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Optional

Description:

See Forwarding Institution Identification Code description on
page 96 of the Authorization Request (1100) message.
This data field is not required for processing this message;
however, if included in an originating request message, it will
be preserved and returned in the response message, without
alteration.

Data Field 93

TRANSACTION DESTINATION INSTITUTION
IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 11 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
9 bytes maximum, EBCDIC

Field Type:

Numeric

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
This data field is used to identify the institution for a
transaction's destination.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.

April 2016

255

Global Credit Authorization Guide ISO Format

10.1

American Express Proprietary & Confidential

1804 Network Management Request (continued)

table of contents

Data Field 94

TRANSACTION ORIGINATOR INSTITUTION
IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 11 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
9 bytes maximum, EBCDIC

Field Type:

Numeric

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
This data field is used to identify the institution for a
transaction's originator.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.

Data Field 96

KEY MANAGEMENT DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 999 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
996 bytes maximum, EBCDIC

Field Type:

Binary

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
This data field contains information on session keys and
tokens. For more information, contact your American Express
representative.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.

256

April 2016

American Express Proprietary & Confidential

10.1

Global Credit Authorization Guide ISO Format

1804 Network Management Request (continued)

Data Field 100

RECEIVING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 11 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
9 bytes maximum, EBCDIC

Field Type:

Numeric

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
This data field is used to identify the receiving institution.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.

Data Field 128

MESSAGE AUTHENTICATION CODE FIELD

Length of Field:

8 bytes, 64 bits

Field Type:

Binary

Constant:

None

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
See Message Authentication Code Data Field description on
page 178 of the Authorization Request (1100) message.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.

April 2016

257

Global Credit Authorization Guide ISO Format

10.2

American Express Proprietary & Confidential

1814 Network Management Response

Length of Record:

1112 bytes maximum

Description:

This message is used by American Express to transmit a Network
Management Response (1814) message to a Merchant.

table of contents

Data
Field

258



Data Field Name

Max. Data
Field
Length



Data Field Requirements



Page

Numeric

Mandatory

259

—

MESSAGE TYPE IDENTIFIER

—

BIT MAP - PRIMARY

8 bytes, 64 bits

Binary

Mandatory

259

BIT MAP - SECONDARY

8 bytes, 64 bits

Binary

See page 

260

PROCESSING CODE

6 bytes, fixed

Numeric

Mandatory - Echo returned

260

SYSTEMS TRACE AUDIT NUMBER

6 bytes, fixed

Alphanumeric &
special characters

Mandatory - Echo returned

261

DATE AND TIME, LOCAL TRANSACTION

12 bytes, fixed

Numeric

Mandatory - Echo returned

261

FUNCTION CODE

3 bytes, fixed

Numeric

Mandatory - Echo returned

262

FORWARDING INSTITUTION
IDENTIFICATION CODE

13 bytes, LLVAR

Numeric

Conditional - Echo returned

262

ACTION CODE

3 bytes, fixed

Numeric

Mandatory

263

TRANSACTION DESTINATION
INSTITUTION IDENTIFICATION CODE

11 bytes, LLVAR

Numeric

N/A

263

TRANSACTION ORIGINATOR
INSTITUTION IDENTIFICATION CODE

11 bytes, LLVAR

Numeric

N/A

264

KEY MANAGEMENT DATA

Binary

See page 

265

100

RECEIVING INSTITUTION
IDENTIFICATION CODE

11 bytes, LLVAR

Numeric

N/A

268

128

MESSAGE AUTHENTICATION CODE
FIELD

8 bytes, 64 bits

Binary

N/A

268

April 2016

4 bytes, fixed



Data Field Type

999 bytes,
LLLVAR

American Express Proprietary & Confidential

10.2

Global Credit Authorization Guide ISO Format

1814 Network Management Response (continued)

Data Field — None

MESSAGE TYPE IDENTIFIER

Length of Field:

4 bytes, fixed length

Field Type:

Numeric

Constant:

1814

Field Requirement:

Mandatory

Description:

The constant literal “1814” signifies the ISO 8583 Network
Management Response message.

Data Field — None

BIT MAP - PRIMARY

Length of Field:

8 bytes, 64 bits, fixed length for each bit map

Field Type:

Binary (hexadecimal configuration)

Constant:

None

Field Requirement:

Mandatory

Description:

See Bit Map - Primary description on page 62 of the
Authorization Request (1100) message.

April 2016

259

Global Credit Authorization Guide ISO Format

10.2

American Express Proprietary & Confidential

1814 Network Management Response (continued)

table of contents

Data Field 1

BIT MAP - SECONDARY

Length of Field:

8 bytes, 64 bits, fixed length for each bit map

Field Type:

Binary (hexadecimal configuration)

Constant:

None

Field Requirement:

Mandatory — For Data Fields 65 through128

Description:

See Bit Map - Secondary description on page 64 of the
Authorization Request (1100) message.

Data Field 3

PROCESSING CODE

Length of Field:

6 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Network Management
Request (1804) message, and is echo returned without
alteration in the Network Management Response (1814)
message.

260

April 2016

American Express Proprietary & Confidential

10.2

Global Credit Authorization Guide ISO Format

1814 Network Management Response (continued)

Data Field 11

SYSTEMS TRACE AUDIT NUMBER

Length of Field:

6 bytes, fixed length

Field Type:

Alphanumeric (upper case) & special characters

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Network Management
Request (1804) message, and is echo returned without
alteration in the Network Management Response (1814)
message.

Data Field 12

DATE AND TIME, LOCAL TRANSACTION

Length of Field:

12 bytes, fixed length

Field Type:

Numeric, YYMMDDhhmmss

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

This data field is mandatory in the Network Management
Request (1804) message, and is echo returned without
alteration in the Network Management Response (1814)
message.

April 2016

261

Global Credit Authorization Guide ISO Format

10.2

American Express Proprietary & Confidential

1814 Network Management Response (continued)

table of contents

Data Field 24

FUNCTION CODE

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory — Echo returned

Description:

See Function Code description on page 253 of the Network
Management Request (1804) message.
This data field is mandatory in the Network Management
Request (1804) message, and is echo returned without
alteration in the Network Management Response (1814)
message.

Data Field 33

FORWARDING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC

Field Type:

Numeric

Constant:

None

Field Requirement:

Conditional — Echo returned

Description:

This data field is not required for processing this message;
however, if included in an originating request message, it will
be preserved and returned in the response message, without
alteration.

262

April 2016

American Express Proprietary & Confidential

10.2

Global Credit Authorization Guide ISO Format

1814 Network Management Response (continued)

Data Field 39

ACTION CODE

Length of Field:

3 bytes, fixed length

Field Type:

Numeric

Constant:

None

Field Requirement:

Mandatory

Description:

This data field contains the Action Code, indicating the
American Express disposition for this transaction.
Valid Action Codes:
115

Requested Function not Supported

181

Format Error

800

= Accepted

909

= System Malfunction (Cryptographic Error)

Data Field 93

TRANSACTION DESTINATION INSTITUTION
IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 11 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
9 bytes maximum, EBCDIC

Field Type:

Numeric

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
See Transaction Destination Institution Identification Code
description on page 255 of the Network Management Request
(1804) message.

April 2016

263

Global Credit Authorization Guide ISO Format

10.2

American Express Proprietary & Confidential

1814 Network Management Response (continued)

table of contents

Data Field 94

TRANSACTION ORIGINATOR INSTITUTION
IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 11 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
9 bytes maximum, EBCDIC

Field Type:

Numeric

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
See Transaction Originator Institution Identification Code
description on page 256 of the Network Management Request
(1804) message.

264

April 2016

American Express Proprietary & Confidential

10.2

Global Credit Authorization Guide ISO Format

1814 Network Management Response (continued)

Data Field 96

KEY MANAGEMENT DATA

Length of Field:
Variable Length Indicator:
Length of Variable Data:

4 bytes minimum, 999 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
996 bytes maximum, EBCDIC & Binary

Field Type:

Unsigned binary number – Data items whose original formats
are defined as binary are mapped directly as eight bits per
byte, with the value of any binary byte of data varying from
hexadecimal “00” to “FF”

Field Requirement:

• Mandatory — PIN, MAC or DATA encryption transactions
using dynamic key exchange.
• Not used — Other transactions

Description:

This data field contains key management related data that can
be transmitted either in transaction messages to convey
information about cryptographic keys used to secure the
current transaction, or in cryptographic service messages to
convey information about cryptographic keys to be used to
secure future transactions.
Note: This data field is returned only after a successful
dynamic key exchange request containing Function Code 811
(Dynamic Key Exchange) in the Network Management Request
(1804) message.

April 2016

265

Global Credit Authorization Guide ISO Format

10.2

American Express Proprietary & Confidential

1814 Network Management Response (continued)

Data Field 96

KEY MANAGEMENT DATA (continued)

American Express Session Key Exchange Format Table
Relative
Position

table of contents
266


Subfield Name

Subfield
Length


Subfield Type

Required
(M/O/C)


Description

1-3

VARIABLE LENGTH
INDICATOR (VLI)

3 bytes

Numeric
(EBCDIC)

VLI indicates total length of variable
data in this data field (not including
VLI).

4-5

PRIMARY ID

2 bytes

Alpha

Primary ID (Card Type Code) is
constant literal “AX” (American
Express).

6-8

SECONDARY ID

3 bytes

Alpha

Secondary ID (Data Type Code) is
constant literal “SKX” (Session Key
Exchange).

9-24

SESSION PIN KEY

16 bytes

Binary

Session Key created for encrypting a
Personal Identification Number
(PIN).

25-40

SESSION MAC KEY

16 bytes

Binary

Reserved for future use. Session Key
created for the generation of
Message Authentication Code. Not
currently in use, must binary
zero-fill.

41-56

SESSION DATA KEY

16 bytes

Binary

Reserved for future use. Session Key
created for encrypting of Personal
Identifiable Information (PII). Not
currently in use, must binary
zero-fill.

57-59

SESSION PIN KEY CHECK
VALUE

3 bytes

Binary

Check Value is derived by American
Express identifying the Session PIN
Key sent in the Network Response
(1814) message received from
American Express. Note: This value
is returned, without alteration, in
the SESSION PIN KEY CHECK VALUE
subfield in Data Field 96, Key
Management Data, of the
Authorization Response (1110)
message.

60-62

SESSION MAC KEY CHECK
VALUE

3 bytes

Binary

Reserved for future use. Check value
derived from the Session MAC Key
received from American Express.
Not currently in use, must binary
zero-fill.

April 2016

American Express Proprietary & Confidential

10.2

Global Credit Authorization Guide ISO Format

1814 Network Management Response (continued)

Data Field 96

KEY MANAGEMENT DATA (continued)

American Express Session Key Exchange Format Table (continued)
Relative
Position
63-65


Subfield Name
SESSION DATA KEY CHECK
VALUE

Subfield
Length


Subfield Type

Required
(M/O/C)

3 bytes

Binary


Description
Reserved for future use. Check value
derived from the Session DATA Key
received from American Express.
Not currently in use, must binary
zero-fill.

Note: The subfields SESSION PIN KEY CHECK VALUE, SESSION MAC KEY CHECK VALUE, and SESSION
DATA KEY CHECK VALUE will be encrypted by American Express with the Master Key (ECB Mode X9.17)
prior to transmitting the message.

April 2016

267

Global Credit Authorization Guide ISO Format

10.2

American Express Proprietary & Confidential

1814 Network Management Response (continued)

table of contents

Data Field 100

RECEIVING INSTITUTION IDENTIFICATION CODE

Length of Field:
Variable Length Indicator:
Length of Variable Data:

3 bytes minimum, 11 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
9 bytes maximum, EBCDIC

Field Type:

Numeric

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
See Receiving Institution Identification Code description on
page 257 of the 1804 Network Management Request (1804)
message.

Data Field 128

MESSAGE AUTHENTICATION CODE FIELD

Length of Field:

8 bytes, 64 bits

Field Type:

Binary

Constant:

None

Field Requirement:

Not used — All transactions

Description:

This data field is unused and reserved for future use.
See Message Authentication Code Data Field description on
page 178 of the Authorization Request (1100) message.

268

April 2016

American Express Proprietary & Confidential

11.0

Global Credit Authorization Guide ISO Format

Examples of Typical Message Formats
This section shows examples of typical layouts for each message-type class. However, not all
possible data field and functionality combinations, which are described in applicable data field
descriptions are shown. Note: Formats are American Express unless otherwise noted.

11.1

1100 Authorization Request Message — Card Present Transaction
with AAV & CID/4DBC/4CSC — American Express
This diagram illustrates the message layout for a typical, American Express, Card
Present transaction where both AAV and CID/4DBC/4CSC are transmitted. The following
Data Fields are included: 2, 3, 4, 11, 12, 19, 22, 24, 25, 26, 32, 33, 35, 37, 41, 42, 43, 45,
49, 53 and 63.

April 2016

269

Global Credit Authorization Guide ISO Format

11.1

American Express Proprietary & Confidential

Card Present Transaction with AAV & CID/4DBC/4CSC — American
Express (continued)

In the example above:

table of contents
270

April 2016

Page

•

Data Field 3 is mandatory and contains Processing Code
“004800”, which indicates that this message is a
Combination Automated Address Verification and Authorization
Request.

•

Data Field 22 is mandatory and contains the POS Data Code.
Position 7, Code “W”, indicates that this is a swiped transaction
with keyed CID/4DBC/4CSC. This example shows that both
Tracks 1 and 2 were captured. Note that Track 1 and Track 2 data
examples illustrate the ISO 7813 format. For more information
on Track formats, see pages 9, 97, and 109.

•

Data Field 24 contains the Function Code. The value “181”
indicates that the Merchant's system supports Prepaid Card
Partial Authorizations.

•

Data Field 25 is mandatory and contains the Message Reason
Code. However, note that “1234” is a placeholder only, and
this value is not a valid entry. American Express assigns
Message Reason Codes to Merchants during certification.

•

Data Field 43 is optional and contains the Card Acceptor
Name/Location, which in this example is the Merchant's
company name, street address, city and ZIP.

104

•

Data Field 53 is conditional and contains Security Related
Control Information, which in this example is the keyed
CID/4DBC/4CSC code.

135

•

Data Field 63 is mandatory for certain American Express
transactions, including Automated Address Verification, and
contains Private Use Data, which in this example is basic
33-byte format, AAV (ZIP only) data associated with the swiped
transaction.

157

American Express Proprietary & Confidential

11.2

Global Credit Authorization Guide ISO Format

1100 Authorization Request Message — Card Not Present Transaction
with AAV & CID/4DBC/4CSC — American Express
This diagram illustrates the message layout for a typical, American Express, Card Not
Present transaction where both AAV and CID/4DBC/4CSC are transmitted. The following
Data Fields are included: 2, 3, 4, 11, 12, 14, 19, 22, 24, 25, 26, 32, 33, 37, 41, 42, 43, 49, 53
and 63.
Note: Data Field 47 is not shown, because of its length. However, American Express
defines specific Card Not Present formats for Data Field 47. For more details and
examples of typical layouts, see pages 113-117.
.

In the example above:

Page

•

Data Field 3 is mandatory and contains Processing Code
“004800”, which indicates that this message is a
Combination Automated Address Verification and Authorization
Request.

•

This Example shows that Data Field 14, Expiration Date, was
provided, because Track 1 or Track 2 was not captured. Data
Field 22 is mandatory and contains the POS Data Code. Position
7, Code “S”, indicates that this is a Card Not Present
transaction with keyed CID/4DBC/4CSC.

•

Data Field 22 is mandatory and contains the POS Data Code.
Position 7, Code “S”, indicates that this is a Card Not Present
transaction with keyed CID/4DBC/4CSC.

April 2016

271

Global Credit Authorization Guide ISO Format

11.2

American Express Proprietary & Confidential

Card Not Present Transaction with AAV & CID/4DBC/4CSC —
American Express (continued)
In the example above (continued):

table of contents
272

April 2016

Page

•

Data Field 24 contains the Function Code. The value “181”
indicates that the Merchant's system supports Prepaid Card
Partial Authorizations.

•

Data Field 43 is optional and contains the Card Acceptor
Name/Location, which in this example is the Merchant's
company name, street address, city and ZIP.

104

•

Data Field 53 is conditional and contains Security Related
Control Information, which in this example is the keyed
CID/4DBC/4CSC code.

135

•

Data Field 63 is mandatory for certain American Express
transactions, including Automated Address Verification, and
contains Private Use Data, which in this example is only the
33-byte AAV (Postal ZIP and Street Address only) data. However,
American Express prefers Card Not Present transactions to
contain the 208-byte AAV data. As this is a large data field, it is
not shown here. Refer to the detail of Data Field 63 for a
detailed example of the 208-byte AAV format.

157

American Express Proprietary & Confidential

11.3

Global Credit Authorization Guide ISO Format

1110 Authorization Response Message — American Express
This diagram illustrates the message layout for a typical response to the authorization
request submitted in the preceding examples. The following Data Fields are included: 2, 3,
4, 11, 12, 31, 32, 37, 38, 39, 41, 42, 44 and 49; and most entries are echo returned from the
original Authorization Request (1100) message.

In the example above:

Page

•

Data Field 31 is mandatory and contains Acquirer Reference
Data, which in this example is the Transaction Identifier (TID)
inserted by the American Express Network.

•

Data Field 38 is mandatory for approved transactions and
contains an Approval Code, because the value in Data Field 39
indicates that this transaction was approved.

193

•

Data Field 39 is mandatory and contains an Action Code that
indicates that the transaction was approved.

194

•

Data Field 44 is mandatory for American Express Automated
Address Verification and Keyed CID/ 4DBC/4CSC Validation, and
contains Additional Response Data, which in this example is a
four-byte entry composed of a two byte VLI and a two-byte
AAV/CID/ 4DBC/4CSC response. The “Z” in relative position 3
indicates that the Postal (ZIP) Code matched, and the “Y” in
relative position 4 indicates that the keyed CID/4DBC/4CSC was
valid.

197

April 2016

273

Global Credit Authorization Guide ISO Format

11.4

American Express Proprietary & Confidential

1420 Reversal Advice Request Message
This diagram illustrates the message layout for a typical, American Express Reversal
Advice Request (1420) message system reversal, which contains many of data field
entries from the original Authorization Request (1100) message. The following data fields
are included: 2, 3, 4, 11, 12, 14, 19, 22, 25, 26, 32, 33, 37, 41, 42, 49 and 56.

table of contents

In the example above:

274

April 2016

Page

•

Data Field 14 is optional and contains the Card Expiration Date
embossed on the face of the American Express or American
Express-supported Card.

227

•

229

•

Data Field 32 is optional and contains the Acquiring Institution
Identification Code of the party processing the request.

231

•

Data Field 33 is optional and contains the Forwarding Institution
Identification Code, which for non-AMEX requests may be the ID
number assigned by the network provider processing
transactions on the acquiring bank's behalf.

232

•

Data Field 37 is optional and contains the Retrieval Reference
Number.

232

American Express Proprietary & Confidential

11.4

Global Credit Authorization Guide ISO Format

1420 Reversal Advice Request Message (continued)

In the example above (continued):

Page

•

Data Field 41 is optional and contains the Card Acceptor
Terminal Identification code. Use of this data field is strongly
recommended for American Express transactions and mandatory
for VISA PS2000 and other bankcards.

233

•

Data Field 56 is mandatory and contains the Original Data
Elements from the Authorization Request (1100) message,
which identify the transaction needing correction or reversal. In
this example, Subfield 4, Acquiring Institution Identification
Code, is not provided; and this unused subfield is indicated by
one backslash (\).

235

April 2016

275

Global Credit Authorization Guide ISO Format

11.5

American Express Proprietary & Confidential

1430 Reversal Advice Response Message
This diagram illustrates the message layout for a typical response to the Reversal Advice
Request (1420) message submitted in the preceding example. The following Data Fields
are included: 2, 3, 4, 11, 12, 31, 32, 37, 39, 41, 42 and 49; and most entries are echo
returned from the original Reversal Advice Request (1420) message.

table of contents

In the example above:

Page

•

Data Field 31 is mandatory and contains Acquirer Reference
Data, which in this example is the Transaction Identifier (TID)
inserted by the American Express Network.

242

•

Data Field 39 is mandatory and contains Action Code value
“400” that indicates “reversal acknowledged”.

244

Note: American Express uses the Reversal Advice response
(1430) message as a response to Reversal Advice Request
(1420) message system reversals only. This acknowledgement
does not imply that financial action(s) have been taken to adjust
the Cardmember's account standing.

276

April 2016

American Express Proprietary & Confidential

11.6

Global Credit Authorization Guide ISO Format

1804 Network Management Request Message
This diagram illustrates the message layout for a typical, American Express, Network
Management Request (1804) message. The following Data Fields are included: 3, 11, 12,
24 and 25.

11.7

1814 Network Management Response Message
This diagram illustrates the message layout for a typical, American Express, Network
Management Response (1814) acknowledgement message. The following Data Fields are
included: 3, 11 and 12.

April 2016

277

Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

table of contents

this page intentionally left blank

278

April 2016

American Express Proprietary & Confidential

12.0

Global Credit Authorization Guide ISO Format

Revision Log
The Revision Log goes back three publications, current publication plus the last two. For earlier
versions, contact SpecQuestions@aexp.com.
The Revision Log contains a condensed overview of the GCAG ISO changes. The Revision Log is
divided into the following types of changes:
• General - Changes made due to reorganization, clarification, consistency, or for informative
purposes
• Global - Changes made in multiple locations, not specific to a data field
• Specific data field changes - Changes made to specific data field(s) as noted
• Specific section changes - Changes made to specific section(s) as noted

Publication: April 2016 | Global Data Quality & Standards (GDQ&S) | 
Contact: SpecQuestions@aexp.com
Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description



Spec Req #

Changed ‘Global Financial Settlement Guide (GFSG)’ to ‘Global Financial
Submission Guide (GFSG)’.

10061DMF15

DF 2: Primary Account
Number (PAN)

In the description, changed the first paragraph to ‘This data field contains
the Cardmember Account Number, or Payment Token Account Number,
preceded by a two-digit, Variable Length Indicator (VLI). The VLI must
indicate the exact length of the account number, and no additional
characters should be added to this data field’.

12247AMB15

DF 14: Date,
Expiration

Updated field to include Payment Token functionality.

12247AMB15

In the description, removed ICC verbiage from the Note.

42825DMF16

In the Point of Service Data Code tables, made the following changes and
updates to include Payment Token functionality:
• Position 1, removed value ‘X’ as a valid value.
• Position 5, value 4, at the end of the description, added ‘delayed
shipment, split bill transactions’.
• Position 6, added value ‘Z’ to identify Digital Wallet transactions.
• Position 7, removed values ‘X’ and ‘Y’ as valid values. For value 5, added
verbiage for Digital Wallet and Payment Token functionality.

9427RMW15

Removed references to magnetic stripe signature.

9427RMW15

DF 24: Function Code

In the description, added verbiage to the function code table for
‘196=Expresspay Translation (PAN & Expiration Date Request)’.

12247AMB15

DF 43: Card Acceptor
Name/Location

Updated field for clarity around formatting for Payment Service Providers
(Aggregators) and OptBlue Participants.

45326RMW16

DF 53: Security
Related Control
Information

Updated field to include Derived Unique Key Per Transaction (DUKPT) Key
Exchange process.

1439DMF15

General Changes
Specific Data
Field Changes
1100 Authorization
Request

DF 22: Point of
Service Data Code

April 2016

279

12247AMB15

Global Credit Authorization Guide ISO Format

12.0

American Express Proprietary & Confidential

Revision Log (continued)

Publication: April 2016 (continued)

table of contents

Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description

1100 Authorization
Request (continued)

DF 60: National Use
Data

Updated field to include Payment Token functionality.

DF 61: National Use
Data

Updated field to include Payment Token functionality.

DF 62: Private Use
Data

Removed references to magnetic stripe signature.

9427RMW15

DF 34: Primary
Account Number,
Extended

Updated field to include Payment Token functionality.

12247AMB15

DF 60: National Use
Data

Updated field to include Payment Token functionality.

12247AMB15

DF 4: Amount,
Transaction

In the description, changed the first sentence from ‘This data field contains
the amount of the original (that is being reversed)’ to ‘This data field
contains the original transmitted amount’.

84516RMW16

DF 14: Date,
Expiration

Changed the field requirement from ‘Conditional-If the value was submitted
in the original Authorization Request (1100) message’ to ‘Optional’.

31323RMW16

Section 1.5 Related
Documents

Added bullets for:

1439DMF15

• American National Standards Institute ANSI X9.24, Asymmetric Techniques for
the Distribution of Symmetric Keys

12247AMB15

1110 Authorization
Response

1420 Reversal
Advice Request

Specific Section
Changes



Spec Req #

• EMVCo Payment Tokenization Specification - Technical Framework

280

April 2016

Removed bullet for ‘American Express XML Global Financial Submission
Guide’.

12115RMW15

Section 5.0 Card
Acceptance
Supported Services

Updated section to include Payment Token functionality.

12247AMB15

Section 5.4.2.1
Expresspay Transit
Transactions at
Transit Access
Terminals

Updated section to include Payment Token functionality.

12247AMB15

Section 5.8 Digital
Wallet Payments

Added new section for Digital Wallet functionality.

12247AMB15

Section 6.1 Payment
Token Transactions

Added new section for Payment Token functionality.

12247AMB15

Section 6.5.1
Master/Session Key
Management
Methodology

Updated section to include the DUKPT Key Exchange process.

1439DMF15

American Express Proprietary & Confidential

12.0

Global Credit Authorization Guide ISO Format

Revision Log (continued)

Publication: April 2016 (continued)
Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description



Spec Req #

Specific Section
Changes
(continued)

Section 6.5.2 Derived
Unique Key Per
Transaction (DUKPT)

Added new section for DUKPT Key Exchange process.

1439DMF15

Section 7.1 Primary
Bit Map

For DF 53, changed the max. data field length from ‘110 bytes LLVAT’ to ‘19
bytes LLVAR’.

Section 8.1 1100 Authorization
Request

For DF 60, changed max. data field length from ‘94 bytes, LLLVAR’ to ‘106
bytes, LLLVAR’.

April 2016

12247AMB15

281

Global Credit Authorization Guide ISO Format

12.0

American Express Proprietary & Confidential

Revision Log (continued)

Publication: October 2015 | Global Data Quality & Standards (GDQ&S) | 
Contact: SpecQuestions@aexp.com
Type of
Change/
Message Type


Data Field (DF)/
Section # / Title

General Changes



Description



Spec Req #

The following sections have been moved to the Global Codes & Information
Guide:
• Check Digit Verification

12147RMW15

table of contents

• SE Number Check Digit Computation (Modulus 9 Check)
• Cardmember Number Check Digit Computation (Modulus 10 Check)
• Appendix
The following sections and applicable references have been removed
entirely:
• Document Clarification Request
• ISO 8583 Network Management Notification (1844) Format
• ISO 8583 Message Tables for VISA, MasterCard, Diner’s Club and JCB
• Examples of Typical Message Formats for VISA and MasterCard
• Data and Certification Testing
• Certification Tests

Specific Data
Field Changes
Authorization
Request (1100)

282

April 2016

Summary of Changes
Table

Updated the paragraph description for clarity which includes ‘This
information may affect the way a Merchant, Third Party Processor or Vendor
software processes American Express Card transactions’.

10061DMF15

DF 22: Point of
Service Data Code

Added ‘Note: American Express-certified EMV terminal and link’ to the
following:
POS. 1, value 5
POS. 7, value 5
POS. 9, value 1
POS. 10, value 3

10061DMF15

American Express Proprietary & Confidential

12.0

Global Credit Authorization Guide ISO Format

Revision Log (continued)

Publication: October 2015 (continued)
Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description



Spec Req #

Authorization
Request (1100)
(continued)

DF 43: Card Acceptor
Name/Location

In Subfield 1, updated the description column for Payment Service Providers
(Aggregators) and OptBlue Participants.

10061DMF15

Updated the notes and examples for Payment Service Providers
(Aggregators) and OptBlue Participants.
DF 60: National Use
Data

Authorization
Response (1110)

Reversal Advice
Request (1420)

Changed length of field to ‘20 bytes minimum, 94 bytes maximum, (LLLVAR)’
Changed length of variable data to ‘91 bytes maximum, EBCDIC or Binary’.

10061DMF15

For subfields 3 and 4, after (Aggregators), added ‘or OptBlue participant’s...’.

10061DMF15

For Subfield 3, changed the subfield type from ‘Alphanumeric’ to
‘Alphanumeric & special characters

83339RMW15

Added an example which includes Seller ID, Seller Email Address and Seller
Telephone.

10351RMW15

DF 64: Message
Authentication Code
Field

Changed ‘Data Field 64’ to ‘Data Field 128’and moved it after Data Field 96.

11113DMF15

DF 96: Key
Management Data

For relative position 9-11, changed subfield name from ‘Session Key PIN
Check Value’ to ‘Session PIN Key Check Value’.

11113DMF15

Changed the description to ‘Check value is to be copied from the value
found in the SESSION PIN KEY CHECK VALUE subfield in Data Field 96, Key
Management Data, Network Management Response (1814) message’.

11113DMF15

For relative position 12-14, changed subfield name from ‘Session Key MAC
Check Value’ to ‘Session MAC Key Check Value’.

11113DMF15

For relative position 15-17, changed subfield name from ‘Session Key Data
Check Value’ to ‘Session Data Key Check Value’.

11113DMF15

DF 60: National Use
Data

Changed length of field to ‘20 bytes minimum, 94 bytes maximum, (LLLVAR)’
Changed length of variable data to ‘91 bytes maximum, EBCDIC or Binary’.

10061DMF15

DF 62: Private Use
Data

For the example in American Express AAV, Telephone Number and Email
Address Verification Response, the VLI changed from ‘012AXAEYYNYY’ to
’009AXAEYYNYY’.
In the first bullet, VLI changed from ‘012’ to ‘009’.

12205DMF15

DF 12: Date and Time,
Location Transaction

In the description, changed the first sentence from ‘This data field contains
the year, month, day and local time when this transaction took place‘ to
‘This data field contains the year, month, day and local time when the
Reversal Advice Request (1420) message took place.

10061DMF15

April 2016

283

Global Credit Authorization Guide ISO Format

12.0

American Express Proprietary & Confidential

Revision Log (continued)

Publication: October 2015 (continued)

table of contents

Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description



Spec Req #

Network
Management
Response (1814)

DF 96: Key
Management Data

For Relative Positions 9-24, 25-40, 41-56, 57-59, 60-62 and 63-65, changed
the subfield names to:
• Session Key PIN to Session PIN Key
• Session Key MAC to Session MAC Key
• Session Key DATA to Session DATA Key
• Session Key PIN Check Value to Session PIN Key Check Value
• Session Key MAC Check Value to Session MAC Key Check Value
• Session Key DATA Check Value to Session DATA Key Check Value

11113DFM15

For Session PIN Key Check Value, changed the description to ’Check Value is
derived by American Express identifying the Session PIN Key sent in the
Network Response (1814) message received from American Express. Note:
This value is returned, without alteration, in the SESSION PIN KEY CHECK
VALUE subfield in Data Field 96, Key Management Data, of the
Authorization Response (1110) message’.

11113DFM15

For Session MAC Key Check Value, removed ‘the POS device’ and ‘Acquirer
System’. Changed ‘Session Key MAC’ to ‘Session MAC Key’.

11113DFM15

For Session DATA Key Check Value, removed ‘the POS device’ and ‘Acquirer
System’. Changed ‘Session Key DATA’ to ‘Session DATA Key’.

11113DFM15

In the note, changed subfield names to: SESSION PIN KEY CHECK VALUE,
SESSION MAC KEY CHECK VALUE, and SESSION DATA KEY CHECK VALUE.

11113DFM15

Section 1.2 Document
Changes

Under Revision Log, changed the description to ‘The Revision Log is the last
section in this document, and it contains a condensed overview of the
changes made in the last three publications’.

10061DMF15

Section 1.4 Contact
Information

Added new Section 1.4 Contact Information to document.

85846RMW15

Section 1.5 Related
Documents

Added the following documents:
• American Express Global Codes & Information Guide

10061DMF15

Specific Section
Changes

• American Express Online PIN Processing Implementation Guide for
Merchants and Third Party Processors.
For the Expresspay documents, removed the version number ‘2.0’.

284

April 2016

Section 2.1 Overview
of Implementation
Planning

Added a bullet for ‘Global Codes & Information Guide’.

Section 4.0
Guidelines for Using
the GCAG ISO 8583
Message Formats

In the second paragraph, changed the first sentence from ‘Some of the data
fields can be either fixed-length and others are variable-length’ to ‘Data
fields can be either fixed-length or variable-length’.

10061DMF15

American Express Proprietary & Confidential

12.0

Global Credit Authorization Guide ISO Format

Revision Log (continued)

Publication: October 2015 (continued)
Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description



Spec Req #

Specific Section
Changes
(continued)

Section 5.0 Card
Acceptance
Supported Services

Changed the Authorization Amount Adjustment description to ‘The
Authorization Amount Adjustment can be used by any Merchant, Third Party
Processor or Vendor software provider that supports Automated Fuel
Dispensers. This functionality allows for the release of held funds due to the
actual sale amount being less than the original authorized amount’.

10061DMF15

Section 5.2 American
Express OptBlue
Program

Updated the paragraph description for clarity.

10061DMF15

Section 5.4.1 AEIPS

For Position 7, added a bullet for ‘Transactions must not be processed using
value 5 (Integrated Circuit Card - ICC) unless the terminal and link are
certified by American Express for EMV processing’.

10061DMF15

Added bullet for ‘Position 9: Cardmember Authentication EntityTransactions must not be processed using value 1 (Integrated Circuit Card ICC) unless the terminal and link are certified by American Express for EMV
processing’.

10061DMF15

Added bullet for ‘Position 10: Card Data Output Capability - Transactions
must not be processed using value 3 (Integrated Circuit Card - ICC) unless
the terminal and link are certified by American Express for EMV processing’.

10061DMF15

Section 5.4.2
Expresspay

In the paragraph following the bullets, at the end of the first sentence,
added ‘including the Expresspay Pseudo-Magnetic Stripe Format’. At the
end of the paragraph, added reference to the Global Codes & Information
Guide.

10061DMF15

Section 6.1
Verification Services

Changed the last sentence to ‘For policy questions regarding transaction
processing, refer to one or more of the following: American Express
Merchant Regulations - U.S., Canada Merchant Operating Manual (MOM) Local market Terms of Conditions/Contracts for those markets outside of the
U.S. and Canada’.

10114RMW15

Section 6.4 Online
PIN

Updated section for Online PIN to add clarity around Static and Dynamic Key
Exchange.

11113DMF15

Section 7.0 ISO 8583
Message Bit Map
Table

Removed the Secondary Bit Map restrictions.

10061DMF15

Section 7.1 Primary
Bit Map

For DF 60, changed the max. data field length to ‘94 bytes, LLLVAR’.

Section 8.1 ISO 8583
Authorization
Request (1100)

For DF 60, changed the max. data field length to ‘94 bytes, LLLVAR’.
Changed Message Authentication Code Field from Data Field 64 to Data
Field 128 and moved it after Data Field 96.

April 2016

11113DMF15

285

Global Credit Authorization Guide ISO Format

12.0

American Express Proprietary & Confidential

Revision Log (continued)

Publication: October 2015 (continued)

Data Field (DF)/
Section # / Title



Description

Specific Section
Changes
(continued)

Section 8.2 ISO 8583
Authorization
Response (1110)

For DF 60, changed the max. data field length to ‘94 bytes, LLLVAR’.

Section 9.0 ISO 8583
Reversal Advice
Request/Response
Message Formats

Changed Merchant Initiated Reversals making them mandatory for U.S.
Third Party Processors only.

74251DMF15

In the first sentence of the first bullet, changed the text in the parentheses
to ‘Mandatory for U.S. Third Party Processors only’.

74251DMF15

Section 12.0 Revision
Log

Added the sentence ‘The Revision Log goes back three publications, current
publication plus the last two. For earlier versions, contact
SpecQuestions@aexp.com’.

10061DMF15

Changed the first bullet to ‘General - Changes made due to reorganization,
clarification, consistency, or for informative purposes’.

10061DMF15

table of contents

Type of
Change/
Message Type

286

April 2016



Spec Req #

American Express Proprietary & Confidential

12.0

Global Credit Authorization Guide ISO Format

Revision Log (continued)

Publication: April 2015 | Global Data Quality & Standards (GDQ&S) | 
Contact: SpecQuestions@aexp.com
Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description



Spec Req #

General Changes

Cover

Changed date from ‘OCTOBER 2014’ to ‘APRIL 2015’.

Footer

Changed date from ‘October 17, 2014’ to ‘April 17, 2015’.

Document
Clarification Request

In the second paragraph, removed the quotes around ‘SpecQuestions.com’.

Table of Contents

Moved the ‘1’ after the word ‘Guide’ to the right to align with page
numbers.

Specific Data
Field Changes

DF 1: Bit Map Secondary

Added new data field to document.

10224DMF15

Authorization
Request (1100)

DF 22: Point of
Service Data Code

In POS. 5, values 4 & 9, removed the last sentence ‘For more information,
see page 20’.

10472DMF14

DF 43: Card Acceptor
Name/Location

Changed this data field significantly for Payment Service Providers
(Aggregators). Please read in its entirety.

51439VEW15

DF 52: Personal
Identification Number
(PIN) Data

Changed the field requirement to ‘Conditional - Used only when PIN is
available’.

10224DMF15

Added certification requirement ‘Mandatory — Third Party Processors
and/or Vendor software must be certified to pass data in this data element.
After certification, all Merchant-provided data must be forwarded in this
data element’.
Changed the description to ‘This data field is for use in markets that support
online PIN verification, and it will transport encrypted PIN data for
PIN-based POS transactions. Unauthorized use of this data field may cause
message rejection’.

April 2016

287

20439DMF15

Global Credit Authorization Guide ISO Format

12.0

American Express Proprietary & Confidential

Revision Log (continued)

Publication: April 2015 (continued)

table of contents

Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description



Spec Req #

Authorization
Request (1100)
(continued)

DF 53: Security
Related Control
Information

In the description, changed ‘...must be set to value “S”, W” or “Y” to ‘...must
be set to value “9”, “S”, “W” or “Y”.

91740DMF14

DF 53: Security
Related Control
Information
(continued)

In the description, in the table, added a row for ‘9 - Technical fallback Transaction initiated as chip, but was processed using an alternative
technology (such as magnetic stripe)’.

51439VEW15

DF 60: National Use
Data

Changed this data field significantly for Payment Service Providers
(Aggregators). Please read in its entirety.

DF 61: National Use
Data

Changed the certification requirement to ‘See Section 4.3 for the website
link to American Express SafeKey enabled countries’.

90447DMF14

DF 63: Private Use
Data

In the 205-byte format examples, changed the phone number for AE and AD
from ‘1234567890’ to ‘5555370000’.

10052DMF14

DF 96: Key
Management Data

Added new data field.

10224DMF15

DF 39: Action Code

In the description, added code ‘909-System Malfunction (Cryptographic
error)’.

DF 60: National Use
Data

In length of field, changed ‘303 bytes maximum, (LLLVAR)‘ to ‘92 bytes
maximum, (LLLVAR)’.

Authorization
Response (1110)

51439VEW15

In length of variable data, changed ‘300 bytes maximum, EBCDIC’ to ‘89
bytes maximum, EBCDIC’.
Changed the field requirement to Conditional - Echo returned’.

Network
Management
Request (1804)

288

April 2016

DF 61: National Use
Data

Changed the certification requirement to ‘See Section 4.3 for the website
link to American Express SafeKey enabled countries’.

90447DMF14

DF 24: Function Code

In the description, added ‘811-Dynamic Key Exchange’.
Changed the sentence ‘The following additional values are accepted in
China only’ to bold.

92933DMF14

DF 96: Key
Management Data

Corrected spelling of data field name from ‘Key Management Data’ to ‘Key
Management Data’.

93320DMF14

American Express Proprietary & Confidential

12.0

Global Credit Authorization Guide ISO Format

Revision Log (continued)

Publication: April 2015 (continued)
Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description



Spec Req #

Network
Management
Response (1814)

DF 1: Bit Map Secondary

Changed the field requirement to ‘Mandatory — For Data Fields 65 and
128’.

10224DMF15

Changed the description to ‘See Bit Map - Secondary description on page 58
of the Authorization Request (1100) message’.
DF 24: Function Code

Changed the constant from ‘831’ to ‘None’.

DF 39: Action Code

Changed constant from ‘800’ to ‘None’.
In the description, changed ‘Valid action code’ to ‘Valid action codes’.
Added the following codes: ‘115 = Requested function not support, 181 =
Format error, and 909 = System Malfunction (Cryptographic Error)’.

Specific Section
Changes

DF 96: Key
Management Data

Changed this data field significantly for Payment Service Providers
(Aggregators). Please review in its entirety.

Section 1.2 Document
Changes

For revision mark, added the sample revision mark in the left margin.

10302DMF14

Section 1.4 Related
Documents

In the 2nd bullet, added ‘(XML GFSG)’ after the document title.
Changed the bullet ‘American Express Card Acceptance and Processing
Network Communications Guide’ to ‘American Express Network
Communications Guide (MPLS & VPN)’.

10385DMF14

Section 4.3 American
Express SafeKey

Originally Section 4.2.6. Changed the section number to ‘4.3’.

11352DMF14

In the second paragraph, removed the last 2 sentences and replaced with
‘Refer to the following website link: ‘AmexSafeKey’ for the most current
enablement updates’.

90447DMF14

Section 3.5.2
Supported File
Layouts

In the table, for DF 2, changed the ‘1’ to an ‘*’.
In the footnote, changed the ‘1’ to an ‘*’.

60320DMF15

3.5.2.1 Variable
Length Layout

In the table, for DF 25, changed the ‘2’ to an ‘*’.
In the footnote, changed the ‘2’ to an ‘*’.

60320DMF15

Section 4.3 American
Express SafeKey

Originally Section 4.2.6. Changed the section number from ‘4.2.6’ to ‘4.3’.

11352DMF14

In the second paragraph, removed the last 2 sentences and replaced with
‘Refer to the following website link: ‘AmexSafeKey’ for the most current
enablement updates’.

90447DMF14

April 2016

289

Global Credit Authorization Guide ISO Format

12.0

American Express Proprietary & Confidential

Revision Log (continued)

Publication: April 2015 (continued)

Data Field (DF)/
Section # / Title



Description



Spec Req #

Specific Section
Changes
(continued)

Section 4.4 Online
PIN and Dynamic Key
Exchange

Added new Section 4.4 Online PIN Processing to document.

10224DMF15

Section 5.1 Overview
of Implementation
Planning

Changed the bullet ‘American Express Card Acceptance and Processing
Network Communications Guide’ to ‘American Express Network
Communications Guide (MPLS & VPN)’.

60320DMF15

Section 5.5
Communications
Options

Changed the bullet ‘American Express Card Acceptance and Processing
Network Communications Guide’ to ‘American Express Network
Communications Guide (MPLS & VPN)’.

Section 5.7.3
Network
Management
Request/Response

In the last paragraph, changed the first sentence to ‘The Network
Management Request (1804) message allows for either dynamic key
exchange, an echo test or a signon/signoff request’.

Section 6.2.1 Primary
Bit Map

For DF 60: changed max. data field length from ‘303 bytes LLLVAR’ to ‘92
bytes LLLVAR’.

51439VEW15

Section 6.2.2
Secondary Bit Map

Formatted table so the field numbers align correctly.

22349DMF15

Section 7.1 ISO 8583
Authorization
Request (1100)

Added DF 1: Bit Map-Secondary and DF 96: Key Management Data to
section.

10224DMF15

In the table, for DF 60: changed the max. data field length from ‘303 bytes
LLLVAR’ to ‘92 bytes LLLVAR’. Changed data field requirement to ‘See page’.

51439VEW15

Section 7.2 ISO 8583
Authorization
Request (1110)

In the table, for DF 60: changed the max. data field length from ‘303 bytes
LLLVAR’ to ‘92 bytes LLLVAR’. Changed data field requirement to ‘See page’.

51439VEW15

Section 7.2.1 Card
Identifier (CID)
Verification

Remove the word ‘program’ from ‘For more information on American
Express CID/4DBC/4CSC Program, contact your American Express
representative’.

85026DMF15

Section 8.0 ISO 8583
Reversal Advice
Request/Response
Formats

Changed the second paragraph to ‘The Reversal Advice Request/Response
(1420/1430) is mandatory for Merchant Initiated Reversals and is an
optional message for System Generated Reversals’.
For the two bullet points, switched the order and added ‘(Mandatory)’ for
Merchant Initiated Reversals and ‘(Optional)’ for System Generated
Reversals.

11104DMF15

table of contents

Type of
Change/
Message Type

290

April 2016

American Express Proprietary & Confidential

12.0

Global Credit Authorization Guide ISO Format

Revision Log (continued)

Publication: April 2015 (continued)
Type of
Change/
Message Type


Data Field (DF)/
Section # / Title



Description



Spec Req #

Specific Section
Changes
(continued)

Section 9.0 ISO 8583
Network
Management
Request/Responses

In the second paragraph, added information for encryption key management
and signon and signoff.

10244DMF15

Section 9.2 ISO 8583
Network
Management
Response (1814)

For DF 1 and DF 96, changed the data field requirement to ‘See Page’.

10244DMF15

Section 12.10
Network
Management
Request (1804)
Message

In the paragraph, removed ‘Are You There?’.

10224DMF15

Section 13.2
Certification Tests

Changed the bullet ‘American Express Card Acceptance and Processing
Network Communications Guide’ to ‘American Express Network
Communications Guide (MPLS & VPN)’.

60320DMF15

Section 14.0
Appendix

Removed 14.8 American Express SafeKey Related Countries from the
Appendix and renumbered accordingly.

90447DMF14

Section 14.6.2.1
Currency Code Country/Entity Name
Order

Changed the Algerian Dinar from 0 decimal places to 2 decimal places.
Removed the ‘2’ from the Notes column.

21517DMF15

Section 14.6.2.1
Currency Code Country/Entity Name
Order (continued)

Changed ‘Lithuania’ Litas to ‘Euro’ and code to ‘978’

21517DMF15

Section 14.6.2.2
Currency Code Currency Name Order

Changed the Algerian Dinar from 0 decimal places to 2 decimal places.
Removed the ‘2’ from the Notes column.
Changed ‘Lithuania’ Litas to ‘Euro’ and code to ‘978’

Section 14.8
American Express
SafeKey Enabled
Countries

Removed section from document.

90447DMF14

Section 15.0 Revision
Log

In October 2014 - moved the last change in data field 47 to Data Field 48.

22718DMF15

April 2016

291

Global Credit Authorization Guide ISO Format

American Express Proprietary & Confidential

table of contents

this page intentionally left blank

292

April 2016

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : Yes
Encryption                      : Standard V4.4 (128-bit)
User Access                     : Print, Copy, Annotate, Fill forms, Extract, Print high-res
Author                          : V. Warner
Create Date                     : 2016:04:12 16:25:20Z
Keywords                        : Please, send, any, questions, or, comments, to, SpecQuestions@aexp.com
Modify Date                     : 2016:04:13 15:17:31-07:00
Has XFA                         : No
Language                        : en
Tagged PDF                      : Yes
XMP Toolkit                     : Adobe XMP Core 5.2-c001 63.139439, 2010/09/27-13:37:26
Creator Tool                    : FrameMaker 12.0.3
Metadata Date                   : 2016:04:13 15:17:31-07:00
Format                          : application/pdf
Title                           : American Express Global Credit Authorization Guide April 2016
Creator                         : V. Warner
Subject                         : Please send any questions or comments to SpecQuestions@aexp.com
Producer                        : Acrobat Distiller 11.0 (Windows)
Document ID                     : uuid:9ba97c41-017e-4a27-8833-fe9cd6d57644
Instance ID                     : uuid:141eaa5d-b66e-4d8c-a363-4e4496d75e94
Page Mode                       : UseOutlines
Page Count                      : 300

EXIF Metadata provided by EXIF.tools

American Express Global Credit Authorization Guide April 2016 Apr

Navigation menu

Versions of this User Manual:

Views

Navigation