American Express Global Credit Authorization Guide April 2016 Apr

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 300 [warning: Documents this large are best viewed by clicking the View PDF Link!]

AMERICAN EXPRESS
GLOBAL CREDIT AUTHORIZATION GUIDE
ISO 8583:1993 (VERSION 1)
APRIL 2016
GLOBAL MERCHANT SERVICES
table of contents
Copyright © 2004-2016 American Express Travel Related Services Company, Inc. All rights reserved. This
document contains sensitive, confidential and trade secret information; and no part of it shall be disclosed to
third parties or reproduced in any form or by any electronic or mechanical means, including without limitation
information storage and retrieval systems, without the express prior written consent of American Express
Travel Related Services Company, Inc.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 i
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
Summary of Changes Table
The Summary of Changes is a broad overview of technical changes made to the specification since its last
publication. This information may affect the way a Merchant, Third Party Processor or Vendor processes
American Express Card transactions. Other changes, including but not limited to, clarification and
consistency updates are included in the Revision Log located at the back of this guide.
Data Element or
Section Number Description of Change
GENERAL CHANGES
Added verbiage for Payment Token and/or Digital Wallet functionality to the following:
1100 message: DF 2, DF 14, DF 22, DF 24, DF 60, DF 61
1110 message: DF 34, DF 60
Section 1.5: Related Documents
Section 5.0 Card Acceptance Supported Services
Section 5.4.2.1 Expresspay Transit Transactions at Transit Access Terminals
Section 5.8 Digital Wallet Payments
Section 6.1 Payment Token Transactions
Added verbiage for Derived Unique Key Per Transaction (DUKPT) functionality to the following:
1100 message: DF 53
Section 6.5.2 Derived Unique Key Per Transaction (DUKPT)
1100 AUTHORIZATION REQUEST MESSAGE
DF 22: Point of Service Data
Code
In the Point of Service Data Code tables, made the following changes and updates to include
Payment Token functionality:
Position 1, removed value ‘X’ as a valid value.
Position 5, value 4, at the end of the description, added ‘delayed shipment, split bill
transactions’.
Position 6, added value ‘Z’ to identify Digital Wallet transactions.
Position 7, removed values ‘X’ and ‘Y’ as valid values. For value 5, added verbiage for
Digital Wallet and Payment Token functionality.
Removed references to magnetic stripe signature.
DF 24: Function Code In the description, added verbiage to the function code table for ‘196=Expresspay Translation
(PAN & Expiration Date Request)’.
DF 43: Card Acceptor
Name/Location
Updated field for clarity around formatting for Payment Service Providers (Aggregators) and
OptBlue Participants.
DF 62: Private Use Data Removed references to magnetic stripe signature.
ii April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
this page intentionally left blank
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 iii
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
Table of Contents
Summary of Changes Table................................................................................................ i
1.0 About the Global Credit Authorization Guide......................................................1
1.1 Who Should Use the GCAG ISO .............................................................................................. 1
1.2 Document Changes.................................................................................................................. 1
1.3 Communication Process........................................................................................................... 2
1.3.1 Semi-Annual Publication Process............................................................................... 2
1.3.2 Notice of Specification Changes ................................................................................ 2
1.3.3 Technical Bulletins...................................................................................................... 2
1.4 Contact Information ................................................................................................................. 2
1.5 Related Documents.................................................................................................................. 3
2.0 Implementation Planning........................................................................................5
2.1 Overview of Implementation Planning .................................................................................... 5
2.2 Development Responsibilities .................................................................................................6
2.3 Development Steps.................................................................................................................. 7
2.4 Hardware Requirements.......................................................................................................... 7
2.5 Communications Options......................................................................................................... 7
2.6 Leased Lines............................................................................................................................. 7
3.0 Card Acceptance Guidelines .................................................................................9
4.0 Guidelines for Using the GCAG ISO 8583 Message Formats ..........................11
4.1 Variations in Messaging........................................................................................................ 14
4.2 ISO 8583 Message Formats................................................................................................... 14
4.2.1 Authorization Request/Response ............................................................................. 14
4.2.2 Reversal Advice Request/Response......................................................................... 15
4.2.3 Network Management Request/Response.............................................................. 16
5.0 Card Acceptance Supported Services ...............................................................17
5.1 Online Authorizations ............................................................................................................ 18
5.1.1 Non-Referral Link...................................................................................................... 18
5.1.2 Referral Queue.......................................................................................................... 20
5.1.3 Referral Queue — Referral Mode............................................................................ 22
5.2 American Express OptBlue® Program.................................................................................... 23
5.3 Prepaid Card Authorizations ..................................................................................................24
5.3.1 Partial Authorization ................................................................................................. 24
5.3.2 Authorization with Balance Return .......................................................................... 25
5.4 Chip Card Authorizations ....................................................................................................... 26
5.4.1 AEIPS......................................................................................................................... 26
5.4.2 Expresspay................................................................................................................ 28
5.5 Recurring Billing and Standing Authorization ....................................................................... 30
5.6 Batch Authorizations.............................................................................................................. 31
5.6.1 Message Separation................................................................................................. 32
5.6.2 Supported File Layouts ............................................................................................. 33
5.7 Authorization Amount Adjustment ........................................................................................ 39
table of contents
of changes
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
iv April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
Table of Contents
5.8 Digital Wallet Payments ........................................................................................................ 39
5.8.1 In-Store Digital Wallet Transactions........................................................................ 39
5.8.2 In-App Transactions.................................................................................................. 40
5.9 Other Authorization Services .................................................................................................41
5.9.1 American Express Travelers Cheque Verifications................................................... 41
5.9.2 Non-American Express Card Authorizations ............................................................ 41
6.0 Fraud Prevention Services....................................................................................43
6.1 Payment Token Transactions ................................................................................................. 43
6.2 Verification Services .............................................................................................................. 44
6.2.1 Enhanced Authorization............................................................................................ 44
6.3 Electronic Verification Services .............................................................................................46
6.3.1 Card Identifier (CID) Verification............................................................................... 46
6.3.2 Automated Address Verification (AAV) .................................................................... 47
6.3.3 ZIP Code Verification ................................................................................................ 47
6.3.4 Telephone Number Verification................................................................................ 48
6.3.5 Email Address Verification ....................................................................................... 49
6.4 American Express SafeKeySM................................................................................................. 50
6.5 Online PIN .............................................................................................................................. 51
6.5.1 Master/Session Key Management Methodology .................................................... 51
6.5.2 Derived Unique Key Per Transaction (DUKPT).......................................................... 52
7.0 ISO 8583 Message Bit Map Table........................................................................53
7.1 Primary Bit Map ..................................................................................................................... 53
7.2 Secondary Bit Map................................................................................................................. 55
8.0 ISO 8583 Authorization Request/Response Message Formats.......................59
8.1 1100 Authorization Request ..................................................................................................59
8.2 1110 Authorization Response .............................................................................................. 179
9.0 ISO 8583 Reversal Advice Request/Response Message Formats ...............219
9.1 1420 Reversal Advice Request ............................................................................................ 220
9.2 1430 Reversal Advice Response.......................................................................................... 237
10.0 ISO 8583 Network Management Request/Response Message Formats ....247
10.1 1804 Network Management Request.................................................................................. 248
10.2 1814 Network Management Response ............................................................................... 258
11.0 Examples of Typical Message Formats............................................................269
11.1 1100 Authorization Request Message — Card Present Transaction with
AAV & CID/4DBC/4CSC — American Express ................................................................... 269
11.2 1100 Authorization Request Message — Card Not Present Transaction with
AAV & CID/4DBC/4CSC — American Express ................................................................... 271
11.3 1110 Authorization Response Message — American Express........................................... 273
11.4 1420 Reversal Advice Request Message ............................................................................ 274
11.5 1430 Reversal Advice Response Message.......................................................................... 276
11.6 1804 Network Management Request Message.................................................................. 277
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 v
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
Table of Contents
11.7 1814 Network Management Response Message............................................................... 277
12.0 Revision Log ..........................................................................................................279
table of contents
of changes
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
vi April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
Table of Contents
this page intentionally left blank
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 1
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
1.0 About the Global Credit Authorization Guide
The American Express Global Credit Authorization Guide (GCAG) ISO contains software
development instructions for use of the American Express Authorization System. These instructions
enable programmers to code software in accordance with American Express requirements.
American Express will allow users that conform to this specification and pass our certification tests
to access the American Express Global Network to obtain authorizations for financial transactions.
Use of this specification prior to certification is prohibited.
1.1 Who Should Use the GCAG ISO
The GCAG ISO is written for Merchants, authorized Third Party Processors, OptBlue
Participants, Payment Service Providers (Aggregators) and Vendors.
In this guide, the terms Merchant, Seller, Service Establishment or SE, and Card Acceptor
are used interchangeably to refer to businesses that are approved to accept American
Express and/or American Express Partners' Cards as payment for goods and/or services.
The GCAG ISO is based on International Standard ISO 8583:1993, Financial Transaction
Card Originated Interchange Message Specifications.
1.2 Document Changes
Changes to the GCAG ISO are identified in various ways.
Summary of Changes Table — The GCAG ISO begins with a Summary of Changes table
that provides a broad overview of technical and/or data field changes since the last
publication. The summary includes the following:
The data field or section where revision occurred
A brief description of the revision
Revision Mark — Throughout this document, revised areas that may affect the way a
Merchant, Third Party Processor or Vendor processes transactions are indicated with a
revision mark. This mark appears in the page margin, next to where a change was made.
See example of a revision mark at left. Removed text will not have a revision mark.
Changes may or may not be indicated with a revision mark.
Revision Log — The Revision Log is the last section in this document, and it contains a
condensed overview of changes made in the last three publications.
2 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
1.3 Communication Process
This section outlines how changes to American Express Technical Specifications are
communicated.
1.3.1 Semi-Annual Publication Process
The American Express Network publishes Technical Specifications twice each
year, in April and October. Specification changes, which will require technical
changes to implement or support, as well as any certification requirements
and/or compliance dates, will be communicated six months prior to publication
in a Notice of Specification Changes (NOSC).
1.3.2 Notice of Specification Changes
Notice of Specification Changes (NOSC) are also published twice each year, in
April and October. In each edition, changes to existing, or the introduction of
new features and functionality will be announced. These changes will be
incorporated into the next editions of the Technical Specifications.
Changes published in the April NOSC will be incorporated into the October
editions of the Technical Specifications.
Changes published in the October NOSC will be incorporated into the April
editions of the Technical Specifications.
1.3.3 Technical Bulletins
American Express will publish any changes occurring outside of the April and
October publication schedule in Technical Bulletins. Technical Bulletins will
generally contain the same level of detail found in the NOSC, including a
description of the change, and the business and technical impacts of the change
to customers.
Technical Bulletins may also communicate changes, corrections, and
clarifications announced in previous Technical Specifications. Information
communicated in Technical Bulletins will be incorporated into the next editions
of the Technical Specifications.
1.4 Contact Information
To notify us when content clarifications are required, send an email to
SpecQuestions@aexp.com. You may also send a copy of the document page in question.
You will receive confirmation of your request in 3-5 business days. Changes, corrections,
and clarifications will be published in the next release.
For questions on modifications to existing functionality, contact your American Express
representative.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 3
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
1.5 Related Documents
American Express Global Financial Submission Guide (GFSG)
American Express Global Codes & Information Guide
American Express Online PIN Processing Implementation Guide for Merchants
or Third Party Processors
American Express Global Credit Authorization Guide ISO 8583:1993 (Version 1)
Authorization Adjustment Addendum (AAA)
American Express Network Communications Guide (MPLS & VPN)*
American Express ICC Payment (AEIPS) Chip Card Specification
American Express ICC Payment (AEIPS) Terminal Specification
American Express Merchant Regulations - U.S.
American Express SafeKey SM Acquirer Merchant Implementation Guide
Acquirer Chip Card Implementation Guide
Implementing American Express EMV Acceptance on a Terminal
Expresspay Terminal Specification
Expresspay Card Specification
Expresspay Card Specification Dual Interface Addenda
Expresspay Communication Layer
International Standard ISO 8583:1993, Financial Transaction Card Originated
Interchange Messages Interchange Message Specifications
International Standard ISO/IEC 7813, Identification Cards Financial Transaction
Cards (Track I and Track II Specifications)
American National Standards Institute ANSI X4.16, Financial Transaction Cards
Magnetic Stripe Encoding
American National Standards Institute ANSI X9.24, Asymmetric Techniques for the
Distribution of Symmetric Keys
EMVCo Payment Tokenization Specification - Technical Framework
_____________________
*USA and Canada only. For information on connectivity solutions in other global regions, contact your American Express
representative.
4 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
this page intentionally left blank
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 5
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
2.0 Implementation Planning
This section addresses the requirements and procedures needed for implementing authorization
software. This section includes the following:
2.1 Overview of Implementation Planning
2.2 Development Responsibilities
2.3 Development Steps
2.4 Hardware Requirements
2.5 Communications Options
2.6 Leased Lines
2.1 Overview of Implementation Planning
Merchants and authorized Third Party Processors who are interested in developing an
interface to American Express must first contact an American Express representative. The
American Express representative will discuss the business and basic technical issues
involved with authorization, and if necessary, financial submission.
Once the business issues and decisions have been resolved, an American Express
representative calls the Merchant and acts as the primary American Express contact
during all phases of development until the software is approved for production use.
The American Express representative arranges for a technical conference call that
includes members of the Merchant's technical staff and representatives of American
Express. Prior to the first call, Merchants should become familiar with the contents of this
document, as well as the following American Express documents:
American Express Global Codes & Information Guide
American Express Global Financial Submission Guide (if implementing both
authorization and submission)
American Express Network Communications Guide (MPLS & VPN)*
_____________________
* USA and Canada only. For information on connectivity solutions in other global regions, contact your American Express
representative.
6 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
2.1 Overview of Implementation Planning (continued)
During the technical conference call, Merchants may ask the American Express staff
detailed questions about hardware, communications protocol, and authorization service
options. The American Express technical staff and American Express representative will
provide detailed descriptions of processing options and message formats. The conference
concludes when the Merchant and American Express agree on the authorization service
options and interface requirements.
Following the initial conference calls, the American Express representative will arrange a
technical conference call to review, in detail, the authorization message format selected
by the Merchant.
2.2 Development Responsibilities
The following lists outline the basic installation responsibilities for both American Express
and the Merchant.
American Express provides the following services:
Allows scheduled access to American Express testing facilities.
Allows 24-hour access to the American Express Consolidated Data Network (CDN)
after the Merchant is approved for production activities.
Installs and maintains circuit modems for a leased line authorization link, for
qualified Merchants only. For more information, contact your American Express
representative.
The Merchant provides the following:
Develops or purchases credit authorization application and communications protocol
software.
Dedicates staff and computer resources to credit authorization software development
within the project schedule agreed upon by American Express and the Merchant.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 7
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
2.3 Development Steps
Most Merchants develop and implement their authorization software in these steps:
1. Participate in the technical conference call with American Express.
2. Receive and review the Business Requirements Document and Application Test Plan.
3. Develop authorization application and communications protocol software.
4. Test communications protocol with American Express. After protocol approval, test
the authorization application software as stated in the Application Test Plan.
5. Receive American Express approval for production processing.
2.4 Hardware Requirements
The requirements for the hardware used by the Merchant are dependent on the types of
products and services to be supported by the Merchant. For this reason, hardware
requirements are established during conversations with the American Express
representative.
2.5 Communications Options
For details, refer to the American Express Network Communications Guide (MPLS & VPN)*
2.6 Leased Lines
Merchants who wish to use a leased line must qualify by transaction volume. This
qualification is negotiated between the Merchant and the American Express
representative. Qualified Merchants who choose a leased line may either use online or
batch services.
The costs associated with using a leased line are contractually established between the
Merchant and American Express. Merchants using their leased line to obtain MasterCard
and VISA authorizations through the American Express authorizations system are assessed
a small fee per transaction.
_____________________
* USA and Canada only. For information on connectivity solutions in other global regions, contact your American Express
representative.
8 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
this page intentionally left blank
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 9
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
3.0 Card Acceptance Guidelines
American Express enables Merchants and Third Party Processors to obtain financial transaction
authorizations for the following:
American Express Cards
American Express-supported Network Cards
American Express Prepaid Cards
American Express Travelers Cheques
The Merchant or Third Party Processor must develop authorization software to enable the Merchant
to collect Point of Sale (POS) information in any manner chosen by the Merchant's development
team and also to submit that data to American Express in a format prescribed by this document.
American Express requires all Merchants and service providers, as part of their Card Acceptance or
servicing agreements, to adhere to the American Express Data Security Operating Policy (DSOP).
The policy requires Merchants to comply with the Payment Card Industry Security Standard to
process, store or transmit Cardmember payment information. More information on the American
Express DSOP and the PCI Data Security Standard can be found at
www.americanexpress.com/datasecurity.
Users of this specification are often classified by regions which allow data field requirements and
certification requirements to be applied to a specific region. When no country or region is listed for
a requirement it is assumed to be a global requirement for all regions otherwise, the requirement
applies to the countries and/or regions listed. The following acronyms are the recognized regional
definitions:
APA — Asia Pacific and Australia
Canada — Canada
EMEA — Europe, Middle East and Africa
LA/C — Latin America and Caribbean
USA — United States
For a complete list of regions and applicable countries, refer to the American Express Global Codes
& Information Guide.
10 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
3.0 Card Acceptance Guidelines (continued)
Data from the following data fields in approved Authorization Request (1100) and Authorization
Response (1110) messages should be retained by the Merchant since this information is required
for financial submission:
Note: Other data may also be required. For more information on data requirements for financial
submission, refer to the American Express Global Financial Submission Guide (GFSG).
Primary Account Number (PAN) Approval Code
Amount, Transaction Acquirer Reference Data (Transaction Identifier/TID)
Date and Time, Local Transaction
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 11
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
4.0 Guidelines for Using the GCAG ISO 8583 Message Formats
ISO 8583 standard provides for variable length messages that are bit map driven. A bit map
consists of a 64-bit string contained within an eight-byte data field. The data content of a message
is determined by the value (1) or (0) in a bit map data field. Each bit is associated with a unique data
field. If the data content for a data field is available, the bitmap position should be set to one (1)
and the respective data field should be sent. If the data content for a data field is not available, the
bitmap position should be set to zero (0) and the respective data field should not be sent.
Data fields can be either fixed-length or variable-length. The Variable Length Indicator (VLI)
indicates how many bytes of data will follow it. A length subfield or Variable Length Indicator (VLI)
precedes the variable length data subfields. The length of the VLI will be encoded in either two or
three character bytes. The length of the VLI is not included in the length of the variable data
subfield it describes.
For example:
LLVAR — When present with a variable length data field specification, this indicates that the data
field contains two subfields:
“LL” indicates the number of positions in the VLI, and the value in the VLI shows the length
of the variable-length data subfield that follows. The length may be 01 to 99 unless
otherwise restricted.
“VAR” is the variable length data subfield.
Example: A 27-byte data field with LLVAR indicates a VLI of 2 bytes with a maximum length of 25
bytes of variable data.
LLLVAR — When present with a variable length specification, this indicates that the data field
contains two subfields:
“LLL” indicates the number of positions in the variable-length data subfield that follows.
Length may be 001 to 999, unless otherwise restricted.
“VAR” is the variable length data subfield.
Example: A 503-byte data field with LLLVAR indicates a VLI of 3 bytes with a maximum length of
500 bytes of variable data.
12 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
4.0 Guidelines for Using the GCAG ISO 8583 Message Formats (continued)
Unless otherwise specified, all fixed-length numeric data fields should be right justified and
zero filled. Fixed-length alphanumeric data fields should be left justified and character
space filled. Binary data fields should be in eight-bit blocks that are left justified and zero
filled.
The message content must be configured in the EBCDIC character set unless otherwise
noted in the data field details.
The communications protocol must support Transparency, due to the presence of binary
data (e.g., bitmaps) that may be mistaken for communications control information.
Some data fields are not supported in this version of the American Express ISO 8583
interface. However, to allow all processes to consistently and accurately deal with all data
fields, all the attributes of all 64 data fields in the primary bit map are supplied beginning
on page 53 and must be allowed while developing the interface. This allows a message to
be sent even when it contains unsupported data. The data will not be processed by the
recipient nor returned to the sender, but the definitions allow each system to step past
unsupported data fields.
Some data fields of the message are required to process the message while others are not
required to process the message. Some data fields may be required in the response when
present in the request. Data field requirements are as follows:
Mandatory Data field and contents are required to process this message. Data field
must contain the appropriate text or numeric information as indicated.
Mandatory - Echo returned Data field is mandatory for processing this message; and whenever
included in an originating request message, it will be preserved and
returned in the response message without alteration.
Optional Data field and contents are not mandatory for processing the message, but
should be provided if available.
Optional - Echo returned Data field is optional for processing this message; and whenever included
in an originating request message, it will be preserved and returned in the
response message without alteration.
Conditional A data field may be conditional if it is only used in certain circumstances.
See Data Field Descriptions for specific details.
Conditional - Echo returned Data field is conditional for processing this message; and whenever
included in an originating request message, it will be preserved and
returned in the response message without alteration.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 13
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
4.0 Guidelines for Using the GCAG ISO 8583 Message Formats (continued)
When Track 1 and/or Track 2 data is read from a magnetic stripe, the Merchant, their devices,
systems, software, Vendors and Third Party Processors should capture all characters between the
start and end sentinels, strip off the sentinels and LRC, and forward the remainder to American
Express in the appropriate ISO 8583 Track 1 and/or Track 2 data field without regard to the specific
lengths referenced in these sections. For more information, refer to the American Express
Magnetic Stripe Formats in the American Express Global Codes & Information Guide.
Both Track 1 and Track 2 must be converted from ASCII to EBCDIC, and character spaces must not
be stripped. In addition, data must not be padded to standardize track lengths, and it must be
transmitted as read.
The Authorization Request (1100) message contains a data field that describes point-of-service
processing capabilities (Data Field 22). Merchants and Third Party Processors must ensure that
authorization data in Data Field 22 is accurate. Specifically, accuracy of Card Present, Cardholder
Present and Track Data Indicators can significantly affect message processing, decrease POS
disruptions and maximize customer satisfaction.
For more information, contact your American Express representative.
14 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
4.1 Variations in Messaging
No individual data field should exceed 290 bytes, except where specifically noted.
Messages transmitted to American Express must not exceed 900 bytes in total length.
For assistance in selecting optional data fields and determining the appropriate formats
and variable data field lengths to use, contact your American Express representative.
American Express reserves the right to modify data field parameters (e.g., changing Data
Field Type from numeric to alphanumeric, or vice-versa) to meet specific business and/or
internal data and system requirements.
American Express Card creation standards for magnetic stripe layouts may include
additional data undefined in currently published American Express implementations of
ANSI X4.16 and ISO 7813 formats. Magnetic stripe data fields in current use will not be
moved; however, discretionary or unused data fields may be redefined for use with future
American Express Card products. Therefore, the data field definitions referenced in the
American Express Magnetic Stripe and Expresspay Pseudo-Magnetic Stripe Formats are
for reference only and may not reflect all American Express Card variations that may be
encountered.
For additional information, refer to American Express Magnetic Stripe and Expresspay
Pseudo-Magnetic Stripe Formats in the American Express Global Codes & Information
Guide.
4.2 ISO 8583 Message Formats
American Express supports the International Organization for Standardization ISO 8583
format to exchange messages for authorizations.
4.2.1 Authorization Request/Response
1100 Message is used for Authorization Request messages
1110 Message is used for Authorization Response messages
Figure 1-1. ISO 8583 Authorization Message Exchange
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 15
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
4.2.1 Authorization Request/Response (continued)
Merchants use the Authorization Request (1100) message to transmit credit
authorization and/or Automated Address Verification (AAV) request messages
to American Express. American Express uses the Authorization Response (1110)
message to respond to a Merchant's Authorization Request (1100) message.
American Express places the credit analysis results for the request in the
Authorization Response (1110) message.
Merchant time-out values are determined during the technical conference call.
4.2.2 Reversal Advice Request/Response
1420 Message is used for Reversal Advice Request messages
1430 Message is used for Reversal Advice Response messages
Figure 1-2. ISO 8583 Reversal Advice Message Exchange
These messages are constructed as specified in the ISO 8583-1993 standard. If
your system supports a different version of ISO 8583, notify your American
Express representative.
The Reversal Advice Request (1420) message allows the acquiring source to
cancel the effects of a previous authorization transaction, completely. For more
information, see page 219.
16 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
4.2.3 Network Management Request/Response
1804 Message is used for Network Management Request messages
1814 Message is used for Network Management Response messages
Figure 1-3. ISO 8583 Administration/Network Message Exchange
Network management messages are used to control the system security and
operating condition of the interchange network and may be initiated by any
interchanging party.
The Network Management Request (1804) message allows for either dynamic
key exchange, an echo test or a signon/signoff request. When the Network
Management Request (1804) message is received, it should be responded to by
transmitting a Network Management Response (1814) message.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 17
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.0 Card Acceptance Supported Services
American Express offers the following services for the products it supports:
Online Authorizations — A Merchant who uses the online authorization service can
transmit an authorization request and receive an authorization response, all in one
individual session.
American Express OptBlue Program— The American Express OptBlue Program is a program
designed to increase acceptance of Cards among small Merchants by offering an integrated
service and pricing through certain eligible third party Acquirers and payment processing
companies.
Prepaid Card Authorizations — This service allows a Merchant to accept and process an
authorization request for American Express Prepaid Cards.
Chip Card Authorizations (ICC) — American Express issues cards that in addition to a
magnetic stripe, also contain an integrated chip that conforms to the industry EMV
specifications.
Recurring Billing and Standing Authorization — Recurring Billing transactions include
periodic billings for regularly scheduled charges while Standing Authorization allows a
Merchant to automatically charge a Cardmember’s American Express Card.
Batch Authorizations — A Merchant who uses the batch authorization service can
transmit authorization request files containing multiple authorization request
transactions periodically during a day or at the end of the business day. All
authorization response transactions are batched into files and returned.
Authorization Amount Adjustment — The Authorization Amount Adjustment can be used by
any Merchant, Third Party Processor or Vendors that supports Automated Fuel Dispensers.
This functionality allows for the release of held funds due to the actual sale amount being
less than the original authorized amount.
Digital Wallet Payments — This service allows Merchants to accept Digital Wallet
transactions which provide Cardmembers a quick and flexible way to pay in store and within
Mobile Applications (App) via various devices that Cardmembers frequently use.
Other Authorization Services — A Merchant may process other financial transaction cards,
as well as American Express Travelers Cheque authorizations.
18 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.1 Online Authorizations
The American Express online authorization process begins when a Cardmember uses the
American Express Card to purchase goods or services from a Merchant. The purchase could
occur at the physical location of the Merchant or remotely (e.g., a purchase through the
internet, by mail-order or by telephone-order).
If the purchase occurs at the Merchant's location, the card is either swiped so that the Point
of Sale terminal can read the magnetic stripe, inserted into a Chip Card capable terminal so
the card data can be read from the embedded chip, tapped against the contactless
interface, or manually keyed. If the purchase is made remotely, the Cardmember is required
to provide their Card data to the Merchant to obtain authorization.
Once the information is complete, the data is transmitted to American Express. There are
two services offered to Merchants who use online authorization:
Non-Referral Link
Referral Queue
5.1.1 Non-Referral Link
Non-Referral Link is the primary processing method used by most Merchants
that accept the American Express Card and transmit authorization requests to
American Express. Non-Referral Link allows an authorization to be processed
without electronically referring the request to an American Express-employee
Authorizer. When the electronic authorization request is transmitted to
American Express via a non-referral link, American Express evaluates various
information, which may include the Cardmember's spending, payment and
credit history and risk criteria associated with the transaction. If the request
passes this evaluation, the American Express authorization system approves the
request, and returns an “APPROVED” message and approval code to the
Merchant's system.
If the authorization request is not automatically approved, a message equivalent
to “DENY” or “PLEASE CALL” is returned to the Merchant's system. When a
Merchant receives a “PLEASE CALL” message, the POS Device Operator at the
establishment must call American Express and speak to an Authorizer, who will
verbally approve or deny the authorization request.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 19
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.1.1 Non-Referral Link (continued)
Figure 1-1. Non-Referral Link Processing
1. A POS Device Operator enters a transaction at the Merchant's system.
2. The Merchant's computer processes the transaction data and transmits an
authorization request message to American Express.
3. American Express receives and processes the request then sends a
response message to the Merchant's computer.
4. The Merchant's computer receives and processes the response message,
then displays the response on the Merchant's system.
5. If American Express approves the request, an “APPROVED” message and
an approval code are displayed at the Merchant's system.
If American Express declines the request, a message equivalent to “DENY”
is displayed at the Merchant's system.
If American Express cannot make a decision, a “PLEASE CALL” message is
displayed at the Merchant's system, and the POS Device Operator must
then call an American Express Authorizer, who will analyze the transaction
and verbally approve or deny the request.
20 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.1.2 Referral Queue
The referral queue option is available for both referral and non-referral
processing links. The referral queue system assigns a four-digit referral number
to each request that receives a “PLEASE CALL” authorization response, and
places the request in a queue. The referral queue number is then included in the
“PLEASE CALL” response message transmitted to the Merchant's system.
The POS Device Operator calls American Express and provides the referral
queue number. Based on the referral queue number, the call is transferred to the
assigned Authorizer, who reviews the information and either approves or denies
the transaction. This procedure eliminates the re-entry of transaction data
during the authorization call.
Illustrations of referral queue processing for non-referral links are shown on the
next few pages.
5.1.2.1 Referral Queue — Non-Referral Mode
Figure 1-2. Referral Queue for Non-Referral Mode
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 21
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.1.2.1 Referral Queue — Non-Referral Mode (continued)
1. A POS Device Operator enters a transaction at the Merchant's
system.
2. The Merchant's computer processes the transaction data and
transmits an authorization request message to American
Express.
3. American Express receives and processes the request then
sends a response message to the Merchant's computer.
4. The Merchant's computer receives and processes the response
message, then displays the response on the Merchant's system.
5. If American Express approves the request, an “APPROVED”
message and an approval code are displayed at the Merchant's
system.
6. If American Express declines the request, a message equivalent
to “DENY” is displayed at the Merchant’s system.
7. If American Express cannot make a decision, a “PLEASE CALL”
message is displayed at the Merchant’s system, and the POS
Device Operator must then call an American Express Authorizer,
who will analyze the transaction and verbally approve or deny
the request.
8. The POS Device Operator calls American Express and provides
the referral number. That number provides access to an
American Express Authorizer.
22 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.1.3 Referral Queue — Referral Mode
Figure 1-3. Referral Queue for Referral Mode
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 23
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.1.3 Referral Queue — Referral Mode (continued)
1. A POS Device Operator enters a transaction at the Merchant's system.
2. The Merchant's computer processes the transaction data and transmits an
authorization request message to American Express.
3. American Express receives and processes the request then sends a
response message to the Merchant's computer.
4. The Merchant's computer receives and processes the response message,
then displays the response on the Merchant's system.
5. If American Express approves the request, an “APPROVED” message and
an approval code are displayed at the Merchant's system.
6. If the Authorizer approves the request, an “APPROVED” response and an
approval code are transmitted to the Merchant's computer. That computer
processes the American Express response and sends the message to the
Merchant's system.
7. If the Authorizer does not approve the request automatically, a referral
number is assigned to the “PLEASE CALL” response message. The request
is placed in the referral queue for easy access by American Express
Authorizers.
8. The “PLEASE CALL” response message (with the referral number) is
transmitted to the Merchant's computer, and both “PLEASE CALL” and the
referral number are displayed on the Merchant's system.
9. The POS Device Operator calls American Express and provides the referral
number. That number provides access to an American Express Authorizer.
10. After examining the request, spending history and payment history of the
Cardmember, the Authorizer will verbally approve or deny the request.
5.2 American Express OptBlue® Program
The American Express OptBlue Program is designed to increase acceptance of Cards
among small Merchants by offering integrated service and pricing through certain eligible
third party Acquirers and payment processing companies. Program participants will be
eligible to provide a full one-stop servicing solution for American Express Card acceptance
to eligible small Merchants, including the flexibility to provide Merchants the benefit of a
single statement, one settlement process, and one contact for all the major Card brands.
For information on how to participate in the OptBlue program, contact your American
Express representative.
24 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.3 Prepaid Card Authorizations
The Prepaid Card Partial Authorization and Authorization with Balance Return features are
designed to help Merchants provide Card balance information to American Express Prepaid
Cardholders at the point of sale. The Authorization Request/Response messages are
exchanged to determine available funds to help the Merchant successfully complete
Prepaid Card transactions in a timely manner.
Partial Authorization and Authorization with Balance Return features only apply to Prepaid
Cards. Merchants who participate are not required to know which American Express
products are prepaid. American Express will return the specified information for
transactions that qualify otherwise, the responses will be the same as those they receive
today.
5.3.1 Partial Authorization
American Express strongly recommends Partial Authorization, because it
approves a request for the remaining balance rather than declining it when
there are insufficient funds to cover the original amount.
The Partial Authorization feature allows American Express to authorize a
transaction for an amount less than the original Merchant requested amount.
Partial Authorization is used in circumstances where the Prepaid Card has
insufficient funds to cover the original amount of the request. Rather than
receiving a denial message, the transaction will be approved for the remaining
balance of the Card. The Cardholder can then pay the Merchant the outstanding
amount of the transaction via another form of payment.
Data Field 24 (Function Code) of the Authorization Request (1100) message is
used to identify a Merchant that accepts partial authorizations. The approved
amount is returned in Data Field 4 (Amount, Transaction) of the Authorization
Response (1110) message. The original requested authorization amount is
returned in Data Field 30 (Amounts, Original); and the available amount
remaining on the Card (including a zero balance) may be returned in Data Field
54 (Amounts, Additional).
Merchants should develop internal instructions for using the Prepaid Card
Partial Authorization or Authorization with Balance Return features at their
point of sale. American Express will allow authorized Merchants that conform to
this specification and pass our certification tests to access the American
Express network to acquire Partial Authorization or Authorization with Balance
Return.
Third Party Processors must develop support for both Partial Authorization and
Authorization with Balance Return functionalities in order to provide the ability
for their Merchants to utilize either feature. Additional information may be
obtained from your American Express representative.
Balances may not be returned for some Prepaid Cards.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 25
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.3.2 Authorization with Balance Return
In addition, American Express offers the Authorization with Balance Return
feature.
The Authorization with Balance Return feature allows Merchants that choose
not to use the Partial Authorization feature to receive the Prepaid Card balance
on the Authorization Response (1110) message. Systems that do not support
split tender capability which is required for Partial Authorizations can receive a
response message containing the remaining balance (Authorization with
Balance Return), This enables the customer to submit a new request for an
amount less than or equal to the funds available or they can choose an alternate
form of payment for the transaction.
Data Field 24 (Function Code) of the Authorization Request (1100) message is
used to identify an Authorization with Balance Return request. The available
balance may be returned to the Merchant in Data Field 54 (Amounts, Additional)
in the Authorization Response (1110) message, even if the transaction is denied.
Transactions that are denied for insufficient funds can be resubmitted for an
amount equal to or less than the remaining balance provided in the
Authorization Response (1110) message.
Prepaid Card Balance Inquiry may also be performed utilizing either the Partial
Authorization or the Authorization with Balance Return feature. This can be
done by simply entering an amount of zero in the Data Field 4 (Amount,
Transaction). The transaction will be approved, and the available balance is
returned in Data Field 54 (Amounts, Additional). A new authorization request
can then be created for an amount equal to or less than the remaining balance.
Balances may not be returned for some Prepaid Cards.
26 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.4 Chip Card Authorizations
Two types of Chip Cards are issued by American Express, Contact (AEIPS) and Contactless
(Expresspay):
AEIPS A Contact Chip Card is physically inserted into a Card Reader to enable it
to communicate with the Terminal. The American Express contact solution is called
AEIPS (American Express ICC Payment Specifications).
Expresspay A Contactless Chip Card uses radio frequency technology to
communicate with the Terminal, and the card does not need to be inserted into a
reader. Contactless transactions are typically faster than Contact transactions. The
American Express contactless solution is called Expresspay.
In order to submit transactions from American Express Chip Cards for authorization and
submission, the Merchant, authorized Third Party Processor or Vendor must submit data to
American Express in the formats prescribed by the GCAG ISO and the American Express
Global Financial Submission Guide.
Note: American Express requires chip card accepting devices to be approved by EMVCo.
EMVCo approval can be obtained at an EMVCo approved laboratory. Further details can be
obtained from the EMVCo website (www.emvco.com) or from your local American Express
representative.
5.4.1 AEIPS
In an AEIPS transaction, the Card is inserted into the Card Reader in the
terminal; and the Card data is read directly from the chip. Transaction data is
created and populated in Data Field 55 (Integrated Circuit Card System Related
Data) - special certification is required. For more information on the breakdown
of Data Field 55, see page 138.
American Express mandates that in addition to populating Data Field 55, AEIPS
transactions must include Data Field 35 (Track 2 Data).
For terminals that are EMV-enabled but not yet certified or for terminals that are
EMV-enabled for other payment brands but not yet for American Express
(AEIPS), transactions must be processed using any of the other non-EMV
methods.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 27
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.4.1 AEIPS (continued)
When submitting AEIPS transactions, Data Field 22 (Point of Service Data Code)
must be populated based on acquiring method and adhere to the following
guidelines:
Position 1: Card Data Input Capability - Transactions must not be
processed using value 5 (Integrated Circuit Card - ICC) unless the terminal
and link are certified by American Express for EMV processing.
Position 7: Card Data Input Mode -
o Transactions must not be processed using value 5 (Integrated
Circuit Card - ICC) unless the terminal and link are certified by
American Express for EMV processing.
o Transactions must not be processed using value 9 (Technical
Fallback) unless the terminal and link are certified by American
Express for EMV processing and used to indicate a fallback
transaction.
Position 9: Cardmember Authentication Entity- Transactions must not be
processed using value 1 (Integrated Circuit Card - ICC) unless the terminal
and link are certified by American Express for EMV processing.
Position: 10: Card Data Output Capability - Transactions must not be
processed using value 3 (Integrated Circuit Card - ICC) unless the terminal
and link are certified by American Express for EMV processing.
28 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.4.2 Expresspay
In an Expresspay transaction, the data is passed between the chip and the
terminal using Radio Frequency (RF) technology. Expresspay has two different
modes in which the Card and Terminal can operate:
Expresspay EMV Mode - This mode of operation is designed for those
Issuers and Acquirers that support EMV data in the authorization
messages. EMV capable terminals support both EMV and Magstripe
Modes.
Expresspay Magstripe Mode- This mode of operation is designed for both
Issuers who can accept EMV data as well as Issuers and Acquirers who
have not implemented EMV acceptance. Magstripe capable terminals only
support Magstripe Mode.
If supporting Expresspay, Merchants, authorized Third Party Processors and
Vendors must support EMV and Magstripe Mode including the Expresspay
Pseudo-Magnetic Stripe Format. It is mandatory for all Third Party Processors
and Vendors to certify they can pass Expresspay data. Refer to Expresspay
Pseudo-Magnetic Stripe Formats in the American Express Global Codes &
Information Guide.
In order to submit transactions from Expresspay Cards for authorization and
submission, the Merchant, authorized Third Party Processor or Vendors must
submit data to American Express in the formats prescribed by the GCAG ISO and
the American Express Global Financial Submission Guide.
Expresspay Requirements
Notes:
1. Expresspay transactions must originate at a contactless reader and cannot be manually keyed.
2. It is important to note that pseudo-magnetic stripe data from a chip card contactless reader differs
slightly from track data obtained from a magnetic stripe read. For this reason, when Magstripe-Capable
Terminals, Track 1 and/or Track 2 pseudo-magnetic stripe data is supplied intact, the start and end
sentinels should be stripped off; and all remaining characters between the sentinels (including the
Interchange Designator and Service Code) should be forwarded to American Express without
alteration, in the appropriate ISO 8583 Track 1 and/or Track 2 data field (Data Fields 45 and/or 35,
respectively). For complete lists of allowable Interchange Designator/Service Code combinations, refer
to the American Express Global Codes & Information Guide.
Magstripe Capable Terminals EMV Capable Terminals
Track 1 (Data Field 45) and/or Track 2 (Data
Field 35) must be present. For information on
Expresspay Pseudo-Magnetic Stripe Formats,
refer to the American Express Global Codes
& Information Guide.
ICC System Related Data (Data Field 55) must
be present.
Track 2 Data (Data Field 35)
POS Data Code (Data Field 22)
o Position 6 = “X
(Contactless transactions,
including American Express
Expresspay)
o Position 7= “2” (Magnetic
stripe read; Track 1 and/or
Track 2) or “W” (Swiped
transaction with keyed
CID/4DBC/4CSC)
POS Data Code (Data Field 22)
o Position 6 = “X” (Contactless transactions,
including American Express Expresspay)
o Position 7 = “5” (Integrated Circuit Card
[ICC]; EMV and Track 2 data captured from
chip)
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 29
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.4.2.1 Expresspay Transit Transactions at Transit Access
Terminals
The American Express Expresspay Transit solution will supplement
existing American Express Network functionality to meet the transit
industry's need for high speed, low risk transactions. The resulting
service enables the customer to experience American Express
acceptance at a transit fare gate like any other retail Merchant's
contactless POS terminal.
Technical coding components of Expresspay Transit transactions at
Transit Access Terminals (TAT) include:
1. Data Field 26 -Card Acceptor Business Codes (Merchant
Category Code)
One of the five transit specific Card Acceptor Business Codes
(Merchant Category Code) must be populated for Transit - TAT
transactions:
4111 - Local and Suburban Commuter Passenger
Transportation, including Ferries
4112 - Passenger Railways
4131 - Bus Lines
4784 - Tolls and Bridge Fees
7523 - Parking Lots and Garages
2. Data Field 22 - Point of Service Data Code
In the Authorization Request (1100) message - Position
4, Value Z for Transit Access Terminal - TAT must be populated
for Transit -TAT transactions.
3. Data Field 24 - Function Code
There are several Function Codes available for Transit -TAT
transactions.
Function Code 190 = Account Status Check
Used when requesting a check on the Cardmember's
account for viability.
The outcome of the request will be an Action Code
provided in Data Field 39 of the Authorization Response
(1110) message.
Function Code 191 = ATC Synchronization
Used to indicate an Application Transaction Counter
(ATC) value is being provided to the Issuer.
The outcome of the request will be an Action Code
provided in Data Field 39 of the Authorization Response
(1110) message.
30 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.4.2.1 Expresspay Transit Transactions at Transit Access
Terminals (continued)
Function Code 194 = Expresspay Translation (PAN request)
Used to indicate that the Primary Account Number (PAN)
associated with an Expresspay-enabled card is being
requested from the Issuer.
The response will be provided in Data Field 34 -
Primary Account Number, Extended in the Authorization
Response (1110) message.
Function Code 196 = Expresspay Translation (PAN and
Expiration Date request)
Used to indicate the Primary Account Number (PAN)
and Expiration Date associated with an
Expresspay-enabled card/device is being requested
from the Merchant.
The response will be provided in Data Field 34 -
Primary Account Number, Extended in the Authorization
Response (1110) message.
4. Data Field 34 - Primary Account Number, Extended in the
Authorization Response (1110) message.
5.5 Recurring Billing and Standing Authorization
Recurring Billing transactions include periodic billings such as membership fees to health
clubs, magazine subscriptions, insurance premiums and other regularly scheduled
charges. These transactions are typically requested the same time every month for the
same dollar amount.
Standing Authorization allows a Merchant to automatically charge a Cardmember’s
American Express Card, when the Cardmember’s billing information is on file, and goods
have been delivered/ or services have been rendered. Billing frequency and amount can be
variable (e.g., travel, car rental, lodging, frequent customer, etc.).
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 31
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.6 Batch Authorizations
The American Express Batch Authorization System accepts and processes files containing
multiple authorization transactions; and the structure, content and format of batch
Authorization Request (1100) messages are detailed in this specification. All Authorization
Request (1100) message files submitted for batch processing must contain valid, properly
constructed, Authorization Request (1100) message records.
The American Express batch authorization process begins when a Cardmember uses the
American Express Card to purchase goods or services from a Merchant. The Merchant's
point of sale (POS) operator enters purchase information into the POS device. This may or
may not include keyboard entry of Cardmember account information and/or swiping the
Card so that the POS device can read data stored in the magnetic stripe. More information
on the American Express Data Security Operating Policy (DSOP) and the PCI Data Security
Standard can be found at www.americanexpress.com/datasecurity.
Upon completion of data entry (which may occur periodically during the workday, or at the
end of shift or business day), information accumulated from numerous transactions is
transmitted to American Express in a file. The American Express Batch Authorization
processor manages the exchange of request and response transactions between
Merchant's system and American Express. Once processing of a file is completed, the
Merchant retrieves the response batch file from American Express.
Message format errors or communication problems between Merchant and/or Authorized
Third Party Processor systems and the American Express Batch Authorization System, may
result in original, authorization request messages being returned in batch authorization
response files.
Therefore, when processing responses from American Express, Merchant and/or Authorized
Third Party Processor systems must recognize and separate original authorization requests,
for retransmission (in a new batch authorization request file) or voice authorization.
Important Note: The Internet Direct IP Payments Gateway does not support the American
Express Batch Authorization process. For more information, contact your American Express
representative.
32 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.6.1 Message Separation
ISO 8583 messages are variable length and contain a combination of binary and
character-encoded (primarily EBCDIC) text and numeric values. As a result, an
ISO 8583 message must be treated as a stream of bytes in a file, rather than
sequences of characters. Also, the binary data in some data fields makes it
impractical to use end-of-record terminator characters as delimiters to separate
sequential records in the stream of data that comprises a file. However, the last
two bytes of a fixed length file layout, Authorization Request (1100) message
are reserved and echo returned as the last two bytes in the corresponding
Authorization Response (1110) message; and these two characters may be used
as Merchant-specified, end-of-line (EOL) terminators, if necessary. For more
information, see page 36.
American Express utilizes a Message Length Indicator (MLI), transmitted as a
prefix to each individual authorization request, to specify the exact message
length. The MLI is not part of the ISO 8583 Authorization Request (1100)
message defined in this specification. Instead, it is considered part of the
communication/transport mechanism.
The Message Length Indicator (MLI) is a two-byte, unsigned, short integer in
binary, network short/ big-endian format (i.e., most significant byte, followed by
least significant byte), which reflects the combined length of the two-byte MLI
and the individual Authorization Request (1100) message that immediately
follows.
Figure 1-4. Message Length Indicator & ISO 8583 Authorization
Messages in the batch response file are similarly formatted and contain a
two-byte MLI that indicates the combined length of the MLI and the
Authorization Response (1110) message.
MLI ISO 8583 Authorization Request (1100) Message
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 33
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.6.2 Supported File Layouts
The American Express Batch Authorization System supports two file layout
formats:
Variable Length Format
Fixed Length Format
During certification, Merchants must indicate which format they wish to use,
and once certified, all files must be submitted in that format. Merchants
wishing to change formats must recertify. American Express uses the same
format for a batch response file as was used for the corresponding batch
request file.
For both layouts, the Batch Authorization System uses the MLI to determine
actual message length.
The following table contains sample message data that appears on the
following pages in both variable- and fixed-length formats. Note that ISO 8583
defines some data fields as variable length, with data in these data fields
preceded by a Variable Length Indicator (VLI), in much the same manner as each
message is preceded by an MLI. For this reason, individual message length
varies in actual production files.
Figure 5-5. Authorization Request Sample Data
_____________________
* This data field contains the Cardmember Account Number, preceded by a two-digit, Variable Length Indicator (VLI). The VLI
must indicate the exact length of the account number, and no additional characters should be added to this data field.
Data
Field
Name
Required
Data Field
Length
Sample Data
Hex Value
MESSAGE TYPE IDENTIFIER M 4 bytes, fixed 1100 F1 F1 F0 F0
BIT MAP M 8 bytes, 64 bits 703425C000408000 70 34 25 C0 00 40 80 00
2 PRIMARY ACCOUNT NUMBER (PAN) M 21 bytes, LLVAR 370012345612345 F1 F5 F3 F7 F0 F0 F1 F2
F3 F4 F5 F6 F1 F2 F3 F4
F5*
3 PROCESSING CODE M 6 bytes, fixed 004000 F0 F0 F4 F0 F0 F0
4 AMOUNT, TRANSACTION M 12 bytes, fixed 000000000100 F0 F0 F0 F0 F0 F0 F0 F0
F0 F1 F0 F0
11 SYSTEMS TRACE AUDIT NUMBER M 6 bytes, fixed 000001 F0 F0 F0 F0 F0 F1
12 DATE AND TIME, LOCAL TRANSACTION M 12 bytes, fixed 090100000000 F0 F9 F0 F1 F0 F0 F0 F0
F0 F0 F0 F0
14 DATE, EXPIRATION M 4 bytes, fixed 1301 F1 F3 F0 F1
19 COUNTRY CODE, ACQUIRING
INSTITUTION
M 3 bytes, fixed 840 F8 F4 F0
22 POINT OF SERVICE DATA CODE M 12 bytes, fixed 101150600120 F1 F0 F1 F1 F5 F0 F6 F0
F0 F1 F2 F0
34 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.6.2 Supported File Layouts (continued)
.
Figure 1-5. Authorization Request Sample Data (continued)
Note: Sample data in the preceding table and the following examples show
values in hexadecimal notation for illustration purposes only. Actual batch
authorization messages are transmitted as raw binary data. Total length of
sample data is 113 bytes.
5.6.2.1 Variable Length Layout
The variable length file layout is preferred for batch authorization
files. Variable length files have no padding, nor end-of-record
terminators; and, as a result, they are smaller than fixed length files
that transport the same data.
The Message Length Indicator (MLI) is used in exactly the same
manner in both the variable and fixed length file layouts, and the MLI
indicates the combined length of the MLI and the variable data that
comprises the actual Authorization Request (1100) message.
Variable Length Layout (113 bytes to 122 bytes, Variable Message
Length)
Figure 1-6. Variable Length Layout
Message 1 is composed of a two-byte MLI preceding a 113-byte
Authorization Request (1100) message. The MLI value is “115” (“00
73", hex).
_____________________
* “1234” is sample data only. Actual Message Reason Code is provided during Merchant certification.
Data
Field
Name
Required
Data Field
Length
Sample Data
Hex Value
24 FUNCTION CODE O 3 bytes, fixed 180 F1 F8 F0
25 MESSAGE REASON CODE M 4 bytes, fixed 1234* F1 F2 F3 F4
26 CARD ACCEPTOR BUSINESS CODE M 4 bytes, fixed 5399 F5 F3 F9 F9
42 CARD ACCEPTOR IDENTIFICATION CODE M 15 bytes, fixed 12345678 F0 F0 F0 F0 F0 F0 F0 F1
F2 F3 F4 F5 F6 F7 F8
49 CURRENCY CODE, TRANSACTION M 3 bytes, fixed 840 F8 F4 F0
Message 1 MLI (2 bytes) Authorization Request (1100) Message (113 bytes)
Message 2 MLI (2 bytes) Authorization Request (1100) Message (120 bytes)
Message 3 MLI (2 bytes) Authorization Request (1100) Message (115 bytes)
Message 4 MLI (2 bytes) Authorization Request (1100) Message (110 bytes)
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 35
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.6.2.1 Variable Length Layout (continued)
Message 2 is 120 bytes in length. The MLI is “122” (“00 7A”, hex).
00 73 F1 F1 F0 F0 70 34 25 C0 00 40 80 00 F1 F5 F3 F7 F0 F0 F1 F2
F3 F4 F5 F6 F1 F2 F3 F4 F5 F0 F0 F4 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0
F0 F0 F1 F0 F0 F0 F0 F0 F0 F0 F1 F0 F9 F0 F1 F0 F0 F0 F0 F0 F0 F0
F0 F1 F3 F0 F1 F8 F4 F0 F1 F0 F1 F1 F5 F0 F6 F0 F0 F1 F2 F0 F1 F8
F0 F1 F9 F0 F0 F5 F3 F9 F9 F1 F2 F3 F4 F5 F6 F7 F8 40 40 40 40 40
40 40 F8 F4 F0 00 7A F1 F1 F0 F0 70 30 25 40 00 40 80 00 F1 F5 F3
F7 F0 F0 F1 F2 F3 F4 F5 F6 F1 F2 F3 F4 F5 ...
Figure 1-7. Sample Data in Variable Length Format
In the example above:
Message 2 is shown in shaded text.
There is no padding, nor end-of-record terminator, between
messages.
36 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.6.2.2 Fixed Length Layout
The fixed length file layout may be used by Merchants who utilize
record-based file systems (e.g., a mainframe computer). In addition,
Merchants who have difficulty creating files that conform to variable
length file layout requirements may also use this alternate format.
However, during certification, those Merchants must specify the
fixed record length they will use (see 150-byte example in Figure
5-8). A subsequent change to this fixed record length requires
recertification.
The Message Length Indicator (MLI) is used in exactly the same
manner in both the fixed and variable length file layouts, and the MLI
indicates the combined length of the MLI and the variable message
data that comprises the actual Authorization Request (1100)
message without padding.
The fixed length file layout requires that messages of different
lengths each be padded to the merchant-specified, fixed record
length using EBCDIC character spaces (0x40). In addition, the fixed
record length must be at least four bytes longer than the maximum
message length that will populate the file, to allow for the two-byte
MLI, plus two-bytes for padding or an end-of-line (EOL) terminator.
When calculating maximum message length, the combined lengths
of all fixed-length data fields and maximum lengths of all
variable-length data fields used in a message must be accounted for.
In Figure 5-8, the fixed record length is 150 bytes, which means that
the maximum message length used to populate a file must not
exceed 146 bytes.
The last two bytes of a fixed length request record are reserved and
echo returned as the last two bytes in the corresponding response.
These two characters must be present; and they may be a
Merchant-specified EOL terminator or padded spaces if an EOL
terminator is not used. Typical EOL values may include the following:
•“0D 0A” hex ("EOL", Windows character set)
•“20 0A” hex ("Space/EOL", Unix character set)
•“40 25” hex ("Space/EOL", EBCDIC character set)
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 37
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.6.2.2 Fixed Length Layout (continued)
Fixed Length Layout (150 Bytes, Fixed Record Length)
Figure 1-8. Fixed Length Layout
Message 1 is composed of a two-byte MLI preceding a 113-byte
Authorization Request (1100) message. The MLI value is “115” (“00
73”, hex).
Message 2 is 120 bytes in length. The MLI is “122” (“00 7A”, hex).
00 73 F1 F1 F0 F0 70 34 25 C0 00 40 80 00 F1 F5 F3 F7 F0 F0 F1 F2
F3 F4 F5 F6 F1 F2 F3 F4 F5 F0 F0 F4 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0
F0 F0 F1 F0 F0 F0 F0 F0 F0 F0 F1 F0 F9 F0 F1 F0 F0 F0 F0 F0 F0 F0
F0 F1 F3 F0 F1 F8 F4 F0 F1 F0 F1 F1 F5 F0 F6 F0 F0 F1 F2 F0 F1 F8
F0 F1 F9 F0 F0 F5 F3 F9 F9 F1 F2 F3 F4 F5 F6 F7 F8 40 40 40 40 40
40 40 F8 F4 F0 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 00 7A F1 F1
F0 F0 70 30 25 40 00 40 80 00 F1 F5 F3 F7 F0 F0 F1 F2 F3 F4 F5 F6
F1 F2 F3 F4 F5 ...
Figure 1-9. Sample Data in Fixed Length Format, without EOL Terminator
In the example above:
The file is composed of variable length messages, each padded to
exactly 150-bytes.
Message 2 is shown in shaded text.
A minimum of two padded spaces (shown in reversed text) are
used between messages in lieu of an EOL terminator.
Message 1 MLI (2 bytes) Authorization Request (1100) Message (113 bytes) Padding (33 bytes) Padding/EOL (2 bytes)
Message 2 MLI (2 bytes) Authorization Request (1100) Message (120 bytes) Padding (26 bytes) Padding/EOL (2 bytes)
Message 3 MLI (2 bytes) Authorization Request (1100) Message (115 bytes) Padding (31 bytes) Padding/EOL (2 bytes)
Message 4 MLI (2 bytes) Authorization Request (1100) Message (110 bytes) Padding (36 bytes) Padding/EOL (2 bytes)
38 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.6.2.2 Fixed Length Layout (continued)
00 73 F1 F1 F0 F0 70 34 25 C0 00 40 80 00 F1 F5 F3 F7 F0 F0 F1 F2
F3 F4 F5 F6 F1 F2 F3 F4 F5 F0 F0 F4 F0 F0 F0 F0 F0 F0 F0 F0 F0 F0
F0 F0 F1 F0 F0 F0 F0 F0 F0 F0 F1 F0 F9 F0 F1 F0 F0 F0 F0 F0 F0 F0
F0 F1 F3 F0 F1 F8 F4 F0 F1 F0 F1 F1 F5 F0 F6 F0 F0 F1 F2 F0 F1 F8
F0 F1 F9 F0 F0 F5 F3 F9 F9 F1 F2 F3 F4 F5 F6 F7 F8 40 40 40 40 40
40 40 F8 F4 F0 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40
40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 0D 0A 00 7A F1 F1
F0 F0 70 30 25 40 00 40 80 00 F1 F5 F3 F7 F0 F0 F1 F2 F3 F4 F5 F6
F1 F2 F3 F4 F5 ...
Figure 1-10. Sample Data in Fixed Length Format, with EOL Terminator
In the example above:
The file is composed of variable length messages, each
padded to exactly 150-bytes.
Message 2 is shown in shaded text.
An EOL terminator (shown in reversed text) is used
between messages.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 39
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.7 Authorization Amount Adjustment
The authorization amount adjustment is designed to release funds held when the actual
sale amount is less than the original amount authorized. This ISO 8583 message can be
leveraged by Merchants to advise American Express of the exact amount of the completed
sale. The Authorization Adjustment will release the difference between the original amount
authorized and the final sale amount to the Cardmember’s available credit or “open to buy”.
Merchants must only send an adjustment advice if the final sale amount is less than the
original, approved authorized amount.
This is an optional message format, but American Express strongly recommends its use.
The authorization amount adjustment applies to any Merchant, Third Party Processor or
Vendor that supports Automated Fuel Dispensers. For details on specific authorization
amount adjustment requirements, contact your American Express representative and
request the American Express Global Credit Authorization Guide ISO 8583:1993 (Version 1)
Authorization Adjustment Addendum (AAA).
5.8 Digital Wallet Payments
Digital Wallet functionality allows for the processing of transactions initiated through the
use of Mobile Apps or Digital Wallets found on Cardmember devices. Digital Wallet
transactions can occur in store or through In-App transactions initiated in any location. All
Digital Wallet transactions must be identified through the correct use of the Point of
Service Data Codes in order to process properly.
5.8.1 In-Store Digital Wallet Transactions
In-Store Digital Wallet Transactions are considered Card Present and can be
Contactless or Magnetic Secure Transmission (MST).
Contactless Near Field Communications (NFC) Transactions — The
Mobile NFC capable device completes a Card Present charge by tapping
the device in close proximity to a Contactless NFC enabled POS system.
Technical coding components of Contactless NFC transactions utilizing
Payment Tokenization include:
Data Field 22 - Point of Service Data Code Values
- Position 6 - Card Present must be X
(Contactless transactions, including American Express Expresspay)
- Position 7 - Card Data Input Mode, must be one of the following:
o Value 2 (Magnetic stripe read; Track 1 and /or Track 2)
o Value 5 (Integrated Circuit Card [ICC], EMV and Track 2 data
captured from chip)
o Value W (Swiped transaction with keyed CID/4CSC)
40 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
5.8.1 In-Store Digital Wallet Transactions (continued)
Magnetic Secure Transmission (MST) Transactions — The Mobile
NFC and MST capable device completes a Card Present charge by tapping
the device in close proximity to a Magnetic Swipe enabled POS device.
MST can be utilized at almost any POS capable of accepting Magnetic
Stripe. The Point of Service Data Code should reflect an MST transaction
in the same manner as a typical Magnetic Stripe transaction.
5.8.2 In-App Transactions
The Cardmember initiates a Card Not Present charge using a software
application loaded onto their mobile device. In-App transactions utilize Payment
Tokenization and must be coded accordingly. Technical coding components of In-
App transactions utilizing Payment Tokenization include:
Authorization Request (1100) Message
1. Data Field 22 - Point of Service Data Code Values
Position 6 - Card Present must be Z (Digital Wallet - application initiated
(including application initiated Payment Token)) transactions
Position 7 - Card Data Input Mode, must be 5 (Integrated Circuit Card [ICC])
2. Data Field 60 - National Use Data
3. Data Field 61 - National Use Data
Authorization Response (1110) Message
Data Field 34 - Primary Account Number, Extended
For further information on Payment Tokenization see Section 6.1 Payment Token
Transactions.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 41
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
5.9 Other Authorization Services
American Express offers its Merchants authorization services for products other than
American Express Cards. Those services are:
American Express Travelers Cheque verifications
Non-American Express card authorizations
5.9.1 American Express Travelers Cheque Verifications
American Express Travelers Cheques can be verified through the American
Express system to ensure that the Travelers Cheque is not lost or stolen.
5.9.2 Non-American Express Card Authorizations
American Express will forward MasterCard, VISA, Diners Club and JCB
transactions to the appropriate Issuer for authorization and return the response
from the Issuer to the Merchant's system at the establishment.
Authorized Third Party Processors are specifically excluded from this function.
Merchants must notify American Express of their intent to implement this
function before it is used, as transaction data for non-American Express
supported bankcards are normally rejected upon receipt. In addition, American
Express cannot guarantee bankcard interchange compliance. For more
information, contact your American Express representative.
Limited processing instructions for non-American Express-supported bankcards
are included in this guide. This information is provided for Merchants routing
transactions via American Express during bankcard network outages and is not
intended as an alternative path for traditional bankcard transaction processing.
42 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
this page intentionally left blank
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 43
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
6.0 Fraud Prevention Services
A Merchant may send key data fields with the authorization request that can help prevent fraud at
the point of authorization. Some of these services include Payment Token, Verification Services and
Electronic Verification Services.
6.1 Payment Token Transactions
All Payment Token transactions must be identified through the correct use of Point of
Service Data Codes in order to process properly.
Payment Tokens - Contactless1 transactions:
Position 6 - Card Present must be X (Contactless transactions, including American
Express Expresspay)
Position 7 - Card Data Input Mode, must be one of the following:
o Value 2 (Magnetic stripe read; Track 1 and/or Track 2)
o Value 5 (Integrated Circuit Card [ICC], EMV and Track 2 data captured from chip)
o Value W (Swiped transaction with keyed CID/4DBC/4CSC)
Payment Tokens - Application Initiated transactions / Digital Wallet - application
initiated (including application initiated Payment Token) transactions:
Position 6 - Card Present, must be Z (Digital Wallet - application initiated (including
application initiated Payment Token)) transactions2
Position 7 - Card Data Input Mode, must be 5 (Integrated Circuit Card [ICC])
Payment Tokens - Card on File/Recurring Billing:
Position 5 - Cardholder Present, must be either:
o Value 4 (Cardmember not present, standing authorization) or
o Value 9 (Cardmember not present, recurring billing)
Position 6 - Card Present, must be 0 (Card not present)
_____________________
1 Contactless transaction processing remains unchanged, utilizing track data and the existing authorization process. There are no
Merchant or Third Party Processor changes for Contactless.
2 If populated with value “Z”, Data Field 61, National Use Data, is required.
44 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
6.2 Verification Services
American Express offers a number of tools by which Merchants can electronically verify
information in the authorization process for Card Present and Card Not Present
transactions. These tools enable comparison of customer provided data with Cardmember
information on file with the Issuer. American Express recommends these verification tools
be used simultaneously with other fraud mitigation tools such as Enhanced Authorization
in multiple layers to help a Merchant mitigate the risk of fraud. These tools are not a
guarantee that the transaction is in fact bona fide, or that the Merchant will not be subject
to a Chargeback. For policy questions regarding transaction processing, refer to one or
more of the following:
American Express Merchant Regulations - U.S.
Canada Merchant Operating Manual (MOM)
Local market Terms of Conditions or Contracts for those markets outside of the
U.S. and Canada
6.2.1 Enhanced Authorization
The Enhanced Authorization tool helps mitigate fraud before a transaction is
authorized by analyzing key transaction data fields submitted with authorization
requests. When these additional data fields are included in authorization
requests, the Issuer can make a more thorough risk assessment, enabling a
more informed authorization decision.
Merchants may already capture Enhanced Authorization data fields and other
Card information as part of the ordering process. While sending all data fields is
the most effective use of Enhanced Authorization, any additional data fields can
provide a more informed authorization response.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 45
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
6.2.1 Enhanced Authorization (continued)
Enhanced data fields may include:
Data Type Data Element Supported Location
Internet Data IP address
Email address
Product SKU (Stock Keeping Unit)
ITD format, Data Field 47
Phone Data Order telephone number 205-byte format, Data Field 63
Airline Data Passenger Name
Origin airport
Destination airport
Travel date
• Routing
Class of service/Fare
Basis
Number of passengers
Airline carrier codes
Email address
IP address
IAC format, Data Field 47
Shipping Data Ship-to address
Postal code
Country code
Telephone number
First and last name
Shipping method
205-byte format, Data Field 63
Goods Sold Data Gift Cards in Card Present transactions Goods Sold format, Data Field 47
46 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
6.3 Electronic Verification Services
The Electronic Verification Services supported include the following:
Card Identification (CID) Verification
Automated Address Verification (AAV)
ZIP Code Verification
Telephone Number Verification
Email Address Verification
6.3.1 Card Identifier (CID) Verification
The Card Identifier (CID; a.k.a., 4DBC or 4CSC) Verification tool helps mitigate
fraud on keyed and swiped transactions. The CID number is associated with
each individual Card. Merchants request the four-digit CID printed on the Card
from the Cardmember at the time of purchase and then submit the CID with the
Authorization request. Verification of the CID is one method to authenticate
whether an individual making a purchase has possession of the Card.
The CID is a four-digit, (flat) number that is printed on every American Express
Card. The CID is usually located above the Cardmember Account Number on the
face of the Card. In each of the following illustrations of American Express Card
products, the CID is circled. For details on CID/ 4DBC/4CSC entry in the
Authorization Request (1100) message, see page 135. See also, related topics
on pages 82 and 194.
For more information on American Express Keyed CID/4DBC/4CSC, contact your
American Express representative.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 47
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
6.3.2 Automated Address Verification (AAV)
The Automated Address Verification tool compares the name, street address,
and Zip Code provided by the customer with the Cardmember's information on
file with the Issuer.
Merchants, especially those operating in a Card Not Present environment (e.g.,
mail-order, telephone-order and Internet), use Automated Address Verification
(AAV) to evaluate Cardmember identity by comparing information provided by
the customer at the point of sale with Cardmember information on file with the
Issuer.
Merchants use the Authorization Request (1100) message to transmit an
independent AAV request, or a combination authorization/AAV request. To use
AAV, a Merchant transmits a Cardmember's name as it appears on the Card,
street address, and/or postal code for Issuer verification.
Issuer systems compare the information provided by the Merchant with
Cardmember data listed in the card Issuer's records, and transmit a response in
Data Field 44, Additional Response Data, of the Authorization Response (1110)
message, indicating if all information is valid or if the Cardmember name,
address, and/or postal code do not match. American Express does not return
Cardmember data to the Merchant.
American Express encourages Merchants who physically deliver merchandise to
include Ship-to address information as part of Enhanced Authorization tool (EA),
which is available in the 205-byte version of Data Field 63 of the Authorization
Request (1100) message.
AAV Response Data
Merchants certified for AAV must use Data Field 63, Private Use Data, in the
Authorization Request (1100) message. After processing, American Express
returns the AAV Response Code in Data Field 44, Additional Response Data, or
Data Field 62, Private Use Data, of the corresponding Authorization Response
(1110) message. For more information, see pages 158, 198 and 212.
6.3.3 ZIP Code Verification
In the United States, the ZIP Code Verification tool is part of Automated Address
Verification (AAV). It compares the ZIP Code provided by the Cardmember with
the ZIP Code on file with the Issuer. The Cardmember is prompted to enter the
ZIP Code at the point of sale.
Care should be taken when implementing this feature, because postal codes are
not associated with all American Express Card numbers. One example of an
American Express Card with no associated address would be a non-personalized
American Express Prepaid Card. Improper Automated Address Verification
programming can disrupt POS authorizations; for example, when no postal code
is on file.
48 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
6.3.3 ZIP Code Verification (continued)
ZIP Code Response Data
Merchants certified for ZIP Code verification must use Data Field 63, Private Use
Data, in the Authorization Request (1100) message. After processing, American
Express returns the ZIP Code Response Code in Data Field 44, Additional
Response Data, or Data Field 62, Private Use Data, of the corresponding
Authorization Response (1110) message. For more information, see pages 158,
198 and 212.
6.3.4 Telephone Number Verification
The Telephone Number Verification tool compares the telephone number
provided by the Customer at the point of sale with the Cardmember's telephone
number on file with the Issuer. This tool helps Merchants evaluate the validity of
a charge by reviewing information about the Cardmember not available on the
Card.
Telephone Number Response Data
Telephone Number Verification works much the same as Automated Address
Verification (AAV). However, a certified Merchant transmits a telephone number
in the Authorization Request (1100) message, Data Field 63, Private Use Data.
The Issuer compares the information provided by the Merchant with the
Cardmember's records, and returns the Response Code for Cardmember Phone
Number in the Authorization Response (1110) message, Data Field 62, Private
Use Data. Data Field 62 also contains the matching results for the additional
Automated Address Verification (AAV) subfields (i.e., Cardmember postal code,
street address, and name) and Email Address verification. For more information,
see pages 158 and 212. As with all verification services, American Express does
not return Cardmember data to the Merchant.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 49
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
6.3.5 Email Address Verification
The Email Address Verification tool compares the email address provided by the
Customer at the point of sale, with the Cardmember's email address on file with
the Issuer. This tool helps Merchants evaluate the validity of a charge by
reviewing information about the Cardmember not available on the Card.
Email Address Response Data
A certified Merchant transmits the Cardmember Email Address in the
Authorization Request (1100) message in Data Field 47, Additional Data -
National, using Card Not Present - Internet Telephone Data [ITD] or Internet
Airline Customer [IAC] formats, and the formats of Data Field 63, Private Use
Data, with RTI = “AE”, to receive a response code for Email Address
Verification. The Issuer compares the information provided by the Merchant with
the Cardmember's records, and returns the Response Code for Email Address in
Data Field 62, Private Use Data, in the Authorization Response (1110) message.
Matching results for additional Automated Address Verification (AAV) subfields
(i.e., Cardmember postal code, street address and name) and Telephone number
verification are also provided. For more information, see pages 117, 158 and
212. As with all verification services, American Express does not return
Cardmember data to the Merchant.
6.4 American Express SafeKeySM
American Express SafeKey enables online authentication of Cardmember transactions.
American Express SafeKey works by providing an additional layer of security in online
transactions as the Cardmember enters their payment information. American Express
SafeKey helps prevent unauthorized online use before it happens by confirming the
Cardmember's identity with an additional password or unique value.
American Express SafeKey is based on the 3-D Secure® protocol, which provides an
additional level of security for online transactions. American Express continues to expand
American Express SafeKey functionality into additional countries. Refer to the following
website: AmexSafeKey for the most current enablement updates.
50 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
6.5 Online PIN
Online Personal Identification Number (PIN) validation is a Cardholder Verification Method
(CVM) used to authenticate the Cardmember at the Point of Sale (POS). This will provide
the ability for Third Party Processors and Merchants to allow the use of an online PIN as
an acceptable CVM to complete a Card Present transaction. This method entails sending
an online Authorization Request (1100) message which carries encrypted PIN data entered
by the Cardmember at the POS to American Express for validation during Authorization
processing.
6.5.1 Master/Session Key Management Methodology
The Master/Session Key management method is used to encrypt online PIN
data. Master Key is the key exchange key also known as the Zone Master Key
(ZMK). Session Key refers to the PIN encryption key also known as the Zone PIN
Key (ZPK).
American Express supports two different implementations, Static and Dynamic,
of the Master/Session methodology. Both of these implementations support
Merchants and Third Party Processors at the host-link level..
*STATIC Key Exchange:
1. Manual key exchange for ZMK and ZPK. Refer to the American Express
Online PIN Processing Implementation Guide for Merchants or Third Party
Processors.
2. Merchant sends Authorization Request (1100) message with encrypted
block in Data Field 52 - Personal Identification Number (PIN) Data.
_____________________
*For the American Express Online PIN Processing Implementation Guide for Merchants or Third Party Processors, contact your
American Express representative.
Implementation Description
STATIC Unique fixed key applied to all PINs.
Master key is exchanged manually as
part of initial setup.
Session keys are refreshed every three
years or upon request.
DYNAMIC Unique session key applied to all PINs.
Master key is exchanged manually as
part of initial setup to protect exchange
of session key.
Session key is frequently exchanged via
network messaging.
Session key is refreshed on an agreed
period (e.g., daily).
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 51
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
6.5.1 Master/Session Key Management Methodology (continued)
*DYNAMIC Key Exchange:
1. Merchant or Third Party Processor successfully requests a session key
exchange in the Network Management Request (1804) message:
Data Field 24 – Function Code 811 = Dynamic key exchange request
2. New PIN key and Key Check Values (KCV) are returned for a successful
exchange in the Network Management Response (1814) message:
Data Field 39 – Action Code = 800 (Accepted)
Data Field 96 – Key Management Data - New PIN key and Key Check
Values (KCV)
3. Merchant sends Authorization Request (1100) message with PIN and KCV:
Data Field 52 – Personal Identification Number (PIN) Data =
Encrypted PIN block encrypted using the Key that was exchanged
from subfield SESSION PIN KEY in Data Field 96 - Key Management
Data, in the Network Management Response (1814) message.
Data Field 96 – Key Management Data = In subfield, SESSION PIN
KEY CHECK VALUE, the value found in Data Field 96 of the Network
Management Response (1814) message must be copied, without
alteration, into Data Field 96 of the Authorization Request (1100)
message. This value is used to identify the Key used.
_____________________
*For the American Express Online PIN Processing Implementation Guide for Merchants or Third Party Processors, contact your
American Express representative.
52 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
6.5.2 Derived Unique Key Per Transaction (DUKPT)
American Express supports the Derived Unique Key Per Transaction (DUKPT)
implementation. The DUKPT encryption methodology is preferred for Terminal to
Host connectivity. Refer to the ANSI X9.24 Standard for further details on
DUKPT implementation and associated requirements.
.
*DUKPT (Derived Unique Key Per Transaction) Exchange:
1. A base key is provided by American Express to Key Injection Facility (KIF).
For additional information, contact your American Express representative.
2. Merchant sends Authorization Request (1100) message with Key Serial
Number (KSN):
Merchant sends Authorization Request (1100) message with
encrypted block in Data Field 52 - Personal Identification Number
(PIN) Data.
Data Field 53 - Security Related Control Information = Key Serial
Number (KSN) provided for PIN translation
_____________________
*For the American Express Online PIN Processing Implementation Guide for Merchants or Third Party Processors, contact your
American Express representative.
Implementation Description
DUKPT A base key is provided by American
Express to Key Injection Facility (KIF).
Base key is used to derive a key which is
injected into the terminal.
Terminal key is used with terminal data
to derive a unique key which is applied
to each PIN transaction.
A unique key applied to each PIN
transaction encrypts the data from the
domain of the Secure PIN entry device
through to the American Express
network.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 53
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
7.0 ISO 8583 Message Bit Map Table
ISO 8583 supports two 64-position bit maps, which are designated as the Primary and Secondary
Bit Maps, to indicate which of up to 128 data fields are contained in a message. All 128 data fields
and bit positions are listed in the following tables.
Note: Data fields shown in reversed text (white letters on a black background) are not used by
American Express, and unauthorized use of these data fields may cause message rejection.
7.1 Primary Bit Map
Data
Field
Data Field Name
Max. Data Field
Length
Data Field Type
--- MESSAGE TYPE IDENTIFIER (MTI) 4 bytes, fixed Numeric
--- BIT MAP - PRIMARY 8 bytes, 64 bits Binary
1 BIT MAP - SECONDARY 8 bytes, 64 bits Binary
2 PRIMARY ACCOUNT NUMBER (PAN) 21 bytes, LLVAR Numeric
3 PROCESSING CODE 6 bytes, fixed Numeric
4 AMOUNT, TRANSACTION 12 bytes, fixed Numeric
5AMOUNT, RECONCILIATION 12 bytes, fixed Numeric
6AMOUNT, CARDHOLDER BILLING 12 bytes, fixed Numeric
7 DATE AND TIME, TRANSMISSION 10 bytes, fixed Numeric
8AMOUNT, CARDHOLDER BILLING FEE 8 bytes, fixed Numeric
9CONVERSION RATE, RECONCILIATION 8 bytes, fixed Numeric
10 CONVERSION RATE, CARDHOLDER BILLING 8 bytes, fixed Numeric
11 SYSTEMS TRACE AUDIT NUMBER 6 bytes, fixed Alphanumeric & special characters
12 DATE AND TIME, LOCAL TRANSACTION 12 bytes, fixed Numeric
13 DATE, EFFECTIVE 4 bytes, fixed Numeric
14 DATE, EXPIRATION 4 bytes, fixed Numeric
15 DATE, SETTLEMENT 6 bytes, fixed Numeric
16 DATE, CONVERSION 4 bytes, fixed Numeric
17 DATE, CAPTURE 4 bytes, fixed Numeric
18 MERCHANT TYPE 4 bytes, fixed Numeric
19 COUNTRY CODE, ACQUIRING INSTITUTION 3 bytes, fixed Numeric
20 COUNTRY CODE, PRIMARY ACCOUNT NUMBER 3 bytes, fixed Numeric
21 COUNTRY CODE, FORWARDING INSTITUTION 3 bytes, fixed Numeric
22 POINT OF SERVICE DATA CODE 12 bytes, fixed Alphanumeric
23 CARD SEQUENCE NUMBER 3 bytes, fixed Numeric
24 FUNCTION CODE 3 bytes, fixed Numeric
25 MESSAGE REASON CODE 4 bytes, fixed Numeric
54 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
7.1 Primary Bit Map (continued)
Data
Field
Data Field Name
Max. Data Field
Length
Data Field Type
26 CARD ACCEPTOR BUSINESS CODE 4 bytes, fixed Numeric
27 APPROVAL CODE LENGTH 1 byte, fixed Numeric
28 DATE, RECONCILIATION 6 bytes, fixed Numeric
29 RECONCILIATION INDICATOR 3 bytes, fixed Numeric
30 AMOUNTS, ORIGINAL 24 bytes, fixed Numeric
31 ACQUIRER REFERENCE DATA 50 bytes, LLVAR Alphanumeric & special characters
32 ACQUIRING INSTITUTION IDENTIFIFCATION CODE 13 bytes, LLVAR Numeric
33 FORWARDING INSTITUTION IDENTIFICATION CODE 13 bytes, LLVAR Numeric
34 PRIMARY ACCOUNT NUMBER, EXTENDED 30 bytes, LLVAR Numeric
35 TRACK 2 DATA 39 bytes, LLVAR Alphanumeric & special characters
36 TRACK 3 DATA 107 bytes, LLLVAR Numeric & special characters
37 RETRIEVAL REFERENCE NUMBER 12 bytes, fixed Alphanumeric & special characters
38 APPROVAL CODE 6 bytes, fixed Alphanumeric & spaces
39 ACTION CODE 3 bytes, fixed Numeric
40 SERVICE CODE 3 bytes, fixed Numeric
41 CARD ACCEPTOR TERMINAL IDENTIFICATION 8 bytes, fixed Alphanumeric & special characters
42 CARD ACCEPTOR IDENTIFICATION CODE 15 bytes, fixed Alphanumeric & special characters
43 CARD ACCEPTOR NAME/LOCATION 101 bytes, LLVAR Alphanumeric & special characters
44 ADDITIONAL RESPONSE DATA 27 bytes, LLVAR Alphanumeric & special characters
45 TRACK 1 DATA 78 bytes, LLVAR Alphanumeric & special characters
46 AMOUNTS, FEES 207 bytes, LLLVAR Alphanumeric
47 ADDITIONAL DATA - NATIONAL 304 bytes, LLLVAR Alphanumeric & special characters
48 ADDITIONAL DATA - PRIVATE 43 bytes, LLLVAR Alphanumeric & special characters
49 CURRENCY CODE, TRANSACTION 3 bytes, fixed Numeric
50 CURRENCY CODE, RECONCILIATION 3 bytes, fixed Alpha or Numeric
51 CURRENCY CODE, CARDHOLDER BILLING 3 bytes, fixed Alpha or Numeric
52 PERSONAL IDENTIFICATION NUMBER (PIN) DATA 8 bytes, 64 bits Binary
53 SECURITY RELATED CONTROL INFORMATION 19 bytes, LLVAR Alphanumeric
54 AMOUNTS, ADDITIONAL 123 bytes, LLLVAR Alphanumeric & special characters
55 INTEGRATED CIRCUIT CARD SYSTEM RELATED DATA 259 bytes, LLLVAR Alphanumeric & special characters,
BCD or binary
56 ORIGINAL DATA ELEMENTS 37 bytes, LLVAR Numeric
57 AUTHORIZATION LIFE CYCLE CODE 3 bytes, fixed Numeric
58 AUTHORIZING AGENT INSTITUTION IDENTIFICATION CODE 13 bytes, LLVAR Numeric
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 55
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
7.1 Primary Bit Map (continued)
7.2 Secondary Bit Map
Data
Field
Data Field Name
Max. Data Field
Length
Data Field Type
59 TRANSPORT DATA 1002 bytes, LLLVAR Alphanumeric & special characters
60 NATIONAL USE DATA 106 bytes, LLLVAR Alphanumeric & special characters
61 NATIONAL USE DATA 103 bytes, LLLVAR Alphanumeric & special characters
62 PRIVATE USE DATA 63 bytes, LLLVAR Alphanumeric & special characters
or binary
63 PRIVATE USE DATA 208 bytes, LLLVAR Alphanumeric & special characters
64 MESSAGE AUTHENTICATION CODE FIELD 8 bytes, 64 bits Binary
Data
Field
Data Field Name
Max. Data Field
Length
Data Field Type
65 RESERVED FOR ISO USE 8 bytes, 64 bits Binary
66 AMOUNTS, ORIGINAL FEES 204 bytes, LLLVAR Alphanumeric & special characters
67 EXTENDED PAYMENT DATA 2 bytes, fixed Numeric
68 COUNTRY CODE, RECEIVING INSTITUTION 3 bytes, fixed Numeric
69 COUNTRY CODE, SETTLEMENT INSTITUTION 3 bytes, fixed Numeric
70 COUNTRY CODE, AUTHORIZING AGENT INSTITUTION 3 bytes, fixed Numeric
71 MESSAGE NUMBER 8 bytes, fixed Numeric
72 DATA RECORD 999 bytes, LLLVAR Alphanumeric & special characters
73 DATE, ACTION 6 bytes, fixed Numeric
74 CREDITS, NUMBER 10 bytes, fixed Numeric
75 CREDITS, REVERSAL NUMBER 10 bytes, fixed Numeric
76 DEBITS, NUMBER 10 bytes, fixed Numeric
77 DEBITS, REVERSAL NUMBER 10 bytes, fixed Numeric
78 TRANSFER, NUMBER 10 bytes, fixed Numeric
79 TRANSFER, REVERSAL NUMBER 10 bytes, fixed Numeric
80 INQUIRIES, NUMBER 10 bytes, fixed Numeric
81 AUTHORIZATIONS, NUMBER 10 bytes, fixed Numeric
82 INQUIRIES, REVERSAL NUMBER 10 bytes, fixed Numeric
83 PAYMENTS, NUMBER 10 bytes, fixed Numeric
84 PAYMENTS, REVERSAL NUMBER 10 bytes, fixed Numeric
85 FEE COLLECTIONS, NUMBER 10 bytes, fixed Numeric
56 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
7.2 Secondary Bit Map (continued)
Note: For Data Field 97, X = “C” credit or “D” debit, concatenated with “N”
numeric amount.
Data
Field
Data Field Name
Max. Data Field
Length
Data Field Type
86 CREDITS, AMOUNT 16 bytes, fixed Numeric
87 CREDITS, REVERSAL AMOUNT 16 bytes, fixed Numeric
88 DEBITS, AMOUNT 16 bytes, fixed Numeric
89 DEBITS, REVERSAL AMOUNT 16 bytes, fixed Numeric
90 AUTHORIZATIONS, REVERSAL NUMBER 10 bytes, fixed Numeric
91 COUNTRY CODE, TRANSACTION DESTINATION
INSTITUTION
3 bytes, fixed Numeric
92 COUNTRY CODE, TRANSACTION ORIGINATOR
INSTITUTION
3 bytes, fixed Numeric
93 TRANSACTION DESTINATION INSTITUTION
IDENTIFICATION CODE
11 bytes, LLVAR Numeric
94 TRANSACTION ORIGINATOR INSTITUTION IDENTIFICATION
CODE
11 bytes, LLVAR Numeric
95 CARD ISSUER REFERENCE DATA 99 bytes, LLVAR Alphanumeric & special characters
96 KEY MANAGEMENT DATA 999 bytes, LLLVAR Binary
97 AMOUNT, NET RECONCILIATION 16 bytes, fixed X + N (see note at end of table)
98 PAYEE 25 bytes, LLVAR Alphanumeric & special characters
99 SETTLEMENT INSTITUTION IDENTIFICATION CODE 11 bytes, LLVAR Alphanumeric
100 RECEIVING INSTITUTION IDENTIFICATION CODE 11 bytes, LLVAR Numeric
101 FILE NAME 17 bytes, LLVAR Alphanumeric & special characters
102 ACCOUNT IDENTIFICATION 1 28 bytes, LLVAR Alphanumeric & special characters
103 ACCOUNT IDENTIFICATION 2 28 bytes, LLVAR Alphanumeric & special characters
104 TRANSACTION DESCRIPTION 100 bytes, LLLVAR Alphanumeric & special characters
105 CREDITS, CHARGEBACK AMOUNT 16 bytes, fixed Numeric
106 DEBITS, CHARGEBACK AMOUNT 16 bytes, fixed Numeric
107 CREDITS, CHARGEBACK NUMBER 10 bytes, fixed Numeric
108 DEBITS, CHARGEBACK NUMBER 10 bytes, fixed Numeric
109 CREDITS, FEE AMOUNTS 84 bytes, LLVAR Alphanumeric & special characters
110 DEBITS, FEE AMOUNTS 84 bytes, LLVAR Alphanumeric & special characters
111 RESERVED FOR ISO USE 999 bytes, LLLVAR Alphanumeric & special characters
112 RESERVED FOR ISO USE 999 bytes, LLLVAR Alphanumeric & special characters
113 RESERVED FOR ISO USE 999 bytes, LLLVAR Alphanumeric & special characters
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 57
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
7.2 Secondary Bit Map (continued)
Data
Field
Data Field Name
Max. Data Field
Length
Data Field Type
114 RESERVED FOR ISO USE 999 bytes, LLLVAR Alphanumeric & special characters
115 RESERVED FOR ISO USE 999 bytes, LLLVAR Alphanumeric & special characters
116 RESERVED FOR NATIONAL USE 999 bytes, LLLVAR Alphanumeric & special characters
117 RESERVED FOR NATIONAL USE 999 bytes, LLLVAR Alphanumeric & special characters
118 RESERVED FOR NATIONAL USE 999 bytes, LLLVAR Alphanumeric & special characters
119 RESERVED FOR NATIONAL USE 999 bytes, LLLVAR Alphanumeric & special characters
120 RESERVED FOR NATIONAL USE 999 bytes, LLLVAR Alphanumeric & special characters
121 RESERVED FOR NATIONAL USE 999 bytes, LLLVAR Alphanumeric & special characters
122 RESERVED FOR NATIONAL USE 999 bytes, LLLVAR Alphanumeric & special characters
123 RESERVED FOR PRIVATE USE 999 bytes, LLLVAR Alphanumeric & special characters
124 RESERVED FOR PRIVATE USE 999 bytes, LLLVAR Alphanumeric & special characters
125 RESERVED FOR PRIVATE USE 999 bytes, LLLVAR Alphanumeric & special characters
126 RESERVED FOR PRIVATE USE 999 bytes, LLLVAR Alphanumeric & special characters
127 RESERVED FOR PRIVATE USE 999 bytes, LLLVAR Alphanumeric & special characters
128 MESSAGE AUTHENTICATION CODE FIELD 8 bytes, 64 bits Binary
58 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
this page intentionally left blank
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 59
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.0 ISO 8583 Authorization Request/Response Message Formats
This section describes the Authorization Request (1100) and Authorization Response (1110)
messages, as defined for the ISO 8583 format. These messages are constructed as specified in the
ISO 8583-1993 standard. If your system supports a different version of ISO 8583, notify your
American Express representative.
8.1 1100 Authorization Request
.
Length of Record: 900 bytes maximum (recommended)
Note: Messages transmitted to American Express must not exceed
900 bytes in total length. Since all data fields in the Authorization
Request (1100) message section are not used for a given transaction,
this maximum would not be exceeded. For example, Data Fields 45
and 35 (Track 1 Data and Track 2 Data) are not used in Card Not
Present transactions. For assistance in selecting optional data fields,
and determining the appropriate formats and variable data field
lengths to use, contact your American Express representative.
Any attempt to use the Authorization Request (1100) message as a
preauthorization, will be treated as a normal authorization transaction.
Description: This message is used to transmit an Authorization and/or Automated
Address Verification (AAV) Request to American Express.
Data
Field
Data Field Name
Max. Data
Field
Length
Data Field Type
Data Field Requirements
Page
MESSAGE TYPE IDENTIFIER 4 bytes, fixed Numeric Mandatory 62
BIT MAP - PRIMARY 8 bytes, 64
bits
Binary Mandatory 62
1 BIT MAP - SECONDARY 8 bytes, 64
bits
Binary See page 64
2 PRIMARY ACCOUNT NUMBER (PAN) 21 bytes,
LLVAR
Numeric Mandatory 65
3 PROCESSING CODE 6 bytes, fixed Numeric Mandatory 66
4 AMOUNT, TRANSACTION 12 bytes, fixed Numeric Mandatory 67
7 DATE AND TIME, TRANSMISSION 10 bytes, fixed Numeric Optional 69
11 SYSTEMS TRACE AUDIT NUMBER 6 bytes, fixed Alphanumeric &
special characters
Mandatory 70
12 DATE AND TIME, LOCAL TRANSACTION 12 bytes, fixed Numeric Mandatory 71
13 DATE, EFFECTIVE 4 bytes, fixed Numeric See page 72
60 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data
Field
Data Field Name
Max. Data
Field
Length
Data Field Type
Data Field Requirements
Page
14 DATE, EXPIRATION 4 bytes, fixed Numeric See page 73
15 DATE, SETTLEMENT 6 bytes, fixed Numeric N/A 74
18 MERCHANT TYPE 4 bytes, fixed Numeric N/A 75
19 COUNTRY CODE, ACQUIRING
INSTITUTION
3 bytes, fixed Numeric Mandatory 75
22 POINT OF SERVICE DATA CODE 12 bytes, fixed Alphanumeric Mandatory 76
24 FUNCTION CODE 3 bytes, fixed Numeric See page 86
25 MESSAGE REASON CODE 4 bytes, fixed Numeric See page 91
26 CARD ACCEPTOR BUSINESS CODE 4 bytes, fixed Numeric Mandatory 92
27 APPROVAL CODE LENGTH 1 byte, fixed Numeric Optional 93
31 ACQUIRER REFERENCE DATA 50 bytes,
LLVAR
Alphanumeric &
special characters
N/A 94
32 ACQUIRING INSTITUTION
IDENTIFICATION CODE
13 bytes,
LLVAR
Numeric Optional 95
33 FORWARDING INSTITUTION
IDENTIFICATION CODE
13 bytes,
LLVAR
Numeric Optional 96
35 TRACK 2 DATA 39 bytes,
LLVAR
Alphanumeric &
special characters
Conditional 97
37 RETRIEVAL REFERENCE NUMBER 12 bytes, fixed Alphanumeric &
special characters
Optional 100
41 CARD ACCEPTOR TERMINAL
IDENTIFICATION
8 bytes, fixed Alphanumeric &
special characters
See page 101
42 CARD ACCEPTOR IDENTIFICATION CODE 15 bytes, fixed Alphanumeric &
special characters
Mandatory 102
43 CARD ACCEPTOR NAME/LOCATION 101 bytes,
LLVAR
Alphanumeric &
special characters
See page 104
45 TRACK 1 DATA 78 bytes,
LLVAR
Alphanumeric &
special characters
See page 109
47 ADDITIONAL DATA - NATIONAL 304 bytes,
LLLVAR
Alphanumeric &
special characters
See page 113
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 61
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data
Field
Data Field Name
Max. Data
Field
Length
Data Field Type
Data Field Requirements
Page
48 ADDITIONAL DATA - PRIVATE 43 bytes,
LLLVAR
Alphanumeric &
special characters
See page 130
49 CURRENCY CODE, TRANSACTION 3 bytes, fixed Numeric Mandatory 133
52 PERSONAL IDENTIFICATION NUMBER
(PIN) DATA
8 bytes, 64
bits
Binary See page 134
53 SECURITY RELATED CONTROL
INFORMATION
19 bytes,
LLVAR
Alphanumeric See page 135
55 INTEGRATED CIRCUIT CARD SYSTEM
RELATED DATA
259 bytes,
LLLVAR
Alphanumeric &
special characters
See page 138
60 NATIONAL USE DATA 106 bytes,
LLLVAR
Alphanumeric &
special characters
See page 143
61 NATIONAL USE DATA 103 bytes,
LLLVAR
Alphanumeric,
special characters
& binary
See page 149
62 PRIVATE USE DATA 103 bytes,
LLLVAR
Alphanumeric,
special characters
& binary
See page 153
63 PRIVATE USE DATA 103 bytes,
LLLVAR
Alphanumeric &
special characters
See page 157
96 KEY MANAGEMENT DATA 17 bytes,
LLLVAR
Binary See page 177
128 MESSAGE AUTHENTICATION CODE FIELD 8 bytes, 64
bits
Binary N/A 178
62 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field — None MESSAGE TYPE IDENTIFIER
Length of Field: 4 bytes, fixed length
Field Type: Numeric
Constant: 1100
Field Requirement: Mandatory
Description: The constant literal “1100” signifies the ISO 8583
Authorization Request message.
Data Field — None BIT MAP - PRIMARY
Length of Field: 8 bytes, 64 bits, fixed length for each bit map
Field Type: Binary (hexadecimal configuration)
Constant: None
Field Requirement: Mandatory
Description: Each bit in this data field signifies the presence (value 1) or
absence (value 0) of a data field in the Authorization Request
(1100) message.
If the data field is mandatory, or is optional and the Merchant
elects to use that data field, its assigned bit map position must
contain a value of “1”, to indicate the data field is present. If
the data field is optional and not used, its assigned bit map
position must contain a value of “0”, to indicate the data field
is omitted.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 63
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
The following diagram illustrates a 64-bit string contained within an eight-byte data field. Each bit
signifies the presence (1) or absence (0) of the data field used within the Authorization Request
(1100) message format:
The following diagram illustrates how to calculate the hexadecimal equivalent of the bit map from
the table shown above:
Hexadecimal equivalents for bit map:
0000 = 0 1000 = 8
0001 = 1 1001 = 9
0010 = 2 1010 = A
0011 = 3 1011 = B
0100 = 4 1100 = C
0101 = 5 1101 = D
0110 = 6 1110 = E
0111 = 7 1111 = F
The hexadecimal equivalent for the bit map in this Authorization Request (1100) message (as
shown above) is:
72 3C 25 E1 A8 EB 88 02
Data Field — None BIT MAP - PRIMARY (continued)
10 9 0170251331411491570
21100180261340421500580
31111191271351431510590
41121200280360440520600
50131210290371451531610
60141221300380460540620
71150230310390471550631
80160241321400481560640
Position 1-8 Position 17-24 Position 33-40 Position 49-56
0111 = 70010 = 21010 = A1000 = 8
0010 = 20101 = 51000 = 81000 = 8
Position 9-16 Position 25-32 Position 41-48 Position 57-64
0011 = 31110 = E1110 = E0000 = 0
1100 = C0001 = 11011 = B0010 = 2
64 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 1 BIT MAP - SECONDARY
Length of Field: 8 bytes, 64 bits, fixed length for each bit map
Field Type: Binary (hexadecimal configuration)
Constant: None
Field Requirement: Mandatory — For Data Fields 65 through 128
Description: Each bit in this data field signifies the presence (value 1) or
absence (value 0) of a data field in the Authorization Request
(1100) message.
If the data field is mandatory, or is optional and the Merchant
elects to use that data field, its assigned bit map position must
contain a value of “1”, to indicate the data field is present. If
the data field is optional and not used, its assigned bit map
position must contain a value of “0”, to indicate the data field
is omitted.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 65
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 2 PRIMARY ACCOUNT NUMBER (PAN)
Length of Field:
Variable Length Indicator:
Length of Variable Data:
3 bytes minimum, 21 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
19 bytes maximum, EBCDIC
Field Type: Numeric
Constant: None
Field Requirement: Mandatory — American Express Card transactions, other
Card products and bankcard transactions
1. American Express supports Diner's Club, JCB, VISA
and MasterCard processing. For details, contact your
American Express representative.
2. Vendors and Third Party Processors doing business in
Australia, Canada, India, Mexico and New Zealand
must be certified to process JCB transactions.
Not used — American Express Travelers Cheques
Description: This data field contains the Cardmember Account Number, or
Payment Token Account Number, preceded by a two-digit,
Variable Length Indicator (VLI). The VLI must indicate the exact
length of the account number, and no additional characters
should be added to this data field.
For example, the 15-digit American Express Account Number
derived from an ANSI track data field that has embedded
spaces (e.g., “3714 496353 11004”) would have the
spaces removed and appear as:
0 1
12345678901234567
15371449635311004
Check digit validation is required. For details, refer to Check
Digit Validation in the American Express Global Codes &
Information Guide.
Note: This data field is mandatory for processing this
message, and it will be preserved and returned in the response
message without alteration.
66 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 3 PROCESSING CODE
Length of Field: 6 bytes, fixed length
Field Type: Numeric
Constant: None
Field Requirement: Mandatory
Description: This data field indicates the financial service being requested.
Valid Processing Codes:
004000 = Card Authorization Request
004800 = Combination Automated Address Verification
(AAV) and Authorization
034000 = AMEX Emergency Check Cashing
064000 = AMEX Travelers Cheque Encashment
174800 = Transaction for Automated Address Verification
(AAV) Only
Note: This data field is mandatory for processing this
message, and it will be preserved and returned in the response
message without alteration.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 67
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 4 AMOUNT, TRANSACTION
Length of Field: 12 bytes, fixed length
Field Type: Numeric, right justified, zero filled
Constant: None
Field Requirement: Mandatory
Description: This data field contains the total transaction amount (including
tax), in the currency designated by the Currency Code
Transaction (Data Field 49).
For example, for U.S. Dollar (840) transactions, two decimal
places are implied. Thus, the value $100.00 would be entered
as:
000000010000
For Japanese Yen (392) transactions, zero decimal places are
implied. Thus, the value ¥10,000 would be entered as:
000000010000
American Express limits the maximum allowable value in this
data field based on the U.S. Dollar equivalent calculated by
American Express. Transmitted transaction amounts greater
than the maximum allowed will result in an “invalid amount”
edit error. For more information on maximum allowable values,
refer to Country and Currency Codes for Authorizations in the
American Express Global Codes & Information Guide.
68 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 4 AMOUNT, TRANSACTION (continued)
Notes:
1. If Data Field 3, Processing Code, is “174800
(Transaction for Automated Address Verification [AAV]
Only), then this data field must be zero filled.
2. A Prepaid Card Balance Inquiry for American Express
Prepaid Card products can be submitted by zero filling Data
Field 4 (Amount, Transaction), if Data Field 24 (Function
Code) value is “181” (Partial Authorization) or “182
(Authorization with Balance Return). The available balance
is returned in Data Field 54 (Amounts, Additional) of the
Authorization Response (1110) message. However, balance
inquiries cannot be processed for Card products other than
American Express Prepaid Cards.
3. If this data field is zero filled for transactions other than for
American Express Prepaid Card products, and Data Field 3
(Processing Code) is “004000” (Card Authorization) or
004800” (Combination AAV and Authorization), an edit
error will result. Consequently, any supplemental data field
verification requests, such as AAV (Automated Address
Verification) or CID (Card Identifier), will not be performed.
For these invalid requests, Data Field 54 will not be
returned and Data Field 39 (Action Code) will contain an
edit error code in the corresponding Authorization
Response (1110) message.
4. This data field is mandatory for processing this message,
and it will be preserved and returned in the response
message without alteration, except for Prepaid Card
transactions. For more information, see page 183.
American Express Travelers Cheque Encashment
For American Express Travelers Cheques, this data field is used
to capture the total amount of Travelers Cheques that will be
encashed by a single customer, in the currency designated by
the Currency Code, Transaction (Data Field 49). Processing
Code (Data Field 3) must be “064000”.
For example, if a customer presents five, $100 USD Travelers
Cheques for encashment, this entry would be
000000050000” ($500.00).
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 69
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 7 DATE AND TIME, TRANSMISSION
Length of Field: 10 bytes, fixed length
Field Type: Numeric, MMDDhhmmss
Constant: None
Field Requirement: Optional
Description: This data field contains the system date and time (e.g., GMT)
when the Merchant transmits the transaction information to
American Express. The format is MMDDhhmmss. The value of
this data field must be a valid date and time.
Note: This data field is not required for processing this
message; however, if included in an originating request
message, it will be preserved and returned in the response
message without alteration.
Subfield Definition Digits Range
MM Month 2 01-12
DD Day 2 01-31
hh Hour 2 00-23
mm Minute 2 00-59
ss Second 2 00-59
70 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 11 SYSTEMS TRACE AUDIT NUMBER
Length of Field: 6 bytes, fixed length
Field Type: Alphanumeric (upper case) & special characters
Constant: None
Field Requirement: Mandatory
Description: This data field must contain a unique trace number, assigned
by the Merchant, to help identify an individual transaction. A
different number must be assigned to each transaction.
Note: This data field is mandatory for processing this message
and it will be preserved and returned in the response message
without alteration.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 71
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 12 DATE AND TIME, LOCAL TRANSACTION
Length of Field: 12 bytes, fixed length
Field Type: Numeric, YYMMDDhhmmss
Constant: None
Field Requirement: Mandatory
Description: This data field contains the year, month, day and local time
when the transaction took place at the card acceptor location.
The format is YYMMDDhhmmss. The value of this data field
must be a valid date and time:
Note: This data field is mandatory for processing this
message, and it will be preserved and returned in the response
message without alteration.
Subfield Definition Digits Range
YY Year Last 2 only 00-99
MM Month 2 01-12
DD Day 2 01-31
hh Hour 2 00-23
mm Minute 2 00-59
ss Second 2 00-59
72 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 13 DATE, EFFECTIVE
Length of Field: 4 bytes, fixed length
Field Type: Numeric, YYMM
Constant: None
Field Requirement: Conditional — American Express Card transactions
Not applicable — Other transactions
Description: This data field contains the effective date embossed on the
face of the American Express or American Express-supported
Card. If entered manually, the format is YYMM.
The value of this data field must be a valid date. If the effective
date is unavailable, omit this data field. No default values or
all zeros will be accepted (e.g., “0000”).
Notes:
1. Most American Express Card products are embossed with
the effective and/or expiration dates in format MMYY. This
requires the Acquirer, their devices, systems, Vendor
software and Third Party Processors that prompt for or
accept these dates in MMYY format, to convert this data by
reversing the month and year values, so that the entry in
this data field appears in YYMM format.
2. This data field is not required if the message contains
Track 1 (preferred) or Track 2 data.
Subfield Definition Digits Range
YY Year Last 2 only 00-99
MM Month 2 01-12
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 73
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 14 DATE, EXPIRATION
Length of Field: 4 bytes, fixed length
Field Type: Numeric, YYMM
Constant: None
Field Requirement: Conditional — American Express and American Express
supported Cards
Mandatory — Digital Wallet - application initiated
(including application initiated Payment Token)
transactions
Mandatory — VISA
Description: This data field contains the expiration date embossed on the
face of the American Express or American Express-supported
Card. If entered manually, the format is YYMM.
For Digital Wallet - application initiated (including application
initiated Payment Token) transactions, the Payment Token
Expiration Date will be passed through the Authorization
Request (1100) message in lieu of Primary Account Number
(PAN) Expiration Date.
Note: This data field is not required if the message contains
Track 1 (preferred) or Track 2 data successfully read from a
valid Card swipe or read; or if this is a recurring billing or
standing authorization transaction. For more information, see
page 30.
The value of this data field must be a valid date. No default
values or all zeros will be accepted (e.g., “0000”).
VISA Transactions Only
This data field is mandatory for Merchants routing VISA
transactions via the American Express Card Acceptance and
Processing Network to non-American Express networks, during
bankcard network outages. While American Express does not
verify or validate this entry, VISA may reject transactions that
do not include a valid card expiration date. For more
information, contact your VISA representative.
Subfield Definition Digits Range
YY Year Last 2 only 00-99
MM Month 2 01-12
74 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 15 DATE, SETTLEMENT
Length of Field: 6 bytes, fixed length
Field Type: Numeric, YYMMDD
Constant: None
Field Requirement: Not used — All transactions
Description: This data field is unused and reserved for future use.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 75
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 18 MERCHANT TYPE
Length of Field: 4 bytes, fixed length
Field Type: Numeric
Constant: None
Field Requirement: Not used — All transactions
Description: This data field is reserved for internal American Express use
only.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.
Data Field 19 COUNTRY CODE, ACQUIRING INSTITUTION
Length of Field: 3 bytes, fixed length
Field Type: Numeric
Constant: None
Field Requirement: Mandatory
Description: This data field contains the numeric country code
corresponding to the country in which the Merchant is located.
For example, the numeric country code for a Merchant located
in the USA is “840”.
For more information on numeric country codes, refer to
Country and Currency Codes for Authorizations in the American
Express Global Codes & Information Guide.
76 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 22 POINT OF SERVICE DATA CODE
Length of Field: 12 bytes, fixed length
Field Type: Alphanumeric, upper case
Constant: None
Field Requirement: Mandatory
Description: The Point of Service (POS) Data Code is a series of codes that
identify terminal capability, security data and specific
conditions present at the time the transaction occurred at the
point of service. The POS Data Code consists of twelve
positions, each with its own list of values. For example,
Position 1 indicates the Card Data Input Capability, which may
be one of several values such as Magnetic Stripe Read,
Integrated Circuit Card (ICC), Key Entered and so on. Similarly,
each of the other positions identifies a particular value related
to the transaction.
Merchants must populate all positions in Data Field 22 with
valid data. However, if the applicable information is
unavailable or unknown, the Merchant should consult with
their American Express representative to determine the
appropriate value.
The POS Data Code must be determined from the table of
values listed on page 78.
0 1
123456789012
261101200120
In the above example:
Position 1= 2Position 5 = 0Position 9 = 0
Position 2= 6Position 6 = 1Position 10 = 1
Position 3= 1Position 7 = 2Position 11 = 2
Position 4= 1Position 8 = 0Position 12 = 0
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 77
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 22 POINT OF SERVICE DATA CODE (continued)
Description: Important notes for POS Data Code tables that follow:
1. Values shown in reversed text (white letters on a black
background) are defined by ISO, but are reserved for future
use or not currently defined by American Express. For
information on these values, contact your American
Express representative.
2. The POS Data Codes used in this data field must also be
included in the corresponding submission file.
3. For recurring billing and standing authorization
information, see page 30.
78 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Note: For information on how to properly identify American Express ICC transactions, see Section
5.4.1 AEIPS
.
Data Field 22 POINT OF SERVICE DATA CODE (continued)
POS. 1
Code
Card Data Input Capability This subfield indicates the maximum capability of the device
used to originate this transaction.
0 Unknown
1 Manual, no terminal
2 Magnetic stripe read
3 Bar code
4Optical Character Recognition (OCR)
5 Integrated Circuit Card (ICC)
Note: American Express-certified EMV terminal and link
6 Key entered
7Reserved for ISO use
8Reserved for national use
9Reserved for private use
A-I Reserved for ISO use
J-R Reserved for national use
S-Z Reserved for private use
POS. 2
Code
Cardholder Authentication Capability This subfield indicates the primary means used to
verify the Cardmember’s identity at this terminal.
0 No electronic authentication or unknown
1PIN
2Electronic signature analysis
3Biometrics
4Biographic
5Electronic authentication inoperative
6 Other
7Reserved for ISO use
8Reserved for national use
9Reserved for private use
A-I Reserved for ISO use
J-R Reserved for national use
S-Z Reserved for private use
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 79
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 22 POINT OF SERVICE DATA CODE (continued)
POS. 3
Code
Card Capture Capability This subfield indicates if the terminal is capable of capturing
card data.
0 None or unknown (Card Capture Capability unknown to Acquirer)
1 Capture
2-4 Reserved for ISO use
5-7 Reserved for national use
8-9 Reserved for private use
A-I Reserved for ISO use
J-R Reserved for national use
S-Z Reserved for private use
POS. 4
Code
Operating Environment This subfield indicates the terminal’s location, and if it is attended
by the card acceptor.
0 No terminal used or unknown
1 On premises of card acceptor, attended
2 On premises of card acceptor, unattended (e.g., Oil CAT/Customer Activated Terminals, kiosks, self-checkout, etc.)
3 Off premises of card acceptor, attended (e.g., portable POS device at trade shows, service calls, taxis, etc.)
4 Off premises of card acceptor, unattended (e.g., Food/Beverage vending machines, DVD vending machines, etc.)
5 On premises of Cardmember, unattended
6-7 Reserved for ISO use
8Reserved for national use
9 Delivery mode unknown, unspecified
A-I Reserved for ISO use
J-R Reserved for national use
S Electronic delivery of product (e.g., music, software, electronic tickets, etc., downloaded via Internet)
T Physical delivery of product (e.g., music, software, tickets, etc., delivered by mail/courier)
U-W Reserved for American Express network use
X-Y Reserved for private use
Z Transit Access Terminal - TAT
80 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 22 POINT OF SERVICE DATA CODE (continued)
POS. 5
Code
Cardholder Present This subfield indicates if the Cardmember is present at the point of
service; and if not, the reason why.
0 Cardmember present
1 Cardmember not present, unspecified, unknown
2 Cardmember not present, mail order
3 Cardmember not present, telephone
4 Cardmember not present, standing authorization - To be used for situations where Cardmember information is on
record (card on file); however, the billing frequency and amount are variable (e.g., travel, car rental, lodging,
preferred clubs, frequent customer, delayed shipment, split bill transactions, etc.).
5-6 Reserved for ISO use
7-8 Reserved for national use
9 Cardmember not present, recurring billing - Used for regular recurring transactions, such as periodic billings (e.g.,
membership dues, subscribed services, insurance premiums, wireless services, newspaper and other regularly
scheduled charges). The recurring billing amount can vary.
A-I Reserved for ISO use
J-R Reserved for national use
S Cardmember not present, electronic transaction (e.g., Internet)
TReserved for American Express network use
U-Z Reserved for private use
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 81
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Note: For additional information on Payment Token processing, see page 43.
Data Field 22 POINT OF SERVICE DATA CODE (continued)
POS. 6
Code
Card Present This subfield indicates if the card is present at the point of service.
0 Card not present
1 Card present
2-4 Reserved for ISO use
5-7 Reserved for national use
8-9 Reserved for private use
A-I Reserved for ISO use
J-R Reserved for national use
S-V Reserved for private use
W Transponder (RFID token) — For transactions initiated by an electronic, radio-frequency device (transponder or
RFID, e.g., Speedpass), this value may be used alone, or in conjunction with Data Field 62 transponder security/ID
(code AXTN). Alternately, a transponder security/ID code may be entered in Data Field 62 without Value W in Data
Field 22, Position 6. Ideally, both items are transmitted. For more details, see Section 5.4.2 Expresspay.
Note: Do not use this value for American Express Expresspay transactions.
X Contactless transactions, including American Express Expresspay. For more information, see Section 5.4.2
Expresspay.
YMobile Proximity Payment - American Express internal use only
Z Digital Wallet - application initiated (including application initiated Payment Token) transactions
Note: Position 6, value Z must be used with Position 7, value 5.
82 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 22 POINT OF SERVICE DATA CODE (continued)
POS. 7
Code
Card Data Input Mode This subfield indicates the method used to capture information
from the card.
0 Unspecified, unknown, track data present but incomplete or truncated
1 Manual, no terminal
2 Magnetic stripe read. (Note: Byte 7 = 2 only if this transaction contains Track 1 [preferred] and/or Track 2 data
captured intact from the magnetic stripe.)
3 Bar code
4Optical Character Recognition (OCR)
5 Integrated Circuit Card (ICC).
Notes:
1. Byte 7 = 5 only if this transaction contains EMV and Track 2 data captured intact from the chip (non-Payment
Token transactions).
2. If value Z is present in Position 6 Digital wallet - application initiated Payment Token) transactions, then Position
7, value 5 (Integrated Circuit Card ICC) must be present.
3. American Express-certified EMV terminal and link.
6 Key entered
7Reserved for ISO use
8Reserved for national use
9 Technical fallback - Transaction initiated as chip but was processed using an alternative technology (such as
magnetic stripe).
A-I Reserved for ISO use
J-R Reserved for national use
S Manually entered or keyed transaction with keyed CID/4DBC/4CSC. Data Field 53, Security Related Control
Information must be present.
T-U Reserved for private use
VReserved for American Express network use
W Swiped transaction with keyed CID/4DBC/4CSC. Data Field 53, Security Related Control Information must be
present.
X-Z Reserved for private use
Notes:
See CID/4DBC/4CSC location on typical American Express Card products.
For more information on how to properly identify American Express ICC transactions, see Section 5.4.1
- AEIPS.
For additional information on Payment Token processing, see page 43.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 83
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 22 POINT OF SERVICE DATA CODE (continued)
POS. 8
Code
Cardmember Authentication Method This subfield indicates the method for verifying the
Cardmember identity.
0 Not authenticated, unknown
1PIN
2Electronic signature analysis
3Biometrics
4Biographic
5 Manual signature verification
6 Other manual verification (e.g., drivers license)
7Reserved for ISO use
8Reserved for national use
9Reserved for private use
A-I Reserved for ISO use
J-R Reserved for national use
S Electronic Ticket Environment
T-Z Reserved for private use
POS. 9
Code
Cardmember Authentication Entity — This subfield indicates component or person who
verified Cardmember identity reported in Cardmember Authentication (Position 8).
0 Not authenticated, unknown
1 Integrated Circuit Card (ICC)
Note: American Express-certified EMV terminal and link
2 Card Acceptor Device (CAD)
3Authorizing agent (identified in authorizing agent institution identification code)
4 By Merchant
5 Other
6Reserved for ISO use
7Reserved for national use
8-9 Reserved for private use
A-I Reserved for ISO use
J-R Reserved for national use
S-Z Reserved for private use
84 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 22 POINT OF SERVICE DATA CODE (continued)
POS. 10
Code
Card Data Output Capability This subfield indicates the ability of the terminal to update
the card.
0 Unknown
1 None
2Magnetic stripe write
3 Integrated Circuit Card (ICC)
Note: American Express-certified EMV terminal and link
4-5 Reserved for ISO use
6-7 Reserved for national use
8-9 Reserved for private use
A-I Reserved for ISO use
J-R Reserved for national use
S-Z Reserved for private use
POS. 11
Code
Terminal Output Capability This subfield indicates the ability of the terminal to print
and/or display messages.
0 Unknown
1 None
2Printing
3 Display
4 Printing and display
5-6 Reserved for ISO use
7-8 Reserved for national use
9Reserved for private use
A-I Reserved for ISO use
J-R Reserved for national use
S-Z Reserved for private use
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 85
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 22 POINT OF SERVICE DATA CODE (continued)
POS. 12
Code
PIN Capture Capability This subfield indicates the PIN length that the terminal is capable
of capturing.
0 No PIN capture capability
1 Device PIN capture capability unknown
2-3 Reserved for ISO use
4 Four characters
5 Five characters
6 Six characters
7 Seven characters
8 Eight characters
9 Nine characters
A Ten characters
B Eleven characters
C Twelve characters
D-I Reserved for ISO use
J-R Reserved for national use
S-Z Reserved for private use
86 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 24 FUNCTION CODE
Length of Field: 3 bytes, fixed length
Field Type: Numeric
Constant: None
Field Requirement: Optional — Batch Authorization transactions
Mandatory — Specific Merchants identified for Prepaid
Card functionality. All identified Merchants are informed
by their American Express representative.
Optional — All other Merchants for Prepaid Card
functionality, but strongly recommended.
Mandatory — Transit transactions at Transit Access
Terminals (TAT)
Certification Requirement: USA & Canada
Mandatory — Third Party Processors and/or Vendors must be
certified to pass Prepaid Card data, Function Codes 181 and
182, in this data field. After certification, all
Merchant-provided Prepaid Card data must be forwarded in
this data field.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 87
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 24 FUNCTION CODE (continued)
Description: This data field contains a value that indicates the specific
purpose of this message, within its message class. The
following table lists the valid codes:
See the following for more detailed information.
100 = Authorization Request - This transaction can be used
for normal Authorization Requests, including those
used for processing a Payment Plan Authorization such
as DPP or EPP. Use of code “100” is optional.
180 = Batch Authorization -— This transaction is part of a
batch of non-time-critical authorization requests,
which do not require the rapid response normally
provided for real-time transactions. Use of code
180” for batch processing allows American Express
to assign an appropriate priority in relation to
transactions submitted from real-time POS
environments. Typically, a Merchant utilizing Batch
Authorization would not also participate in the special,
Prepaid Card Partial Authorization services, described
on the next page. A Merchant using Batch
Authorization can accept American Express Prepaid
Cards as normal authorizations.
Function Code
100 - Authorization Request
180 - Batch Authorization
181 - Prepaid Card Partial Authorization
182 - Prepaid Card Authorization with Balance Return
190 - Account Status Check
191 - ATC Synchronization
194 - Expresspay Translation (PAN Request)
196 - Expresspay Translation (PAN & Expiration Date
Request)
88 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 24 FUNCTION CODE (continued)
Description (continued): The following codes enhance acceptance, functionality and
usage of American Express Prepaid Card products at the POS.
For these special Prepaid Card services, authorized Third Party
Processors and Vendor software are required to support both
Prepaid Card functions, specifically Partial Authorization and
Authorization with Balance Return. This enables their
Merchants to select either option. Direct Link Merchants have
the choice of selecting the feature(s) they want to support.
American Express strongly recommends Partial Authorization,
because it approves a request for the remaining balance rather
than declining it when there are insufficient funds to cover the
original amount.
181 = Prepaid Card Partial Authorization Supported -
Indicates that the Merchant's system accepts and
processes Prepaid Card response messages for partial
authorization of transaction amounts less than the full
value originally submitted for authorization. Note that
the Merchant must collect the remainder from the
Cardmember via another form of payment.
Merchants certified for Prepaid Card Partial
Authorization should use code “181” for all
transactions, and American Express systems will
determine which Card products require a partial
authorization response. Specifically, non-Prepaid Card
products are ineligible for Partial Authorization; and
using code “181” will not affect normal authorization
requests.
When applicable, Partial Authorization-related data is
returned in the following Authorization Response
(1110) message Data Fields:
Data Field 4 — Amount, Transaction
Data Field 30 — Amounts, Original
Data Field 39 — Action Code
Data Field 54 — Amounts, Additional
Balances may not be returned for some Prepaid Cards.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 89
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 24 FUNCTION CODE (continued)
Description (continued): 181 = (continued)
These data fields represent the amount authorized, the
amount requested, the action taken and the balance
remaining on the Prepaid Card. For details, see pages
183, 187, 194 and 203, respectively.
182 = Prepaid Card Authorization with Balance Return
Supported - Indicates that the Merchant's system
and/or POS device accepts and processes Prepaid Card
balances in response messages. This alternative for
systems that do not support partial authorizations
returns the Prepaid Card balance to the Merchant so
that an authorization request can be resubmitted for
the available amount when transactions are denied for
insufficient balance. Another form of payment (i.e.,
split tender) can be requested for the remainder.
Merchants certified for Prepaid Card Authorization
with Balance Return should use code “182” for all
transactions, and American Express systems will
determine which Card products require a response
related to Authorization with Balance Return.
Specifically, non-prepaid Card products are ineligible
for Authorization with Balance Return; and using code
182” will not affect normal authorization requests.
Using code “182” indicates that the Merchant is
requesting an authorization for the full amount, and
that their system supports the return of Prepaid Card
balance information from American Express.
When applicable, Authorization with Balance
Return-related data is returned in the following
Authorization Response (1110) message Data Fields:
Data Field 39 — Action Code
Data Field 54 — Amounts, Additional
These data fields represent the action taken and
the balance remaining on the Prepaid Card. For
details, see pages 194 and 203, respectively.
Balances may not be returned for some Prepaid Cards.
90 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 24 FUNCTION CODE (continued)
Description (continued): 182 = (continued)
Note: A Prepaid Card Balance Inquiry for American
Express Prepaid Card products can be submitted by
zero filling Data Field 4 (Amount, Transaction), if Data
Field 24, Function Code, value is “181” (Partial
Authorization) or “182” (Authorization with Balance
Return). The available balance is returned in Data Field
54, Amounts, Additional, of the Authorization
Response (1110) message. However, balance inquiries
cannot be processed for Card products other than
American Express Prepaid Cards.
190 = Account Status Check — Transit Merchants requesting
an account status check on transit transactions only.
191 = ATC Synchronization — Indicates an Application
Transaction Counter (ATC) value is being provided to
the Issuer. Issuers can use this synchronization feature
to maintain their internal ATC data.
194 = Expresspay Translation (PAN request) — Indicates the
Primary Account Number (PAN) associated with an
Expresspay-enabled card/device is being requested
from the Issuer. The response will be returned in Data
Field 34,Primary Account Number, Extended, for
Transit transactions only.
196 = Expresspay Translation (PAN & Expiration Date
request) — Indicates the Primary Account Number
(PAN) and Expiration Date associated with an
Expresspay-enabled card/device is being requested
from the Issuer. The response will be returned in Data
Field 34,Primary Account Number, Extended, for Transit
transactions only.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 91
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 25 MESSAGE REASON CODE
Length of Field: 4 bytes, fixed length
Field Type: Numeric
Constant: None
Field Requirement: Mandatory — American Express Card (and American
Express-supported Card) transactions
Optional — VISA, MasterCard and JCB transactions
Optional — American Express Travelers Cheques
Description: This data field contains a four-digit Message Reason Code,
which is provided by American Express during certification.
The code used varies with the type of request submitted for
processing by the Merchant or Third Party Processor. Proper
use of this data field indicates that the Authorization Request
is certified by American Express.
For information on valid codes and their use, contact your
American Express representative.
92 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 26 CARD ACCEPTOR BUSINESS CODE
Length of Field: 4 bytes, fixed length
Field Type: Numeric
Constant: None
Field Requirement: Mandatory
Description: This data field contains the Merchant Category Code (MCC)
that corresponds to the Merchant's type of business.
If the Merchant is considered a Payment Service Provider
(Aggregator) or an OptBlue Participant, billing for
services/goods rendered by another entity, the MCC code
should reflect the classification for the specific entity
rendering the goods or services. Therefore, this value may vary
for each transaction dependent on the category applicable to
the Payment Service Provider (Aggregator) or OptBlue
Participant’s specific Sellers.
For a list of Merchant Category Codes, refer to the American
Express Global Codes & Information Guide.
Notes:
1. For Oil Company Industry Merchants, the Card Acceptor
Business Code data field should reflect the specific type
of business conducted (e.g., 5542 - Automated Fuel
Dispensers or 5541 - Service Stations, including in-store
transactions). Oil Company Industry Merchants that use a
single Merchant ID for more than one business type
should populate this data field with the appropriate
Merchant Category Code (MCC), for each transaction. For
more information, contact your American Express
representative.
2. For Transit - TAT transactions, the Card Acceptor Business
Code data field must be populated by one of the following
Merchant Category Codes:
4111 = Local and Suburban Commuter Passenger
Transportation, including Ferries
4112 = Passenger Railways
4131 = Bus Lines
4784 = Tolls and Bridge Fees
7523 = Parking Lots and Garages
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 93
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 27 APPROVAL CODE LENGTH
Length of Field: 1 byte, fixed length
Field Type: Numeric
Constant: 6 or 2
Field Requirement: Optional
Description: The American Express preferred standard Approval Code for
the Authorization Response (1110) message is a six-digit
approval code. U.S. and Canadian Merchants must comply
with this standard. However, for all other global regions,
American Express has the ability to provide either a two-digit
or a six-digit approval code.
When applicable, American Express representatives must be
informed during the initial setup of the Merchant interface,
that Data Field 27 will be used to determine the Approval Code
length in the Authorization Response (1110) message.
American Express will then set up procedures to check the
value in Data Field 27 and provide the appropriate Approval
Code length in the Authorization Response (1110) message.
When the valid values of either “2” or “6” are present in this
data field, American Express will honor the request to send an
Approval Code of the appropriate length.
If the Merchant or Third Party Processor then submits the data
field with no value, American Express will follow additional
rules to determine the proper length of the Approval Code. This
procedure allows the Approval Code length to vary, which may
suit the Merchant's specific business rules.
If the Merchant or Third Party Processor prefers not to use
Data Field 27, American Express will still set up the link to
return either a two-digit or six-digit Approval Code.
94 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 31 ACQUIRER REFERENCE DATA
Length of Field:
Variable Length Indicator:
Length of Variable Data:
3 bytes minimum, 50 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
48 bytes maximum, EBCDIC
Field Type: Alphanumeric & special characters
Constant: None
Field Requirement: Not used — All transactions
Description: This data field is reserved for internal American Express use
only.
Data must not be transmitted to American Express in this data
field. Unauthorized use of this data field may cause message
rejection.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 95
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 32 ACQUIRING INSTITUTION IDENTIFICATION CODE
Length of Field:
Variable Length Indicator:
Length of Variable Data:
3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC
Field Type: Numeric
Constant: None
Field Requirement: Optional
Description: This data field contains the identification code of the party
processing the request, preceded by a two-digit, Variable
Length Indicator (VLI).
For example, the 11-digit acquiring institution identification
code “45678912345” would appear as:
0 1
1234567890123
1145678912345
Note: This data field is not required for processing this
message; however, if included in an originating request
message, it will be preserved and returned in the response
message without alteration.
96 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 33 FORWARDING INSTITUTION IDENTIFICATION CODE
Length of Field:
Variable Length Indicator:
Length of Variable Data:
3 bytes minimum, 13 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
11 bytes maximum, EBCDIC
Field Type: Numeric
Constant: None
Field Requirement: Optional
Description: This data field contains the forwarding institution's
identification code, preceded by a two-digit Variable Length
Indicator (VLI).
For example, the 11-digit, forwarding institution identification
code “45678912345” would appear as:
0 1
1234567890123
1145678912345
Note: In certain unique implementations, this data field may
be redefined. For example, in the U.S., for non-American
Express (i.e., bankcard) requests, this data field may contain
the ID number assigned to the POS network by the
non-American Express service association (i.e., the ID number
assigned by the network provider processing transactions on
the acquiring bank's behalf).
If you wish to populate this data field with data outside the
basic definition of “the forwarding institution's identification
code”, contact your American Express representative for
assistance in determining the appropriate value to use.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 97
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 35 TRACK 2 DATA
Length of Field:
Variable Length Indicator:
Length of Variable Data:
3 bytes minimum, 39 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
37 bytes maximum, EBCDIC
Field Type: Alphanumeric & special characters
Constant: None
Field Requirement: Conditional
Certification Requirement: Global — All regions
During certification, Merchants must demonstrate the ability
to populate and transmit Track 1, Track 2 and/or Integrated
Circuit Card (ICC) Data (Data Fields 45, 35 and 55, respectively,
for Card Present transactions when track or ICC data is
successfully read from a valid Card swipe, EMV card read or
Contactless card read.
Similarly, authorized Third Party Processors and Vendors must
demonstrate the ability to populate and transmit Track 1, Track
2 and/or ICC Data, Data Fields 45, 35 and 55, respectively, for
Card Present transactions when track or ICC data is
successfully read from a valid Card swipe, EMV card read or a
Contactless card read. After certification, Merchants, Third
Party Processors and Vendors must forward all Point of
Sale-provided track and/or ICC data in the appropriate data
field(s).
Description: This data field contains the information encoded in a valid
Track 2 magnetic stripe, an Integrated Circuit Card (ICC) or a
Contactless card, preceded by a two-digit Variable Length
Indicator (VLI). Actual Track 2 data is composed of the EBCDIC
digits 0 9 and a data field separator value.
If POS Data Code, Position 7 = “2”, “5” or “W”, then the full
Track Data must be present. If Position 7 = “9”, then the full
Track Data may or may not be present. Data Field 45 must be
present if Data Field 35 is not present.
98 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 35 TRACK 2 DATA (continued)
Description (continued): If Data Field 45, Track 1, is not present, Data Field 35, Track 2,
must be populated with either the information encoded in a Track
2 magnetic stripe read for swiped transactions, or the Track 2
data stored on the chip of a Chip Card for ICC transactions.
Note: Track 1 and Track 2 data formats may vary slightly between
various American Express products. The data field definitions
referenced in the American Express Magnetic Stripe and
Expresspay Pseudo-Magnetic Stripe Formats are for reference
only and may not reflect all variations that may be encountered.
For this reason, when Track 1 or Track 2 data is supplied intact,
the Acquirer, their devices, systems, Vendor software and
authorized Third Party Processors should capture all characters
between the start and end sentinels, strip off the sentinels and
LRC, and forward the remainder to American Express in the
appropriate ISO 8583 Track 1 or Track 2 data field, without regard
to the specific lengths referenced in these sections.
For more information, refer to the American Express Magnetic
Stripe Formats and Expresspay Pseudo-Magnetic Stripe Formats
in the American Express Global Codes & Information Guide.
ANSI X4.16 Format In the following example below, the two-digit VLI is “29” and the
digits that follow are the 29 bytes of Track 2 data in ANSI X4.16
format. The character “=” is used to depict the data field
separator. The total length of this example is 31 bytes.
0 1 2 3
1234567890123456789012345678901
29371449635311004=1211081112345
ISO 7813 Format In the following example, the two-digit VLI is “37” and the digits
that follow are the 37 bytes of Track 2 data in ISO 7813 format.
The character “=” is used to depict the data field separator. The
total length of this example is 39 bytes.
0 1 2 3
123456789012345678901234567890123456789
37371449635311004=021110108111234567800
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 99
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 35 TRACK 2 DATA (continued)
Expresspay Pseudo-Magnetic Stripe
Format
In the following example, the two-digit VLI is “37” and the digits
that follow are the 37 bytes of Track 2 data shown in Expresspay
Pseudo-Magnetic Stripe Format. The character “=” is used to
depict the data field separator. The total length of this example is
39 bytes.
0 1 2 3
123456789012345678901234567890123456789
37371449635311004=111270212342474312345
Notes:
1. If Tracks 1 and 2 are both captured, both should be
forwarded. If only one track is captured, Track 1 is preferred
(see page 109). For systems that capture only Track 2, this
less desirable alternative may be supplied in lieu of Track 1.
2. American Express security requirements prohibit the storage
of track data within Merchant or processor systems.
100 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 37 RETRIEVAL REFERENCE NUMBER
Length of Field: 12 bytes, fixed length
Field Type: Alphanumeric & special characters
Constant: None
Field Requirement: Optional
Description: This data field contains a unique, 12-character reference
number.
Note: This data field is not required for processing this
message; however, if included in an originating request
message, it will be preserved and returned in the response
message without alteration.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 101
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 41 CARD ACCEPTOR TERMINAL IDENTIFICATION
Length of Field: 8 bytes, fixed length
Field Type: Alphanumeric & special characters
Constant: None
Field Requirement: Mandatory — American Express transactions in EMEA,
LA/C & APA
Note: Merchants in EMEA & LA/C that are unable to
provide a unique value for each terminal, can provide a
central location Terminal ID
Optional — American Express transactions in the USA and
Canada (strongly recommended), and non-VISA
transactions
Mandatory — VISA PS2000
Description: This data field contains a unique code that identifies a specific
terminal at a Merchant location. It is used when Data Field 42,
Card Acceptor Identification Code, does not uniquely identify
the physical location of this transaction.
Note: This data field may or may not be mandatory for
processing this message; however, if included in an originating
request message, it will be preserved and returned in the
response message without alteration.
102 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
_____________________
1 IATA = International Air Transport Association.
Data Field 42 CARD ACCEPTOR IDENTIFICATION CODE
Length of Field: 15 bytes, fixed length
Field Type: Alphanumeric & special characters, left justified, character
space filled
Constant: None
Field Requirement: Mandatory
Description: This data field identifies the Merchant in a POS transaction
and is required for ALL requests. The Merchant ID assigned to
the POS location shall be one of the following, and must be left
justified and character space filled:
10-digit American Express SE Number.
Two-character alphanumeric Airline Code.
•IATA
1 Travel Agent ID (T + 5-8 digits).
If the American Express SE Number is used in this data field,
check digit validation is required. For details, refer to SE
Number Check Digit Computation (Modulus 9 Check) in the
American Express Global Codes & Information Guide.
Airline Code
If a two-character alphanumeric Airline Code is used in this
data field, additional information may be included using the
following format:
XX~T12345678
See Airline Code instructions on the next page.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 103
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 42 CARD ACCEPTOR IDENTIFICATION CODE (continued)
Description (continued): In the example on the previous page, “XX” is the
two-character alphanumeric Airline Code, “~” is a character
space, the alpha character “T” is a constant that indicates that
the value that follows is a travel agent number, and
12345678” is a 7-8 digit IATA Travel Agent ID, where the
eight digits have the following significance:
12 = Two-digit State or Country Code
34567 = Five-digit Core Number
8= Check Digit (optional). If unused, pad with a
character space.
Notes:
1. For American Express transactions, use of formats other
than the 10-digit American Express SE Number requires
additional certification.
2. This data field is mandatory for processing this message,
and it will be preserved and returned in the response
message without alteration.
104 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 43 CARD ACCEPTOR NAME/LOCATION
Length of Field:
Variable Length Indicator:
Length of Variable Data:
3 bytes minimum, 101 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
99 bytes maximum, EBCDIC
Field Type: Alphanumeric & special characters
Constant: None
Field Requirement: Global — All regions
Mandatory — Oil Company Industry, including Card
Acceptor Terminal (CAT) transactions where a single
Service Establishment Number is not used for each
physical location
Mandatory — Payment Service Providers (Aggregators) &
OptBlue Participants
Mandatory — VISA PS2000
Optional — All other transactions
Certification Requirement: Global — All regions
Mandatory — Third Party Processors and/or Vendors must be
certified to pass data in this data field. After certification, all
Merchant-provided data must be forwarded in this data field.
Note: While this data field is optional for many transactions,
American Express strongly recommends that all Merchants
populate this data field in every authorization request.
Description: This data field contains the card acceptor name and location,
which consists of six data elements with up to 99 characters
total, preceded by a two-digit, Variable Length Indicator. The
first three elements (subfield 1) are variable length and are
separated from each other and the remaining elements by a
back slash (\). Maximum allowable values include backslashes.
See Subfield Table on the next page.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 105
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
M = Mandatory O = Optional N/A = Subfield is unused
Data Field 43 CARD ACCEPTOR NAME/LOCATION (continued)
Oil Co.
CAT
VISA
PS2000
Payment
Service
Provider
(Aggregator)
and OptBlue
Participants
Other
Trans.
Subfield
Length
Subfield
Type
Description
LLVAR M M M M 2 bytes Numeric Variable Length Indicator
Subfield 1 M1N/A2M3O83 bytes
max.
Alphanumeric & special
characters Oil Co. CAT1
Name \ \ \
Must replace Name with unique
merchant-assigned, station location
code.
Payment Service Providers
(Aggregators) and OptBlue
Participants3
Payment Service Provider:
PSP’s supported within an OptBlue
Participant must follow the Payment
Service Provider format:
Payment Service Provider
(Aggregator)=Seller DBA\Seller
Street\Seller City\
A. Payment Service Provider
(Aggregator) and Seller Name -
38 bytes (max.) and should be
constructed of two elements
separated by an “=” delimiter:
1. Payment Service Provider
(Aggregator)
2. Seller Name
B. Street - 30 bytes (max.)
C. City - 15 bytes (max.)
OptBlue Participants:
= Seller DBA\Seller Street\Seller
City\
A. =Seller Name - 38 bytes (max.)
and should always begin with an
“=”
B. Street - 30 bytes (max.)
C. City - 15 bytes (max.)
106 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
M = Mandatory O = Optional N/A = Subfield is unused
Data Field 43 CARD ACCEPTOR NAME/LOCATION (continued)
Oil Co.
CAT
VISA
PS2000
Payment
Service
Provider
(Aggregator)
and OptBlue
Participants
Other
Trans.
Subfield
Length
Subfield
Type
Description
Subfield 1
(continued)
Note: The elements provided in this
subfield should be spelled out
completely. If necessary, truncate
the information to meet the length
requirements rather than using
abbreviations.
Additional data requirements are
found in Data Field 60, National Use
Data.
All Other Merchants - Optional
Name\Street\City\
Subfield 2 M M M4O 10 bytes
Fixed
Alphanumeric & special
characters, left justified
Postal Code
Subfield 3 N/A5N/A4M4O53 bytes
Fixed
Alphanumeric & special
characters, left justified
Region Code must correspond to the
Country Code provided.
For information on country and
region codes, refer to the American
Express Global Codes & Information
Guide.
Subfield 4 N/A5N/A5M4O53 bytes
Fixed
Alphanumeric Country Code must correspond to
the Region Code provided.
For information on country and
region codes, refer to the American
Express Global Codes & Information
Guide.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 107
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Notes:
1. For Oil Company Industry CAT transactions, Subfield 1 must contain a unique, Merchant-assigned,
station location code in format “S#nnnnnnnnnnn\\\”. While the previous example shows an
11-byte station location code, the actual value may vary in length within the 83-byte maximum allowed.
2. For VISA PS2000, Subfield 1 is omitted, indicated by three back slashes (\\\), one per element (Name,
Street and City).
3. Payment Service Providers (Aggregators) and OptBlue Participants:
a. For Payment Service Providers (Aggregators) - Subfield 1 must include the Payment Service Provider
(Aggregator) as well as the Seller DBA. Both elements should be separated by an “=”delimiter. The
Payment Service Provider (Aggregator) must also provide the Seller's Street and Seller's City.
Example of typical entry for Subfield 1:
ANY~AGGREGATOR=KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\
ANYTOWN\
b. For OptBlue Participants - Subfield 1 must include the Seller DBA preceded by an “=” delimiter. The
OptBlue Participant must also provide the Seller’s Street and Seller’s City.
Example of typical entry for Subfield 1:
=KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\ANYTOWN\
Notes for #3a and #3b:
1. In the example above, tilde (~) characters represent character spaces and the equal sign (=)
represents a delimiter.
2. Payment Service Providers (Aggregators) supported within an OptBlue Participant must follow
the Payment Service Provider (Aggregator) format.
4. Subfields 2, 3 and 4 are mandatory for Payment Service Providers (Aggregators) and OptBlue
Participants. Should data be unavailable, omitted subfields are indicated by character spaces. See
examples on the next page.
5. Subfields 3 and 4 are omitted for Oil Company Industry CAT transactions. For all other Merchants
subfields 3 and 4 are optional. Omitted subfields are indicated by back slashes (\), one per subfield. See
examples on the next page.
See all examples on the next page.
Data Field 43 CARD ACCEPTOR NAME/LOCATION (continued)
108 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Typical example for entry of Oil Company Industry “Station Location Code”
123456
123456789012345678901234567890123456789012345678901234567890
28S#12345678901\\\85054~~~~~\\
Typical example for entry of Payment Service Provider (Aggregator) and OptBlue
Participants “Payment Service Provider (Aggregator)=Seller DBA”,”Seller Street”,
“Seller City”, “Seller Postal Code”, “Seller Region”, and “Seller Country Code”
123456
123456789012345678901234567890123456789012345678901234567890
77ANY~AGGREGATOR=KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\ANYTO
111
789012
123456789012345678901234567890123456789012345678901234567890
WN\85054~~~~~AZ~840
Typical example for entry of Payment Service Provider (Aggregator) and OptBlue
Participants “Payment Service Provider (Aggregator)=Seller DBA”,”Seller Street”,
“Seller City”, and omitted “Seller Postal Code”, “Seller Region”, and “Seller Country
Code”
123456
123456789012345678901234567890123456789012345678901234567890
77ANY~AGGREGATOR=KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\ANYTO
111
789012
123456789012345678901234567890123456789012345678901234567890
WN~~~~~~~~~~~~~~~~
Typical example for all other Merchants
123456
123456789012345678901234567890123456789012345678901234567890
58KATIS~BEACH~UMBRELLAS\1234~ABC~STREET\ANYTOWN\85054~~~~~\\
Note: In the examples above, tilde (~) characters represent character spaces and the equal sign (=)
represents a delimiter.
Data Field 43 CARD ACCEPTOR NAME/LOCATION (continued)
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 109
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 45 TRACK 1 DATA
Length of Field:
Variable Length Indicator:
Length of Variable Data:
3 bytes minimum, 78 bytes maximum, (LLVAR)
2 bytes, EBCDIC, right justified, zero filled
76 bytes maximum, EBCDIC
Field Type: Alphanumeric & special characters
Constant: None
Field Requirement: Global — All regions
Mandatory — Oil Company Industry, Card Acceptor
Terminal (CAT) transactions
Conditional — All other transactions with POS Data Code
values noted in description
Certification Requirement: Global — All regions
During certification, Merchants must demonstrate the ability
to populate and transmit Track 1 or Track 2 data, Data Fields
45 and 35, respectively, for Card Present transactions when
track data is successfully read from a valid Card swipe or a
Contactless card read.
Similarly, authorized Third Party Processors and Vendors must
demonstrate the ability to populate and transmit Track 1 and
Track 2 data, Data Fields 45 and 35, respectively, for Card
Present transactions when track data is successfully read from
a valid Card swipe or a Contactless card read. After
certification, Merchants, Third Party Processors and Vendors
must forward all Point of Sale-provided track data in the
appropriate data field(s).
Description: This data field contains the information encoded in a valid
Track 1 magnetic stripe or a Contactless card, preceded by a
two-digit, Variable Length Indicator (VLI). The actual Track 1
data is composed of EBCDIC alphanumeric and special
characters, and a data field separator value.
110 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 45 TRACK 1 DATA (continued)
Description (continued): If POS Data Code, Position 7 = “2”, “5” or “W”, then the full
Track Data must be present. If Position 7 = “9”, then the full
Track Data may or may not be present. Data Field 35 must be
present, if Data Field 45 is not present.
If Data Field 35, Track 2, is not present, Data Field 45, Track 1,
must be populated with the information encoded in a Track 1
magnetic stripe read for swiped transactions, or Pseudo-Track
1 or the Track 1 data stored on a Contactless card for
contactless transactions.
Note: Track 1 and Track 2 formats may vary slightly between
various American Express products. The data field definitions
referenced in the American Express Magnetic Stripe and
Expresspay Pseudo-Magnetic Stripe Formats are for reference
only and may not reflect all variations that may be
encountered. For this reason, when Track 1 or Track 2 data is
supplied intact, the Acquirer, their devices, systems, Vendor
software and authorized Third Party Processors should capture
all characters between the start and end sentinels, strip off the
sentinels and LRC, and forward the remainder to American
Express in the appropriate ISO 8583 Track 1 or Track 2 data
field, without regard to the specific lengths referenced in these
sections.
For more information, refer to the American Express Magnetic
Stripe Formats and Expresspay Pseudo-Magnetic Stripe
Formats in the American Express Global Codes & Information
Guide.
Oil Company CAT Transactions
This data field is required for Oil Company Industry Card
Acceptor Terminal (CAT) transactions. (Forwarding Track 1
data, which includes primary account number, effective and
expiration dates, and Cardmember name, reduces fraud by
allowing comparison of actual card data to the American
Express database.)
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 111
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
01 2 3 4 5 6
1234567890123456789012345678901234567890123456789012345678901
59B3714~49653~11004^FROST/CHARLES~F.JR~~~~~~~~^9403910112345
01 2 3 4 5 6
123456789012345678901234567890123456789012345678901234567890
76B371449635311004^FROST/CHARLES~F.JR~~~~~~~~^94031019101123
67
123456789012345678
456789012345678901
Data Field 45 TRACK 1 DATA (continued)
Examples: See the following examples.
ANSI X4.16 Format
In the following example, the two-digit VLI is “59” and the
digits that follow are the 59 bytes of Track 1 data in ANSI
X4.16 format. The character “^” is used to depict the data field
separator, and tildes (~) represent character spaces. The total
length of this example is 61 bytes.
ISO 7813 Format
In the following example, the two-digit VLI is “76” and the
digits that follow are the 76 bytes of Track 1 data in ISO 7813
format. The character “^” is used to depict the data field
separator, and tildes (~) represent character spaces. The total
length of this example is 78 bytes.
112 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
01 2 3 4 5 6
12345678901234567890123456789012345678901234567890123456789012
60B371449635311004^VALUED/CARDMEMBER~~~~12345^1211702123424743
Notes:
1. If Tracks 1 and 2 are both captured, both should be forwarded. If only one track is captured,
Track 1 is preferred. For systems that capture only Track 2, this less desirable alternative may
be supplied in lieu of Track 1 (see page 97).
2. American Express security requirements prohibit the storage of track data within Merchant or
processor systems.
Data Field 45 TRACK 1 DATA (continued)
Expresspay Pseudo-Magnetic Stripe Format
In the following example, the two-digit VLI is “60” and the
digits that follow are the 60 bytes of Track 1 data shown in
Expresspay Pseudo-Magnetic Stripe Format. The character “^”
is used to depict the data field separator. The total length of
this example is 62 bytes.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 113
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 47 ADDITIONAL DATA - NATIONAL
Length of Field:
Variable Length Indicator:
Length of Variable Data:
19 bytes minimum, 304 bytes maximum, (LLLVAR)
3 bytes, EBCDIC, right justified, zero filled
301 bytes maximum, EBCDIC
Field Type: Alphanumeric & special characters
Constant: None
Field Requirement: Optional — Merchants in mail-, telephone- and
internet-order industries that pass Card Not Present -
Internet Telephone Data (ITD).
Optional — Merchants in the airline industry that pass
Card Not Present Internet Airline Customer (IAC) data or
Card Not Present - Airline Passenger Data (APD).
Optional — Merchants in Card Present transactions that
pass Card Present - Goods Sold data.
Certification Requirement: USA, Canada, EMEA & LA/C
Mandatory — Third Party Processors and/or Vendors must
be certified to pass Card Not Present - Internet Telephone
Data (ITD) in this data field. After certification, all
Merchant-provided ITD data must be forwarded in this
data field.
Mandatory — Third Party Processors and/or Vendors must
be certified to pass Card Not Present Internet Airline
Customer (IAC) data in this data field. After certification,
all Merchant-provided IAC data must be forwarded in this
data field.
Mandatory — Third Party Processors and/or Vendors must
be certified to pass Card Not Present - Airline Passenger
Data (APD) in this data field. After certification, all
Merchant-provided APD data must be forwarded in this
data field.
114 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Certification Requirement (continued): Mandatory — Third Party Processors and/or Vendors must
be certified to pass Card Present - Goods Sold data in this
data field. After certification, all Merchant-provided Card
Present - Goods Sold data must be forwarded in this data
field.
Description: This data field is composed of four formats:
The first format is for Merchants in mail-, telephone- and
internet-order industries that submit Card Not Present -
Internet Telephone Data (ITD).
For Merchants using this format, ITD subfields may contain
source data, including the Cardmember's Web and email
addresses, host computer name, HTTP browser, product
SKU (Stock Keeping Unit) inventory reference number,
shipping method and country to which product will be
shipped.
The second format is specific to airline industry Merchants
that submit Card Not Present - Internet Airline Customer
(IAC) data.
For these Merchants, IAC subfields may contain additional
travel-specific information, including the departure date,
passenger name, travel origin and destination, routing
cities, airline carriers, fare basis, number of passengers,
and customer IP and email addresses.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 115
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Description: The third format is specific to airline industry Merchants
that submit Card Not Present - Airline Passenger Data
(APD).
For these Merchants, APD subfields may contain additional
travel-specific information, including the departure date,
passenger and Cardmember names, travel origin and
destination, routing cities, airline carriers, fare basis,
number of passengers, e-ticket indicator and reservation
code.
Note: Within the Airline Industry, the IAC format is
recommended over the APD format, as it is more
comprehensive. The APD format has been retained for
Merchants, Processors and Vendor software currently
sending data in this format.
Merchants that could fall under ITD, IAC or APD categories
should contact their American Express representative, to
determine which format is appropriate for their business.
The fourth format is specific to Card Present Goods Sold
data. The Card Present - Goods Sold subfields contain Card
Present information identifying the product being
purchased which is Gift Cards.
116 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Description (continued): Notes:
1. Only one of the four formats may be used for a given
transaction. The ITD format has a minimum length of 74
bytes and a maximum of 265, including VLI. The IAC format
has a minimum of 132 bytes and a maximum of 304,
including VLI. The APD format has a minimum of 151 bytes
and a maximum of 290, including VLI. The Card Present -
Goods Sold format has a minimum length of 19 bytes and a
maximum of 19, including the VLI.
2. For all formats, unused fixed-length subfields must be
character space or zero filled, as appropriate.
3. Unless otherwise indicated, for all formats, unused
variable-length subfields must be a minimum of one byte,
composed of a character space or zero, as appropriate.
This is in addition to providing the preceding ID and VLI
bytes. For example, the three-byte ID would be sent with
two-byte VLI “01”, and the one-byte subfield would
contain a single character space or a zero, as appropriate.
4. Unless otherwise indicated, alphanumeric subfields are
left justified, character space filled and not case sensitive;
and numeric subfields are right justified and zero filled, as
necessary.
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 117
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Card Not Present - Internet Telephone Data (ITD) For the Mail-, Telephone- and Internet-Order
Industries Format Table
Note: ~ = character space.
See example on page 120.
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Relative
Position
Subfield Name
Subfield
Length
Subfield Type
Description
1-3 VARIABLE LENGTH INDICATOR
(VLI)
3 bytes Numeric (EBCDIC) VLI indicates total length of variable data in this
data field (not including VLI).
4-5 PRIMARY ID 2 bytes Alphanumeric Primary ID (Card Type Code) is constant literal
“AX” (American Express).
6-8 SECONDARY ID 3 bytes Alphanumeric Secondary ID (Data Type Code). Valid IDs include:
ITD = Card Not Present Data
9-11 CUSTOMER EMAIL ID (CE ID) 3 bytes Alphanumeric Customer Email ID is constant literal “CE~”
(Customer Email).
12-13 VARIABLE LENGTH INDICATOR
(CE VLI)
2 bytes Numeric CE VLI indicates length of CUSTOMER EMAIL
variable data (not including CE ID or VLI).
14-37 CUSTOMER EMAIL 1-60 bytes Alphanumeric &
special characters
Customer's email address. Example:
CFFROST@EMAILADDRESS.COM
38-40 CUSTOMER HOSTNAME ID (CH
ID)
3 bytes Alphanumeric Customer HostName ID is constant literal “CH~”
(Customer HostName).
41-42 VARIABLE LENGTH INDICATOR
(CH VLI)
2 bytes Numeric CH VLI indicates length of CUSTOMER
HOST-NAME variable data (not including CH ID
or VLI).
43-56 CUSTOMER HOSTNAME 1-60 bytes Alphanumeric &
special characters
Name of server to which customer is connected.
Example: PHX.QW.AOL.COM
57-59 HTTP BROWSER TYPE ID (HBT ID) 3 bytes Alphanumeric HTTP Browser Type ID is constant literal “HBT”
(HTTP Browser Type).
60-61 VARIABLE LENGTH INDICATOR
(HBT VLI)
2 bytes Numeric HBT VLI indicates length of HTTP BROWSER
TYPE variable data (not including HBT ID or VLI).
62-107 HTTP BROWSER TYPE 1-60 bytes Alphanumeric &
special characters
Customer's HTTP browser type.
Example:
MOZILLA/4.0~(COMPATIBLE;
~MSIE~5.0;~WINDOWS~95)
108-110 SHIP TO COUNTRY ID (STC ID) 3 bytes Alphanumeric Ship To Country ID is constant literal “STC
(Ship To Country).
111-112 VARIABLE LENGTH INDICATOR
(STC VLI)
2 bytes Numeric STC VLI indicates length of SHIP TO COUNTRY
variable data. Must be constant literal “03”.
118 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Card Not Present - Internet Telephone Data (ITD) For the Mail-, Telephone- and Internet-Order
Industries Format Table (continued)
Note: ~ = character space.
See example on page 120.
* Merchants populating the Shipping Method, using shipment-type code (06) Ship-to Store, are strongly encouraged to populate
the address of the store location in Data Field 63 (Private Use Data) Ship-to Address in the 205-byte format.
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Relative
Position
Subfield Name
Subfield
Length
Subfield Type
Description
113-115 SHIP TO COUNTRY 3 bytes Alphanumeric Three-byte, numeric Country Code. Refer to
Country Codes in the Global Codes & Information
Guide. Example for U.S.: 840
116-118 SHIPPING METHOD ID (SM ID) 3 bytes Alphanumeric Shipping Method ID is constant literal “SM~”
(Shipping Method).
119-120 VARIABLE LENGTH INDICATOR
(SM VLI)
2 bytes Numeric SM VLI indicates length of SHIPPING METHOD
variable data (not including SM ID or VLI). Must
be constant literal “02”.
121-122 SHIPPING METHOD 2 bytes Alphanumeric Two-byte, shipment-type code:
01 =Same Day
02 =Overnight / Next Day
03 = Priority, 2-3 days
04 = Ground, 4 or more days
05 = Electronic Delivery
06 = Ship-to Store*
07-ZZ = Reserved for future use
123-125 MERCHANT PRODUCT SKU ID
(MPS ID)
3 bytes Alphanumeric Merchant Product SKU ID is constant literal
“MPS” (Merchant Product SKU).
126-127 VARIABLE LENGTH INDICATOR
(MPS VLI)
2 bytes Numeric MPS VLI indicates length of MERCHANT
PRODUCT SKU variable data (not including MPS
ID or VLI).
128-135 MERCHANT PRODUCT SKU 1-15 bytes Alphanumeric &
special characters
Unique SKU (Stock Keeping Unit) inventory
reference number of product associated with this
authorization request. For multiple items, enter
SKU for single, most expensive item.
Example: TKDC315U
136-150 CUSTOMER IP 15 bytes Alphanumeric &
special characters
Customer's Internet IP address, left justified and
character space filled (as necessary) to 15 bytes.
Example 1: 127.142.151.223
Example 2: 127.142.5.56~~~
Example 3: 12.142.49.190~~
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 119
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Card Not Present - Internet Telephone Data (ITD) For the Mail-, Telephone- and Internet-Order
Industries Format Table (continued)
See example on the next page.
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Relative
Position
Subfield Name
Subfield
Length
Subfield Type
Description
151-160 CUSTOMER ANI 10 bytes Alphanumeric &
special characters
ANI (Automatic Number Identification) specified
10-digit phone number that customer used to
place order with Merchant. Leading or trailing
zeros and/or virgules (/) are not permitted as
filler. However, phone numbers less than 10-
digits should be left justified and character space
filled. USA, Canada and other countries that
follow the NANP phone numbering system
should send all 10-digits of the phone number,
including the area code. For countries that do not
follow this system, send the last 10-digits.
Examples: United States of America (USA) phone
number “602-555-1212” would be entered as
6025551212”.
United Kingdom (UK) phone number
“44-1234-123456” would be entered as
1234123456”.
161-162 CUSTOMER II DIGITS 2 bytes Alphanumeric &
special characters
Telephone company-provided ANI Information
Identifier (II) digits associated with CUSTOMER
ANI. II digits indicate call type. For example,
cellular (61-63), payphone (27), toll free (24, 25),
etc.
120 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Card Not Present - Internet Telephone Data (ITD) For the Mail-, Telephone- and Internet-Order
Industries Example
The following example corresponds to the ITD Position Format Table on the preceding pages, and illustrates
a data field entry for mail-, telephone- and internet-order Merchants that submit Card Not Present - Internet
Telephone Data (Data Type Code “ITD”).
123456
123456789012345678901234567890123456789012345678901234567890
159AXITDCE~24CFFROST@EMAILADDRESS.COMCH~14PHX.QW.AOL.COMHBT4
111
67 8 9 0 1 2
123456789012345678901234567890123456789012345678901234567890
6MOZILLA/4.0~(COMPATIBLE;~MSIE~5.0;~WINDOWS~95)STC03840SM~02
11 1 1 1
23 4 5 6
123456789012345678901234567890123456789012
02MPS08TKDC315U127.142.005.056602555121200
Notes:
1. In the example above, tilde (~) characters represent character spaces.
2. This example represents data for multiple scenarios of a Card Not Present - Internet Telephone Data
(ITD) transaction. A typical transaction will probably not include all subfields (e.g., an Internet-order
would not include Customer ANI and Customer II Digits; and a phone-order would not include Customer
Hostname or Customer IP).
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 121
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Card Not Present Internet Airline Customer (IAC) Format Table
Note: ~ = character space.
See example on page 124.
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Relative
Position
Subfield Name
Subfield
Length
Subfield Type
Description
1-3 VARIABLE LENGTH INDICATOR
(VLI)
3 bytes Numeric (EBCDIC) VLI indicates total length of variable data in this
data field (not including VLI).
4-5 PRIMARY ID 2 bytes Alphanumeric Primary ID (Card Type Code) is constant literal
“AX” (American Express).
6-8 SECONDARY ID 3 bytes Alphanumeric Secondary ID (Data Type Code). Valid IDs include:
IAC = Internet Airline Customer
9-16 DEPARTURE DATE 8 bytes Numeric Departure Date (format CCYYMMDD).
Example: 20030101
17-19 AIRLINE PASSENGER NAME ID
(APN ID)
3 bytes Alphanumeric Airline Passenger Name ID is constant literal
“APN” (Airline Passenger Name).
20-21 VARIABLE LENGTH INDICATOR
(APN VLI)
2 bytes Numeric APN VLI indicates length of Airline PASSENGER
NAME variable data (not including APN ID or VLI).
22-44 PASSENGER NAME 23-40 bytes Alphanumeric &
special characters
Passenger Name in format: SURNAME~
FIRSTNAME~MIDDLEINITIAL~TITLE
Use character space as sub-element separator.
Variable data must be 23-bytes minimum, space
filled as necessary, 40-bytes maximum. Truncate
at 40 bytes, if necessary.
Example: FROST~JANE~M~MRS~~~~~~~
45-49 ORIGIN (Origin Airport) 5 bytes Alphanumeric &
special characters
First segment travel origination Airport,
Note: Five-byte code sequence allows for
anticipated expansion of present, three-character
Airport Code. If necessary, left justify codes and
character space fill each code sequence to five
bytes.
Example: ABC~~
50-54 DEST (First Segment Travel
Destination Airport)
5 bytes Alphanumeric &
special characters
Destination Airport for first travel segment of
trip; not necessarily the final destination. For
example, if passenger flies from STL to MIA with
layover at JFK, Destination Airport for first
segment is JFK.
Note: Five-byte code sequence allows for
anticipated expansion of present, three-character
Airport Code. If necessary, left justify codes and
character space fill each code sequence to five
bytes.
Example: XYZ~~
122 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Card Not Present Internet Airline Customer (IAC) Format Table (continued)
Note: ~ = character space.
See example on page 124.
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Relative
Position
Subfield Name
Subfield
Length
Subfield Type
Description
55-57 ROUTING ID (RTG ID) 3 bytes Alphanumeric Routing ID is constant literalRTG” (Routing).
58-59 VARIABLE LENGTH INDICATOR
(RTG VLI)
2 bytes Numeric RTG VLI indicates combined length of NUMBER
OF CITIES and ROUTING CITIES variable data (not
including RTG ID or VLI).
60-61 NUMBER OF CITIES 2 bytes Numeric Number of Airports or Cities on ticket (10 max).
62-120 ROUTING CITIES 11-59 bytes Alphanumeric &
virgule (/)
Routing Airport or City Codes for each leg on
ticket (including ORIGIN and DEST) in five-byte
segments with virgule (/) separator. Example:
ABC~~/DEF~~/GHI~~/JKL~~/MNO~~
/PQR~~/STU~~/VWX~~/YZA~~/XYZ~
~
121-123 AIRLINE CARRIERS ID (ALC ID) 3 bytes Alphanumeric Airline Carriers ID is constant literal “ALC
(Airline Carrier).
124-125 VARIABLE LENGTH INDICATOR
(ALC VLI)
2 bytes Numeric ALC VLI indicates combined length of NUMBER
OF AIRLINE CARRIERS and AIRLINE CARRIERS
variable data (not including ALC ID or VLI).
126-127 NUMBER OF AIRLINE CARRIERS 2 bytes Numeric Number of Airline Carriers entered in AIRLINE
CARRIERS subfield (9 max). Example: 09
128-180 AIRLINE CARRIERS 5-53 bytes Alphanumeric &
virgule (/)
Airline Carrier Code for each leg on ticket
(including ORIGIN and DEST) in five-byte
segments with virgule (/) separator. Example:
AB~~~/XY~~~/BC~~~/CD~~~/DE~~~
/DE~~~/CD~~~/BC~~~/AB~~~
Each leg must have Airline Carrier Code entry,
even if multiple (or all) legs are on same Airline.
181-204 FARE BASIS 24 bytes Alphanumeric &
special characters
Primary & secondary discount codes indicate
class of service and fare level associated with
ticket. Truncate at 24 bytes, if necessary.
Example:
ABC123DEF456GHI789JKL012
205-207 NUMBER OF PASSENGERS 3 bytes Numeric Number of passengers in party. Example: 001
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 123
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Card Not Present Internet Airline Customer (IAC) Format Table (continued)
Note: ~ = character space.
See example on the next page.
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Relative
Position
Subfield Name
Subfield
Length
Subfield Type
Description
208-222 CUSTOMER IP 15 bytes Alphanumeric &
special characters
Customer's Internet IP address, left justified and
character space filled (as necessary) to 15 bytes.
Example 1: 127.142.151.223
Example 2: 127.142.5.56~~~
Example 3: 12.142.49.190~~
223-225 CUSTOMER EMAIL ID (CE ID) 3 bytes Alphanumeric Customer Email ID is constant literal “CE~
(Customer Email).
226-227 VARIABLE LENGTH INDICATOR 2 bytes Numeric CE VLI indicates length of CUSTOMER EMAIL
variable data (not including CE ID or VLI).
228-251 CUSTOMER EMAIL 1-60 bytes Alphanumeric &
special characters
Customer's email address. Example:
CFFROST@EMAILADDRESS.COM
124 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Card Not Present Internet Airline Customer (IAC) Example
The following example corresponds to the IAC Position Format Table on the preceding pages, and illustrates
a data field entry for airline industry Merchants that submit Card not Present Internet Airline Customer data
(Data Type Code “IAC”).
123456
123456789012345678901234567890123456789012345678901234567890
248AXIAC20030101APN23FROST~JANE~M~MRS~~~~~~~ABC~~XYZ~~RTG611
111
67 8 9 0 1 2
123456789012345678901234567890123456789012345678901234567890
0ABC~~/DEF~~/GHI~~/JKL~~/MNO~~/PQR~~/STU~~/VWX~~/YZA~~/XYZ~~
11 1 1 1 1 1
23 4 5 6 7 8
123456789012345678901234567890123456789012345678901234567890
ALC5509AB~~~/XY~~~/BC~~~/CD~~~/DE~~~/DE~~~/CD~~~/BC~~~/AB~~~
11 2 2 2 2 2
89 0 1 2 3 4
123456789012345678901234567890123456789012345678901234567890
ABC123DEF456GHI789JKL012001127.142.005.056CE~24CFFROST@EMAIL
22
45
12345678901
ADDRESS.COM
Note: In the example above, the tilde (~) characters represent character spaces.
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third April 2016 125
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
American Express Proprietary & Confidential Global Credit Authorization Guide ISO Format
8.1 1100 Authorization Request (continued)
Card Not Present - Airline Passenger Data (APD) Format Table
Note: ~ = character space.
See example on page 128.
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Relative
Position
Subfield Name
Subfield
Length
Subfield Type
Description
1-3 VARIABLE LENGTH INDICATOR
(VLI)
3 bytes Numeric (EBCDIC) VLI indicates total length of variable data in this
data field (not including VLI).
4-5 PRIMARY ID 2 bytes Alphanumeric Primary ID (Card Type Code) is constant literal
“AX” (American Express).
6-8 SECONDARY ID 3 bytes Alphanumeric Secondary ID (Data Type Code). Valid IDs include:
APD = Internet Airline Customer
9-16 DEPARTURE DATE 8 bytes Numeric Departure Date (format CCYYMMDD).
Example: 20030101
17-19 AIRLINE PASSENGER NAME ID
(APN ID)
3 bytes Alphanumeric Airline Passenger Name ID is constant literal
“APN” (Airline Passenger Name).
20-21 VARIABLE LENGTH INDICATOR
(APN VLI)
2 bytes Numeric APN VLI indicates length of Airline PASSENGER
NAME variable data (not including APN ID or VLI).
22-44 PASSENGER NAME 23-40 bytes Alphanumeric &
special characters
Passenger Name in format: SURNAME~
FIRSTNAME~MIDDLEINITIAL~TITLE
Use character space as sub-element separator.
Variable data must be 23-bytes minimum, space
filled as necessary, 40-bytes maximum. Truncate
at 40 bytes, if necessary.
Example: FROST~JANE~M~MRS~~~~~~~
45-47 CARDMEMBER NAME ID (CN ID) 3 bytes Alphanumeric Cardmember Name ID is constant literal “CN~
(Cardmember Name).
48-49 VARIABLE LENGTH INDICATOR
(CN VLI)
2 bytes Numeric CN VLI indicates length of CARDMEMBER NAME
variable data (not including CN ID or VLI).
50-72 CARDMEMBER NAME 23-40 bytes Alphanumeric &
special characters
Cardmember Name in format: SURNAME~
FIRSTNAME~MIDDLEINITIAL~TITLE
Use character space as sub-element separator.
Variable data must be 23-bytes minimum, space
filled as necessary, 40-bytes maximum. Truncate
at 40 bytes, if necessary.
Example: FROST~CHARLES~F~MR~~~~~
126 April 2016 This document contains sensitive, confidential, and trade secret information, and must not be disclosed to third
parties without the express prior written consent of American Express Travel Related Services Company, Inc.
table of contents
Global Credit Authorization Guide ISO Format American Express Proprietary & Confidential
8.1 1100 Authorization Request (continued)
Card Not Present - Airline Passenger Data (APD) Format Table (continued)
Note: ~ = character space.
See example on page 128.
Data Field 47 ADDITIONAL DATA - NATIONAL (continued)
Relative
Position
Subfield Name
Subfield
Length
Subfield Type
Description
73-77 ORIGIN (Origin Airport) 5 bytes Alphanumeric &
special characters
First segment travel origination Airport,
Note: Five-byte code sequence allows for
anticipated expansion of present, three-character
Airport Code. If necessary, left justify codes and
character space fill each code sequence to five
bytes.
Example: ABC~~
78-82 DEST (First Segment Travel
Destination Airport)
5 bytes Alphanumeric &
special characters
Destination Airport for first travel segment of trip;
not necessarily the final destination. For example,
if passenger flies from STL to MIA with layover at
JFK, Destination Airport for first segment is JFK.
Note: Five-byte code sequence allows for
anticipated expansion of present, three-character
Airport Code. If necessary, left justify codes an