NEXO CARD PAYMENT SECURITY SPECIFICATIONS

NEXO CARD PAYMENT SECURITY SPECIFICATIONS

A standardize approach with embeded security in the protocols
OVERVIEW

A standardize approach with embeded security in the protocols

The “Card Payment Protocols Security” contains the specifications of the security mechanisms to secure the following nexo protocol messages:

  • nexo Acquirer protocol (ISO 20022 CAPE messages – ‘caaa’)
  • nexo TMS protocol (ISO 20022 CAPE messages – ‘catm’)
  • nexo Retailer protocol (Sale to POI protocol)
HOW DOES IT WORK?

Card payments messages of the nexo protocols use four types of protection:

  • Protection of the PIN, performed by the application.
  • Protection of sensitive data (e.g. card data), performed by either the payment application or the nexo protocol when configured to do so.
  • Protection of the message by a MAC (Message Authentication Code).
  • Protection of the message by a digital signature.All the protected data and the related information are formatted according to the generic format defined by the Cryptographic Message Syntax (CMS) standard defined in the RFC 5652.
Download

The information contains the implementation of the security specifications for both the ISO 20022 Acceptor to Acquirer Card Transactions standards (nexo Acquirer and TMS protocols) and the nexo Retailer Protocol. This material is to be used as a complementary material to the ISO 20022 Card Payment Exchanges (CAPE) specifications which are available from the official ISO 20022 Web site. The present material is available for free under an End-user License Agreement (EULA).

nexo Security Specifications