MDES Via Direct Service Access - International Guide 21.Q1

MDES via DSA
User Guide
3 March 2021
Contents
Contents
Chapter 1: Introduction.......................................................................................... 4
Purpose of this document:..................................................................................................5
Audience..................................................................................................................................5
About the Mastercard Direct Services Access............................................................... 5
Acronyms................................................................................................................................6
High Level Billing Information............................................................................................8
Inquiries...................................................................................................................................8
Connectivity Issues...............................................................................................................8
Chapter 2: About MDES....................................................................................... 10

NFC Contactless Payments.............................................................................................11
Dynamic Magnetic Stripe Data Payments...................................................................12
Digital Secure Remote Payment Transactions............................................................ 12
Dynamic Token Verification Code Solution.................................................................. 13
Prerequisites and Eligible Customers............................................................................ 15
Eligible Transactions..........................................................................................................15
Service Request and Response........................................................................................16
Processing requirements and History Advice...............................................................17
CIS Message Layouts........................................................................................................ 18
Authorization Request/0100...................................................................................... 19
Overall......................................................................................................................... 19
Contactless (Point of Sale Entry Mode 07 and 91).......................................... 23
Ecommerce - Original Transaction (Point of Sale Entry Mode 09 with
DSRP EMV Cryptogram)........................................................................................ 26
Ecommerce - Original Transaction (Point of Sale Entry Mode 81 with
DSRP UCAF Cryptogram)......................................................................................28
Ecommerce - Original Transaction (Point of Sale Entry Mode 81 With
Dynamic Token Verification Code and Dynamic Expiration Date)................ 32
Ecommerce - Recurring/Partial Shipment (Point of Sale Entry Mode 10
and 81)........................................................................................................................35
Dynamic Magnetic Stripe Data(Point of Sale Entry Mode 90)..................... 38
Authorization Request Response/0110....................................................................41
Authorization Advice/0120—Acquirer-Generated..................................................53
Authorization Advice Response/0130.......................................................................55
Reversal Request/0400................................................................................................ 57
Reversal Request Response/0410..............................................................................58
About the Transaction History Advice Message..........................................................61
Transaction History Advice Message Format and Layouts...................................... 62
Transaction History Advice Format—Authorization Advice/0120......................62
©2021 Mastercard. Proprietary. All rights reserved.

MDES via DSA —User Guide • 3 March 2021 2
Contents
Transaction History Advice Format—Authorization Advice Response/0130... 67
Notices............................................................................................................................68

Introduction
Chapter 1 Introduction
Purpose of this document:............................................................................................................... 5

Audience...............................................................................................................................................5
About the Mastercard Direct Services Access.............................................................................5
Acronyms..............................................................................................................................................6
High Level Billing Information......................................................................................................... 8
Inquiries................................................................................................................................................ 8
Connectivity Issues............................................................................................................................ 8

Introduction
Purpose of this document:
Purpose of this document:

This document contains information on the MDES service provided via Direct
Services Access.
NOTE: The MDES via DSA user guide should be used in conjunction with the DSA guide and
not as a stand alone. For complete information, you can refer the DSA guide.
Audience
Mastercard provides this information for customers and their authorized agents.
Specifically, the following users will find this manual useful:
• Issuers, acquirers, processors, and payment networks that do not switch their
transactions on the Mastercard Network but want to offer Mastercard
Network-based value-added Services to their customers.
• Customer Staff who can be involved in testing and verifying actual
implementations against these specifications.
About the Mastercard Direct Services Access
The Mastercard Direct Services Access provides issuers, third party processors
(TPPs), or payment networks that have transaction activity switching outside the
Mastercard Network an ability to access Mastercard Network for applying certain
value-added services on their transactions.
Background
Previously, issuers and processors were limited to offering Mastercard value-added
Services only to those accounts where Service, Clearing, and Single
Messagetransactions were processed directly through the Mastercard Network.
Due to regional and global differences, as well as the number of transaction

network processing choices available in the markets, not all Mastercard and
Maestro transactions flow through the Mastercard Network. As a result, payment
entities can be limited in offering
Opportunity and Solution

The Mastercard Direct Services Access:

Introduction
Acronyms
• Provides a method for customers and their authorized agents access to certain
Mastercard value-added Services for eligible Mastercard and non-Mastercard
transactions that process outside the Mastercard Network.
• Enables customers that want to participate in Mastercard value-added Services
to have a consistent experience, regardless of whether the transaction was
processed through the Mastercard Network or through another network.
Benefits:
Mastercard intends for a customer using the Mastercard Direct Services Access to
experience the following benefits:
• Ability to participate in certain Mastercard value-added Services where no
opportunity previously existed.
• Ability to expand the coverage of a given Mastercard value-added Service.
• Increased cardholder utility, retention, and loyalty as a result of offering the
Mastercard value-added Services described in this document.
• Ability to extend the Mastercard value-added Services to eligible non-
Mastercard transactions.
• A single point of entry to the Mastercard value-added Services for the
transactions processed on the customer’s network.
Connectivity Options
Mastercard Direct Services Access supports two connectivity options:
1. TCP/IP connection via Member Processor Interface (MIP)
2. API via Cloud
For more details about Mastercard Direct Service Access, please refer to
Mastercard Direct Services Access Manual and Technical Specifications Guide
You can contact your account manager to access this guide.
Acronyms
This terminology list defines various terms, concepts, acronyms, and abbreviations
used in this document. These definitions appear for convenience only and are not
to be used or otherwise relied on for any legal or technical purpose. Mastercard
specifically reserves the right to amend any definition appearing herein and to
interpret and apply all such definitions in its sole discretion as Mastercard deems
fit.

Introduction
Acronyms
Table 1: Key Acronyms or Terms
Acronym or Term Description

ARQC Authorization Request Cryptogram
ATC Application Transaction Counter
BIN Bank Identification Number
CE Conditional Echo
CIS Customer Interface Specification

CVC Card Verification Code
CVM Cardholder Verification Method
CVR Card Verification Result
DE Data Element
DSA Direct Services Access

e-commerce e-commerce Electronic Commerce
EMV Europay, Mastercard, and Visa
ICA Interbank Card Association

ICC Integrated Circuit Card
INF Intermediate Network Facility

LAN Local Area Network
MCC Card Acceptor Business Code (Merchant

Category Code)
MCBP Mastercard Cloud-Based Payments
MDES Mastercard Digital Enablement Services
MIP Mastercard Interface Processor
ME Mandatory Echo
MTI Message Type Identifier
NFC Near Field Communication
OB On-Behalf
OCC Operations Command Center
PAN Primary Account Number
POS Point of Sale

Introduction
High Level Billing Information
Acronym or Term Description

SSI Shared Services Interface
TCC Transaction Category Code
TDS Transaction Detail Service
TCP/IP Transmission Control Protocol/Internet
Protocol
TLV Tag, Length, Value
TPP Third Party Processor
TVR Terminal Verification Results
UTC Universal Time
High Level Billing Information
For specific billing information related to MDES via DSA, refer to the appropriate
Mastercard Consolidated Billing System (MCBS) Manual for the user’s country or
region.
Inquiries
Contact the Customer Operations Services team for support, 24 hours a day, 7
days a week, 365 days a year.
Table 2: Contact Details:
Phone: 1-800-999-0363
Fax: 1-636-722-7192
Email: customer_support@mastercard.com
Connectivity Issues
Service requesters experiencing connectivity issues with MDES should contact the
Operations Command Center (OCC). The OCC is available 24 hours a day, 7 days a
week, 365 days a year to troubleshoot potential connectivity issues.

Introduction
Connectivity Issues
Table 3:
Phone: 1-800-358-3060/1-636-722-6220
NOTE:
When calling the OCC team from outside
United
States, use ‘+’ before the number. That is,
+1-800-358-3060.
Email: occ@mastercard.com

About MDES
Chapter 2 About MDES

Mastercard Digital Enablement Service (MDES) is a secure, globally-scalable digitization
platform for the management, generation, and provisioning of digital payment
credentials onto mobile devices, PCs, servers, and other form factors. This provides
simpler, more secure digital payment experiences.
NFC Contactless Payments.......................................................................................................... 11

Dynamic Magnetic Stripe Data Payments................................................................................ 12
Digital Secure Remote Payment Transactions..........................................................................12
Dynamic Token Verification Code Solution................................................................................ 13
Prerequisites and Eligible Customers..........................................................................................15
Eligible Transactions........................................................................................................................15
Service Request and Response..................................................................................................... 16
Processing requirements and History Advice............................................................................ 17
CIS Message Layouts......................................................................................................................18
Authorization Request/0100....................................................................................................19
Overall.......................................................................................................................................19
Contactless (Point of Sale Entry Mode 07 and 91)........................................................23
Ecommerce - Original Transaction (Point of Sale Entry Mode 09 with DSRP
EMV Cryptogram)..................................................................................................................26
Ecommerce - Original Transaction (Point of Sale Entry Mode 81 with DSRP
UCAF Cryptogram)............................................................................................................... 28
Ecommerce - Original Transaction (Point of Sale Entry Mode 81 With Dynamic
Token Verification Code and Dynamic Expiration Date)...............................................32
Ecommerce - Recurring/Partial Shipment (Point of Sale Entry Mode 10 and
81)..............................................................................................................................................35
Dynamic Magnetic Stripe Data(Point of Sale Entry Mode 90)................................... 38
Authorization Request Response/0110..................................................................................41
Authorization Advice/0120—Acquirer-Generated............................................................... 53
Authorization Advice Response/0130.................................................................................... 55
Reversal Request/0400..............................................................................................................57
Reversal Request Response/0410........................................................................................... 58
About the Transaction History Advice Message....................................................................... 61
Transaction History Advice Message Format and Layouts....................................................62
Transaction History Advice Format—Authorization Advice/0120................................... 62
Transaction History Advice Format—Authorization Advice Response/0130.................67

About MDES
NFC Contactless Payments
MDES was developed to facilitate the financial industry transition from consumer
account credentials stored on traditional payment cards, to digital credentials
provisioned into mobile devices via Secure Element or Host Card Emulation
technologies. These digitized credentials enable the consumer’s mobile device to
perform payments through existing contactless point-of-sale (POS) systems and
through new remote payment methods, such as in-app payments or browser.
MDES also supports merchants or commerce platforms that want to tokenize their
cards on file using MDES.
MDES provides detokenization and dynamic data or cryptography validation of the
following:
• Near Field Communication (NFC) Contactless Payments
• Dynamic Magnetic Stripe Data Payments
• Digital Secure Remote Payments including In-app, Browser, and Card On File
• Dynamic Token Verification Code
NFC Contactless Payments

Tokenized mobile and other devices used at contactless terminals allow consumers
the convenience of making payments without handing over a payment card and
without swiping or inserting it in a reader.
Near Field Communication (NFC) contactless payments initiated with a tokenized
mobile or any other device facilitate:
• Face-to-face, card present payments
• Usage at terminals enabled for contactless card transactions
• Payments using either the contactless Magnetic Stripe profile or the contactless
M/Chip or EMV-enabled profile
The following graphic illustrates NFC contactless payments.
Figure 1: NFC Contactless Payment
1. Cardholders verify themselves to their mobile devices.

About MDES
Dynamic Magnetic Stripe Data Payments
2. Cardholders tap their mobile devices to the contactless terminal.

3. Cardholders are notified that their mobile devices have completed the transfer
of payment data to the terminal (the message originates by the handset
detecting it has completed a tap on a terminal).
4. Cardholders are notified of the transaction outcome and associated details via
the message coming from the Transaction Detail Service (TDS).
Dynamic Magnetic Stripe Data Payments

MDES supports the magnetic stripe point-of-sale entry modes to accommodate
devices that will be able to leverage the magnetic stripe reader of a point-of-sale
terminal to read Dynamic Magnetic Stripe Data (DMSD).
Digital Secure Remote Payment Transactions

Digital Secure Remote Payment transactions can be initiated from a mobile
browser, within a mobile app, by shopping on a PC or television (by means of a
Quick Response [QR] code), using the device’s camera, or from static media such as
posters, shop displays and magazines (with a QR code or Near Field
Communication [NFC] tag).
These transactions include typical mobile e-commerce scenarios, where the
cardholder is using either the mobile browser or a specific merchant application to
select goods and/or services for purchase. The use of a mobile application also
offers the potential for shopping experiences in which Digital Secure Remote
Payment transactions may be used in circumstances where traditionally a face-to-
face transaction at a physical point-of-sale (POS) device would have been
conducted. For example, a merchant may provide an application that allows the
consumer to use the camera on a mobile device to scan the barcodes of goods in a
brick-and-mortar store. When consumers have completed their shopping, rather
than going to a cashier to check out and pay, the consumers may pay using Digital
Secure Remote Payment transactions through their mobile applications, and leave
the store with the goods without going to a cashier to checkout.
Digital Secure Remote Payment transactions facilitate:
• Dynamic data (cryptograms) generated by a payment application in the mobile
device to secure the transaction
• EMV chip or cryptography similar to EMV chip to generate the cryptograms
• Requirement for cardholder verification
The following graphic illustrates Digital Secure Remote Payment transactions.

About MDES
Dynamic Token Verification Code Solution
The Digital Secure Remote Payment (DSRP) technology is also used to support
additional e-commerce tokenization use cases including MDES for merchants and
MDES for commerce platforms. It allows merchants to replace card numbers on
file with MDES tokens.

Mastercard is enhancing MDES processing to help simplify the acceptance of
Digital Secure Remote Payments (DSRP) Universal Cardholder Authentication
Field™ (UCAF) transaction processing.
To support DSRP UCAF transactions, merchants and acquirers must make
changes to their systems. Mastercard is mitigating these impacts by leveraging
both a Dynamic Token Verification Code and Dynamic Expiration Date, enabling
the transaction to process like a traditional e-commerce payment.
Mastercard is introducing a new authentication option using two existing fields:
1. Dynamic Token Verification Code—Merchants that support card validation code
2 (CVC 2) capabilities can supply the Dynamic Token Verification Code
(provided by Mastercard) to the acquirer for inclusion in DE 48 (Additional Data
—Private Use), subelement 92 (CVC 2).

About MDES
2. Dynamic Expiration Date—Along with the Dynamic Token Verification Code, the
merchant will provide a Dynamic Expiration Date to the acquirer for inclusion in
DE 14 (Date, Expiration).
Traditionally, service requesters expect to see a UCAF value for an original e-
commerce purchase. Now, service requesters must be aware that an original
purchase might not contain a UCAF value, but it will contain only an expiration
date and a CVC2 value.
To support this enhancement,service requesters must update their system as
follows:
• Continue to include DE14 (Date, expiration) from the merchant in service
request/0100 message for E-Commerce (DE22, subfield 1 = 81) or Credential on
File (DE22, subfield 1 = 10) transactions.
• Do not reject e-commerce transactions solely by the absence of cryptography
data in the UCAF field or ICC field, as merchants and acquirers can submit e-
commerce transactions initiated with MDES tokens without cryptography data
as part of these enhancements.
• Support DE 48, Subelement 92 (CVC2) and forward it to the issuer only when
received in the Service request response/0110 message from Mastercard.
CAUTION: If the Dynamic Token Verification Code is mistakenly forwarded in the CVC2
field to the issuer, the transaction will likely be declined by the issuer in error.
• Be prepared to receive a different token expiration date in DE48, subelement 33,
subfield 3 (Expiration Date) in the service request response/0110 message, than
the value originally sent in the service request/0100 message in DE14 (Date,
Expiration).
NOTE: When the Expiration date or/and Dynamic Token Verification Code received in the
service request/0100 message does not match the information on file (invalid), the
transactions will be rejected with:
• DE 39 (Response Code) = 30 (Format error)
• DE 44 (Additional Response Data) = 048 (Indicating the data element in error)

About MDES
Prerequisites and Eligible Customers
Prerequisites and Eligible Customers

Transactions switched through non-Mastercard networks that meet the following
prerequisites are eligible to obtain MDES services via DSA.
Entity Description
Issuer • Provide the alternative network with the applicable MDES account
ranges (these account ranges contain the tokens) as well as the
account ranges that contain the associated primary account numbers
[PANs]).
• Prepare to receive transactions from the alternative network that have
had MDES performed. These transactions will be formatted according
to the alternative network’s message specification.
• License DSRP specifications from Mastercard.
Alternative • Establish the issuer’s MDES account ranges (and associated PAN
Network account ranges, if not already supported) on the alternative network’s
system.
• Ensure that the alternative network’s system can identify that MDES
should be requested through DSA on these account ranges.
• License DSRP specifications from Mastercard.
NOTE: MDES via DSA customers (Issuers and Alternative Networks) will collectively be
called as Service Requesters in this document.
Eligible Transactions
Transactions switched through non-Mastercard networks that meet the following
criteria are eligible to obtain MDES via DSA.
Item Description
Originating Message • Financial transaction requests, acquirer-generated advices,
Types and reversals

About MDES
Service Request and Response
Item Description
Point-of-Sale (POS) • PAN auto-entry via contactless M/Chip
Entry Modes • PAN auto-entry via contactless magnetic stripe—the full
track data has been read from the data on the card and
transmitted within the authorization request in data
element (DE) 35 (Track 2 Data) or DE 45 (Track 1 Data)
without alteration or truncation.
• PAN entry via electronic commerce, including DSRP
(available when licensed from Mastercard)
• PAN via DMSD Payments
Products • Consumer credit and debit cards

• Consumer prepaid general purpose reloadable:
– Payroll Public Sector
– Reward/Incentive cards
– Healthcare
– Transit
• Small Business cards
• Commercial debit and credit cards (except Fleet cards)
PANs PANs within account ranges identified as MDES tokens
Service Request and Response

MDES via DSA provides service requesters with two primary functions for
Mastercard tokenized transactions that are not processed on the Mastercard
Network
• Provides service request and response messages, which facilitates the ability for
an service requesters to de-tokenize using the token-to-primary account
number (PAN) mapping services, validate the cryptography using the
prevalidation services, and enforce the appropriate usage of a token using token
(domain) control services.
• Supplies transaction history, which informs the consumer of transactions
conducted with a device.
An service requester can initiate service requests to the MDES to leverage multiple
token vault services as outlined below. The service response delivered to the service
requester will contain the results of the services performed:
• PAN Mapping Service translates the token as presented at the point-of-sale
(POS) to the PAN as recognized by the issuer’s systems. In some markets, when
an online PIN is used at the POS, the PIN Block Translation Service converts the
PIN block based on the token to a PIN block based on the PAN.

About MDES
Processing requirements and History Advice
• Token Controls Service enforces the appropriate usage of a token based on a

defined set of parameters. When requested, the MDES will invoke the various
token controls based on the POS environment and data elements captured
during the transaction.
• Cryptography Validation Service provides for validation of the chip, dynamic
card validation code 3 (CVC 3), magnetic stripe data, token verification code,
UCAF data, or Digital Payment Data when a service requester provides the
relevant track and chip data in the service request.
NOTE: For more details about these services, refer to the MDES guide.
Processing requirements and History Advice
When the alternative network receives a financial transaction request via DSA
that meets the transaction eligibility criteria, it must send a Service request to
MDES to process. This must occur before the issuer authorizes the transaction.
It is at the discretion of the alternative network to decide how to use the Service
result tag data (such as the results code and response codes) provided in the
Service response message when formatting transactions that are sent to the
issuer and the originating acquirer. At a minimum, the alternative network should
replace the token received from the request originator with the PAN before
sending the transaction to the issuer and also provide acquirers with the partial
PAN in addition to the token when sending back the transaction response in
accordance with the EMVCo Payment Tokenization Specification.
The alternative network can elect to retain the PAN for use in clearing and
exception item processing.
After the issuer provides its response to the alternative network, the alternative
network must submit a Service request containing a Customer Interface
Specification (CIS) Service Advice/0120 message to provide transaction history to
cardholders for transactions that are not processed through the Mastercard
Network. The Service Identifiers for MDES and the Transaction History Advice/
0120 message are different.
If the Service requester elects not to retrieve the PAN used in the original
transaction, then the Service requester can send a reversal in the payload.
Refer to Supported Message Types in Service Request/Response as well as the
Message Layouts section for additional information.

About MDES
CIS Message Layouts
CIS Message Layouts

This section describes the Customer Interface Specification (CIS) messages that a
customer network uses to request a Service and Mastercard uses as a Service
response message. Some value-added Services require specific CIS message data
to be included in the Service request message to complete Service processing.
Customers requesting value-added Services should refer to the related Service
appendix in addition to this section for details about CIS message data required to
complete Service processing. Each Service appendix also includes information
about CIS message data that can be included in response message as a result of
successfully completing Service processing. You can find an overall layout of all the
data elements and various transaction types, which is further divided into their
specific sections.
The following presence notations indicate if and how data is present in a message.
These notations appear in the message originator (Org) column of the message
layout.
• M—Mandatory. The data element is required in the message.
• C—Conditional. The data element is required in the message if the conditions
described in the accompanying text apply.
• O—Optional. The data element is not required, but can be included in the
message at the message initiator’s option.
• X—Direct Services Access Platform. The Mastercard Direct Services Access
inserts or overwrites the data element.
• ME—Mandatory Echo. The data element is required in the response message
and must contain the same value (“echoed”) from the original request or advice
message.
• CE—Conditional Echo. The data element is required in the response message if it
was present in the original request or advice message, and it must contain the
same value (“echoed”) from the original message.
NOTE: The DE values in this document reflect the values for MDES via DSA only. Other
DE values could be present when MDES is combined with other value added services
under DSA.
The different transaction types and their data elements are mentioned below:
Table 4: Transaction Types
Item Description
NFC Contactless Point of Sale Entry mode (DE22.01) is 07 or 91.

About MDES
Authorization Request/0100
Item Description
Ecommerce - Original Point of Sale Entry Mode 09
Transaction with DSRP
EMV Cryptogram
Ecommerce - Original Point of Sale Entry Mode 81 with DSRP UCAF Cryptogram
Transaction with DSRP
UCAF Cryptogram
Ecommerce - Original Point of Sale Entry Mode 81 With Dynamic Token Verification
Transaction with Code and Dynamic Expiration Date
Dynamic Token
Verification Code and
Dynamic Expiration
Date
Ecommerce - Recurring/ Point of Sale Entry Mode 10 and 81
Partial Shipment
Dynamic Magnetic Point of Sale Entry Mode 90
Stripe Data
Authorization Request/0100
The Service response reflects the Authorization Request Response/0100 message
type and contains the data elements from the service request in addition to data
elements.
Overall
Table 5: Data Elements for Authorization Request/0100
Data Element Number and Name Org Comments

- Message Type Identifier M Constant—0100 (Authorization
(MTI) Request).
- Bit Map, Primary M
2 Primary Account Number M Must contain the token account number
(PAN)
3 Processing Code M Indicates the type of transaction and
the affected cardholder account type.
4 Amount, Transaction M Transaction amount in the currency of
the acquirer's card acceptor.
7 Transmission Date and Time M Date and time in Universal Time(UTC)
that the originator initiated the
message.

About MDES
Overall

11 System Trace Audit M Transaction trace number. Contents of
Number(STAN) this data element must be unique for
each transaction initiated by a message
originator on any single UTC date.
14 Date, Expiration C If present, must contain the expiration

date of the token account number.
Mandatory when DE 22 (POS entry
mode) equals value of 81 and 10.
18 Merchant Type M Must be present on all transactions and
reflect the business product or service
provided.
22 Point-of-Service (POS) Entry M Valid values:
Mode
• Subfield 1 (POS Terminal PAN Entry
Mode) must contain one of the
following values
– 07 (PAN auto-entry via
contactless M/Chip)
– 09 (PAN entry via electronic
commerce, including remote chip)
– 10 (Credential on File)
commerce, including chip)
– 90 (PAN auto-entry via magnetic
stripe)
contactless magnetic stripe— the
full track data has been read from
the data on the card and
transmitted within the
authorization request in DE 35
[Track 2 Data] or DE 45 [Track 1
Data] without alteration or
truncation.
• Subfield 2 (POS Terminal PIN Entry
Mode) must contain value 0
(Unspecified or unknown
23 Card Sequence Number C Distinguishes among separate cards

having the same PAN by enabling
acquirers with chip-reading capability to
pass this information encoded. DE 23 is
required if DE 22, subfield 1 = 07 (PAN
auto-entry via contactless M/Chip) or 09
(PAN entry via electronic commerce,
including remote chip).

About MDES
Overall

32 Acquiring Institution M Must contain the six-digit DSA service
Identification Code requestor's identification number
(member ID/ICA number) as assigned by
Mastercard.
NOTE: This data element should not

contain the ICA that is associated with
acquirer of the transaction.
33 Forwarding Institution ID M A six-digit customer ID number assigned

Code by Mastercard of the CPS(Customer
Processing System) or INF(Intermediate
Network Facility) that identifies the
institution forwarding a Request or
Advice message to the Authorization
Platform.
For Europe region: DE 33 should carry
the Processor ICA (mandatory) for PIN
block translation services.
For outside Europe, DE 33 - Must
contain the DSA service requestor’s
identification number (ICA number) as
assigned by Mastercard.
35 Track 2 Data C DE 35 or DE 45 is required if DE 22,

subfield 1 = 90 or 91 (PAN auto-entry via
contactless magnetic stripe—the full
track data has been read from the data
on the card and transmitted within the
authorization request in DE 35 [Track 2
Data] or DE 45 [Track 1 Data] without
alteration or truncation).
42 Card Acceptor ID Code O Used as a “merchant ID” to uniquely

identify the merchant in a POS
transaction.
subfield 1 = 90 or 91.Required if the
transaction entry point captured track 1
data.

About MDES
Overall

48 Additional Data—Private Use C • DE 48, Subelement 32, Mastercard
Assigned ID
• DE 48, Subelement 42, subfield 1
(Electronic Commerce Security Level
Indicators) and DE 104, Subelement
001 (Digital Payment Data) with the
following combinations:
– DE 48, Subelement 42, subfield 1 =
210 and DE 104, Subelement 001
is not present.
The 210 value should be used when
UCAF data collection is not
supported by the merchant.
is present with a valid DSRP
cryptogram.
The 242 value should be used with
MDES for devices if known to the
requester.
is present with a valid DSRP
cryptogram.
The 246 value should be used with
MDES for merchants and MDES
for commerce platforms if known
to the requester.
247 indicating partial shipments or
recurring payment (DE48, DE 104,
Subelement 001 is not required).
The following subelements remain
valid only for legacy purposes and
these can be retired in a future
release:
is present.
containing partial shipment
verbiage, indicating partial
shipments.

About MDES
Contactless (Point of Sale Entry Mode 07 and 91)
NOTE: These subelements are

required for POS entry mode 81 and
10.
• DE 48, Subelement 43 (Universal

Cardholder Authentication Field
[UCAF]) containing the Identity
Check AAV cryptogram provided by
the merchant.
• DE 48, Subelement 92 (CVC2)
containing the CVC2 value when
received from the merchant.
52 Personal ID Number (PIN) O Optionally provided for translation of

Data the PIN block from the token to the PAN.
PIN block translation is available only in
the Europe region
53 Security-Related Control C Required when DE 52 (PIN Data) is
Information present. The customer must provide DE
53 to identify the PIN Block Format and
key used for PIN encryption.
55 Integrated Circuit Card (ICC) C DE 55 is required if DE 22, subfield 1= 07
System- Related Data (PAN auto-entry via contactless M/Chip)
or 09 (PAN entry via electronic
commerce, including remote chip).
104 Digital Payment Data (SE1) C DE 104, Subelement 001 containing the
Digital Payment Cryptogram provided
by the merchant
104 Digital Payment Data (SE3) O DE 104, Subelement 003 containing the
Remote Commerce Acceptor Identifier
provided by the merchant
127 Private Data O Private use data that a service requester
may want to provide and have echoed
back in the service response.
Table 6: Contactless (Point of Sale Entry Mode 07 and 91)

- Message Type Identifier M Constant—0100 (Authorization Request)
(MTI)

About MDES

2 Primary Account Number M Must contain the token account number.
(PAN)
3 Processing Code M Indicates the type of transaction and the
affected cardholder account type.
4 Amount, Transaction M Transaction amount in the currency of the
acquirer's card acceptor.
7 Transmission Date and M Date and time in Universal Time(UTC)
Time that the originator initiated the message.
originator on any single UTC date
provided.
22 Point-of-Service (POS) M Valid values:
Entry Mode • Subfield 1 (POS Terminal PAN Entry
following values:
– 07 (PAN auto-entry via contactless
M/Chip)
– 91 (PAN auto-entry via contactless
magnetic stripe—the full track data
has been read from the data on the
card and transmitted within the
authorization request in DE 35
[Track 2 Data] or DE 45 [Track 1
Data] without alteration or
truncation.
(Unspecified or unknown)
NOTE: M for 07 or 91

About MDES

32 Acquiring Institution M Must contain the six-digit DSA service
Mastercard.


Code by Mastercard of the CPS (Customer
Processing System) or INF( Intermediate
Advice Message to the Authorization
Platform.
For Europe region: DE 33 should carry the
Processor ICA (mandatory) for PIN block
translation services.
For outside Europe, DE 33 - Must contain
the DSA service requestor’s identification
number (ICA number) as assigned by
Mastercard.
35 Track 2 Data M DE 35 or DE 45 is required if DE 22,

subfield 1 = 90 or 91 (PAN auto-entry via
contactless magnetic stripe—the full track
data has been read from the data on the
card and transmitted within the
authorization request in DE 35 [Track 2
Data] or DE 45 [Track 1 Data] without
alteration or truncation).

transaction.

About MDES
Ecommerce - Original Transaction (Point of Sale Entry Mode 09 with DSRP EMV Cryptogram)

transaction entry point captured track 1
data.
52 Personal ID Number (PIN) O Optionally provided for translation of the

Data PIN block from the token to the PAN. PIN
block translation is available only in the
Europe region
Information present. The customer must provide DE
53 to identify the PIN Block Format and
key used for PIN encryption.
55 Integrated Circuit Card C DE 55 is required if DE 22, subfield 1= 07
(ICC) System- Related (PAN auto-entry via contactless M/Chip)
Data or 09 (PAN entry via electronic commerce,
Ecommerce - Original Transaction (Point of Sale Entry Mode 09 with DSRP EMV
Cryptogram)
Table 7: Ecommerce - Original Transaction (Point of Sale Entry Mode 09 with DSRP
EMV Cryptogram)

- Message Type Identifier M Constant—0100 (Authorization Request)
(MTI
2 Primary Account Number M Must contain the token account number.
(PAN)
3 Processing Code M Indicates the type of transaction and the
affected cardholder account type.
the acquirer's card acceptor.
7 Transmission Date and M Date and time in Universal Time(UTC)
Time that the originator initiated the
message.

About MDES
Ecommerce - Original Transaction (Point of Sale Entry Mode 09 with DSRP EMV Cryptogram)

originator on any single UTC date
provided.
Entry Mode • Subfield 1 (POS Terminal PAN Entry
following values:
commerce, including remote chip)
(Unspecified or unknown)
NOTE: M, for 09.
23 Card Sequence Number M Distinguishes among separate cards

32 Acquiring Institution M Must contain the six-digit service
Mastercard.


About MDES
Ecommerce - Original Transaction (Point of Sale Entry Mode 81 with DSRP UCAF Cryptogram)

Code by Mastercard of the CPS (Customer
Platform.
assigned by Mastercard..

transaction.
48 Additional Data—Private C DE 48, Subelement 43 (Universal
Use Cardholder Authentication Field [UCAF])
containing the Identity Check AAV
cryptogram provided by the merchant.
DE 48, Subelement 92 (CVC2)
55 Integrated Circuit Card M DE 55 is required if DE 22, subfield 1= 07

(ICC) System- Related (PAN auto-entry via contactless M/Chip)
Data or 09 (PAN entry via electronic
commerce, including remote chip).
Ecommerce - Original Transaction (Point of Sale Entry Mode 81 with DSRP UCAF
Cryptogram)
Table 8: Ecommerce - Original Transaction (Point of Sale Entry Mode 81 with DSRP
UCAF Cryptogram)

(MTI) Request)

About MDES

2 Primary Account Number M Must contain the token account
(PAN) number.
3 Processing Code M Indicates the type of
transaction and the affected
cardholder account type.
4 Amount, Transaction M Transaction amount in the
currency of the acquirer's card
acceptor
7 Transmission Date and M Date and time in Universal
Time Time(UTC) that the originator
initiated the message.
11 System Trace Audit M Transaction trace number.
Number(STAN) Contents of this data element
must be unique for each
transaction initiated by a
message originator on any
single UTC date
14 Date, Expiration M If present, must contain the
expiration date of the token
account number. Mandatory
when DE 22 (POS entry mode)
equals value of 81 and 10.
18 Merchant Type M Must be present on all
transactions and reflect the
business product or service
provided.
Entry Mode • Subfield 1 (POS Terminal
PAN Entry Mode) must
contain one of the following
values:
– 81 (PAN entry via
electronic commerce,
including chip)
• Subfield 2 (POS Terminal PIN
Entry Mode) must contain
value 0 (Unspecified or
unknown)
NOTE: M, for 81.

About MDES

23 Card Sequence Number C Distinguishes among separate
cards having the same PAN by
enabling acquirers with chip-
reading capability to pass this
information encoded. DE 23 is
required if DE 22, subfield 1 = 07
(PAN auto-entry via contactless
M/Chip) or 09 (PAN entry via
electronic commerce, including
remote chip).
32 Acquiring Institution M Must contain the six-digit DSA
Identification Code service requestor's
identification number (member
ID/ICA number) as assigned by
Mastercard.
NOTE: This data element should

not contain the ICA that is
associated with acquirer of the
transaction
33 Forwarding Institution ID M A six-digit customer ID number

Code assigned by Mastercard of the
CPS (Customer Processing
System) or INF( Intermediate
Network Facility) that identifies
the institution forwarding a
Request or Advice Message to
the Authorization Platform.
For Europe region: DE 33 should
carry the Processor ICA
(mandatory) for PIN block
For outside Europe, DE 33 -
Must contain the DSA service
requestor’s identification
number (ICA number) as
42 Card Acceptor ID Code O Used as a “merchant ID” to

uniquely identify the merchant
in a POS transaction.

About MDES

48 Additional Data—Private C • DE 48, Subelement 42,
Use subfield 1 (Electronic
Commerce Security Level
Indicators) and DE 104,
Subelement 001 (Digital
Payment Data) with the
– DE 48, Subelement 42,
subfield 1 = 242 and DE
104, Subelement 001 is
present with a valid DSRP
cryptogram.
The 242 value should be
used with MDES for
devices if known to the
requester.
present with a valid DSRP
cryptogram.
The 246 value should be
used with MDES for
merchants and MDES for
commerce platforms if
known to the requester.
The following subelements
remain valid only for
legacy purposes and these
can be retired in a future
release:
present.
104, Subelement 001
containing partial
shipment verbiage,
indicating partial
shipments.

required for POS entry mode
81 and 10.

About MDES
Ecommerce - Original Transaction (Point of Sale Entry Mode 81 With Dynamic Token
Verification Code and Dynamic Expiration Date)

• DE 48, Subelement 43
(Universal Cardholder
Authentication Field [UCAF])
containing the Identity Check
AAV cryptogram provided by
the merchant.
• DE 48, Subelement 92
(CVC2) containing the CVC2
value when received from the
merchant.
104 Digital Payment Data C DE 104, Subelement 001

(SE1) containing the Digital Payment
Cryptogram provided by the
merchant.
104 Digital Payment Data O DE 104, Subelement 003
(SE3) containing the Remote
Commerce Acceptor Identifier
provided by the merchant
127 Private Data O Private use data that a service
requester may want to provide
and have echoed back in the
service response.
Ecommerce - Original Transaction (Point of Sale Entry Mode 81 With Dynamic

Token Verification Code and Dynamic Expiration Date)
Table 9: Ecommerce - Original Transaction (Point of Sale Entry Mode 81 With Token

- Message Type Identifier (MTI M Constant—0100 (Authorization
Request).
(PAN) number
3 Processing Code M Indicates the type of transaction
and the affected cardholder
account type.
4 Amount, Transaction M Transaction amount in the currency
of the acquirer's card acceptor.

About MDES

7 Transmission Date and Time M Date and time in Universal
Time(UTC) that the originator
11 System Trace Audit M Transaction trace number. Contents
Number(STAN) of this data element must be unique
for each transaction initiated by a
message originator on any single
UTC date.
14 Date, Expiration M It must contain the dynamic

expiration date received from the
merchant.
18 Merchant Type M Must be present on all transactions
and reflect the business product or
service provided.
Mode • Subfield 1 (POS Terminal PAN
Entry Mode) must contain one of
the following values:
Entry Mode) must contain value
0 (Unspecified or unknown)
NOTE: M, for 81.

acquirers with chip-reading
capability to pass this information
encoded. DE 23 is required if DE 22,
subfield 1 = 07 (PAN auto-entry via
contactless M/Chip) or 09 (PAN
entry via electronic commerce,
Identification Code service requestor's identification
number (member ID/ICA number)
as assigned by Mastercard.

contain the ICA that is associated
with acquirer of the transaction

About MDES

Code assigned by Mastercard of the CPS
(Customer Processing System) or
INF( Intermediate Network Facility)
that identifies the institution
forwarding a Request or Advice
Message to the Authorization
Platform.
identification number (ICA number)

transaction.

About MDES
Ecommerce - Recurring/Partial Shipment (Point of Sale Entry Mode 10 and 81)

48 Additional Data—Private Use C • DE 48, Subelement 42, subfield 1
(Electronic Commerce Security
Level Indicators) and DE 104,
subfield 1 = 210 and DE 104,
Subelement 001 is not
present.
The 210 value should be used
when UCAF data collection is
not supported by the
merchant.

required for POS entry mode 81
and 10.

Check AAV cryptogram provided
by the merchant.
containing the Dynamic Token
Verification Code when received
from the merchant.

requester may want to provide and
have echoed back in the service
response.
Table 10: Ecommerce - Recurring/Partial (Point of Sale Entry Mode 10 and 81)

- Message Type Identifier (MTI M Constant—0100 (Authorization
Request).
(PAN) numbe.r

About MDES

account type.
UTC date
14 Date, Expiration M Must contain the expiration date of
the token account number when DE
61 SF4 = 4. If present, must contain
the expiration date of the token
account number.
Mandatory when DE 22 (POS entry
mode) equals value of 81 & 10.

service provided.
– 10 (Credential on File)
NOTE: M, for 10 or 81.

About MDES



Platform.

transaction.

About MDES
Dynamic Magnetic Stripe Data(Point of Sale Entry Mode 90)

48 Additional Data—Private Use C • DE 48, Subelement 42, subfield 1
subfield 1 = 247 indicating
partial shipments or recurring
payment ( DE 104,
Subelement 001 is not
required).

and 10.

104 Digital Payment Data (SE1) C DE 104, Subelement 001 containing

the Digital Payment Cryptogram
provided by the merchant.
104 Digital Payment Data (SE3) O DE 104, Subelement 003 containing
the Remote Commerce Acceptor
Identifier provided by the merchant
response.
Table 11: Dynamic Magnetic Stripe Data(Point of Sale Entry Mode 90)
Data Element Number and Name Org Comments-

(MTI) Request)
(PAN) number.

About MDES

account type.
UTC date.
14 Date, Expiration C If present, must contain the
expiration date of the token account
number. Mandatory when DE 22
(POS entry mode) equals value of
81 and 10.
service provided.
magnetic stripe)
NOTE: M, for 90.


About MDES



Platform.
35 Track 2 Data C Required if the transaction entry

point captured Track 2 data.
For chip transactions, DE 35 carries
data read from the chip as EMV tag
57 (Track 2 Equivalent Data)

transaction.
transaction entry point captured
track 1 data.
52 Personal ID Number (PIN) O Optionally provided for translation

Data of the PIN block from the token to
the PAN. PIN block translation is
available only in the Europe region. .

About MDES
Authorization Request Response/0110

Information present. The customer must provide
DE 53 to identify the PIN Block
Format and key used for PIN
encryption.
response.

The Service response reflects the Authorization Request Response/0110 message
type and contains the data elements from the service request in addition to the
following data elements
Table 12: Data Elements for Authorization Request Response/0110

- Message Type Identifier (MTI) M Constant—0110 (Authorization
Request Response).
2 Primary Account Number M Replaced by the PAN.
(PAN)
3 Processing Code ME Must be the same value as in the
original Authorization Request/0100
4 Amount, Transaction ME Must be the same value as in the
original Authorization Request/0100
except when DE 39 contains value
10 (Partial approval) or value 87
(Purchase Amount Only—NoCash
Back Allowed).
7 Transmission Date and Time ME Must be the same value as in the

original Authorization Request/
0100.
11 Systems Trace Audit Number ME Must be the same value as in the
(STAN) original Authorization Request/
0100.
14 Date, Expiration CE PAN Expiration date

About MDES

18 Merchant Type ME Must be the same value as in the
0100.
22 Point-of-Service (POS) Entry ME Contains the value provided in the
Mode Authorization Service Request of
Credential On File value of 10, PAN
auto-entry contactless M/Chip value
of 07, PAN auto-entry contactless
magnetic stripe value of 91, PAN
auto-entry via magnetic stripe value
of 90, PAN entry via electronic
commerce, including remote chip
value of 09, or PAN entry via
Electronic Commerce value of 81.
23 Card Sequence Number X Distinguishes among separate cards
having the same Primary Account
Number [PAN]
35 Track 2 Data CE Is the same value as in the original
Authorization Request/0100, if
present.
Validation will be done by
Mastercard on behalf of the issuer.
No action need to be done by the
issuer on this field.
39 Response Code M Values:

• 85 (Not declined, valid for all zero
amount transactions)
• 05 (Do not honor)
• 14 (Invalid Card Number)
• 30 (Format error)
• 62 (Restricted Card)
• 96 (System Error)
42 Card Acceptor ID Code CE Echoed back if present on the

Authorization Request/0100 Service
Request
44 Additional Response Data C When DE 39 = 30, this field will
reflect the field that contained the
format error.

About MDES

45 Track 1 Data CE Is the same value as in the original
Authorization Request/0100, if
present.

About MDES

48 Additional Data—Private Use M • Transaction Category Code
(TCC) field will contain the value
provided by Mastercard if it is
able to derive the TCC or a space
if it is not able to derive the TCC.
NOTE: The subelements for DE 48

will vary based on the service
results.
In addition, one or more of the

following subelements may be
present:
• DE 48, Subelement 26 (Wallet
Program Data) indicates the
Wallet Provider for transactions
initiated through MDES.

and 10.
– Subfield 1 (Wallet Identifier)

provides information about
transactions initiated through
MDES.
• DE 48, Subelement 30 (Token
Transaction Identifier) will
contain, when available, the
calculated Transaction Identifier
or other data to identify the
transaction. Transaction
Identifier is to be retained and
used to provide the transaction
history associated with an
original purchase and subsequent
reversal messages.
• DE 48, Subelement 33 (PAN
Mapping File Information)—
Present when successful mapping
takes place:
– Subfield 1 (Account Number
Indicator) = C (Mastercard
Digital Enablement Service
Secure Element Token), H
(Mastercard Digital

About MDES

Enablement Service Cloud-
Based Payments Token) or F
(Account Number Indicator)
– Subfield 2 (Account Number) =
Token
– Subfield 3 (Expiration Date) =
Token exp date
– Subfield 5 (Token Assurance
Level)
– Subfield 6 (Token Requestor
ID)
NOTE: The subfields 5 and 6 are

conditionally present when
available for the token.
• DE 48, Subelement 34 (Dynamic
CVC 3 ATC Information):
– Subfield 1 (ATC Value)
– Subfield 2 (ATC Discrepancy
Value)
– Subfield 3 (ATC Discrepancy
Indicator)
• DE 48, Subelement 42, subfield 1
Subelement 001 (Digital Payment
Data) with the following
combinations:
– Subelement 42, subfield 1 =
210 and DE 104, Subelement
001 is not present.
The 210 value is used when
UCAF data collection is not
supported by the merchant.
242 or 246 and DE 104,
Subelement 001 is present
with a valid DSRP cryptogram.
247 indicating partial
shipments or recurring
payment (DE 104, Subelement
001 is not required)

About MDES

Mastercard will provide the
correct SLI value in the
response message. This can
result in the requestor
receiving a different value than
the one presented in the
service request is not
required).
Check AAV cryptogram provided
by the merchant
Is the same value as in the
0100.
• DE 48, Subelement 49—When
validating a Dynamic Magnetic
Stripe Data token transaction,
the following subfields will be
present
– Subfield 1 = Time Value
contains the time data derived
from the acquirer transaction
to be used in the time
validation
– Subfield 2 = Time Discrepancy
Value contains a positive value
representing the differential in
minutes between the
transaction time data and
service calculated time
– Subfield 3 = Time Discrepancy
Indicator contains a value that
indicates if the time
discrepancy value is below,
above, or within the minimum
and maximum values for the
time validation window or that
indicates time validation was
not performed. Valid values:
– 01 (Positive value within time
validation window)
– 02 (Positive value outside time
validation window)

About MDES

– 03 (Negative value within time
validation window)
– 04 (Negative value outside
time validation window)
– 05 Unknown (time validation
not performed)
• DE 48, Subelement 71 (On-behalf
Services)
Subfield 1 (On-behalf [OB]
Service) indicates the service
performed:
– 50 (Mastercard Digital
Enablement Service PAN
Mapping)
Enablement Service Secure
Element Chip Pre- Validation
or Mastercard Digital
EnablementService Cloud-
Based Payments Chip Pre-
Validation)
Enablement Service Secure
Element Dynamic CVC 3 Pre-
Validation)
– 54(Mastercard Digital
Enablement Service PAN
Mapping)
– 55 (Merchant Validation
Service)
– Subfield 2 (On-behalf [OB]
Result 1) indicates the results
of the service processing.
When successful:
– When subfield 1 = 54,
subfield 2 can be:
– Value A = the transaction
amount in DE 4 is less than or
equal to the
estimated amount in the
cryptogram

About MDES

– Value B = the transaction
amount in DE 4 is greater than
0% to 19.99% that is the
estimated amount in the
cryptogram
– Value C = the transaction
amount in DE 4 is greater than
the estimated amount in the
cryptogram by 20% or more
– Value M = The submitted
merchant data is a match to
Mastercard’smerchant data
– Value N = The submitted
merchant data is not a match
to Mastercard’s merchant
data
– -Subfield 3 (On-behalf [OB]
When successful:
subfield 3 can be:
– Value M = Merchant
Dynamic Linking
– Value N = No Merchant
Dynamic Linking.
NOTE:
In addition to the new OBS 54
results, alternative networks
will continue to receive service
results related to MDES PAN
Mapping and cryptography
validation.
Based Payments Chip Pre-
Validation)
Based Payments Magnetic
Stripe Pre-Validation)

About MDES

• Subfield 2 (On-behalf [OB] Result
1) indicates the results of the
service processing. When
successful:
– When subfield 1 = 50, subfield
2=C
– When subfield 1 = 51, 52, 61,
or 62, subfield 2 = V
When unsuccessful:
DE 48, subelement 71, subfield 1,
value 51 and subfield 2 containing
one of the following values:
– A (ATC outside allowed range
[applicable when ATC value is
dynamic [varying] value]).
– E (CVC 3 ATC Replay)
– F (Format error)
– G (Application cryptogram is
valid but not an ARQC, status
of TVR/CVR unknown.)
– I (Invalid)
– T (Valid ARQC, TVR/CVR
invalid)
– U (Unable to process)
• DE 48, Subelement 72 (Issuer
Chip Authentication) carries data
used during cryptogram
processing. This is a Mastercard
generated value.
• DE 48, Subelement 74 (Additional
Processing Information) provides
additional information about
chip. For chip pre-validation,
acquirers will receive subfield 1
(Processing Indicator), value 02
(Mastercard On-behalf Service—
M/Chip Cryptogram Pre-
validation) and subfield 2
(Processing Information)
containing one of the following
values:
– A (ATC outside allowed range
[applicable when ATC value is
dynamic [varying] value])

About MDES

– E (CVC 3 ATC Replay)
– F (Format error in DE 55)
– G (Application Cryptogram is
valid but is not an ARQC)
– I (Application Cryptogram
Invalid)
– T (Application Cryptogram is
valid but TVR/CVR was
invalid)
– U (Application Cryptogram
could not be validated due to
technical error)
• DE 48, Subelement 79 (Chip
CVR/TVR Bit Error Results)
provides the Terminal Verification
Results (TVR) and Card
Verification Results (CVR)
bitmask define expected results.
• DE 48, Subelement 87 (Card
Validation Code Result) values.
For dynamic CVC 3 prevalidation,
acquirers will receive one of the
following:
– E = Length of unpredictable
number was not a valid length
– M = Valid CVC 2 (match)
– P = Unable to process
– Y = Invalid
containing the CVC value must
be forward to the issuer when
received.
52 Personal ID Number (PIN) C Contains the PIN block of the PAN if

Data available.
55 Integrated Circuit Card (ICC) C Is the same value as in the original
System-Related Data Authorization Request/0100, if
present.

About MDES

56 Payment Account Data C Contains unique, non-finanacial
reference information associated
with the PAN or token used to
initiate the transactions.
• Subelement 01 (Payment
Account Data) conatins the
applicable subfields to carry the
unique Payment Account Data
associated with the PAN or token
used to initiate the transaction.
– Subfield 01 (Payment Account
Reference [PAR] contains the
assigned PAR value. A PAR is a
unique value associated with a
single PAN and attributed to
all tokens associated with that
PAN. A PAR can be used to link
transactions containing PAN's
or tokens associated with the
same underlying payment
account.

About MDES

60 Advice Reason Code M Only present if Mastercard Digital
Enablement Service Secure Element
Chip Pre-Validation, Secure Element
Dynamic CVC 3 Pre-Validation,
Mastercard Digital Enablement
Service Cloud- Based Payments
Chip Pre-Validation Service, or
Mastercard Digital Enablement
Service Cloud- Based Payments
Magnetic Stripe Pre-Validation
Service was not successful.
DE 60, subfield 1, value 141 and
subfield 2 containing one of the
following existing values:
• 0009 (Reject: Invalid time
validation)
• 0032 (Reject: Chip technical
failure)
• 0034 (Reject: Chip validation
failed)
• 0035 (Reject: TVR/CVR validation
failed)
• 0039 (Reject: Cryptogram not
ARQC)
• 0042 (Reject: CVC 3 Unable to
process)
• 0043 (Reject: CVC 3 ATC outside
range)
• 0044 (Reject: CVC 3 Invalid)
• 0045 (Reject: CVC 3
Unpredictable number mismatch)
• 0046 (Reject: CVC 3 ATC Replay)
• 0204 (Reject: ATC Invalid — Not in
List of Currently Active Single
Use Keys)
• 0205 (Reject: ATC Replay)
• 0206 (Reject: Invalid MD AC and
UMD AC [Invalid Mobile PIN])
• 0207 (Reject: Valid MD AC; Invalid
UMD AC [Mobile PIN Try Counter
Max Limit])
• 0208 (Reject: Invalid MD AC; Valid
UMD AC)

About MDES
Authorization Advice/0120—Acquirer-Generated
• 0209 (Reject: Valid MD AC; Invalid

UMD AC [Mobile PIN Try Counter
Max Limit])
• 0210 (Reject: Unpredictable
Number Length Indicator
Mismatch)
• 0211 (Reject: TVR/CVR validation
failed)
• 0212 (Reject: Unable to Process)
63 Network Data M Values:

• Subfield 1 will contain spaces.
• Subfield 2 will contain the
Banknet Reference Number
assigned by Mastercard for the
transaction.
104 Digital Payment Data (SE 2 ) C DE 104, Subelement 002 containing

the Estimated Amount provided by
the merchant. This is the estimated
amount in the Digital Payment
cryptogram in the Authorization
Request/0100 Service Request.
104 Digital Payment Data (SE 3) CE Echoed back if present on the

Authorization Request/0100 Service
Request.
127 Private Data C Echoed back if present on the 0100
service request.
The Authorization Advice/0120—Acquirer-generated message advises of an
authorization that was carried out on the issuer’s behalf. It is not intended to
permit the application of this transaction to the cardholder’s account for issuing a
bill or statement; for example, this is a non-posting advice message.
Table 13: Overall Data Elements for Authorization Advice/0120
Data Element ID and Name Org Comments

- Message Type Identifier (MTI) M Constant—0120 (Authorization Advice
Response).

About MDES

2 Primary Account Number (PAN) M Must be the token account number from
the original Authorization Request/0100
message.
the acquirer's card acceptor
message.
32 Acquiring Institution M A six-digit customer ID number assigned

Identification Code by Mastercard that identifies the
institution acting as the "acquiring bank"
or "merchant bank" for a transaction.
33 Forwarding Institution ID Code M A six-digit customer ID number assigned
by Mastercard of the CPS (Customer
Platform.
Must contain the service requestor's
identification number (member ID/ICA
number) as assigned by Mastercard.
39 Response Code M Refer to the Authorization Advice/0120

Response Codes in the Customer
Interface Specification
60 Advice Reason Code M 190 = Acquirer Process System (APS)

Approved
OR
191 = Acquirer Processing System (APS)
Completed Authorization Transaction
For an Acquirer-Generated Authorization
Advice/0120 which comes in with a token
account number in DE 2 and with 190 or
191 in DE 60, Mastercard will apply the
PAN mapping service along with
returning the PAR.

About MDES
Authorization Advice Response/0130

The service response reflects the Authorization Advice Response/0130 message
type and contains the data elements from the service request in addition to the
data elements below.
Data Element ID and Org Comments

Name
- Message Type M Constant—0130 (Authorization Advice Response).
Identifier (MTI)
2 Primary Account M Will contain the primary account number.
Number (PAN)
4 Amount, Transaction CE Must be the same value as in the original
Authorization Advice Request/0120.
7 Transmission Date ME Must be the same value as in the original

and Time
Authorization Advice Request/0120.
11 Systems Trace Audit ME Must be the same value as in the original

Number(STAN) Authorization Advice Request/0120.

• 85 (Not declined, valid for all zero amount
transactions)

About MDES

Name
48 Additional Data— M TCC field will contain the value provided by
Private Use Mastercard if it is able to derive the TCC, or a space if
it is not able to derive the TCC.
In addition, one or more of the following subelements
can be present:
• Subelement 33 (PAN Mapping File Information)
– Subfield 1 (Account Number Indicator) = C
(MDES Token)
– Subfield 2 (Account Number) = Token
– Subfield 3 (Expiration Date) = Token expiration
date
– Subfield 5 (Token Assurance Level)
– Subfield 6 (Token Requestor ID)
NOTE: Subfields 5 and 6 are conditionally

present when available for the token.
• Subelement 71 (On-behalf Services)
– Subfield 1 (On-behalf [OB] Service) indicates the
service performed:
– 50 (MDES PAN Mapping)
– Subfield 2 (On-behalf [OB] Result 1) indicates
the results of the service processing. When
successful:
– When subfield 1 = 50, subfield 2 = C, subfield
3 = a space or value (Mastercard use only)
Mapping Failure:
• DE 48, subelement 71, subfield 1, value 50, subfield
2 containing one of the following existing values,
and subfield 3 = a space or value (Mastercard use
only):
– I (Invalid Token to Primary Account Number
Mapping Relationship)
– U (Unable to Process)

About MDES
Reversal Request/0400

Name
56 Payment Account C Contains unique, non-finanacial reference information
Data associated with the PAN or token used to initiate the
transactions.
• Subelement 01 (Payment Account Data) conatins
the applicable subfields to carry the unique
Payment Account Data associated with the PAN or
token used to initiate the transaction.
– Subfield 01 (Payment Account Reference [PAR]
contains the assigned PAR value. A PAR is a
unique value associated with a single PAN and
attributed to all tokens associated with that
PAN. A PAR can be used to link transactions
containing PAN's or tokens associated with the
same underlying payment account.
63 Network Data M • Subfield 1 will contain spaces.

• Subfield 2 will contain the Banknet Reference
Number assigned by Mastercard for the
transaction.
Reversal Request/0400
The Reversal Request/0400 message reverses fully or partially an earlier
authorization request.
Table 14: Reversal Request/0400

- Message Type Identifier (MTI) M Constant—0400 (Reversal Request).
2 Primary Account Number (PAN) M Must be the token account number
from the original Authorization
Request/0100 message

the acquirer's card acceptor
message.

About MDES
Reversal Request Response/0410

32 Acquiring Institution M Must contain the six-digit service

(member ID/ICA number) as assigned
by Mastercard.

33 Forwarding Institution ID Code M A six-digit customer ID number

assigned by Mastercard of the CPS
Message to the Authorization Platform.
39 Response Code M Refer to the Reversal Request/0400

Message Response Codes in the
Customer Interface Specification

The Reversal Request Response/0410 message is sent in response to a Reversal
Request/0400 message and denotes the disposition of the Reversal Request/0400
message.
Table 15: Reversal Request/0410

- Message Type Identifier (MTI) M Constant—0410 (Reversal Request
Response).

About MDES

2 Primary Account Number (PAN) M Will contain the primary account
number.
4 Amount, Transaction CE Must be the same value as in the
original Reversal Request/0400.
7 Transmission Date and Time ME Must be the same value as in the

original Reversal Request/0400.
11 Systems Trace Audit ME Must be the same value as in the
Number(STAN) original Reversal Request/0400.

• 85 (Not declined, valid for all zero
amount transactions)

About MDES

48 Additional Data—Private Use M • Transaction Category Code (TCC)
field will contain the value provided
by Mastercard if it is able to derive
the TCC or a space if it is not able to
derive the TCC.
In addition, one or more of the
following subelements can be
present:
• Subelement 33 (PAN Mapping File
Information)
– Subfield 1 (Account Number
Indicator) = C (MDES Token).
– Subfield 2 (Account Number) =
Token
– Subfield 3 (Expiration Date) =
Token expiration date
– Subfield 5 (Token Assurance
Level)
– Subfield 6 (Token Requestor ID)
NOTE: Subfields 5 and 6 are

conditionally present when
available for the token.

Service) indicates the service
performed:
– 50 (MDES PAN Mapping)
When successful:
subfield 2 = C, subfield 3 = a
space or value (Mastercard
use only)
– Mapping Failure:
– DE 48, subelement 71,
subfield 1, value 50, subfield
2 containing one of the
following existing values,
and subfield 3 = a space or
value (Mastercard use only):

About MDES
About the Transaction History Advice Message

– I (Invalid Token to
Primary Account Number
Mapping Relationship)
– U (Unable to Process)
56 Permanent Account Data C Contains unique, non-finanacial

reference information associated with
the PAN or token used to initiate the
transactions.
• Subelement 01 (Payment Account
Data) conatins the applicable
subfields to carry the unique
Payment Account Data associated
with the PAN or token used to
initiate the transaction.
– Subfield 01 (Payment Account
Reference [PAR] contains the
assigned PAR value. A PAR is a
unique value associated with a
single PAN and attributed to all
tokens associated with that PAN.
A PAR can be used to link
transactions containing PAN's or
tokens associated with the same
underlying payment account.
63 Network Data M • Subfield 1 will contain spaces.

• Subfield 2 will contain the Banknet
Reference Number assigned by
Mastercard for the transaction.
About the Transaction History Advice Message

MDES allows transaction details to be retrieved by the cardholder’s mobile device
in real-time when a transaction is performed using a token.
The Transaction Detail Service (TDS) manages the interactions between
Mastercard, other service providers, and the cardholder’s mobile device for the
registration, notification, and delivery of transaction details. The following tables
provide the detailed specifications for the transaction history advice message
format and layouts.

About MDES
Transaction History Advice Message Format and Layouts
Transaction History Advice Message Format and Layouts

The following tables provide the detailed specifications for the transaction history
advice message format and layouts.
Transaction History Advice Format—Authorization Advice/0120

This format enables a service requester to provide transaction detail to MDES for
use by the consumer via the wallet application on the consumer’s device. A
transaction history advice is required for all authorization and financial transaction
requests (both approvals and declines), acquirer-generated advices, and reversals.
Service Requesters must also send transaction history related to pre-authorization
completions. However, it is not recommended that transaction history associated
with the pre-authorizations be forwarded to Mastercard, as it may negatively
impact the consumer experience.
Table 16: Authorization Advice/0120

- Message Type Identifier (MTI) M Constant—0120 (Authorization Advice).
2 Primary Account Number (PAN) M Must be the token from the original
Authorization Request/0100.
3 Processing Code M 330000 (Service Request for Mastercard
Digital Enablement).
4 Amount, Transaction M Must be the amount specified by the
acquirer and authorized by the issuer.
This may be a portion of the transaction
amount originally requested for
authorization. For credit transactions,
the refund amount is to be supplied. For
reversal transactions, the DE4 value
must be “0”.
13 Date, Local Transaction M Must be the same value as provided by
the acquirer in the original Authorization
Request.
22 Point-of-Service (POS) Entry M Must be the same value as in the original
Mode Authorization Request/0100.
38 Authorization ID Response C Response ID that the authorizing

institution or agent assigned for
approved requests.

About MDES

39 Response Code M Must reflect the original Authorization
Request Response from the issuer:
• 00 = Approved or completed
successfully
• 01 = Refer to card issuer
• 03 = Invalid merchant
• 04 = Capture card
• 05 = Do not honor
• 08 = Honor with ID
• 10 = Partial Approval
• 12 = Invalid transaction
• 13 = Invalid amount
• 14 = Invalid card number
• 30 = Format error
• 41 = Lost card
• 43 = Stolen card
• 51 = Insufficient funds/over credit
limit
• 54 = Expired card
• 55 = Invalid PIN
• 57 = Trx not permitted to issuer/
cardholder
• 62 = Restricted card
• 63 = Security violation
• 70 = Contact Card Issuer
• 75 = Allowable PIN tries exceeded
• 78 = Invalid/nonexistent account
specified (general)
• 81 = Domestic Debit Transaction Not
Allowed (Regional use only)
• 85 = Not declined Valid for all zero
amount transactions
• 86 = PIN Validation not possible
• 87 = Purchase Amount Only, No Cash
Back Allowed
• 89 = Unacceptable PIN—Transaction
Declined—Retry

About MDES

43 Card Acceptor Name and M Must be the same value as in the original
Location Authorization Request:
• Subfield 1 = Merchant Name
• Subfield 2 = Space
• Subfield 3 = Merchant’s City
• Subfield 4 = Space
• Subfield 5 = Merchants State if U.S.
region or Country Code if outside the
U.S. region

About MDES

48 Additional Data—Private Use M If TCC field (first position) is provided in
the Authorization Request/0100 service
request, it must be populated with the
applicable value or with a space.
• Subelement 30 (Token Transaction
Identifier) will contain the calculated
Transaction Identifier or other data to
identify the transaction. The data
must be presented in Base 64 format.
Mastercard will provide the
Transaction Identifier on the
message, subelement 30 (Token
Transaction Identifier). For reversals,
the Transaction Identifier retained
from the original purchase must be
provided. If a Transaction Identifier is
not available and returned in the
message, the field should be space
filled.
– Subelement ID: 30
– Data Representation: ans–44
– Length field: 2
– Data Field: Contents of positions
1–44
– Subfields: N/A
– Justification: N/A
• Subelement 31 (Original Transaction
Data) must be present. Attributes:
– Subelement ID: 31
– Data Representation: n-14
– Length Field: 2
– Data Field: Contents of subfields
– Subfields: 2
• Subfield 1 = original processing code
of the transaction. Attributes:
– Subfield ID: 01
– Length Field: 2
1–2

About MDES

Valid values:
– 00 - Purchase
– 01 - Withdrawal
– 09 - Purchase with Cash Back
– 17 - Cash Disbursement
– 20 - Purchase Return/Refund
– 21 - Deposit
– 28 - Payment Transaction
– 40 - Account Transfer
• Subfield 2 = original message type
identifier (MTI) message type of the
transaction. Attributes:
– Subfield ID: 02
– Length Field: 2
1–4
Valid values:
– 0110 (Authorization Request
Response/0110)
– 0210 (Financial Transaction
Request Response/0210)
– 0120 (Authorization Advice/0120)
– 0220 (Financial Transaction
Advice/0220—for example, AFD
Pre-auth Completion)
– 0400 (Reversal Request/0400)
– 0420 (Reversal Advice/0420)
• Subelement 32 (Mastercard Assigned
ID)
must be present with the values
received in the service response to the
original service request.
49 Currency Code, Transaction M Must reflect the currency expressed in

the original Transaction Amount (DE 4)
in the Authorization Request service
request. All currency codes must be
selected from the numeric ISO standard
currency codes.
60 Advice Reason Code 201 = Transaction History Advice

About MDES
Transaction History Advice Format—Authorization Advice Response/0130

63 Network Data M Must be the same value received in the
service response message related to the
original request.
Transaction History Advice Format—Authorization Advice Response/0130

The format acknowledges the processing of the advice message received by MDES

- M Constant-0130(Authorization Advice
Response)
- M
• 00 = Completed successfully
• 30 = Format error
• 96 = System error
63 Network Data M Value from DE 63 (Network Data) in the

associated history advice:
• Subfield 1 = contains spaces
• Subfield 2 = contains the Banknet
Reference Number assigned by
Mastercard for the transaction.

Notices
Notices
Following are policies pertaining to proprietary rights, trademarks, translations,
and details about the availability of additional information online.
Proprietary Rights
The information contained in this document is proprietary and confidential to
Mastercard International Incorporated, one or more of its affiliated entities
(collectively “Mastercard”), or both.
This material may not be duplicated, published, or disclosed, in whole or in part,
without the prior written permission of Mastercard.
Trademarks
Trademark notices and symbols used in this document reflect the registration
status of Mastercard trademarks in the United States. Please consult with the
Global Customer Service team or the Mastercard Law Department for the
registration status of particular product, program, or service names outside the
United States.
All third-party product and service names are trademarks or registered
trademarks of their respective owners.
Disclaimer
Mastercard makes no representations or warranties of any kind, express or implied,
with respect to the contents of this document. Without limitation, Mastercard
specifically disclaims all representations and warranties with respect to this
document and any Intellectual Property Rights subsisting therein or any part
thereof, including but not limited to any and all implied warranties of title, non-
infringement, or suitability for any purpose (whether or not Mastercard has been
advised, has reason to know, or is otherwise in fact aware of any information) or
achievement of any particular result. Without limitation, Mastercard specifically
disclaims all representations and warranties that any practice or implementation
of this document will not infringe any third party patents, copyrights, trade secrets
or other rights.
Translation
A translation of any Mastercard manual, bulletin, release, or other Mastercard
document into a language other than English is intended solely as a convenience to
Mastercard customers. Mastercard provides any translated document to its
customers “AS IS” and makes no representations or warranties of any kind with
respect to the translated document, including, but not limited to, its accuracy or
reliability. In no event shall Mastercard be liable for any damages resulting from

Notices
reliance on any translated document. The English version of any Mastercard

document will take precedence over any translated version in any legal proceeding.
Information Available Online

Mastercard provides details about the standards used for this document—including
times expressed, language use, and contact information—on the Publications
Support page available on Mastercard Connect. Go to Publications Support for
centralized information.


MDES Via Direct Service Access - International Guide 21.Q1

Uploaded by

Copyright:

Available Formats

MDES Via Direct Service Access - International Guide 21.Q1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MDES Via Direct Service Access - International Guide 21.Q1

Uploaded by

Copyright:

Available Formats

MDES via DSA

Chapter 2: About MDES....................................................................................... 10

©2021 Mastercard. Proprietary. All rights reserved.

Transaction History Advice Format—Authorization Advice Response/0130... 67

©2021 Mastercard. Proprietary. All rights reserved.

Purpose of this document:............................................................................................................... 5

©2021 Mastercard. Proprietary. All rights reserved.

Purpose of this document:

About the Mastercard Direct Services Access

Due to regional and global differences, as well as the number of transaction

Opportunity and Solution

©2021 Mastercard. Proprietary. All rights reserved.

©2021 Mastercard. Proprietary. All rights reserved.

Table 1: Key Acronyms or Terms

Acronym or Term Description

CIS Customer Interface Specification

DSA Direct Services Access

EMV Europay, Mastercard, and Visa

ICA Interbank Card Association

INF Intermediate Network Facility

MCC Card Acceptor Business Code (Merchant

©2021 Mastercard. Proprietary. All rights reserved.

Acronym or Term Description

High Level Billing Information

Table 2: Contact Details:

©2021 Mastercard. Proprietary. All rights reserved.

©2021 Mastercard. Proprietary. All rights reserved.

Chapter 2 About MDES

NFC Contactless Payments.......................................................................................................... 11

©2021 Mastercard. Proprietary. All rights reserved.

NFC Contactless Payments

1. Cardholders verify themselves to their mobile devices.

©2021 Mastercard. Proprietary. All rights reserved.

2. Cardholders tap their mobile devices to the contactless terminal.

Dynamic Magnetic Stripe Data Payments

Digital Secure Remote Payment Transactions

©2021 Mastercard. Proprietary. All rights reserved.

Dynamic Token Verification Code Solution

©2021 Mastercard. Proprietary. All rights reserved.

©2021 Mastercard. Proprietary. All rights reserved.

Prerequisites and Eligible Customers

©2021 Mastercard. Proprietary. All rights reserved.

Products • Consumer credit and debit cards

PANs PANs within account ranges identified as MDES tokens

Service Request and Response

©2021 Mastercard. Proprietary. All rights reserved.

• Token Controls Service enforces the appropriate usage of a token based on a

Processing requirements and History Advice

©2021 Mastercard. Proprietary. All rights reserved.

CIS Message Layouts

Table 4: Transaction Types

©2021 Mastercard. Proprietary. All rights reserved.

Table 5: Data Elements for Authorization Request/0100

Data Element Number and Name Org Comments

©2021 Mastercard. Proprietary. All rights reserved.

Data Element Number and Name Org Comments

14 Date, Expiration C If present, must contain the expiration

23 Card Sequence Number C Distinguishes among separate cards

©2021 Mastercard. Proprietary. All rights reserved.