MDES Via Direct Service Access - International Guide 21.Q1
MDES Via Direct Service Access - International Guide 21.Q1
MDES Via Direct Service Access - International Guide 21.Q1
User Guide
3 March 2021
Contents
Contents
Chapter 1: Introduction.......................................................................................... 4
Purpose of this document:..................................................................................................5
Audience..................................................................................................................................5
About the Mastercard Direct Services Access............................................................... 5
Acronyms................................................................................................................................6
High Level Billing Information............................................................................................8
Inquiries...................................................................................................................................8
Connectivity Issues...............................................................................................................8
Notices............................................................................................................................68
Chapter 1 Introduction
NOTE: The MDES via DSA user guide should be used in conjunction with the DSA guide and
not as a stand alone. For complete information, you can refer the DSA guide.
Audience
Mastercard provides this information for customers and their authorized agents.
Specifically, the following users will find this manual useful:
• Issuers, acquirers, processors, and payment networks that do not switch their
transactions on the Mastercard Network but want to offer Mastercard
Network-based value-added Services to their customers.
• Customer Staff who can be involved in testing and verifying actual
implementations against these specifications.
The Mastercard Direct Services Access provides issuers, third party processors
(TPPs), or payment networks that have transaction activity switching outside the
Mastercard Network an ability to access Mastercard Network for applying certain
value-added services on their transactions.
Background
Previously, issuers and processors were limited to offering Mastercard value-added
Services only to those accounts where Service, Clearing, and Single
Messagetransactions were processed directly through the Mastercard Network.
• Provides a method for customers and their authorized agents access to certain
Mastercard value-added Services for eligible Mastercard and non-Mastercard
transactions that process outside the Mastercard Network.
• Enables customers that want to participate in Mastercard value-added Services
to have a consistent experience, regardless of whether the transaction was
processed through the Mastercard Network or through another network.
Benefits:
Mastercard intends for a customer using the Mastercard Direct Services Access to
experience the following benefits:
• Ability to participate in certain Mastercard value-added Services where no
opportunity previously existed.
• Ability to expand the coverage of a given Mastercard value-added Service.
• Increased cardholder utility, retention, and loyalty as a result of offering the
Mastercard value-added Services described in this document.
• Ability to extend the Mastercard value-added Services to eligible non-
Mastercard transactions.
• A single point of entry to the Mastercard value-added Services for the
transactions processed on the customer’s network.
Connectivity Options
Mastercard Direct Services Access supports two connectivity options:
1. TCP/IP connection via Member Processor Interface (MIP)
2. API via Cloud
For more details about Mastercard Direct Service Access, please refer to
Mastercard Direct Services Access Manual and Technical Specifications Guide
You can contact your account manager to access this guide.
Acronyms
This terminology list defines various terms, concepts, acronyms, and abbreviations
used in this document. These definitions appear for convenience only and are not
to be used or otherwise relied on for any legal or technical purpose. Mastercard
specifically reserves the right to amend any definition appearing herein and to
interpret and apply all such definitions in its sole discretion as Mastercard deems
fit.
For specific billing information related to MDES via DSA, refer to the appropriate
Mastercard Consolidated Billing System (MCBS) Manual for the user’s country or
region.
Inquiries
Contact the Customer Operations Services team for support, 24 hours a day, 7
days a week, 365 days a year.
Phone: 1-800-999-0363
Fax: 1-636-722-7192
Email: customer_support@mastercard.com
Connectivity Issues
Service requesters experiencing connectivity issues with MDES should contact the
Operations Command Center (OCC). The OCC is available 24 hours a day, 7 days a
week, 365 days a year to troubleshoot potential connectivity issues.
Table 3:
Phone: 1-800-358-3060/1-636-722-6220
NOTE:
When calling the OCC team from outside
United
States, use ‘+’ before the number. That is,
+1-800-358-3060.
Email: occ@mastercard.com
MDES was developed to facilitate the financial industry transition from consumer
account credentials stored on traditional payment cards, to digital credentials
provisioned into mobile devices via Secure Element or Host Card Emulation
technologies. These digitized credentials enable the consumer’s mobile device to
perform payments through existing contactless point-of-sale (POS) systems and
through new remote payment methods, such as in-app payments or browser.
MDES also supports merchants or commerce platforms that want to tokenize their
cards on file using MDES.
MDES provides detokenization and dynamic data or cryptography validation of the
following:
• Near Field Communication (NFC) Contactless Payments
• Dynamic Magnetic Stripe Data Payments
• Digital Secure Remote Payments including In-app, Browser, and Card On File
• Dynamic Token Verification Code
The Digital Secure Remote Payment (DSRP) technology is also used to support
additional e-commerce tokenization use cases including MDES for merchants and
MDES for commerce platforms. It allows merchants to replace card numbers on
file with MDES tokens.
2. Dynamic Expiration Date—Along with the Dynamic Token Verification Code, the
merchant will provide a Dynamic Expiration Date to the acquirer for inclusion in
DE 14 (Date, Expiration).
Traditionally, service requesters expect to see a UCAF value for an original e-
commerce purchase. Now, service requesters must be aware that an original
purchase might not contain a UCAF value, but it will contain only an expiration
date and a CVC2 value.
To support this enhancement,service requesters must update their system as
follows:
• Continue to include DE14 (Date, expiration) from the merchant in service
request/0100 message for E-Commerce (DE22, subfield 1 = 81) or Credential on
File (DE22, subfield 1 = 10) transactions.
• Do not reject e-commerce transactions solely by the absence of cryptography
data in the UCAF field or ICC field, as merchants and acquirers can submit e-
commerce transactions initiated with MDES tokens without cryptography data
as part of these enhancements.
• Support DE 48, Subelement 92 (CVC2) and forward it to the issuer only when
received in the Service request response/0110 message from Mastercard.
CAUTION: If the Dynamic Token Verification Code is mistakenly forwarded in the CVC2
field to the issuer, the transaction will likely be declined by the issuer in error.
• Be prepared to receive a different token expiration date in DE48, subelement 33,
subfield 3 (Expiration Date) in the service request response/0110 message, than
the value originally sent in the service request/0100 message in DE14 (Date,
Expiration).
NOTE: When the Expiration date or/and Dynamic Token Verification Code received in the
service request/0100 message does not match the information on file (invalid), the
transactions will be rejected with:
• DE 39 (Response Code) = 30 (Format error)
• DE 44 (Additional Response Data) = 048 (Indicating the data element in error)
Entity Description
Issuer • Provide the alternative network with the applicable MDES account
ranges (these account ranges contain the tokens) as well as the
account ranges that contain the associated primary account numbers
[PANs]).
• Prepare to receive transactions from the alternative network that have
had MDES performed. These transactions will be formatted according
to the alternative network’s message specification.
• License DSRP specifications from Mastercard.
Alternative • Establish the issuer’s MDES account ranges (and associated PAN
Network account ranges, if not already supported) on the alternative network’s
system.
• Ensure that the alternative network’s system can identify that MDES
should be requested through DSA on these account ranges.
• License DSRP specifications from Mastercard.
NOTE: MDES via DSA customers (Issuers and Alternative Networks) will collectively be
called as Service Requesters in this document.
Eligible Transactions
Transactions switched through non-Mastercard networks that meet the following
criteria are eligible to obtain MDES via DSA.
Item Description
Originating Message • Financial transaction requests, acquirer-generated advices,
Types and reversals
Item Description
Point-of-Sale (POS) • PAN auto-entry via contactless M/Chip
Entry Modes • PAN auto-entry via contactless magnetic stripe—the full
track data has been read from the data on the card and
transmitted within the authorization request in data
element (DE) 35 (Track 2 Data) or DE 45 (Track 1 Data)
without alteration or truncation.
• PAN entry via electronic commerce, including DSRP
(available when licensed from Mastercard)
• PAN via DMSD Payments
NOTE: For more details about these services, refer to the MDES guide.
When the alternative network receives a financial transaction request via DSA
that meets the transaction eligibility criteria, it must send a Service request to
MDES to process. This must occur before the issuer authorizes the transaction.
It is at the discretion of the alternative network to decide how to use the Service
result tag data (such as the results code and response codes) provided in the
Service response message when formatting transactions that are sent to the
issuer and the originating acquirer. At a minimum, the alternative network should
replace the token received from the request originator with the PAN before
sending the transaction to the issuer and also provide acquirers with the partial
PAN in addition to the token when sending back the transaction response in
accordance with the EMVCo Payment Tokenization Specification.
The alternative network can elect to retain the PAN for use in clearing and
exception item processing.
After the issuer provides its response to the alternative network, the alternative
network must submit a Service request containing a Customer Interface
Specification (CIS) Service Advice/0120 message to provide transaction history to
cardholders for transactions that are not processed through the Mastercard
Network. The Service Identifiers for MDES and the Transaction History Advice/
0120 message are different.
If the Service requester elects not to retrieve the PAN used in the original
transaction, then the Service requester can send a reversal in the payload.
Refer to Supported Message Types in Service Request/Response as well as the
Message Layouts section for additional information.
NOTE: The DE values in this document reflect the values for MDES via DSA only. Other
DE values could be present when MDES is combined with other value added services
under DSA.
The different transaction types and their data elements are mentioned below:
Item Description
NFC Contactless Point of Sale Entry mode (DE22.01) is 07 or 91.
Item Description
Ecommerce - Original Point of Sale Entry Mode 09
Transaction with DSRP
EMV Cryptogram
Ecommerce - Original Point of Sale Entry Mode 81 with DSRP UCAF Cryptogram
Transaction with DSRP
UCAF Cryptogram
Ecommerce - Original Point of Sale Entry Mode 81 With Dynamic Token Verification
Transaction with Code and Dynamic Expiration Date
Dynamic Token
Verification Code and
Dynamic Expiration
Date
Ecommerce - Recurring/ Point of Sale Entry Mode 10 and 81
Partial Shipment
Dynamic Magnetic Point of Sale Entry Mode 90
Stripe Data
Authorization Request/0100
The Service response reflects the Authorization Request Response/0100 message
type and contains the data elements from the service request in addition to data
elements.
Overall
NOTE: M for 07 or 91
Ecommerce - Original Transaction (Point of Sale Entry Mode 09 with DSRP EMV
Cryptogram)
Table 7: Ecommerce - Original Transaction (Point of Sale Entry Mode 09 with DSRP
EMV Cryptogram)
Ecommerce - Original Transaction (Point of Sale Entry Mode 81 with DSRP UCAF
Cryptogram)
Table 8: Ecommerce - Original Transaction (Point of Sale Entry Mode 81 with DSRP
UCAF Cryptogram)
Table 9: Ecommerce - Original Transaction (Point of Sale Entry Mode 81 With Token
Verification Code and Dynamic Expiration Date)
Table 10: Ecommerce - Recurring/Partial (Point of Sale Entry Mode 10 and 81)
Table 11: Dynamic Magnetic Stripe Data(Point of Sale Entry Mode 90)
NOTE:
In addition to the new OBS 54
results, alternative networks
will continue to receive service
results related to MDES PAN
Mapping and cryptography
validation.
– 61 (Mastercard Digital
Enablement Service Cloud-
Based Payments Chip Pre-
Validation)
– 62 (Mastercard Digital
Enablement Service Cloud-
Based Payments Magnetic
Stripe Pre-Validation)
Authorization Advice/0120—Acquirer-Generated
The Authorization Advice/0120—Acquirer-generated message advises of an
authorization that was carried out on the issuer’s behalf. It is not intended to
permit the application of this transaction to the cardholder’s account for issuing a
bill or statement; for example, this is a non-posting advice message.
Reversal Request/0400
The Reversal Request/0400 message reverses fully or partially an earlier
authorization request.
Notices
Following are policies pertaining to proprietary rights, trademarks, translations,
and details about the availability of additional information online.
Proprietary Rights
The information contained in this document is proprietary and confidential to
Mastercard International Incorporated, one or more of its affiliated entities
(collectively “Mastercard”), or both.
This material may not be duplicated, published, or disclosed, in whole or in part,
without the prior written permission of Mastercard.
Trademarks
Trademark notices and symbols used in this document reflect the registration
status of Mastercard trademarks in the United States. Please consult with the
Global Customer Service team or the Mastercard Law Department for the
registration status of particular product, program, or service names outside the
United States.
All third-party product and service names are trademarks or registered
trademarks of their respective owners.
Disclaimer
Mastercard makes no representations or warranties of any kind, express or implied,
with respect to the contents of this document. Without limitation, Mastercard
specifically disclaims all representations and warranties with respect to this
document and any Intellectual Property Rights subsisting therein or any part
thereof, including but not limited to any and all implied warranties of title, non-
infringement, or suitability for any purpose (whether or not Mastercard has been
advised, has reason to know, or is otherwise in fact aware of any information) or
achievement of any particular result. Without limitation, Mastercard specifically
disclaims all representations and warranties that any practice or implementation
of this document will not infringe any third party patents, copyrights, trade secrets
or other rights.
Translation
A translation of any Mastercard manual, bulletin, release, or other Mastercard
document into a language other than English is intended solely as a convenience to
Mastercard customers. Mastercard provides any translated document to its
customers “AS IS” and makes no representations or warranties of any kind with
respect to the translated document, including, but not limited to, its accuracy or
reliability. In no event shall Mastercard be liable for any damages resulting from