EMV Decoder Logo
Back to Guides

Understanding ISO 8583

August 22, 202412 min read

When you swipe, dip, or tap your credit card at a store, the point-of-sale terminal needs to talk to the merchant's bank, which talks to the payment network (Visa/Mastercard), which finally talks to your bank to approve the transaction. The language they use to communicate in real-time is ISO 8583.

What is ISO 8583?

ISO 8583 is the international standard for financial transaction card originated interchange messaging. It defines a message format and a communication flow so that different systems can exchange electronic transactions.

Unlike modern REST APIs that use JSON or XML, ISO 8583 is a highly compact, binary, and positional format designed decades ago when bandwidth was extremely expensive and limited.

The Anatomy of an ISO 8583 Message

Every ISO 8583 message is composed of three core parts:

  1. MTI (Message Type Indicator): Defines what the message is trying to do.
  2. Bitmap(s): Indicates which specific data fields are present in the message.
  3. Data Elements (DE): The actual information being transmitted (amount, card number, PIN block, etc.).

1. Message Type Indicator (MTI)

The MTI is a 4-digit numeric field that classifies the high-level function of the message. It consists of four positions:

  • ISO Version: (e.g., 0 = 1987 version, 1 = 1993 version, 2 = 2003 version). Most of the world still relies heavily on the 1987 version.
  • Message Class: (e.g., 1 = Authorization, 2 = Financial, 4 = Reversal, 8 = Network Management).
  • Message Function: (e.g., 0 = Request, 1 = Response, 2 = Advice).
  • Transaction Originator: (e.g., 0 = Acquirer, 1 = Acquirer Repeat, 2 = Issuer).

Common MTI Examples:
0100: Authorization Request
0110: Authorization Response
0200: Financial Request (actually moves the money)
0400: Reversal Request

2. The Bitmap

The bitmap is arguably the most clever (and confusing) part of ISO 8583. Because the standard defines up to 128 (or even 192) different possible data fields, sending all 128 fields every time would be a massive waste of bandwidth, especially since a typical authorization only needs about 15-20 fields.

Instead, the message uses a Bitmap—a string of 64 bits (represented as 16 hexadecimal characters). Each bit corresponds to a specific Data Element.

  • If bit 4 is a 1, it means Data Element 4 (Transaction Amount) is present.
  • If bit 4 is a 0, Data Element 4 is missing.

Bit 1 is special. If Bit 1 is a 1, it means there is a Secondary Bitmap immediately following the first one, which allows the use of Data Elements 65 through 128.

Interactive Tool: Calculating bitmaps by hand is tedious. Use our Bitmap Builder to toggle fields on and off and generate the correct hex string instantly.

3. Data Elements (DE)

Following the bitmap, the message appends the data for every field that was flagged with a `1` in the bitmap, in sequential order.

Data Elements come in two types:

  • Fixed Length: The system knows exactly how long the data is. For example, DE 4 (Amount) is always 12 digits. DE 7 (Transmission Date & Time) is always 10 digits.
  • Variable Length: The data length can change. For example, DE 2 (Primary Account Number / Card Number) can be anywhere from 13 to 19 digits. Variable-length fields are prefixed with an indicator (LL or LLL) that tells the parser how many digits follow. E.g., 164000000000000000 means "The next 16 characters are the card number: 4000...".

Crucial Data Elements

  • DE 2 (PAN): The 16-digit card number.
  • DE 3 (Processing Code): A 6-digit code defining the exact transaction type (e.g., 000000 for a purchase, 010000 for a cash withdrawal).
  • DE 4 (Amount): The transaction amount.
  • DE 11 (STAN): System Trace Audit Number. A unique sequential number to track the message.
  • DE 39 (Response Code): Only present in responses. `00` means approved. `51` means insufficient funds.
  • DE 52 (PIN Data): An encrypted PIN block. (Learn more about PIN Blocks)
  • DE 55 (EMV Data): This field carries all the chip card cryptograms and TLV data generated by the EMV process.

Parsing the Payload

To read an ISO 8583 message, a parser must:

  1. Read the first 4 bytes to get the MTI.
  2. Read the next 8 bytes (or 16 hex characters) to get the Primary Bitmap.
  3. Check bit 1. If it's a 1, read the next 8 bytes as the Secondary Bitmap.
  4. Iterate through bits 2 to 128. For every bit that is a `1`, consult the specification to know whether that field is fixed or variable, read the appropriate length, extract the value, and move the cursor forward.

Conclusion

While ISO 8583 might look archaic to modern web developers, it is incredibly efficient, robust, and powers billions of financial transactions every day. Mastering it is essential for anyone building payment gateways, ATM switches, or core banking platforms.

EMV Decoder tools perform all calculations client-side for maximum security. No sensitive data is ever transmitted to our servers.