 
        Effective 26 August 2014
Version E229
AUSTRALIAN PAYMENTS CLEARING ASSOCIATION
LIMITED
ABN 12 055 136 519
A Company limited by Guarantee
CECS MANUAL
for
CONSUMER ELECTRONIC CLEARING SYSTEM
(CS3)
Commenced 14 December 2000
Copyright © 2000-2014 Australian Payments Clearing Association Limited
ABN 12 055 136 519
Australian Payments Clearing Association Limited
Level 6, 14 Martin Place, SYDNEY NSW 2000
Telephone: (02) 9216 4888
Facsimile: (02) 9221 8057
Consumer Electronic Clearing System (CS3) CECS MANUAL
Table of Contents
CECS MANUAL
for
CONSUMER ELECTRONIC CLEARING SYSTEM
(CS3)
PREFACE
1.1
PART 1 OVERVIEW, DEFINITIONS AND INTERPRETATION
1.1
1.1
1.2
1.3
1.4
1.5
Purpose of this Manual
Electronic Funds Transfer Background [deleted]
CECS Standards
Overview of Consumer Electronic Transactions
Definitions
1.1
1.2
1.2
1.4
1.6
PART 2 COMMON REQUIREMENTS AND CERTIFICATION
2.1
2.1
Certification
2.2
Network and Interchange Requirements
2.3
Interchange Technical Specifications
2.4
Cryptographic Key Management - General
2.5
Third Party Checks [deleted]
2.6
Device Approval Process
2.7
Evaluation Facility Recognition Process
2.8
Crisis Management Action Plans
2.9
Contingency Procedures
2.10
Key Injection Facility Assessment
Appendix A DEA3 Liability Shift [deleted]
2.1
2.6
2.10
2.11
2.13
2.13
2.15
2.18
2.19
2.19
2A.1
PART 3 ISSUER STANDARDS
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.9
3.10
3.1
Card-Related Standards
PIN Management and Security
Card Expiry
Supported Transactions
Sponsored Issuers
Issuer Interchange Operational Procedures
Production of Test Cards - BIN Changes
Statement Narrative - Refund Transactions [deleted]
Funds Availability - Refunds Transactions [deleted]
PIN Change and Delivery over Open Networks
3.1
3.2
3.3
3.3
3.3
3.3
3.3
3.3
3.3
3.3
PART 4 ISSUER INTERCHANGE OPERATIONS PROCEDURES
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.1
Reports
Fallback Operations [deleted]
Interchange Fees
Doubtful Transactions
Disputed Transactions
Enquiries
Compromised Terminals
4.1
4.2
4.2
4.3
4.3
4.6
4.7
PART 5 ACQUIRER STANDARDS
5.1
5.2
5.3
5.4
5.1
Secure Cryptographic Devices
References
PIN Security Audit Program
Terminal Key Management
5.1
5.1
5.2
5.3
Australian Payments Clearing Association Limited
i
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Table of Contents
5.5
5.6
5.7
5.8
5.9
5.10
5.11
5.12
5.13
5.14
5.15
Cardholder Data
Sensitive Authentication Data
Merchant Checks [deleted]
Device Running Multiple Applications
TCP/IP Terminal Connectivity
Good Design Principles
Record of Transaction
Acquirer Requirements
EFTPOS Operational Procedures [deleted]
ATM Acquirer Requirements [deleted]
ATM Operational Procedures
5.3
5.3
5.4
5.4
5.4
5.4
5.5
5.5
5.6
5.6
5.6
PART 6 ACQUIRER EFTPOS INTERCHANGE OPERATIONS PROCEDURES [deleted]
6.1
PART 7 ACQUIRER ATM INTERCHANGE OPERATIONS PROCEDURES
7.1
7.1
Reports
7.2
Operations
7.3
Interchange Fees
7.4
Doubtful Transactions
7.5
Disputed Transactions
7.6
Enquiries
7.7
Cards Retained
Appendix 7A
Disputed Transaction Advice
Appendix 7B
Escalation Procedures
7.1
7.2
7.3
7.4
7.5
7.10
7.11
7A.1
7B.1
PART 8 DEVICE SECURITY STANDARDS
8.1
8.2
8.3
8.4
8.5
8.6
8.7
8.1
Device Security Standards
Device Security Evaluation Criteria
Interpretation
Physical Characteristics and Key Management Protocols
Device Classification
Limitations on Functions (SCM)
Device Management
8.1
8.1
8.3
8.4
8.5
8.5
8.6
PART 9 STANDARD INTERCHANGE SPECIFICATION
9.1
9.2
9.3
9.4
9.5
9.6
9.7
9.8
9.9
9.10
9.11
9.12
9.13
9.1
Purpose
Scope
References
Supported Message Types
Supported Transaction Set
Network Management
Key Management
Time Out Parameters
Link Reconciliation
Link Settlement Times
Message Formats
Fields
Response Codes
9.1
9.1
9.1
9.2
9.2
9.7
9.9
9.12
9.12
9.13
9.13
9.35
9.42
Australian Payments Clearing Association Limited
ii
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Table of Contents
Appendix 9A
Appendix 9B
Appendix 9C
Appendix 9D
Appendix 9E
Appendix 9F
Appendix 9G
Appendix 9H
KEK Establishment
Electronic Fallback [deleted]
Manual Key Entry on Faulty Magnetic-Stripe Card Reads [deleted]
Communications Philosophy
Interchange Bitmap
Manual Key Entry on Faulty ICC Card Readers [deleted]
Technology Fallback
Fallback of ICC Declined Transactions
PART 10 SETTLEMENT
10.1
10.1
General Principles
10.2
Agreed Cut-off Time
10.3
Interchange Settlement Reports
10.4
Procedures
10.5
Disputed Amounts
10.6
RITS Low Value Settlement Service
Appendix 10A [Deleted]
Appendix 10B Interchange Settlement Report
10.1
10.1
10.1
10.1
10.4
10.6
10A.1
10B.1
PART 11 ATM DIRECT CHARGING RULES
11.1
11.2
11.3
11.4
11.5
11.6
11.7
11.1
General Principles
Amount and Variation of the ATM Operator Fee and Declines
When Cardholders may be charged an ATM Operator Fee
Disclosure Rules
Message flow
Settlement of ATM Operator Fees
Transition
PART 12 PREPAID CARDS
12.1
12.2
12.3
12.4
12.5
12.6
12.7
12.8
12.9
9A.1
9B.1
9C.1
9D.1
9E.1
9F.1
9G.1
9H.1
11.1
11.1
11.1
11.2
11.3
11.6
11.6
12.1
Card Characteristics
PIN Standards
Unique BINs
Supported Transactions
Test Cards
Interchange Settlement
Disputes
Fallback [deleted]
Refunds [deleted]
12.1
12.2
12.2
12.2
12.2
12.2
12.2
12.2
12.2
ANNEXURES
A
Acquirer Certification Checklist
AA.1
B
Acquirer Certification – General Guidelines
AB.1
C
Issuer Certification Checklist
AC.1
D
Device and Interchange Certification Guidelines
AD.1
E
Acquirer Operational Certification Guidelines
AE.1
F
Settlement Certification Guidelines
AF.1
G
Issuer Certification Guidelines
AG.1
H
CECS Operational Broadcast Form
AH.1
I
PIN Security Audit Checklist
AI.1
J
CECS Laboratory Accreditation Checklist
AJ.1
Australian Payments Clearing Association Limited
iii
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Table of Contents
K
Exemption Request Form
AK.1
L
Contingency File Exchange Form
AL.1
M
Minimum Evaluation Criteria for IP Enabled Terminals
AM.1
N
PCI Plus Components
AN.1
The next page is 1.1
Australian Payments Clearing Association Limited
iv
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
AUSTRALIAN PAYMENTS CLEARING ASSOCIATION LIMITED
ABN 12 055 136 519
A Company limited by Guarantee
CECS MANUAL
for
CONSUMER ELECTRONIC CLEARING SYSTEM
(CS3)
PREFACE
This release of the CECS Manual is a transitional version, designed to reflect the creation of a separate body
designed to regulate EFTPOS known as EFTPOS Payments Australia Limited (EPAL) and to move away from
device specific rules (with the exception of Part 9 which sets out Standard Interchange Specifications) . This
version will be fully revised at a later date.
Amended effective
1.12.10
It is not intended that this transitional version of the CECS Manual should significantly modify the operational
procedures or security standards applicable to the EFTPOS and ATM systems in Australia immediately prior to 1
January 2011. To the extent that any of the amendments in this transitional version have the effect of modifying
any such operational procedure or security standard, that modification will be regarded as an unintended
consequence, irrespective of whether such consequence advantages or disadvantages any Member, or is perverse
(“Unintended Consequence”). In the event of an Unintended Consequence, Members will co-operate with each
other and APCA in good faith to reinstate the procedure or standard applicable immediately prior to 1 January
2011.
It includes those requirements commonly found in the formal Interchange Agreement that currently exist between
participating Members, further reducing the need for those agreements.
This release includes all previous changes up to, and including E222 dated 31 May 2010.
PART 1 OVERVIEW, DEFINITIONS AND INTERPRETATION
1.1
Purpose of this Manual
For organisations that have an interest in joining CECS, this Manual sets out in Part 2 general standards
to be adopted by all members.
For organisations which have an interest in joining CECS and an Interchange network as Acquirers, this
Manual sets out in Part 5 the standards to be adopted by all prospective Acquirers. These standards also
apply to existing Acquirers which joined CECS at its inception.
For organisations which have an interest in joining CECS and the relevant Interchange network as
Issuers, this Manual sets out in Part 3 standards to be adopted by all prospective Issuers. These
standards also apply to existing Issuers which joined CECS at its inception.
Compliance with these standards (as reviewed from time to time) on a uniform basis through CECS will
contribute to the continued integrity interchanges in Australia. In particular, CECS standards seek to
ensure that:
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
Current quality levels are not compromised by:
- Inferior operations;
- Lower quality Terminal devices and other equipment; or
- Inadequate security;
Customer service is maintained at the highest possible level; and
the general public continues to have confidence in the ability of their financial institutions to
protect the privacy and security of their funds.
The CECS Regulations permit any two CECS Members to agree to apply divergent standards and
procedures to those set out in this Manual, provided they satisfy the CECS Management Committee that
the integrity, security or efficiency of CECS as a whole will not be lessened in any material way as a
result. However, no CECS Member may require any CECS Member or Non-Member to apply
standards and procedures regarding Interchanges other than those in this Manual.
Amended effective
14/08/06
This Manual sets out the required process for CECS Members that are Acquirers to be certified as
meeting CECS standards. A CECS Member cannot refuse on technical, operational or security grounds
to engage in Interchange activities with another appropriately certified CECS Member.
Non-Member Issuers and Acquirers may elect to seek certification from APCA that they meet CECS
standards applicable to Acquirers, without joining CECS. The CECS Regulations provide that a CECS
Member is not to refuse, on technical, operational or security grounds to engage in Interchange
activities with any such certified Non-Member. Responsibility for enforcing standards against the
certified Non-Member at all times rests with the CECS Member that enters into a bilateral arrangement
for interchange with it.
1.2
[deleted]
1.2.1
[deleted]
1.2.1.1
[deleted]
1.2.2
[deleted]
1.3
CECS Standards
1.3.1
APCA
Amended effective
14/08/06
Ensuring appropriate security and other technical standards is essential to the integrity of consumer
payments clearing. APCA’s technical and security working groups which report to the CECS
Management Committee develop standards to be implemented industry wide through CECS.
APCA administers certification procedures which are aimed at ensuring that Issuers and Acquirers meet
prescribed technical, operational and security standards. For Issuers see Part 2 and Part 3 of this
Manual. For Acquirers see Part 2 and Part 5 of this Manual).
1.3.2
Amended effective
14/08/06
[deleted]
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
1.3.3
Application of these Standards
1.3.3.1
Inclusions
CECS standards apply to any Transaction which results in the exchange of an Item across a bilateral
link, regardless of the type of Card and/or account being used and/or accessed. This means that the
CECS standards apply to:
1.3.3.2
all domestically acquired Transactions initiated with a non-scheme debit card, including
Transactions initiated with the debit functionality of a Card that also has scheme credit and/or debit
functionality; and
Transactions initiated with a scheme credit or debit card which result in the exchange of an Item
across a bilateral link (such as nearly all ATM Transactions initiated with a domestic scheme credit
card or debit card).
Amended effective
03/09/07
Exclusions
EFTPOS Transactions are governed by EPAL’s Operational Rules which for the most part replicate
these standards. In relation to the applicable standards for EFTPOS Transactions reference should be
made to the EPAL’s Operational Rules in the first instance.
Other than as described above, CECS standards do not apply directly to the electronic processing of
credit card Transactions and other scheme Transactions. These are governed by the rules and
regulations published by the various card schemes.
1.3.4
Relationship With Other Standards or Guidelines
This Manual cross-refers to a number of existing standards and guidelines promulgated by bodies other
than APCA that apply to participants, in their various capacities, in consumer electronic Transactions
and which may apply to CECS Members either independently of or by virtue of their incorporation by
reference in this Manual. The requirements of these separate schemes, standards or guidelines have not
been duplicated in this Manual and CECS Members are expected to have familiarised themselves with
and adhere to their responsibilities under all such applicable requirements, as a separate matter from the
specific standards and requirements which are detailed in this Manual. These existing schemes,
standards and guidelines include:
1.3.5
Standard or Guideline
Application
Monitor
Card Schemes
All Issuers party to particular
schemes
Various
Electronic Funds Transfer
(EFT) Code of Conduct
All CECS Members
Australian Securities and
Investments Commission
Guidelines for EFT Security
All Acquirers
Australian Securities and
Investments Commission
AS2805
All CECS Members
Standards Australia
EPAL’s Operational Rules
All EFTPOS
Acquirers
Issuers
and
EFTPOS Payments Australia
Limited
Inconsistencies
If a provision of the Regulations or this Manual is inconsistent with a provision of the Constitution, the
provision of the Constitution prevails.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.3
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
If a provision of this Manual is inconsistent with a provision of the Regulations, the provision of the
Regulations prevails.
1.3.6
Governing Law
This Manual is to be interpreted in accordance with the same laws which govern the interpretation of
the Constitution.
1.3.7
Interpretation
1.3.7.1
In this Manual
(a)
words importing any one gender include the other gender;
(b)
the word ‘person’ includes a firm, body corporate, an unincorporated association or an authority;
(c)
the singular includes the plural and vice versa;
(d)
a reference to a statute, code or the Corporations Law (or to a provision of a statute, code or the
Corporations Law) means the statute, the code, the Corporations Law or the provisions as
modified or amended and in operation for the time being, or any statute, code or provision
enacted in lieu thereof and includes any regulation or rule for the time being in force under the
statute, the code, the Corporations Law or the provision;
(e)
a reference to a specific time means that time in Sydney unless the context requires otherwise;
(f)
words defined in the Corporations Law have, unless the contrary intention appears, the same
meaning in this Manual;
(g)
words defined in the Regulations have, unless the contrary intention appears, the same meaning
in this Manual;
(h)
this Manual has been determined by the Management Committee and takes effect on the date
specified by the Chief Executive Officer pursuant to Regulation 1.5; and
(i)
headings are inserted for convenience and do not affect the interpretation of this Manual.
1.4
Overview of Consumer Electronic Transactions
1.4.1
Consumer Electronic Transactions
Participants in Transactions have the following characteristics.
Interchange arrangements have been established as a co-operative effort to foster the use of Terminals
for the use of each Issuer’s Cardholders as broadly as possible.
This arrangement allows the Issuer’s Cards to be accepted at the Acquirer’s Terminals.
Acquirer:
An Acquirer is a body corporate which acquires a Transaction from a Terminal on behalf of an Issuer.
This is achieved by obtaining Issuers’ authorisation for Card Transactions accepted by Terminals and
providing financial Transaction/data to Issuers for posting debits and credits to Cardholder accounts.
Corresponding crediting/debiting of settlement value is made to the relevant accounts. In this way
Acquirers provide facilities to enable Transactions.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.4
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
An Acquirer may also be an Issuer.
An Acquirer also:
(a)
takes responsibility for ensuring the compliance of Terminals with all operational standards that
have been developed for the system in the interests of Transaction integrity, security and
Cardholder service;
(b)
[deleted]
(c)
[deleted]
(d)
settles with Issuers for the Transactions of each issued Card; and
(e)
takes responsibility for ensuring the compliance of any third parties engaged in delivering the
service, with all operational standards that have been developed for the system in the interests of
Transaction integrity, security and Cardholder service.
Issuer:
The role of the Issuer is to provide the customer with a payment instrument (Card or equivalent device)
that complies with appropriate standards.
The Issuer’s responsibilities include:
(a)
to negotiate with Acquirers for Card acceptance and appropriate Cardholder service;
(b)
to settle for the value of the Cardholder’s Transaction with the relevant Acquirer and agree these
settlement arrangements and guarantees with Acquirers;
(c)
to be in a position to provide final settlement, either as a direct participant or through a
representative;
(d)
to fund balances on debit accounts and manage the risk of unauthorised debt;
(e)
to determine rules to operate the Cardholder account;
(f)
[deleted]
(g)
ensuring the compliance of any third parties engaged in delivering the service, with all
operational standards that have been developed for the system in the interests of Transaction
integrity, security and Cardholder service.
(h)
ensuring that Transactions it receives are capable of being authorised, cleared and settled across
multiple financial institutions.
Cardholder:
The Cardholder is the ultimate customer of the system. The Cardholder is also the customer of the
Issuer.
Access to Cardholders’ cheque or savings accounts to initiate a Transaction is by use of a proprietary
debit card, prepaid card or credit card that has debit functionality. The Cardholder agrees to use the
Card under terms and conditions of use set by the Issuer.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.5
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
Third Party Processor:
The role of Third Party Processors within the CECS system is to provide an outsourced facility for
Transaction processing and support to other participants (most likely Acquirers, but potentially also
Issuer participants).
Third Party Processors, when engaged by either an Acquirer or Issuer, shall be obliged to operate in
accordance with these standards by the engaging party.
The Third Party Processor may, but need not, be owned outright by one or more participants, and
provide smaller participants with a cost-effective means of participating as Issuers.
Third Party Processor roles can widely vary including but not limited to:
receiving a Transaction stream from an Acquirer and remit to an Issuer (switch); and
processing Transaction authorisation requests on behalf of an Issuer (Card processor).
1.4.2
[deleted]
1.5
Definitions
In this Manual the following words have the following meanings unless the contrary intention appears.
“Acquirer” means a body corporate that in connection with a Transaction:
(a)
under arrangement with and on behalf of an Issuer, discharges the obligations owed by that
Issuer to the relevant Cardholder; and
(b)
engages in Interchange with that Issuer as a result.
In relation only to those provisions of the CECS Manual marked with an asterisk and annotated
accordingly, a reference to an Acquirer is deemed to include a Self Acquirer.
“Acquirer Reference Number” in relation to an Acquirer means a reference number which is unique
to that Acquirer, allocated to it for identification purposes by the International Organisation for
Standardization.
“Approved Evaluation Facility” means a testing laboratory that has been accredited by the Company
to conduct SCD security compliance testing.
“AS” means Australian Standard as published by Standards Australia.
“ATM” means an approved electronic device capable of automatically dispensing Cash in response to a
Cash withdrawal Transaction initiated by a Cardholder. Other Transactions (initiated by a debit card)
such as funds transfers, deposits and balance enquiries may also be supported. The device must accept
either magnetic stripe Cards or smart (chip) Cards where Transactions are initiated by the Cardholder
keying in a Personal Identification Number (PIN). Limited service devices (known as “Cash
dispensers”) that only allow for Cash withdrawal are included.
Amended effective
date 15.8.05
“ATM Direct Charging Date” means 3 March 2009 or such other date that the Management
Committee shall determine.
Inserted effective
03/03/09
“ATM Operator Fee” means a fee paid by a Cardholder to the operator of an ATM to effect a
Transaction through their Terminal.
Inserted effective
03/03/09
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.6
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
“ATM Transaction” means a Cash deposit, a Cash withdrawal, or a balance enquiry effected by a
Cardholder at an ATM.
Amended effective
date 15.8.05
“Audit Compliance Certificate”:
(a)
in relation to a Certified Acquirer, means a certificate in the form of Annexure A; and
(b)
in relation to a Certified Issuer, means a certificate in the form of Annexure C.
(Note: A Non-Member may also seek Certification: see Parts 2, 3 and 5).
“Australian IC Card” means an IC Card in respect of which the EMV Issuer Country Code data
element (tag 5F28) equal to “036” (Australia).
Amended effective
14/08/06
Inserted effective
9/02/07
“Authorisation” in relation to a Transaction, means confirmation given by an Issuer that funds will be
made available for the benefit of an Acquirer, in accordance with the terms of the relevant Interchange
Agreement, to the amount of that Transaction. Except in the circumstances specified in this Manual,
Authorisation is effected online. ‘Authorised’ has a corresponding meaning.
“Authorised Device” means a Secure Cryptographic Device that has been evaluated in accordance
with Part 2.6 and which has been approved for use within CECS by the Company.
“Bank Identification Number (BIN)” means the registered identification number allocated by
Standards Australia Limited in accordance with AS 3523 (also known as an Issuer Identification
Number (IIN)).
Inserted Effective
19/04/10
“Card” means any card capable of being read by a Terminal including a debit card, prepaid card and
credit card.
Last Amended
Effective 19/04/10
“Card-related Standards” means, in relation to Cards, the standards from time to time required by
Part 3.1.
“Cardholder” means a customer of an Issuer who has been issued with a Card by that Issuer, enabling
that customer to effect Transactions.
“Cash” means Australian legal tender.
Inserted effective
date 15.8.05
“CECS” means the Consumer Electronic Clearing System (CS3).
Deleted Effective
19/04/10
“CECS Member” means a body corporate, which in accordance with the Regulations is a participant in
CECS.
“CECS Operational Broadcast” means the form set out in Annexure H.
Last Amended
Effective 19/04/10
“Certification” has the meaning given in Part 2.1.
“Certification Checklist” means in relation to an Acquirer, a checklist in the form of Annexure A and
in relation to an Issuer, a checklist in the form of Annexure C.
“Collator” deleted effective 13.08.12
Deleted
effective
13//08/12
“Commencement Date” means the date specified as such for CECS under Regulation 1.5.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.7
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
“Compliance Certificate” means a certificate issued by the Company to a requesting party evidencing
successful Certification.
“Company” means the Australian Payments Clearing Association Limited (A.C.N. 055 136 519).
“Compromised Terminal” means a Terminal that has been tampered with for fraudulent purposes.
Inserted Effective
19/02/10
“Contingency File” means a file in the form specified in Appendix 9B.6.
Inserted
effective 2/10/06
“Contingency Procedures” means the procedures in Part 2.9.
Inserted
effective 2/10/06
“Corporations Law” means the Corporations Act 2001 (Cth) and associated subordinate legislation as
amended from time to time.
“Counterparty” means the CECS Member direct settler (for example, an Issuer) identified in a File
Settlement Instruction submitted by an Originator (for example, an Acquirer or Lead Institution), in
accordance with this Manual and the requirements of the RITS Low Value Settlement Service.
Inserted effective
13/08/12
“Credit Items” includes all credit payment instructions, usually electronically transmitted, which give
rise to Interchange, except as may be specifically excluded by the Regulations or this Manual.
“Crisis Management Action Plan” means the plan set out in the Guidelines for CECS Members.
“Debit Items” includes all debit payment instructions, usually electronically transmitted, which give
rise to Interchange, except as may be specifically excluded by the Regulations or this Manual.
“Disputed Transaction” means a Transaction which the Cardholder denies having initiated or where
the Transaction amount is claimed to be incorrect.
“Disruptive Event” means any processing, communications or other failure of a technical nature,
which affects, or may affect, the ability of any CECS Member to Interchange.
Inserted
effective 2/10/06
(Note: examples of a Disruptive Event are described in Part 2.9 of the CECS Manual.)
“Double-length Key” means a key of length 128 bits including parity bits or 112 bits excluding parity
bits.
“Doubtful Transactions” means those Transactions which may not have been successfully completed,
although the Transaction may be recorded against a relevant account.
“EFT” means Electronic Funds Transfer.
“EFTPOS” means Electronic Funds Transfer at Point of Sale.
“Electronic Funds Transfer (EFT) Code of Conduct” means the EFT Code of Conduct as revised by
the Australian Securities and Investments Commission’s EFT Working Group
“EMV” means the specifications as published by EMV Co. LLC.
Inserted effective
9/02/07
“EMV Phase 1” means the current transition arrangements through which a Transaction is created
from the use of an EMV compliant Australia IC Card prior to the migration of CECS to full EMV
functionality.
Inserted effective
9/02/07
(Note: a date for the migration of CECS to full EMV functionality has not yet been determined).
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.8
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
“Encapsulating Security Payload” (ESP) is a member of the IPsec protocol suite providing origin
authenticity, integrity, and confidentiality protection of packets in Tunnel Mode, where the entire
original IP packet is encapsulated, with a new packet header added which remains unprotected.
Inserted effective
13/08/12
“EPAL” means EFTPOS Payment Australia Limited.
“EPAL Operational Rules” means EPAL’s technical, operational and security rules adopted by EPAL
to govern EFTPOS Transactions.
“Error of Magnitude” means an error (or a series of errors) of or exceeding $2 million or such other
amount as may be determined from time to time by the Management Committee.
Last amended
effective 20/4/09
“ESA” means Exchange Settlement Account.
“Evaluation Facility” in relation to the approval of a Secure Cryptographic Device for:
(a)
an Acquirer, means an entity approved by the Management Committee in accordance with, and
for purposes of, Part 2; and
(b)
an Issuer, means an entity approved by the Management Committee in accordance with, and for
purposes of Part 2.
“Exchange Settlement Account” (ESA) means an exchange settlement account, or similar account,
maintained with the Reserve Bank of Australia.
“Exchange Summary” deleted effective 13/08/12
Deleted effective
13/08/12
“Exchange Summary Data File Transfer Facility” deleted effective 13/08/12
Deleted effective
13/08/12
“Failure to Match Rules” (FTM Rules) deleted effective 13/08/12
Deleted effective
13/08/12
“File Recall Instruction” means a file in the format prescribed by the Reserve Bank of Australia and
complying with the specifications for the RITS Low Value Settlement Service which can be accessed
via a link on the Company’s extranet.
Inserted effective
13/08/12
“File Recall Response” means a response to a File Recall Instruction, generated by the RITS Low
Value Settlement Service.
Inserted effective
13/08/12
“File Settlement Advice” means an advice in relation to a File Settlement Instruction, generated by the
RITS Low Value Settlement Service.
Inserted effective
13/08/12
“File Settlement Instruction” means a file in the format prescribed by the Reserve Bank of Australia
and complying with the specifications for the RITS Low Value Settlement Service which can be
accessed via a link on the Company’s extranet.
Inserted effective
13/08/12
“File Settlement Response” means a response to a File Settlement Instruction, generated by the RITS
Low Value Settlement Service.
Inserted effective
13/08/12
“FTM Rules” deleted effective 13/08/12
Deleted effective
13/08/12
“HMAC” (Hash-based Message Authentication Code) is a specific construction for calculating a
message authentication code (MAC) involving a cryptographic hash function in combination with a
secret key. HMACs are formed in conformance with AS2805:4.2 Electronic funds transfer—
Requirements for interfaces Information technology -- Security techniques -- Message Authentication
Codes (MACs) - Mechanisms using a dedicated hash-function.
Inserted effective
13/08/12
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.9
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
“Hot Card” means a Card which has been reported by the Cardholder as lost or stolen, or for which
there is evidence of fraudulent use.
“IC Card” means a Card that contains an integrated circuit and that conforms to the EMV
specifications.
Inserted effective
9/02/07
“Interchange” means the exchange of Items for value between Acquirers and Issuers, via an
Interchange Link, as a result of the use of an Issuer’s Card by a Cardholder to generate a Transaction.
Interchange arrangements may, but need not, be reciprocal.
“Interchange Agreement” means an agreement between an Acquirer and an Issuer that regulates the
arrangements relating to Interchange between them.
“Interchange Fee” means a fee charged to one party to an Interchange by the other party to the
Interchange for access to its consumer electronic payments facilities.
“Interchange Line” means the physical communications infrastructure that provides the medium over
which Interchange is supported. An Interchange Line contains, at a minimum, one Interchange Link.
“Interchange Line Encryption” means encryption of the entire message, with the exception of
communication headers and trailers that is being passed across an Interchange Line using, as a
minimum, double-length keys and a triple-DES process.
“Interchange Link” means the logical link between an Acquirer and an Issuer which facilitates
Interchange between them. Interchange Links are supported physically by an Interchange Line, and are
either direct between an Acquirer and Issuer or indirect via a third party intermediary.
“Interchange Link Message Authentication” means calculation and verification of the Message
Authentication Code (MAC) that is being passed across an Interchange Link.
“Interchange Link PIN Encryption” means encryption of the PIN in accordance with AS 2805 part
3.1.
Amended effective
27.04.11
“Interchange Settlement Report” means a report substantially in the form of Appendix B to Part 10.
“Internet Key Exchange” (IKE) is the protocol used to set up a security association in the IPsec
protocol suite.
Inserted effective
13/08/12
“Issuer” means a body corporate which issues a Card to a Cardholder and, in connection with any
Transaction effected using that Card:
(a)
assumes obligations to the relevant Cardholder, which obligations are in the first instance
discharged on its behalf by an Acquirer; and
(b)
engages in Interchange with that Acquirer as a result.
“Issuer Sequence Number” means a one or two digit number used at the option of the Issuer to
identify a Card which may have the same primary account number as another Card and possible
different accessible linked accounts.
“Items” means Debit Items or Credit Items.
“Key Encrypting Key” means a key which is used to encipher other keys in transport and which can
be used to exchange Session Keys between two systems.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.10
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
“Lead Institution” means a financial institution responsible for direct settlement of scheme payment
obligations.
Inserted effective
13/08/12
“Letter of Approval” means a letter, issued by the Company, approving the use of a Secure
Cryptographic Device within the CECS network.
“LVSS” means the RITS Low Value Settlement Service.
Inserted effective
13/08/12
“LVSS BCP Arrangements” means the contingency plan and associated documents published by the
Reserve Bank of Australia for the purposes of the RITS Low Value Settlement Service, and which can
be accessed via a link on the Company’s extranet.
Inserted effective
13/08/12
“LVSS Contact” means the person nominated by a CECS Member as its primary contact for LVSS
inquiries, as listed on the Company’s extranet.
Inserted effective
13/08/12
“Management Committee” means the committee constituted under Part 6 of the Regulations.
“Merchant” means a person which delivers goods or services to a Cardholder at point of sale and
which, in the normal course, is reimbursed by the Acquirer to which, from the Terminal that it operates,
it electronically transmits that Transaction.
Amended effective
14/08/06
“Message Authentication Code (MAC)” A code, formed using a secret key, appended to a message
to detect whether the message has been altered (data integrity) and to provide data origin authentication,
MACs are formed in conformance with AS 2805 part 4 series.
Amended effective
27.04.11
“Nine AM (9am) Settlement” means the multilateral settlement of obligations arising from previous
days’ clearings of low value payments which occurs in RITS at around 9am each business day that
RITS is open.
Inserted effective
13/08/12
“NODE” means a processing centre such as an Acquirer, an Issuer, or an intermediate network facility.
“Originator” means the party (for example an Acquirer direct settler or Lead Institution) which, as a
result of either acquiring a Transaction or, in the case of a Lead Institution, by arrangement, is
responsible for the submission of a File Settlement Instruction in accordance with this Manual and the
requirements of the RITS Low Value Settlement Service.
Inserted effective
13/08/12
“Partial Dispense” means a Transaction that results in an amount of Cash being dispensed from an
ATM that is less than the amount requested by the Cardholder.
Inserted effective
03/03/09
“PCI Evaluation Report” means an evaluation report, prepared by an Approved Evaluation Facility,
which evidences the compliance of a device submitted for approval under clause 2.6.1(ii) with the
requirements set out in PCI PTS version 3.x.
Inserted effective
13/08/12
“PCI Plus Evaluation Report” means an evaluation report, prepared by an Approved Evaluation
Facility, which evidences the compliance of a device submitted for approval under clause 2.6.1(ii) with
the PCI Plus Requirements, and if applicable, includes any delta report prepared in respect of the
device.
Inserted effective
13/08/12
“PCI Plus Requirements” means the requirements set out in Annexure N of this Manual, being
requirements for device approval in accordance with AS 2805 Annexes A, B and D, which are
determined by the Company to be additional to the requirements of PCI PTS v 3.x.
Inserted effective
13/08/12
“PCI Points” means the attack potential calculated in accordance with Appendix B of the Payments
Card Industry (PCI) document “PCI PIN Transaction Security Point of Interaction Modular Derived
Test Requirements”, version 3.0, 2011.
Amended effectve
13/08/12
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.11
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
“PED” means a PIN Entry Device.
“Physically Secure Device” means a device meeting the requirements specified in AS 2805 part 3.1 for
a physically secure device. Such a device, when operated in its intended manner and environment,
cannot be successfully penetrated or manipulated to disclose all or part of any cryptographic key, PIN,
or other secret value resident within the device. Penetration of such a device shall cause the automatic
and immediate erasure of all PINs, cryptographic keys and other secret values contained within the
device.
Amended effective
27.04.11
“PIN” means a personal identification number which is either issued by an Issuer, or selected by a
Cardholder for the purpose of authenticating the Cardholder by the Issuer of the Card.
“PIN Entry Device” (PED) means a component of a Terminal which provides for the secure entry and
encryption of PINs in processing a Transaction.
Inserted Effective
19/04/10
“Prepaid Card” means a Card that:
(a)
enables the Prepaid Cardholder to initiate electronic funds transfers up to a specified amount
(subject to any other conditions that may apply); and
(b)
draws on funds held by the Prepaid Program Provider or third party by arrangement with the
Program Provider (as opposed to funds held by the Prepaid Cardholder).
For the avoidance of doubt, the definition of a Prepaid Card extends to both single use and
reloadable/multiple use Cards.
“Prepaid Cardholder” means a person that is in possession of a Prepaid Card.
Inserted Effective
19/04/10
“Prepaid Program Provider” means either:
Inserted Effective
19/04/10
(a)
an Issuer that issues a Prepaid Card; or
(b)
a person that issues a Prepaid Card in conjunction with a sponsoring Issuer.
“Record of Transaction” has the meaning given in the EFT Code of Conduct and Part 5.8.
“Regulations” means the regulations for CECS, as prescribed by the Company.
“Remote Management Solution” (RMS) for SCMs is a dedicated device which connects to an SCM
over a network and provides access to the SCM while it is in a sensitive state.
Inserted effective
19/02/13
“Retained Card” in relation to an ATM Transaction, has the meaning given in Part 7.7.
“RITS” means the Reserve Bank Information and Transfer System.
Amended effective
13/08/12
“RITS Low Value Settlement Service” means the Reserve Bank’s settlement file transfer facility
which must be used by:
Inserted effective
13/08/12
(a)
each Acquirer and Lead Institution to submit File Settlement Instructions and associated File
Recall Instructions; and
(b)
each Acquirer, Lead Institution and Issuer, if it so elects, to receive File Settlement Advices, File
Settlement Responses and File Recall Responses.
“RITS Regulations” means the regulations for RITS published by the Reserve Bank of Australia.
Australian Payments Clearing Association Limited
Inserted effective
13/08/12
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
“Secure Cryptographic Device” (SCD) means a physically and logically protected hardware device
that provides a set of secure cryptographic services. PIN Entry Devices (PED) and Security Control
Modules (SCM) are two specific instances of Secure Cryptographic Devices.
“SCD Security Standards” in relation to an SCD, means the standards from time to time published in
Part 8.
“SCM” means a Security Control Module.
“Secretary” means the person appointed under Regulation 6.27 to perform the duties of secretary of
the Management Committee.
“Security Control Module” (SCM) means a physically and logically protected hardware device that
provides a set of secure cryptographic services.
“Self Acquirer” means a Merchant that:
Amended effective
14/08/06
(a)
electronically transmits or receives payment instructions for value to or from one or more Issuers
(excluding for this purpose any Acquirer that receives payment instructions from that Merchant
in the capacity of an Issuer) as a result of Transactions which are initiated at Terminals operated
by that Merchant or any of the Merchant’s Related Bodies Corporate; and
Amended effective
14/08/06
(b)
bears risk as principal in relation to the payment obligations of each such Issuer arising out of
such exchanges, and to that extent only.
Amended effective
14/08/06
“Session Key” is a generic reference to any one of a group of keys used to protect Transaction level
data. Session keys exist between two discrete points within a network (e.g.. Host-to-host and host-toTerminal).
“Sponsor” means the Acquirer which, as among all Acquirers for a Terminal, is taken to be the lead
Acquirer for that Terminal, with ultimate responsibility for the integrity and security of PED software
and encryption keys for Transactions involving that Terminal.
“Sponsored Issuer” means an Issuer that is the registered owner of an Issuer Identification Number, as
referred to in Part 3.1.1, but is not a CECS Member.
“Statistically Unique” means an acceptably low statistical probability of an entity being duplicated by
either chance or intent. Technically, statistically unique is defined as follows;
For the generation of n-bit quantities, the probability of two values repeating is less than or equal to the
probability of two n-bit random quantities repeating. Thus, an element chosen from a finite set of 2n
elements is said to be statistically unique if the process that governs the selection of this element
provides a guarantee that for any integer L  2n the probability that all of the first L selected elements
are different is no smaller than the probability of this happening when the elements are drawn uniformly
at random from the set.
“Tamper-responsive SCM” means a Security Control Module that when operated in its intended
manner and environment, will cause the immediate and automatic erasure of all keys and other secret
data and all useful residues of such data when subjected to any feasible attack. A Tamper-responsive
SCM must comply with the requirements of Part 8 of this CECS Manual.
“Terminal” means an electronic device containing a PED which can be used to complete a
Transaction.
“Terminal Identification Number” means the unique identification number assigned by an Acquirer
to identify a particular Terminal.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.13
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 1 - Overview, Definitions and Interpretation
“Terminal Sequence Number” means a number allocated sequentially to each Transaction by the
relevant Terminal.
“Third Party Processors” means a body corporate which provides an outsourced facility for
Transaction processing and support to other participants in the CECS System.
“Transaction” means a Transaction initiated by a Cardholder which allows for the accessing of
available funds held in an account, or account information.
“Track Two Equivalent Data” means the contents of the EMV data element tag 57. This data element
contains the data elements of track two according to AS 3524-2008, excluding start sentinel, end
sentinel and Longitudinal Redundancy Check.
Amended effective
27.04.11
“Triple-DES” means the encryption and decryption of data using a defined compound operation of the
DEA-1 encryption and decryption operations. Triple-DES is described in AS2805 Part 5.4.
Inserted effective
13/08/12
“Unattended Device” has the meaning given in clause 8.5.1.
The next page is 2.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E227 issued as CS3/r&p/002.12
1.14
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
PART 2 COMMON REQUIREMENTS AND CERTIFICATION
This Part 2 sets out the common standards and certification requirements required to be met by all CECS
Members when engaged in Interchange with other CECS members.
2.1
Certification
Constant developments in new equipment and Interchange processes require Interchange standards and
guidelines to be reviewed to maintain a high standard of security and operational procedures in the
CECS environment. At any one time there will be current and draft future standards. Current industry
standards will be subject to an ongoing process of review and the Management Committee will upgrade
and re-issue applicable standards on a rolling triennial basis: see 2.1.6.
2.1.1
Requirement for Certification
Each CECS Member who wishes to participate in Interchange must arrange for Certification before it
commences processing Interchange Transactions.
A Non-Member may, subject to the Regulations, arrange for Certification at any time.
2.1.2
Certification
Certification means that a person (being an existing or a prospective Issuer or Acquirer) confirms
subject to Regulation 4.1(b), by completing and submitting to the Company a Certification Checklist
(satisfactory to the Company) that when it operates in CECS Interchange with other Members, it is able
to, and does, meet the CECS requirements in force at that time pursuant to this Part 2, including that:
When Operating as an Acquirer:
(a)
the PEDs it uses satisfy applicable SCD Security Standards and have been approved by the
Company (see Part 8);
(b)
the SCMs it uses satisfy applicable SCD Security Standards and have been approved by the
Company (see Part 8);
(c)
the Key Loading and Transfer devices it uses satisfy applicable SCD Security Standards and
have been approved by the Company (see Part 8);
(d)
its Interchange satisfies applicable AS2805 standards (see 2.3 and Part 9);
(e)
its operating procedures satisfies applicable standards (see Part 5);
(f)
its settlement procedures comply with Part 10;
(g)
it complies with Part 11 with respect to the imposition of ATM Operator Fees (if applicable); and
Last amended
effective 03/03/09
(h)
any services provided by third parties engaged in the provision of the Interchange are provided in
conformance with the relevant standards and requirements specified in this Manual.
Last amended
effective 03/03/09
When operating as an Issuer:
(a)
the Cards it uses satisfy applicable Card-related Standards (see Part 3.1);
(b)
PIN management satisfies security requirements (see Part 3.2);
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
(c)
the SCMs it uses satisfy applicable SCD Security Standards and have been approved by the
Company (see Part 8);
(d)
its Interchange satisfies applicable AS2805 standards (see 2.3 and Part 9);
(e)
its operating procedures satisfies applicable standards (see Part 3);
(f)
its settlement procedures comply with Part 10;
Last amended
effective 03/03/09
(g)
it complies with Part 11 with respect to the imposition of ATM Operator Fees (if applicable); and
Last amended
effective 03/03/09
(h)
any services provided by third parties engaged in the provision of the Interchange are provided in
conformance with the relevant standards and requirements specified in this Manual.
Last amended
effective 03/03/09
A CECS Member is taken to give such confirmation for the benefit of each other CECS Member and the
Company.
A Certification Checklist (and the associated confirmation given to the Company) may be given in
respect only of one or more of the matters listed above (for example, pursuant to 2.1.10).
2.1.3
Certification Checklist
A completed Certification Checklist must be used for Certification under 2.1.2 and for Certification of
individual devices etc. as required by 2.1.10. It must be signed by the existing Member, prospective
Member or Non-Member (as the case may be) and countersigned by its internal auditor.
Amended effective
date 27.04.06
Annexure A provides an Acquirer Certification Checklist and Annexure C a Certification Checklist for
Issuers.
A prospective Acquirer or Non-Member Acquirer seeking Certification must also complete a PIN
Security Compliance Checklist. (See 5.3.3.)
Inserted effective
date 27.04.06
Any further evidence of compliance which is reasonably requested by the Secretary or the Management
Committee must be promptly produced to the Secretary following the request.
2.1.3A
Report from Independent Auditor for prospective Members and Non-Members seeking Certification
Inserted effective
date 27.04.06
Where Certification is sought by a prospective Member or a Non-Member, the Certification Checklist(s)
must be accompanied by a report of an agreed upon procedures engagement (refer accounting standard
AUS 904) from an independent auditor in respect of certain requirements in the CECS Manual.
The independent auditor engaged by the prospective Member or Non-Member and the audit procedures
to be performed during the engagement must be acceptable to the Company. The Company maintains a
set of Guidance Procedures for Acquirers and/or Issuers, which contains a proposed set of acceptable
audit procedures. Once an acceptable independent auditor has been selected by the prospective Member
or Non-Member the independent auditor may obtain the Guidance Procedures from the Company.
The Company will provide a reliance letter if required by the independent auditor. However the form of
the reliance letter should be agreed with the Company prior to commencement of the engagement. The
Company will not provide indemnities or general open ended covenants in a reliance letter.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
2.1.4
Process
The Company will review the Certification Checklist, and accompanying documentation and provide a
report of its review to the applicant. Subject to Regulation 11.2, if all requirements appear to have been
met, or otherwise that any proposed remedial action/compensating controls with respect to areas of noncompliance are satisfactory to the Company having regard to the integrity and efficiency of CECS,
details of the application will be provided to the Management Committee for its acceptance.
On acceptance of the Certification Checklist by the Management Committee, the Secretary will issue a
Compliance Certificate to the applicant and will promptly notify all CECS Members of the successful
Certification.
For the avoidance of doubt, the reporting and notification processes set out in 2.1.4, and 2.1.5, will
extend to Certification Checklists received from Non-Members.
2.1.5
Failure to Pass Certification
If the Certification process fails in part, the Secretary will provide the applicant with details of the
deficiency as part of its report, and request either a partial or complete re-run of the certification
process, depending upon the nature of the problem.
The applicant will be required to rectify all deficiencies and submit supporting evidence as required by
the Company. Upon receipt the Company will re-evaluate such further evidentiary material in
accordance with 2.1.4.
2.1.6
Triennial Audit Compliance
The Management Committee will re-issue the standards applicable to Acquirers and Issuers under this
Part 2 triennially, commencing from 1 July 2004.
Each existing Certified Member that is a CECS Member at that date must submit to the Company an
Audit Compliance Certificate within 60 days of the effective date set by the Management Committee for
the implementation of those upgraded standards as re-issued or on such other date as may be determined
by the Management Committee.
Amended
effective 20/06/05
If a Certified Non-Member wishes to renew its Certification in relation to this Part 2 it will also be
required to lodge an Audit Compliance Certificate with the Company within that period. A Certified
Non-Member is not obliged to lodge an Audit Compliance Certificate, but if it does not do so within the
required time, or having done so is unable to demonstrate to the Company’s satisfaction that it meets the
standards as re-issued, its Certification will be taken to have expired at midnight on the day immediately
before the effective date set by the Management Committee for implementation of the re-issued
standards. CECS Members who deal with a Certified Non-Member are advised to make their own
enquiries as to the currency of its Certification.
The Audit Compliance Certificate is to be signed by the Member. It must be countersigned by the
Member’s internal auditor.
An Audit Compliance Certificate operates as a confirmation from the relevant member that it continues
to meet all applicable CECS requirements, including any upgraded standards, in force under this Part 2.
A CECS Member is taken to give such confirmation for the benefit of each other CECS Member and the
Company.
Any other evidence of compliance which is reasonably requested by the Secretary or the Management
Committee must be promptly produced to the Secretary following that request.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.3
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
2.1.7
Failure to Meet Technical Requirements
If an Audit Compliance Certificate given by a Member reveals, or the Company is otherwise notified
that the Member has failed to meet any applicable technical requirements, the Company will notify the
Member of the deficiency, in writing, requesting rectification of the deficiency as determined by the
Management Committee.
If, in the opinion of the Chief Executive Officer, the deficiency notified is such that it poses a risk to the
efficiency or security of CECS, the deficiency will be reported directly to the Management Committee.
The Management Committee may then take such remedial action which it considers necessary or
desirable, including (without limitation) in the case of a CECS Member, its suspension from
participation in CECS or, in the case of a Certified Non-Member, revocation of its Certification.
2.1.8
Timing
The time required to complete initial Certification, certification of additional devices or triennial recertification by the Company (but excluding for this purpose processes under the control of an
Evaluation Facility or auditor, whether internal or external) is estimated as follows:
initial certification:
eight weeks;
re-certification:
four weeks;
certification of additional devices etc:
four weeks; and
certification of new/modified interchanges: four weeks.
Note that these time scales are estimates only and are given to assist applicants in their planning.
Re-certification of a new Acquirer will be scheduled to coincide with the next re-certification date for
existing Acquirers.
2.1.9
Approved Devices
All devices involved in the production, distribution, selection, entering and transmission of plaintext
Cardholder PINs, or associated cryptographic keys used to protect Cardholder PINs, in the Interchange
environment shall be approved for use, using the process described in 2.6.
An Acquirer or Issuer which wishes to implement a new Secure Cryptographic Device for which a
Letter of Approval, issued by the Company, is not held must arrange for that device to be evaluated for
conformity with the current applicable SCD security standards, using the device approval process in 2.6.
In accordance with 2.1.2, only approved devices can be attached to the Interchange networks.
2.1.10
Approval of New or Modified Secure Cryptographic Devices and Interchanges
Amended effective
26/08/14
Any certified Issuer or Acquirer, which proposes to:
implement any new Interchange; or
substantially modify or upgrade any existing Interchange; or
implement a new SCD,
will in each case be taken to be required to apply for certification of the interchange or device in
accordance with Rule 2.1.3 and comply with this Rule 2.1.10.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.4
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
Notwithstanding any express or implied provision to the contrary set out in the Manual, any proposal to
modify or upgrade an existing Interchange that also involves changes by the other party, must be
advised by the applicant to the CECS Member/s affected no less than 180 days (unless otherwise
bilaterally agreed) prior to the date upon which the proposal is to be implemented (“Implementation
Date”).
Inserted effective
26/08/14
Each CECS Member must use reasonable endeavours to make such changes to its own Interchanges by
the Implementation Date, or a date otherwise bilaterally agreed, as may be necessary to give effect to a
proposal notified to it under this Rule 2.1.10.
Inserted effective
26/08/14
Any certified Issuer or Acquirer, which proposes to:
implement any new SCD (not currently covered by an existing Letter of Approval see 2.1.9); or
continue to employ a SCD which has reached or is about to reach its ‘Letter of Approval’ sunset
date, unless the Company has renewed the device’s Approval Period pursuant to clause 2.6.1; or
implement any changes to an existing SCD’s cryptographic devices, PIN or cryptographic key
handling and management processing, will in each case be required to apply for approval of the
device as required by 2.1.9 as if each device is a new device for the purposes of that section.
Deleted Effective
19/04/10
2.1.10A
Transitional
2.1.11
Exemption Requests
All Members must at all times comply with the Standards and Requirements specified in the CECS
Manual unless specifically exempted by the Company.
In cases where the introduction of a new service, a new device or the significant modification to an
existing device or service will cause the Member to be out of compliance with the requirements of the
Manual, the Member may not proceed with the introduction of the new device or service, unless
appropriate exemptions have been duly granted.
2.1.12
Applying for an Exemption
Each Member requiring an exemption from certain Requirements or Standards shall make an application
to the Company. The application must include the following information:
The name of the Member requiring the Exemption;
Date of the Request;
Date the out-of-compliance situation occurred;
Date of original request (if seeking an extension to an existing exemption);
The section(s) of the Manual which the Member is not in compliance;
Description of the Requirement with which the Member is not in compliance;
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.5
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
A statement on the reason for non-compliance;
A risk rating;
A full description of any compensating controls that are offered as justification for the authorisation
of the request; and
Exact details of the Member’s action plan to comply with the Requirements and an indication as to
the likely date of achieving compliance.
A suitable template is provided as Annexure K.
2.1.13
Exemption Process
The Company will review the Exemption Request and accompanying documentation and provide a
report of its review to the applicant. Subject to Regulation 11.2, if it is determined that any proposed
remedial action/compensating controls with respect to areas of non-compliance are satisfactory to the
Company having regard to the integrity and efficiency of CECS, details of the application will be
provided to the Management Committee for its acceptance.
On acceptance of the Exemption Request by the Management Committee, the Secretary will advise the
applicant and will promptly notify all CECS Members of the exemption granted.
2.1.14
Exemption Duration
Exemptions shall only be granted for a defined period of time. The Company may grant a duration
different than the one requested by the Member. All issues of non-compliance, regardless of when they
expire, must be reviewed and renewed annually.
2.1.15
Certification upon Remediation
Once the subject of the Exemption Request has been remediated, a Certification Checklist covering the
subject of the Exemption Request shall be submitted on or before the expiration of any granted
Exemption Request.
2.2
Network and Interchange Requirements *
Note: Any direct or indirect application of, or reference in, this clause 2.2 to an Acquirer is deemed to
include a Self Acquirer.
The Acquirer has responsibility for the network downstream to the Terminal. This may include third
party switches. The CECS network can be illustrated as follows:
The Issuer and Acquirer are jointly responsible for the Interchange Link.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.6
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
An Acquirer switch should not add more than a maximum of three seconds elapsed time through the
components of its network to the total processing time of a Transaction (as a Transaction consists of
both a request and a reply, message transit times for both Acquirers and any intermediate network nodes
should not exceed 1.5 seconds). The three-second target is taken to be the average Transaction time
within a peak load hour.
Where Third Party Processors are engaged in the delivery of Interchange e.g., Switches, it is incumbent
upon the engaging party to ensure that the third party is in conformance with the standards and
procedures given herein.
Interchange Links shall be supported 24 hours per day, every day including weekends and holidays.
The availability of the Issuer’s and Acquirer’s EFT Systems shall meet or exceed 98% when averaged
over one calendar month excluding telecommunications outages.
The Issuer host should respond to a request for Authorisation within a period not exceeding 15 seconds.
The fifteen-second target is taken to be the average Transaction time within a peak load hour.
The maximum time-out values in the table below are indicative and are provided for guidance only.
Component
Time-out
ATM Terminal
60 seconds
Maximum Delay Introduced
Intermediate Node
3 seconds total
(1.5 seconds per transit)
Acquirer
23 seconds
3 seconds
(1.5 seconds per transit)
Issuer
15 seconds
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.7
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
2.2.1
Interchanges
For the avoidance of doubt, Interchange Link is the term used to refer to the logical communication path
between two communicating Nodes. Interchange Line refers to the physical communication path
between those Nodes. A single Interchange Line can support multiple Interchange Links.
Links wholly internal to an Issuer, an Issuer’s exclusive environment, or those not carrying personal
identification numbers are not Interchange Links for the purposes of these requirements.
Terminal concentrator lines are not subject to the requirements of Interchange Lines and Interchange
Links.
Interchange Links shall be so constructed and managed such that each link will form a separate, distinct,
cryptographic zone.
Distinct security requirements apply to both Interchange Links and Interchange Lines.
2.2.2
Suspension of Interchange
Where in the reasonable opinion of the Acquirer, Issuer or other intermediate network entity, excessive
Transaction response times from the other party are causing a downgrading of the service level in the
Interchange system the first affected party may temporarily suspend its services for such period or
periods as it shall think fit to restore the service level of the Interchange system to normal level.
The first affected party shall notify the other party and the Company prior to suspending the service if
practical, or at the earliest opportunity after suspending the service.
2.2.3
Unauthorised Access Prevention
All parties to the Interchange, including Acquirers, Issuers, Third Party Processors and any intermediate
network entities shall maintain procedures for avoiding any unauthorised access to or use of, the
Interchange system through its own hardware, software, Interchange Lines and operational procedures
which enable the exchange of authorisation and reconciliation of financial Transactions.
2.2.4
Interchange Cryptographic Keys
Interchange keys are used to protect financial Transactions initiated at Acquirer Terminals while in
transit to the Issuer institution. Interchange keys may be either;
2.2.5
PIN encrypting keys – used to protect the customer PIN from the point of origin to the point of
authorisation. PIN encrypting keys are a specific instance of session keys;
Session keys – used to secure, validate and protect the financial message. Session keys can be
further qualified into those used in the Terminal to Acquirer environment (Terminal session keys)
or on node to node links (interchange session keys);
Key Encrypting Keys (KEK) – used to protect other keys (e.g. session keys) during exchange; or
Transport Keys – used to protect keys (e.g. KEKs) during transport to the partner institution.
Cryptographic Algorithms
DEA3 and DEA2 are the only approved algorithms for the protection of interchange information (full
details of these algorithms may be found in the Australian standards AS 2805 part 5.4 and AS 2805 part
5.3 respectively).
Australian Payments Clearing Association Limited
Amended effective
27.04.11
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.8
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
DEA3 keys are 128 bits in length (effectively 112 bits) and are generally referred to as triple DES or
3DES keys (the corresponding encryption algorithm is specified in AS 2805 part 5.4). Triple DES may
also be acceptably implemented using a key length of 192 bits (effectively 168 bits).
DEA3 with a key length of 128 bits and DEA2 with key lengths equal to, or greater than 2048 bits are
the minimum acceptable requirements for the effective protection of interchange information at the time
of the issuance of this document.
In accordance with AS 2805 part 3.1, DEA3 must be used for PIN encipherment. Acquirers who do not
comply with this requirement from 1 February 2008 are responsible for any Issuer loss (direct or
indirect) arising from the compromise of PIN data due to a breach of this requirement.
2.2.6
Interchange Links
2.2.6.1
For all Interchange Links, Issuers and Acquirers must ensure that:
Last amended
effective 26.08.14
Amended effective
27.04.11
(a)
Security for Transactions processed over that Interchange Link complies with: AS 2805 part 6
series;
(b)
Message formats comply with AS 2805 Part 2;
(c)
Security for Transactions from Terminal to Acquirer and from Acquirer to Issuer complies with:
AS2805 part 6 series;
(d)
PIN security and encryption complies with AS 2805 parts 3.1 and 5.4;
(e)
Key management practices comply with AS 2805 part 6.1;
in each case as more particularly set out in Part 9:
2.2.6.2
(f)
Message Authentication must apply to all Interchange Links;
(g)
The Message Authentication Code (MAC) must be calculated using, as a minimum, a DEA 3
(128-bit) key, Triple-DES and an algorithm conforming to AS 2805 part 4.1; and
(h)
all interchange PIN and MAC cryptographic functions must be performed within a Tamperresponsive SCM.
Key Management Practices – Interchange Links
Clause 2.2.6.2 is Confidential
2.2.6.3
Key Rolling Process for Interchange Key Encrypting Keys (KEKs)
The procedures to be adopted for the exchange of Interchange Key Encrypting Keys are detailed in
Part 9.
2.2.7
Interchange Lines
Interchange Lines shall be subject to whole-of-message encryption, excluding communications headers,
using at a minimum, triple-DES and a DEA 3 (128-bit)-bit key in accordance with AS 2805 part 5.4
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.9
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
2.2.7.1
Interchange Line Cryptographic Management
Subject to 2.2.6.3, the use of transport level data encryption (e.g., IPSec) is permitted subject to the
following conditions:
data encryption must use triple DES with either a 112-bit or 168-bit key length, exclusive of parity
bits;
the data stream must be fully encrypted with the exception of communication headers;
where IPSec is used, the system must be configured to use Encapsulating Security Payload, and
authentication must be HMAC-SHA-1;
either certificates or encrypted pre-shared secrets must be used (plain text shared secrets not
acceptable);
tunnel termination points must be within the CECS Member’s or their trusted agent’s facilities;
the facility must be supported by documented device management procedures with identified roles
and responsibilities and subject to internal audit as prescribed by the CECS Member’s security
policy;
ownership and control of end-points must reside with the terminating CECS member;
split tunnelling is not to be used; and
the minimum Diffie-Hellman MODP group size is 1536-bits.
Internet Key Exchange, if used, must be configured to only use main mode.
aggressive mode must NOT be used.
Amended effective
13/08/12
Specifically,
Where certificates are used consideration should be given to the use of the APCA signed, closed usergroup certificate.
Where encrypted shared-secrets are used, key management, including the process of key (secret) entry
must comply with the requirements of AS2805 part 6.1, especially the requirement that no one person
shall have the capability to access or ascertain any plain text secret or private key;
2.2.7.2
Key Management Practices for Interchange Lines
2.3
Interchange Technical Specifications *
Clause 2.2.7.2. is Confidential
Note: Any direct or indirect application of, or reference in, this clause 2.3 to an Acquirer is deemed to
include a Self Acquirer.
Subject to the requirements of Part 9, the following specifications will apply to all Interchanges.
2.3.1
Dialogue
A two message dialogue will be used across the Interchange Link.
2.3.2
Communications Protocol and Line Configuration
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.10
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
All CECS Members will support, at a minimum, X.25 as the default protocol on the Interchange.
Alternative protocols may be used where mutually agreeable. The Interchange Link should be
configured using a packet size of 256 octets. Preferably two lines will be installed – primary and
secondary with load sharing across them. Testing will be performed using either a separate test line; a
swapped secondary or test PVCs defined on the production lines. Generally the links should be
configured with Permanent Virtual Circuits with at least 2 PVCs defined per link per line.
2.3.3
Message Formats
Messages will be formatted in accordance with Part 9.
2.3.4
Reconciliation Messages
The exchange of reconciliation messages will be within 10 minutes from the agreed cutover time.
These reconciliation messages will relate to all Transactions where the request/advice message bears a
date consistent with the data being settled.
2.3.5
Sign On
A Sign On is only unidirectional and therefore each endpoint will be required to Sign On independently.
Both endpoints must receive and successfully verify an 0810 Network Management Request Response
(logon) from the other before starting any other message exchange.
When ready to Sign On, a party should attempt to Sign On and continue to attempt to Sign On until a
successful response has been received.
Upon receipt of an unsolicited Sign On (i.e. Receiving a Sign On message when in an assumed signed
on state) or a message with a response code indicating an irrecoverable error, a party should send an
immediate Sign Off message and attempts to Sign On should be made as soon as possible.
All Sign On response messages should be inspected to ensure that the response code indicates a
successful sign on. After a successful sign on, 0820/0830 key exchange messages must be exchanged
successfully before value Transactions commence.
2.3.6
Messages
The following messages will be used – 0100, 0110, 0200, 0210, 0220/1, 0230, 0420/1, 0430, 0520/1,
0530, 0800, 0810, 0820, 0830.
2.3.7
Redundancy
It is desirable that both lines are always active; running as primary and secondary. This allows for
better redundancy without manual intervention. Both lines require line encryption as stated.
2.3.8
Terminal Details
Transaction messages must contain Terminal name, location and Terminal ID to enable completion of
statement narratives.
2.4
Cryptographic Key Management – General *
Note: Any direct or indirect application of, or reference in, this clause 2.4 to an Acquirer is deemed to
include a Self Acquirer.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.11
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
Unless specifically detailed elsewhere, the following key management practices shall apply.
All cryptographic key management practices shall conform to AS 2805 part 6.1.
2.4.1
Transport Keys
2.4.1.1
Approved Encryption Algorithms for Transport Keys
DEA2 and DEA3 are the only approved algorithms for the protection of keys in transport.
2.4.1.2
Minimum Key Length for Transport Keys
DEA2 keys of less than 2048 bits are to be treated as single use keys and their use is deprecated.
DEA 2 key lengths of less than 1024-bits are unsuitable for general use. Preferred DEA2 key lengths
are equal to or greater than 2048 bits in length and should be used in all new implementations where
hardware constraints do not exist.
Triple DES (DEA 3) may use either 128-bit or 192-bit key sizes.
2.4.1.3
Key Life Cycle Practices for Transport Keys
DEA3 Key Transport Keys are single use keys only.
They must be freshly generated to protect keys in transport and then securely destroyed after use.
At the time of publication, DEA2 keys of size equal to or in excess of 2048 bits are deemed acceptable
for a key change interval (life time) of two (2) years.
2.4.2
Domain Master Keys (DMK)
These keys are used within a financial institution to protect keys stored internal to the organisation.
2.4.2.1
Minimum Key Length for Domain Master Keys
Domain Master Keys shall be DEA 3 keys with a minimum length of 128-bits (112 effective).
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
2.5
Third Party Checks [Deleted]
2.6
Device Approval Process *
Deleted effective
19.02.13
Note: Any direct or indirect application of, or reference in, this clause 2.6 to an Acquirer is deemed to
include a Self Acquirer.
2.6.1
Process
Sponsors, other Acquirers, Non-CECS Members, Third Party Processors, or Vendors (“Applicants” for
the purpose of this Part 2.6 and Part 2.7) seeking to have a device approved shall submit the device to an
Approved Evaluation Facility for examination. The device shall be examined, at the option of the
Applicant, either:
Amended effective
13/08/12
(i)
in accordance with the process defined in AS 2805 part 14.1 for the semi-formal methodology
and using the compliance checklists specified in Part 8 of the CECS Manual from AS 2805 part
14.2; or
Amended effective
13/08/12
(ii)
if the device has been evaluated and determined to be compliant with PCI PTS v.3.x, to evaluate
its compliance with the PCI Plus Requirements specified in Part 8 and Annexure N of the CECS
Manual from AS 2805 part 14.2, such examination to be undertaken in accordance with the
process defined in AS 2805 part 14.1 for the semi-formal methodology.
Inserted effective
13/08/12
Only those checklists appropriate to the characteristics and function of the device shall be evaluated. In
addition to these checklists the Approved Evaluation Facility shall use such additional tests as its
knowledge and experience dictate.
The Approved Evaluation Facility shall provide to the Company the results of the testing including but
not limited to:
(a)
The list of all pertinent documentation used in the evaluation
(b)
A completed list of all successful or failed tests
(c)
The name of the Applicant
(d)
The name of the evaluation facility
(e)
The date of the evaluation
(f)
Identification of the device (model name, hardware version, firmware version and application
version) must be provided
(g)
Completed SCD checklists
(h)
Advised deployment environment (as advised by the Applicant)
(i)
Details of the examination and testing process followed in developing the report.
(j)
If the examination is conducted pursuant to clause 2.6.1(ii) above, a copy of the PCI Evaluation
Report and PCI Plus Evaluation report.
Amended effective
date 06.02.06
Inserted effective
13/08/12
The Company upon examination of the report shall provide a Letter of Approval to the Applicant or
otherwise provide notification of the unacceptable results.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.13
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
Device approval shall be granted for a period of three years (the “Approval Period”). At the conclusion
of the Approval Period, the Company may, at its sole discretion, extend the Approval Period for a
further period of three years or such other period as it (in its absolute discretion) deems appropriate
having regard to changes in security technology, applicable standards, security threats and/or other
knowledge.
Last amended
effective 30/04/08
The Company may, by written notice to the Applicant, revoke device approval prior to expiry of the
Approval Period, (or any extension thereof) if it becomes aware that:
Inserted effective
01.01.12
(a)
the device no longer meets the approval criteria; or
Inserted effective
01.01.12
(b)
approval of the device has been withdrawn or revoked by any other relevant security standards
body; or
Inserted effective
01.01.12
(c)
the device is vulnerable to a significant security threat which did not exist or was not apparent at
the time the device approval was granted.
Inserted effective
01.01.12
A list of approved devices shall be made available on the Company web site at http://www.apca.com.au/
The Company shall only require re-certification upon the expiration of a device’s approval, where
substantial changes in security technology, applicable standards, security threats and/or knowledge have
occurred since the granting of the initial approval.
Last amended
effective 30/04/08
The Applicant shall arrange with the Approved Evaluation Facility, consent release forms, so that it has
permission to release the test evaluation report to the Company.
2.6.2
Existing Certified Devices
2.6.3
Approved Evaluation Facilities
Deleted Effective
19/04/10
D
An Evaluation Facility for compliant devices may be accredited only if:
(a)
(b)
(c)
The Management Committee is reasonably satisfied as to that entity’s credentials, independence
and expertise;
The Company has obtained that entity’s agreement to assess any relevant device for conformity
to the SCD Security Standards; and
the entity has satisfied the requirements of the Evaluation Facility Recognition Process as
specified in 2.7.
Approved Evaluation Facilities will be listed on the Company Web site http://www.apca.com.au/
2.6.4
Evaluation Costs
Costs and expenses incurred in securing approval for a device are the responsibility of the relevant
Applicant. The Company may levy a fee to cover its costs (if any) in supporting the evaluation of any
particular device.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.14
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
2.6.5
Agreements
The Evaluation Facility and Applicants shall directly enter into contracts and any necessary nondisclosure agreements for the conduct of all testing to be carried out under clause 2.6.1. If a device is
submitted for examination under clause 2.6.1(ii), such contract shall authorise the disclosure of any
relevant PCI Evaluation Report by the Evaluation Facility to the Company. Upon approval of a device,
the Evaluation Facility shall directly submit a copy of the test report, and any relevant PCI Evaluation
Reports if applicable, to the Company. Test reports must be prepared in the prescribed format (see
2.6.1). The Company will use the results of the testing process to help determine whether to approve a
device as compliant to CECS SCD Security requirements.
2.7
Amended effective
13/08/12
Evaluation Facility Accreditation Process *
Note: Any direct or indirect application of, or reference in, this clause 2.7 to an Acquirer is deemed to
include a Self Acquirer.
2.7.1
Introduction
This section documents the process for accreditation to perform Secure Cryptographic Device (SCD)
security testing on behalf of the Company. The following clauses identify the requirements a
prospective Approved Evaluation Facility (“a Test Laboratory”) must meet in order to qualify for
accreditation by the Company for conducting device evaluations to the CECS security requirements.
2.7.2
Initiation
Test Laboratories applying for accreditation as Approved Evaluation Facilities should initiate the
process by contacting the Senior Manager Operations, Australian Payments Clearing Association
Limited. To minimize the associated time frames, Applicants should submit all required materials and
evidentiary matter in a single package. Subsequent to the receipt by the Company of all prerequisite
materials, a minimum of six weeks is required for processing. Where required, testing of device
artefacts may result in more extended time frames.
2.7.3
Accreditation Process
To gain accreditation for SCD security testing, the Test Laboratory must successfully complete the
Company’s Evaluation Facility Accreditation process. The accreditation process has three components;
Business Review
Technical Review
On-site Visit
as more particularly described below.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.15
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
Once a Test Laboratory has been approved by the Company to perform SCD security testing, it will be
listed on the APCA website (www.apca.com.au/pin) as an Approved Evaluation Facility, and it can
offer its services to Applicants wishing to have their devices evaluated against the CECS SCD security
requirements as specified in Part 8 of this Manual. The Company may require, at its sole discretion, that
an Approved Evaluation Facility provide evidence of its continued compliance with the Accreditation
Process requirements triennially. The Approved Evaluation Facility shall perform testing as described
in the following documents:
2.7.4
1.
AS 2805 part 14.1 Secure Cryptographic Devices, concepts, requirements and evaluation methods
2.
AS 2805 part 14.2 Secure Cryptographic Devices – Security Compliance Checklists; and
3.
This Manual – Part 8 – Device Security Standards.
Business Review
The Test Laboratory must complete a business review with the Company. This review requires that the
Test Laboratory meet a minimum required standard acceptable to the Company for conducting business
with the highest ethical standards. The business review covers areas including, but not limited to, Due
Diligence and Independence.
Due Diligence
Establishes the potential business relationship with the Company and its Members, the nature of
services to be provided, a review of the last two years financial statements and a background check on
the key executives within the organization. The purpose of this review is to provide the Company with
a clear understanding of the Test Laboratory’s capabilities and business practices.
Independence
The Test Laboratory shall demonstrate its independence from any SCD manufacturer or vendor.
The Test Laboratory shall not be owned in whole or in part by any SCD manufacturer or vendor.
Evaluations will not be accepted from an Approved Evaluation Facility if the customer whose
products being evaluated represent more than 10% of the facility’s annual revenue.
The Test Laboratory shall demonstrate the independence of its review. The Test Laboratory shall not
have designed the product being evaluated nor have been involved in its design.
2.7.5
Technical Review
The Test Laboratory must complete a due diligence technical review with the Company. This review
requires that the Test Laboratory meet certain minimum technical requirements set forth by the
Company.
The technical review covers areas such as Laboratory Accreditation, Personnel
Requirements, Equipment Requirements, Reference Library and Demonstrated Ability.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.16
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
The Test Laboratory must complete and submit the CECS Laboratory Accreditation Checklist
(Annexure J). This material addresses such areas as:
Organization and Management;
Quality Assurance function;
Skill sets of personnel;
Adequacy of the facilities;
Appropriateness of equipment and reference materials;
Equipment and software configuration management;
Testing methodologies employed;
Records management; and
Qualities of reports issued.
In addition the Test Laboratory must specifically provide the following information:
Amended effective
27.04.11
Accreditations and Certifications
The Test Laboratory shall provide evidence of all accreditations claimed. These may include
accreditation under the relevant national implementation of AS ISO/IEC 17025 (Criteria for the
competence of testing and calibration laboratories), AS/NZS ISO 9000 (Quality management systems),
AS ISO/IEC 15408 series (Common Criteria for IT security evaluations) or other similar international,
national, or industry standards.
The Test Laboratory shall also provide evidence of sponsorship or endorsement by a recognized
payment scheme engaged in the processing of PIN Transactions (either a global payment scheme or a
multi-Member national debit network/network). The sponsorship or endorsement must include the
testing of cryptographic devices to a prescribed set of security requirements.
Personnel Requirements
The Test Laboratory shall provide a listing of personnel who work on evaluations submitted for the
Company’s consideration, along with their qualifications. Qualifications should include formal and
informal training, length and type of experience in doing related evaluation work. The list should
include their specific role(s) in the evaluation process. This listing should be updated annually and shall
be made available to the Company upon request.
Equipment Requirements
The Test Laboratory shall provide a listing of the relevant “standard” test equipment that is owned by
the Test Laboratory, and any relevant “specialized” test equipment that is owned by the Test Laboratory
or available for rent or contract service.
Reference Library
The Test Laboratory shall provide a listing of Reference materials that are resident at the Test
Laboratory. Reference materials should include, but not be limited to, books, articles and proceedings
that relate to the testing of cryptographic devices (e.g., cryptography, threats and attacks, etc.).
Reference materials should also include industry standards and specifications for testing cryptographic
devices (e.g., ISO and National Standards).
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.17
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
Demonstrated Ability
The Test Laboratory shall provide a Test Report that documents the results of a Security Evaluation of a
cryptographic device, preferably a PIN Entry Device. The test report submitted must be current,
performed no longer than one year prior to the submission. The test report should demonstrate the Test
Laboratory’s ability to assess the cryptographic device against a defined set of security characteristics
and assess the Target of Evaluation’s overall strengths and vulnerabilities from a physical and logical
security perspective. This shall be accompanied by documentation of the relevant standards and
requirements that forms the basis for the evaluation.
The Company requires that the Test Report be accompanied by a letter of permission that has been
signed by the Applicant for the evaluation. The letter of permission must state that the Applicant
permits the Test Report to be reviewed by the Company, and kept by the Company for its records.
The Company may also require the Test Laboratory to examine a test artefact (PED) with one or more
features that are not in compliance with the CECS SCD Security Requirements. The Test Laboratory
must discover the nonconformities, document them, and indicate which CECS SCD Security
Requirements have failed due to the presence of the nonconformities. The Test Laboratory must bear
the costs of this process and, in addition, compensate the Company for the costs of completing a
concurrent evaluation of the same device via an Approved Evaluation Facility.
2.7.6
On Site Visit
The Company, or a third party acting on behalf of the Company, may visit the Test Laboratory. The
purpose of the visit is twofold – (1) to inspect the Test Laboratory and validate that the Test Laboratory
is in compliance with the documentation received in 2.7.4 and 2.7.5; - and (2) to discuss security-testing
issues with the Test Laboratory’s staff.
2.7.7
Other Accreditations
The Company may, at its sole discretion, accept existing accreditations with other bodies, as meeting
part or all of the Accreditation Process requirements of this part 2.7.
2.8
Crisis Management Action Plans
There are various unscheduled service disruptions and fraudulent events and exposures which Acquirers
and Issuers should be prepared to manage from time to time. The Crisis Management Action Plan (set
out in the Guidelines for CECS Members) provides Acquirers and Issuers with a guide to possible
preventative and crisis management corrective action. Application of the Crisis Management Action
Plan is optional at the discretion of each CECS Member.
2.8.1
Amended effective
14/08/06
CECS Operational Broadcast
CECS members may provide operational advice to other CECS Members by issuing a CECS
Operational Broadcast (set out in Annexure H) using the Company’s extranet.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.18
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
2.8.1.1
How to Send a CECS Operational Broadcast
The CECS Operational Broadcast form is an online form which can be accessed, completed and sent by
CECS Members using APCA’s extranet.
2.8.1.2
When to Send a CECS Operational Broadcast
The CECS Operational Broadcast form may be used to notify other CECS Members about:
Amended
effective 25/06/13
(a)
unscheduled network outages;
Amended
effective 2/10/06
(b)
scheduled network outages;
(c)
to facilitate the exchange of general operational information relevant to network operations;
(d)
Disruptive Events; or
(e)
any technical inability to comply with a notification given by the Secretary under Part 4A of the
CECS Regulations (BIN and AIN Changes).
Inserted
effective 25/06/13
CECS Operational Broadcast forms may be completed by CECS Members and submitted to APCA
during business hours (Monday to Friday 8.30 am to 5.30 pm) for action.
APCA will process the CECS Operational Broadcast form, during business hours, and broadcast as
requested in the “Communication Process” section of the form.
2.9
A CECS Operational Broadcast about a Disruptive Event must include the following information: (1)
the time when the Disruptive Event commenced or is expected to commence; (2) the time when normal
processing is expected to resume or resumed; and (3) the current status of the Disruptive Event.
Inserted
effective 2/10/06
Contingency Procedures
Inserted
effective 2/10/06
Clauses 2.9.1 to 2.9.5 have been deleted.
2.9.6
2.10
Inserted effective
19/02/13
Notification of a Disruptive Event
Inserted
effective 2/10/06
A CECS Member that experiences a Disruptive Event must notify the Company and all CECS Members
that will or are likely to be affected by the Disruptive Event as soon as possible. Notification of a
Disruptive Event shall be given to the operational contacts listed at https://extranet.apca.com.au and
subsequently by a CECS Operational Broadcast.
Amended effective
13/08/12
Upon notice of a Disruptive Event, the Chief Executive Officer may, if he considers it appropriate to do
so, invoke the Member Incident Plan which is available on the Company’s Extranet, either by written
notice to, or verbally notifying the Management Committee. The Member Incident Plan provides a
framework for Management Committee communication and consultation during applicable contingency
events. If the Chief Executive Officer invokes the Member Incident Plan, the Management Committee
will comply with its requirements.
Amended effective
19/02/13
Clauses 2.9.7 and 2.9.8 have been deleted.
Inserted effective
19/02/13
Clause 2.10
inserted effective
01.01.12
Key Injection Facility Assessment*
Note: Any direct or indirect application of, or reference in, this clause 2.10 to an Acquirer is deemed to
include a Self Acquirer.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.19
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
2.10.1
Request Assessment
An Acquirer may request the Company conduct an assessment of a Key Injection Facility for the
purposes of verifying compliance with certification requirements under this Part 2. This clause broadly
outlines the process for assessment of a Key Injection Facility by the Company on an Acquirer’s behalf.
In this clause, “Applicant” means the Acquirer on whose behalf the Company agrees to conduct an
assessment of a Key Injection Facility.
2.10.2
Nomination for Assessment
An Applicant should initiate the assessment process by submitting to the Company:
2.10.3
(a)
a written request that the Company assess a nominated Key Injection Facility on its behalf;
(b)
evidence of the consent of the Key Injection Facility to the conduct of the assessment by the
Company in accordance with this clause 2.10, such consent to be evidenced by a Key Injection
Facility Assessment Agreement executed by the Key Injection Facility; and
(c)
all relevant additional information, including technical materials and evidentiary matters relevant
to the Applicant’s certification requirements with respect to key injection practice.
Assessment Process
The Company will assess the performance of the Key Injection Facility in relation to the Company’s
standards and the Applicant’s requirements. The Key Injection Facility must comply with the standards
and requirements set out in the document Key Injection Accreditation Program: Key Injection
Requirements v.3.0, together with such additional requirements as may be applicable to the Applicant’s
circumstances or requirements.
The Key Injection Facility assessment process comprises such business reviews, technical reviews and
on-site visits as may be necessary to enable the Company to properly assess the compliance of the Key
Injection Facility with applicable requirements.
Once a Key Injection Facility has been assessed by the Company as compliant with the applicable
requirements, the Acquirer may rely on the assessment only for the purposes of certification under this
Part 2. The Company may require, at its sole discretion, a Key Injection Facility to provide evidence of
its continued compliance with assessment requirements triennially. The Company in its sole discretion
may determine whether any other person, including any other Acquirer, may rely on the assessment for
certification purposes.
The next page is 2A.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
2.20
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 2 - Common Requirements and Certification
Appendix A DEA3 Liability Shift
Deleted effective 19.02.13
APPENDIX 2A – DEA 3 LIABILITY SHIFT [DELETED]
The next page is 3.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
2A.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
PART 3 ISSUER STANDARDS
This Part 3 sets out standards required to be met by all CECS Members which participate in Transactions and
related Interchange in the capacity of Issuers.
3.1
Card-related Standards *
Note: Any direct or indirect application of, or reference in, this clause 3.1 to an Acquirer is deemed to
include a Self Acquirer.
3.1.1
Identification of Issuers
Each Issuer must be registered in accordance with AS 3523.2. It specifies the application and
registration procedures for numbers issued in accordance with AS 3523.1. The registration process
involves allocation of an Issuer Identification Number (IIN).
3.1.2
Physical Characteristics for Cards
Each Issuer must ensure that its Cards, as a minimum, meet the specifications detailed in AS 3521, 3522
series and 3524. These standards contain requirements for physical characteristics, dimensions, layout
of information and format for encoding Tracks 1 and 2 of the magnetic stripe.
3.1.3
Amended effective
27.04.11
Minimum Embossing Requirements for Cards
Each Issuer must emboss its Cards with the following information:
Card/account number; and
Card expiry date.
This data must match the detail encoded in Track 2 on the magnetic stripe.
It is also recommended that an Issuer emboss its Cards with the Cardholder name.
The Cardholder name data embossed on the Card must match the detail encoded in Track 1 on the
magnetic stripe, if encoded.
Each Issuer may emboss its Cards with any other information, in accordance with the specifications
detailed in AS 3522 series.
3.1.4
Encoding Requirements
Encoding of Track 1 and Track 3 on the Card is optional. Encoding of Track 2 on the Card is
mandatory.
Each Issuer must ensure that encoding of Track 1 and Track 2 meets the requirements of AS 3524. An
Acquirer is required to submit all Track 2 data, received by the Acquirer from the Terminal, to the
Issuer without any editing of that data.
3.1.5
Minimum Signature Panel Requirements
Each Issuer must provide a signature panel on the reverse side of the Card. The signature panel must
comply with the following minimum standards:
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
Minimum width to be 45.00mm; and
Minimum height to be 8.00mm.
Last amended
effective 13/08/12
When placing the signature panel on the reverse of the Card the Issuer must ensure that the signature
panel must not interfere with the magnetic stripe or Chip and must not intrude into the embossed area of
the Card.
3.1.6
Amended effective
31/05/10
Minimum Signature Panel Requirements – Security Pattern
It is recommended that each Issuer provide a tamper-evident signature panel by having a repetitive
“VOID” pattern printed directly on the plastic core of a Card in the area covered by the signature panel.
Where used the “VOID” pattern must be printed in:
3.2
A contrasting colour; and
All capital letters.
PIN Management and Security *
Note: Any direct or indirect application of, or reference in, this clause 3.2 to an Acquirer is deemed to
include a Self Acquirer.
3.2.1
PIN Standards and Derivation
Each Issuer must comply with the current version of AS 2805 part 3.1 which specifies requirements for
the management and security of any current Personal Identification Number (PIN).
Amended effective
27.04.11
Random, including customer-selected, PIN is the preferred option for PIN generation. Where a derived
PIN is produced, the PIN derivation technique must be based on a cryptographic algorithm which
employs a minimum key size of 128-bits.
3.2.2
PIN Attempts
The number of PIN entry attempts allowed by an Issuer to a Cardholder prior to disabling Card access is
at the Issuer’s discretion. It is recommended that the minimum number of PIN entry attempts (whether
consecutive per an individual Transaction or cumulative over a given period of time – generally 24
hours) should be set at 3.
3.2.3
Inserted effective
31/12/09
Offline PIN
Australian IC Cards that can be used to initiate a Transaction shall be Dynamic Data Authentication
(DDA) or Combined Data Authentication (CDA) capable if offline PIN verification is to be supported.
Protection of an offline PIN, during transmission to the IC Card must employ an asymmetric cipher
mechanism conformant to part 7 of EMV book 2 Security and Key Management. The use of a separate
PIN encryption key pair is highly recommended.
3.2.4
Inserted effective
13/08/12
PIN Management
PIN Change and PIN Distribution over any form of open networks (e.g., Internet, mobile phone) and
not using secure cryptographic devices, shall conform to the requirements specified in clause 3.10.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
3.3
Card Expiry
The Card expiry date must be clearly embossed on the Card and must identify the month and the year of
expiry. It is recommended that the debit Card artwork includes printing to unambiguously identify the
format of the Card expiry date, e.g. Month/year, MM/YY.
The Card will be deemed to expire on the first day of the subsequent month following the date specified
in the Card expiry date.
The setting of the Card expiry date by the Issuer is at the Issuer’s discretion. It is recommended that the
Card expiry date be no more than four (4) years from date of issue of the Card.
3.4
Supported Transactions
An Issuer must be capable of supporting at least the following Transactions (subject to any Interchange
Agreements negotiated bilaterally with any Acquirer):
3.5
(a)
Cash withdrawal Transactions
(b)
(c)
balance enquiries; and
reversals of the above Transactions and enquiries.
Amended effective
date 15.8.05
Sponsored Issuers
A CECS Member that is representing, or acting on behalf of, a Sponsored Issuer must ensure that the
Sponsored Issuer conforms with all relevant aspects of this Manual, as if the CECS Member were the
Issuer.
3.6
Issuer Interchange Operational Procedures
Standards that must be applied between Issuers and Acquirers in regard to the operation of Cardholder
Transaction Interchanges are set out in Parts 4 and 9.
3.7
Production of Test Cards – BIN Changes
Inserted effective
date 06.04.06
Issuers that give notice of the introduction of a new BIN or a change to the routing of an existing BIN
pursuant to Regulation 4A.2 must liaise with the affected CECS Members to ensure production of any
necessary test Cards in sufficient time to allow testing to occur before the applicable Institutional
Identifier Change Date.
3.8
[deleted]
Inserted effective
9/02/07
3.9
[deleted]
Inserted effective
9/02/07
3.10
PIN Change and Delivery over Open Networks
Inserted effective
13/08/12
This Part 3.10 contains requirements for PIN change and delivery mechanisms using open networks
and not employing secure cryptographic devices.
Where the new PIN is derived or generated by the Issuer (Issuer assigned PIN), delivery to the
cardholder is supported using Internet based mechanisms (e.g., browser based PC or Smartphone) or
using SMS messaging based mechanisms.
Where the new PIN is to be provided by the Cardholder (customer select PIN), only Internet based
mechanisms are supported.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.3
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
Where an open network is used to enable customer initiated PIN change and/or PIN delivery, then the
requirements of this section apply. (See also Section 3.2.4.)
Note: Issuers are referred to the CECS Guidelines, including the Glossary of Terms, for further
explanation of principles underlying, and technical terms used in, this Part 3.10.
3.10.1
Preferred Models for open network PIN change and delivery
The following principles should be applied to any PIN change and delivery system over open networks
(e.g., Internet, mobile phone etc).
1.
The PIN change and delivery system should be separate to all other PIN processing and card
management systems. Its domain should contain no cardholder identifying/authentication
information other than that associated with the PIN change and delivery system itself.
2.
The identification and authentication credentials for the PIN change and delivery system should be
communicated to the cardholder using a totally separate out-of-band channel from that used by the
cardholder to initiate the PIN change or issuance function. These credentials should be time bound
and unique per PIN change or delivery event.
In summary these principles are illustrated below.
Preferred Model for Issuer Assigned PIN Issuance/Change
Internet/Phone banking logon
credentials + PIN change request
channel separation
Remote banking
system
Acknowledgement + PIN
distribution system logon
credentials
Physical and Logical Separation
PIN distribution system logon
credentials
PIN Management and Cardholder
authentication system
PIN DistributionSystem
New PIN
No cardholder(or card)
identifiable information
in this zone
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.4
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
Preferred Model for Customer Select PIN Change
No PINs present
in this zone
Internet/Phone banking logon
credentials + PIN change request
channel separation
Remote banking
system
Acknowledgement + CSP system
logon credentials
Physical and Logical Separation
CSP
system
logon
PIN Management and Cardholder
AuthenticationSystem
CSP System
New PIN
3.10.2
No cardholder(or card)
identifiable information
in this zone
PIN Change and Delivery over Open Networks – General Requirements
(a)
Cardholder PIN change and delivery must only be performed using an Issuer approved device
(see 3.10.10) and functionality.
(b)
PIN change and delivery shall adhere to the principles set out in AS2805.3 (all parts) to the
maximum extent possible consistent with the Issuer's security and risk management policies.
(c)
PIN selection shall not be performed using mail (traditional post or otherwise) other than as
specified here.
(d)
PIN change and delivery must ensure that the plain text PIN shall never be known to, or
accessible by, any employee or agent of the Issuer.
(e)
PIN change and delivery shall only be performed (initiated) by the Cardholder.
(f)
The host SCM functionality that is used to implement Customer Select PIN change should be
atomic, that is, verification of the Cardholder using the current PIN or account specific control
number should be an intrinsic part of that functionality. Specifically an SCM function that
accepts a new PIN and a PAN and that outputs an offset and/or PVV for storage in a host
database must not exist unless it additionally embodies strong cardholder authentication as per
3.10.3.
(g)
The PIN change and delivery process must ensure the authenticity of the Cardholder.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.5
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
3.10.3
(h)
A detailed risk assessment paying particular attention to any deviations from the relevant
standards - AS2805 part 3, ISO 9564 - must be an integral part of any Issuer’s decision to
provide functionality in support of PIN change and delivery over open networks.
(i)
To assist with fraud monitoring and problem resolution, Issuers must record PIN change and
delivery events including date, time, frequency and the channel over which the event occurred
(without recording any PINs).
(j)
The Open Network PIN change/delivery system should not be the sole PIN change or delivery
mechanism available to Cardholders.
Cardholder Authentication for PIN Change or Delivery
Issuers must:
(a)
Provide Cardholders with a means to determine that the dialogue with the Issuer is genuine.
(b)
Ensure that cardholder authentication credentials are not based on information that is publicly
available.
(c)
Ensure that the Cardholder's card number cannot be determined solely from the Cardholder's
authentication credentials.
(d)
Ensure that it is not possible to authenticate a Cardholder using only information contained on
the card or other payment instrument.
(e)
Ensure that cardholder authentication credentials vary each time a Cardholder accesses the PIN
change or delivery system.
(f)
Not transmit the PAN to the Cardholder during a PIN change or delivery operation, nor require
that the Cardholder enter such information.
(g)
Implement a policy to never send unsolicited PIN change requests and advise Cardholders
accordingly.
(h)
Use calling-line identification only as a confirmation, not proof, of a Cardholder's identity, and
to implement additional Cardholder authentication.
(i)
Ensure that PIN change or delivery systems requiring the transmission of the PIN over open
networks provide mutual assurance to the Issuer and Cardholder that the correct PIN is being
delivered to, or from, the genuine Cardholder e.g., using a separate channel to deliver
acknowledgements.
(j)
Avoid the use of the card PIN for non-payment transactions including access to electronic
banking.
Issuers should:
(k)
Acknowledge PIN change and delivery requests back to the Cardholder by the Issuer using an
out-of-band mechanism i.e., through the use of two separate networks working simultaneously to
authenticate a user.
(l)
Pay particular attention to device convergence resulting from technological change in selecting
acceptable out-of-band mechanisms e.g., browser capable smartphones.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.6
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
3.10.4
(m)
Manage the risks associated with possible redirection of PIN change request or delivery
acknowledgements through, for example, phone number porting.
(n)
Provide Cardholders with a means to audit the outcome of a PIN change or delivery request.
(o)
Ensure that no staff member can legitimately associate a control number with a card number or
account.
PIN Advice General (assigned or derived PIN)
Issuer approved methods of conveying the PIN to the Cardholder must meet the following
requirements.
(a)
The plain text PIN must never be transmitted over communications lines outside of a secure
environment as specified in AS 2805-14.2:2009, clause H.5, unless there is no feasible way in
which the PIN could be associated with the Cardholder, the Cardholder's account or card.
(b)
The Issuer's employees, staff and agents must not handle the plain text PIN where any of the
associated card or account details are also available to them.
(c)
Issuers must appropriately evaluate and manage the risks associated with change of destination
requests from Cardholders.
(d)
Issuers must re-examine their procedures and associated risks for delivering cards and PINs to
Cardholders on a regular and frequent basis.
Issuers should:
3.10.5
(e)
Ensure that physical distribution of a PIN is made only to pre-registered Cardholder destinations.
(f)
Ensure that electronic distribution of a PIN is made only to strongly authenticated Cardholders as
per clause 3.10.3.
PIN Advice by SMS (Issuer assigned PIN)
In addition to the requirements of clause 3.10.4, the following requirements apply where an Issuer
assigned PIN is conveyed to the Cardholder via an SMS message.
(a)
Issuers must provide the Cardholder with security advice for the management of the mobile
phone used for PIN advice. This must include advice about the dangers of malware and of
storing account data and/or PINs on the phone or any additional copies made of the phone data
e.g., via synchronizing the data between the mobile phone and a personal computer.
(b)
Only pre-registered mobile phone numbers shall be used for PIN advice.
(c)
The SMS PIN advice message must be preceded by a communication to the Cardholder
containing an identification value or control number and an authentication value. This
communication should use a different mechanism other than SMS.
(d)
The identification and authentication values must not disclose the account or card numbers.
(e)
If the identification value is publicly available, such as the Cardholder's phone number or email
address, then a second non-public identification value or mechanism must be used.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.7
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
3.10.6
(f)
The PIN distribution system should run on a dedicated system and be isolated from any other
network by a dedicated firewall.
(g)
The PIN distribution system should perform no other function than PIN distribution and any
sessions established during the distribution must be terminated once the PIN has been sent.
(h)
The PIN distribution system must have no way of associating an identification value with a
specific Cardholder's name, address, account or card number.
(i)
The association of the PIN to a specific account or card number should not be possible with the
authorising information available on the PIN distribution system.
(j)
All PINs, control values and authentication data must be encrypted using triple-DES or AES
with a minimum key length of 112-bits during transmission to, and storage in, the PIN
distribution and PIN management systems.
(k)
The PIN Advice message must be preceded by a Cardholder initiated request.
(l)
The PIN Request message must contain the Cardholder's identification and authentication values.
(m)
The PIN distribution system must transmit the PIN to the Cardholder only upon successful
validation of the authentication value.
(n)
The PIN distribution system must have limits on the number of attempts made to retrieve a PIN.
(o)
Where required, the PIN distribution system should decrypt the PIN immediately prior to
transmission to the Cardholder.
(p)
The PIN management system should re-associate the control number with a specific account
number, validate the Cardholder using the authentication values and retrieve the cardholder PIN
for that account number.
(q)
It must not be possible for authorised staff with access to the PIN distribution system to access
any other system where associated cardholder data can be accessed. Additionally the PIN
distribution system database must be separate to any other database containing cardholder data.
(r)
The authentication and identification values together with the PIN must be deleted from the PIN
distribution system immediately after successful delivery is confirmed.
(s)
The issuer shall establish an allowable storage window for the PIN distribution system after
which time the PIN must be deleted from the system whether delivered or not.
(t)
It should not be possible to identify the type of cardholder payment device, account or card
number from the SMS message containing the PIN.
PIN Advice by Internet (Issuer assigned PIN)
In addition to the requirements of clause 3.10.4, the following requirements apply where the PIN is
conveyed to the Cardholder using the Internet.
(a)
Issuers must provide the Cardholder with security advice for the management of the end-user
device (e.g., PC, Smartphone, etc) used for PIN advice. This must include advice about the
dangers of malware and of storing account data e.g., Cardholder statements and/or PINs on the
end-user device or any additional copies made of the data e.g., backups.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.8
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
(b)
The PIN must be cryptographically protected whilst in storage or transmission using triple-DES
or AES with a minimum key size of 112-bits. PIN transmission shall be in accordance with the
requirements of clause 3.10.11.
(c)
The encrypted PIN shall be decrypted for display on the end-user device's display by the Issuerprovided application.
(d)
Initiation of the PIN advice shall require that the Cardholder enter pre-established credentials
such as a control number and authentication value.
(e)
As the security of the PIN advice implementation is based on the premise that no individual,
other than the Cardholder, can associate the control number with a specific account or card
number it is essential that the control number and authentication value not disclose the card or
account numbers.
(f)
The control number and authentication values must be communicated using an out-of-band
mechanism i.e., through the use of two separate networks working simultaneously to authenticate
a user.
(g)
Any key used to generate a control number should not be used for any other purpose and should
be managed in accordance with AS2805 part 6.1.
(h)
The control number should be generated and delivered to the cardholder in such a way, e.g., by
using a PIN mailer, such that no-one, other than Cardholder, can associate that control number
with that Cardholder without detection.
(i)
The control number should be communicated to the Cardholder in such a way that no-one, other
than the Cardholder, can access it without detection.
(j)
The PIN distribution system should have no way of associating a control number with a specific
Cardholder's name, address, account, card or phone numbers.
(k)
The PIN advice function should exchange only strings of numbers (a control number and
authentication values) with the Issuer PIN distribution system i.e., there should be no other
Cardholder identifying information, other than the control number, exchanged during the PIN
delivery function.
(l)
The PIN management system should re-associate the control number with a specific account
number, validate the cardholder using the authentication values and retrieve the cardholder PIN
for that account number.
(m)
The PIN and authentication values must not be logged and must be deleted immediately after
use.
(n)
The PIN distribution system should be designed and operated under strictly enforced conditions
such that no individual, other than the cardholder, is able to associate a control number, PIN or
authentication values with any specific card or account number.
(o)
PIN delivery to the end-user equipment (e.g., PC or smart-phone) should not be associated with
any Cardholder account data or card number.
(p)
Internet PIN advice should be protected using a secure channel established between the client
application and the PIN distribution system according to the principles set out in ISO/IEC 11770.
Additionally the implementation should take into account malware attacks such as man-in-thebrowser or man-in-the-middle.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.9
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
3.10.7
(q)
Issuers must ensure that the association of Cardholder authentication credentials with a control
number does not weaken the principle that the control number cannot be used to determine a
specific account or card number.
(r)
Cardholder authentication must not be performed by the Internet server but rather by the back
end Issuer host system and only after the control number has been re-associated with a specific
account.
(s)
Web servers must be configured to disable client side caching of web pages that display PIN and
associated data during the Internet session.
Customer Select PIN Change – General
Issuers should advise Cardholders against using the PIN as a credential for electronic banking or any
other service and provide an alterative input format for electronic banking credentials e.g., forbidding
all numeric passwords.
Issuers must:
3.10.8
(a)
Provide the Cardholder with appropriate guidance for PIN selection and usage; and
(b)
Provide and use cryptographic mechanisms for protecting the PIN from the point of entry and
beyond.
Customer Select PIN Change by Internet
In addition to the requirements of clause 3.10.7, the following requirements apply where the PIN is
conveyed from the Cardholder using the Internet.
(a)
Issuers must provide the Cardholder with security advice for the management of the end-user
device used for PIN selection. This must include advice about the dangers of malware and of
storing account data and/or PINs on the end-user device or any additional copies made of the
device's data e.g., backups.
(b)
The PIN must be cryptographically protected whilst in storage or transmission using triple-DES
or AES with a minimum key size of 112-bits. PIN transmission shall be in accordance with the
requirements of clause 3.10.11.
(c)
Initiation of PIN selection shall require that the Cardholder enter pre-established credentials such
as a control number and authentication value.
(d)
As the security of the PIN selection implementation is based on the premise that the design and
implementation of the system is such that no individual, other than the Cardholder, can associate
the control number with a specific account or card number it is essential that the control number
and authentication value not disclose the card or account numbers.
(e)
The control number and authentication values must be communicated using an out-of-band
mechanism i.e., through the use of two separate networks working simultaneously to authenticate
a user.
(f)
Any key used to generate a control number should not be used for any other purpose and should
be managed in accordance with AS2805 part 6.1.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.10
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
3.10.9
(g)
The control number should be generated and delivered to the cardholder in such a way, e.g., by
using a PIN mailer, that no-one, other than Cardholder, can associate that control number with
that Cardholder without detection.
(h)
The control number should be communicated to the Cardholder in such a way that no-one, other
than the Cardholder, can access it without detection.
(i)
The CSiP PIN change system should have no way of associating a control number with a
specific Cardholder's name, address, account, card or phone number.
(j)
The PIN advice function should exchange only strings of numbers (a control number and
authentication values) with the Issuer CSP PIN change system i.e., there should be no other
Cardholder identifying information, other than the control number, exchanged during the PIN
change function.
(k)
The PIN management system should re-associate the control number with a specific account
number, validate the cardholder using the authentication values and retrieve the cardholder PIN
for that account number.
(l)
The PIN and authentication values must not be logged and must be deleted immediately after
use.
(m)
The CSP PIN change system should be designed and operated under strictly enforced conditions
such that no individual is able to associate a control number, PIN or authentication values with
any specific card or account number.
(n)
Internet PIN selection must be protected using a secure channel established between the client
application and the CSP PIN management system according to the principles set out in ISO/IEC
11770. Additionally the implementation should take into account malware attacks such as manin-the-browser or man-in-the-middle.
(o)
Issuers must ensure that the association of Cardholder authentication credentials with a control
number does not weaken the principle that the control number cannot be used to determine a
specific account or card number.
(p)
Cardholder authentication must not be performed by the Internet server but rather by the back
end Issuer host system and only after the control number has been re-associated with a specific
account.
(q)
Cardholder authentication and generation of the reference PIN should be done in real-time
during the session with success or failure reported back to the Cardholder.
(r)
Web servers must be configured to disable client side caching of web pages that display PIN and
associated data during the Internet session.
Customer Select PIN Change by Mobile Phone
PIN selection via SMS or DTMF tone signalling is not permitted.
The use of Internet-based PIN change on smart-phones must comply with the requirements of clause
3.10.8.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.11
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
3.10.10
Issuer Approved PIN Entry Devices
In accordance with clause 3.10.2, only Issuer approved devices should be used for PIN entry supporting
PIN Change or selection. Such devices should be one or more of the following:
1.
A functionally secure device i.e. a device that can be compromised only by physical means and
whose functionality cannot be subverted through unauthorised inputs to the device; or
2.
A device providing a level of logical security sufficient to protect the PIN and other account
data.
Issuers must ensure that:
3.10.11
(a)
Cardholders are fully educated as to their responsibilities for the management and protection of
permitted personal devices.
(b)
Cardholders are adequately warned about the inherent dangers in storing the PIN.
(c)
Cardholders are provided with a means of ensuring that the communication is genuinely with the
Issuer.
(d)
It is possible for the Cardholder to determine that a genuine end-to-end communication with the
issuer is occurring rather than a phishing or other man-in-the-middle malware masquerading as
the issuer application.
(e)
The PIN is cryptographically protected between the approved personal use device and the Issuer.
(f)
Cardholders are provided with easy access to applicable malware countermeasures for any
approved personal use devices and be made aware of the risks associated with malware.
(g)
PIN change applications should provide a mechanism to protect the PIN during PIN entry in case
man-in-the-browser or other root-kit attacks are in place, that are undetectable by common antivirus countermeasures.
PIN Transmission
PINs and associated account data transmitted between systems should be protected against disclosure,
and the integrity of the PIN protected against any party eavesdropping on, or manipulating, the
communications link. PIN integrity refers to the integrity of the relationship between the PIN and any
associated information such as user account data.
Issuers must:
(a)
(b)
Protect the PIN during transmission by at least one the following:
(i.)
provision of physical protection;
(ii.)
encryption of the PIN value; or
(iii.)
disassociation of the PIN from the account data, with PIN integrity maintained through
the use of an encrypted control value.
Use transmission protocols designed such that the introduction of fraudulent messages, or
modification of valid messages, does not yield any useful information concerning the PIN.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 3 - Issuer Standards
(c)
Use cryptographic mechanisms such that PIN integrity is ensured.
(d)
Where the PAN is available, only encipher PINs using one of the PIN block formats specified in
AS2805 part 3 with format 3 preferred.
(e)
Where the PAN is not available:
(i.)
Use an encrypted control value uniquely linked to the PAN to construct the PIN block.
The construction should provide the same security properties as provided by ISO PIN
blocks.
(ii.)
The method used to format the PIN block prior to encryption should not enable the PIN to
be recovered from the resulting ciphertext (e.g., by using rainbow tables).
(f)
Ensure that any PIN translation conforms to the guidance in ISO 9564-1 to the maximum extent
possible consistent with the Issuer's security and risk management policies.
(g)
Ensure that the association of Cardholder authentication credentials with the control number
does not weaken the principle that the control number cannot be used to determine a specific
account.
(h)
Use only cryptographic algorithms specified in AS2805 part 3 to provide PIN secrecy and
integrity.
(i)
Ensure that clear text PIN transmission does not contain any information that can be directly
connected with the Cardholder or the account/card number.
The next page is 4.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E226 issued as CS3/r&p/001.12
3.13
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 4 - Issuer Interchange Operations Procedures
PART 4 ISSUER INTERCHANGE OPERATIONS PROCEDURES
This Part 4 sets out the interchange procedures that are required to be followed by all CECS Members which
participate or propose to participate in Interchange as Issuers, with other CECS members.
The Company will require a Non-Member that wishes to arrange for Issuer Certification under Part 2 of the
CECS Manual to confirm that it satisfies applicable requirements of this Part 4.
Any Third Party Processors engaged by the Issuer will be required to satisfy the requirements of this Part 4.
4.1
Reports
4.1.1
General
Each Issuer must ensure that all reports of Interchange which it is required to produce for the purposes
of 4.1 contain information which:
(a)
satisfies agreed internal audit requirements of both parties to the Interchange;
(b)
provides the ability to trace Items in the event of discrepancies/enquiries across the Interchange
Link;
(c)
assists in verifying settlement figures; and
(d)
provides statistical information to provide a basis for calculating applicable Interchange Fees.
All Transactions processed through the Interchange Link, both completed and uncompleted, must be
reported to assist with Cardholder enquiries and balancing procedures.
The format of all reports required under 4.1 is left to the individual institution’s discretion, provided
that all minimum information requirements have been met. Reports may be kept in microfiche form.
4.1.2
Types of Reports
Each Issuer must, in respect of all Interchange in which it engages in that capacity, produce:
(a)
a daily Transaction listing which specifies, for each Transaction processed:
Cardholder Number;
Terminal Identification Number;
Acquirer posting date (local posting date);
Real calendar date and timestamp of Transaction;
Acquirer Terminal Sequence Number;
Authorisation response Code;
Transaction type performed (including account type);
Amount of Transaction;
Acquirer Reference Number (Acquirer Sequence/Trace Number);
Issuer Sequence Number;
Terminal location; and
The amount of any fee (e.g. an ATM operator fee).
Amended effective
date 15.8.05
Australian Payments Clearing Association Limited
4.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 4 - Issuer Interchange Operations Procedures
4.1.3
(b)
a daily Interchange Settlement Report for purposes of, and in accordance with, Part 10;
(c)
monthly, an Interchange billing report for each Interchange Agreement that provides for
payment of an Interchange Fee, which specifies:
number of Transactions acquired;
Interchange Fee applicable to Transactions acquired by that institution;
total sum of Interchange Fees receivable in respect to acquired Transactions (derived by
multiplying the number of Transactions acquired, by the Interchange Fee applicable to
Transactions acquired by that institution);
number of Transactions issued;
Interchange Fee applicable to Transactions issued by that institution;
total sum of Interchange Fees payable in relation to issued Transactions (derived by multiplying
the number of Transactions issued, by the Interchange Fee applicable to Transactions issued by
that institution); and
net settlement figure for monthly Interchange Fee.
Last amended
effective 03/03/09
Retention Period
Unless applicable legislation or an institution’s policy require a longer retention period, each of the
reports produced under 4.1.2 are to be held by each institution for a minimum period of 12 months, in
such a manner that they are capable of being retrieved within 10 business days if required.
4.2
[deleted]
4.2.1
[deleted]
4.2.2
[deleted]
4.2.3
[deleted]
4.3
Interchange Fees
4.3.1
Fee Calculation
The basis, rate and payment of the Interchange Fee (if any) will be as agreed from time to time
bilaterally and is to be specified in the relevant Interchange Agreement.
4.3.2
Payment of Fee
Following receipt of Interchange billing reports (see 4.1.2), usually within one to five business days of
the start of each month Interchange parties will exchange acquired Transaction data by telephone and
facsimile and verify and calculate net difference and agree amount due/to be paid. (This may involve
some negotiations and sharing of differences). Monthly Interchange Fee reports may be exchanged to
assist identification and resolution of large differences. Net fees will be settled by bank cheque,
warrant, drawing voucher, or such other method as may be agreed between the parties from time to
time.
Contact details for payment of Interchange Fees can be found at https://extranet.apca.com.au/.
Australian Payments Clearing Association Limited
4.2
[ABN 12 055 136 519]
Last amended
effective 03/03/09
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 4 - Issuer Interchange Operations Procedures
4.4
Doubtful Transactions
Issuers must:
(a)
confirm receipt of the Doubtful Transaction advice via return facsimile or e-mail transmission
(as a rich text format attachment) within five (5) business days;
(b)
promptly initiate investigations and where necessary, consult with the Acquirer;
(c)
if the value of the relevant Doubtful Transaction is held by the Issuer, promptly provide value to
the Acquirer in accordance with the instructions on the relevant Doubtful Transaction advice;
(d)
once the validity of the Doubtful Transaction has been established, attend to settlement of the
value reported on the Doubtful Transaction advice as requested by the Acquirer;
(e)
provide confirmation to the Acquirer that the value of the Doubtful Transaction has been settled
for; and
(f)
if the Cardholder has been debited without receipt of Cash from an ATM, process the ATM
Doubtful Transaction as a Disputed Transaction (See 4.5).
The Issuer is not obliged to respond to claims from the Acquirer for Doubtful Transactions if the
Acquirer has not complied with its responsibilities within 20 business days of the Transaction date (see
Part 7.4.2).
4.4.1
[deleted]
4.4.2
[deleted]
4.4.3
[deleted]
4.4.4
[deleted]
4.4.5
Retention of Records
All institutions are to maintain a record of details of Doubtful Transactions for at least 12 months.
4.5
Disputed Transactions
For the purposes of this Part 4, a Disputed Transaction includes a Transaction for which the ATM
Operator Fee is claimed to be incorrect (“ATM Disputed Transaction”).
The Cardholder is to be required to report these disputes to the Issuer. If a Cardholder notifies the
Acquirer, the Acquirer must advise the Cardholder to report the Disputed Transaction to the Issuer.
All Disputed Transactions are to be managed in accordance with the terms of the EFT Code of Conduct.
Claims by the Cardholder not to have initiated or authorised a Transaction must be investigated by the
Issuer and resolved with the Cardholder in the manner outlined in the EFT Code of Conduct.
4.5.1
[deleted]
Australian Payments Clearing Association Limited
4.3
[ABN 12 055 136 519]
Amended effective
date 15.8.05
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 4 - Issuer Interchange Operations Procedures
4.5.1.1
Issuer’s Responsibilities
Upon receiving advice of a Disputed Transaction, the Issuer must:
(a)
establish where the value of the Disputed Transaction is held; e.g., establish that value is not held
as a result of internal error
(b)
prepare a Disputed Transaction advice (in relation to ATM Disputed Transactions this will take
the form of Part 7, Appendix A or an electronic version of Part 7, Appendix A) containing the
following information for investigation by the Acquirer:
Issuer ID
Transaction date and time
system audit trace number
Transaction type performed (including account type)
Card number
amount of Transaction
instructions for passing correcting entries
Authorisation response Code
reason for dispute
brief explanation of circumstances concerning dispute
how settlement of dispute is to be provided to Issuer
Terminal ID number and location
Last amended
effective 03/03/09
amount of any fee (such as an ATM Operator Fee)
and send it either by facsimile or e-mail transmission (as a rich text format attachment) to the
Acquirer, (see Part 7 Appendix A – Interchange Operations ATM Dispute Advice, if applicable.
Contact details are found on the APCA Extranet https://extranet.apca.com.au/), accompanied by
the Issuer’s Transaction Listing or Interchange Settlement Report (as appropriate): see 4.1.2; and
(c)
grant written approval of any extension of time reasonably requested by the Acquirer for the
purposes of its investigation: (see 7.5.3).
4.5.2
[deleted]
4.5.2.1
[deleted]
4.5.3
Records
Unless a longer period is otherwise required by applicable legislation or their own policies, both Issuer
and Acquirer are to maintain details of Disputed Transactions for 12 months.
4.5.4
Timing
Timing for processing of Disputed Transactions is governed by the requirements of the EFT Code of
Conduct and also by the requirements of the CECS Manual.
(Note: Currently the EFT Code of Conduct requires the Issuer to advise the Cardholder within 21 days
of a receipt of a complaint either of the outcome of the investigation or the need for more time to
complete the investigation. Unless there are exceptional circumstances which the Issuer advises to the
Cardholder in writing, the EFT Code of Conduct requires the Issuer to complete its investigation within
45 days of receipt of the complaint. Times stipulated below are intended to enable Issuers to be in a
position to meet their obligations under the Code).
Australian Payments Clearing Association Limited
4.4
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 4 - Issuer Interchange Operations Procedures
Issuer
Acquirer
1.
Issuer receives Cardholder
complaint (EFT Code of
Conduct – Day 1).
2.
Sends Disputed Transaction
advice to Acquirer.
As soon as practicable.
3.
4.
7.
Confirm receipt and “received
on” date. (CECS Manual –
Day 1).
Within 5 Business Days of
receiving the Disputed Transaction
Advice.
On 5th Business Day or earlier after
sending of the original advice, if
no confirmation received from the
Acquirer. Go back to Step 3.
Sends a reminder to the
Acquirer – if needed.
5.
Investigate and resolve if
possible.
Prior to CECS – Day 10, i.e.,
CECS Manual Day 1 plus 9
calendar days.
6.
Notify Issuer in writing of the
outcome of the investigation
and/or request a 10 day
extension if needed.
On or prior to CECS – Day 10.
Advise Cardholder of
outcome or current status.
No later than EFT Code of
Conduct Day 21, i.e., EFT Code –
Day 1 plus 20 calendar days.
8.
9.
Time Frame
Confirm to the Issuer –
settlement or denial.
Initiate chargeback advice – if
appropriate.
On or prior to CECS – Day 30 (or
CECS – Day 40 if extension was
requested).
On CECS – Day 23 if Acquirer has
‘confirmed receipt’ (step 3 above)
and Acquirer has failed to respond
further. (i.e., to complete step 6 or
8) chargeback to be sent on Day
30.
10. Post chargeback.
On CECS – Day 30 if Acquirer has
‘confirmed receipt’ (step 3 above)
and Acquirer has failed to respond
further. (i.e., to complete step 6 or
8), and Issuer completed step 9.
11. Initiate chargeback advice – if
appropriate.
12. Post chargeback.
On CECS – Day 40 if Acquirer has
‘confirmed receipt’ (step 3 above)
and Acquirer has requested 10 day
extension but failed to respond
further. (i.e., to complete step 8)
and Issuer completed step 11.
13. Advise Cardholder of final
outcome.
No later than EFT Code of
Conduct – Day 45.
Australian Payments Clearing Association Limited
4.5
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 4 - Issuer Interchange Operations Procedures
Once the Acquirer has received the Disputed Transaction advice, the investigation should be completed
within 10 days.
The Acquirer will notify the Issuer in writing of the outcome of the investigation as soon as possible
after completing the investigation. The Acquirer must promptly notify the Issuer in writing should
more time be required to complete its investigation (step 6 above).
Unless there are exceptional circumstances (which it must promptly advise, in which event it may
invoke an extension of time, but being not more than a single extension of 10 days), the Acquirer must
complete its investigations within 30 days of initial receipt of a Disputed Transaction advice (step 8
above).
If the Acquirer fails to respond to the Issuer within 30 days, the Issuer is permitted to charge-back the
value amount to the Acquirer. (This period commences on and from the date of Disputed Transaction
advice is received at the correct area of the Acquirer). The Issuer must fax a charge-back advice
(substantially in the form of Part 6, Appendix A) to the Acquirer (see contact details,
https://extranet.apca.com.au/) giving 7 days’ warning of the proposed charge-back. In the case where
an Acquirer has sought a 10-day extension, this advice is to be sent on or after the expiration of the 40day period (Steps 11 and 12). In all other case, the advice is to be sent on or after the expiration of the
30-day period (Steps 09 and 10).
See also Part 7.5.
4.6
Enquiries
4.6.1
Disputed Transactions
Enquiries relating to Cardholder disputes/queries should be directed to the appropriate contact which
can be found at https://extranet.apca.com.au/
4.6.2
Settlement Enquiries
Enquiries regarding settlement matters and any related discrepancies are to be directed to the
appropriate contact which can be found at https://extranet.apca.com.au/
4.6.3
System Operational Enquiries
Both parties to an Interchange are to advise each other of any scheduled or unscheduled downtime. All
problems resulting in unscheduled downtime and general enquiries regarding the Interchange Link
problems are to be directed to the appropriate contact which can be found at
https://extranet.apca.com.au/
In the event that either institution has scheduled downtime resulting in the Interchange Link being
unavailable, a written advice is to be sent prior to this advising the date and approximate
commencement and completion times. This advice is to be directed to the appropriate contact which
can be found at https://extranet.apca.com.au/
4.6.4
Escalation Procedures for Unscheduled Outages
Refer Part 7, Appendix B for escalation procedures.
Australian Payments Clearing Association Limited
4.6
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 4 - Issuer Interchange Operations Procedures
4.7
Compromised Terminals
4.7.1
Acquirers to advise Issuers of Compromise and Card numbers
4.7.2
Issuers to consider cancelling Cards or mandating a PIN change and reimbursing Cardholders as soon
as possible
Clauses 4.7.1 to 4.7.2 are Confidential
Inserted effective
19.02.10
Next page is 5.1
Australian Payments Clearing Association Limited
4.7
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 5 - Acquirer Standards
PART 5 ACQUIRER STANDARDS
This Part 5 sets out the standards required to be met by all CECS Members which participate or propose to
participate in the capacity of Acquirers in Interchange with other CECS Members arising out of Transactions.
As a condition of participation in CECS, each Acquirer is required to arrange for certification that it satisfies
CECS Acquirer standards set out in this Part 5.
The Regulations authorise the Company to receive and process applications from Non-Members that are
Acquirers and that wish to arrange for Certification as Acquirers in terms of the CECS standards set out in this
Part 5.
5.1
Amended effective
14/08/06
Amended effective
14/08/06
Secure Cryptographic Devices *
Note: Any direct or indirect application of, or reference in, this clause 5.1 to an Acquirer is deemed to
include a Self Acquirer.
A financial Terminal consists of a number of components, including: PIN Entry Device (PED), printer,
communications devices, customer/merchant interface (if required), Acquirer application and magnetic
stripe reader. These components may be configured in various fashions, dependant upon requirements.
Those components of a Terminal that provide cryptographic services and any services involved in
requesting, reception and/or processing of the Cardholder PIN shall collectively meet the requirements
of a secure cryptographic device (SCD) as defined in AS 2805 part 3.1 for on-line devices.
Amended effective
14/08/06
Last amended
effective 27.04.11
Additionally, SCDs must also meet the requirements of AS 2805 part 14.2 (ISO 13491-2).
5.1.1
Obligation to Use Compliant SCDs
In accordance with Part 2.1.9, all Acquirers must use SCDs which at a minimum satisfy current PED
Security Standards: see Part 8.
5.1.2
Provision of Equipment
Subject to the particular role of the Sponsor, if any, under Part 8, the Acquirer is wholly responsible for
ensuring that only compliant PEDs and SCMs are attached to the Interchange network.
5.2
References
The following documents are referred to in this Part 5:
AS2805.2-2007/Amdt 2/2008
Electronic funds transfer – Requirements for interfaces
Part 2: Message structure, format and content
Amended effective
27.04.11
AS2805.4.1-2001/Amdt 1/2006
Electronic funds transfer – Requirements for interfaces
Part 4.1: Message authentication – Mechanism using a block cipher
Amended effective
27.04.11
AS2805.6.3-2000/Amdt 1/2003
Electronic funds transfer – Requirements for interfaces
Part 6.3: Key management – Session Keys – Node to node
AS2805.6.1-2002/Amdt 3/2007
Electronic funds transfer – Requirements for interfaces
Part 6.1: Key management – Principles
Amended effective
27.04.11
AS2805.9-2000
Electronic funds transfer – Requirements for interfaces
Inserted effective
20/10/08
Part 9: Privacy of communications
AS2805.16
Electronic funds transfer – Requirements for interfaces
Merchant Category Codes
Australian Payments Clearing Association Limited
Amended effective
27.04.11
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
5.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 5 - Acquirer Standards
AS2805.6.6- 2006
Electronic funds transfer – Requirements for interfaces
Amended effective
27.04.11
Part 6.6: Key management – Session Keys – Node to node with KEK
replacement
5.3
AS2805.6.7 – 2011
Electronic funds transfer - Requirements for interfaces.
Part 6.7: Key management - Transaction keys - Derived unique key per
transaction (DUKPT)
Inserted effective
19.02.13
Payment Card Industry
Data Security Standard – Version 1.2
Amended effective
31/05/10
PIN Security Audit Program
The PIN Security Audit program is designed to ensure that uniform security audit procedures are
applied among all CECS participants. To be effective, all entities involved in the processing of
Interchange PINs from its entry at the PED up to and including its delivery to the Issuer’s authorisation
processor must adhere to an agreed set of procedures and adopt a common audit process to ensure
adherence to those security procedures.
5.3.1
5.3.2
PIN Security Compliance
Amended effective
01/01/11
PIN Security Compliance means that a person (being an existing or a prospective Acquirer or NonMember Acquirer) confirms by completing and submitting to the Company a PIN Security Compliance
Checklist (satisfactory to the Company) that when it operates in CECS Interchange with other Members,
it is able to, and does, meet the CECS device security and management standards in force at that time
pursuant to this Part 5, including that:
Amended effective
01/01/11
(a)
only approved SCDs are employed in Interchange, including but not limited to ATM, PED, SCM
and Key Loading and Transfer Devices;
Amended effective
01/01/11
(b)
the management of the SCD meets the applicable Security Management Standards (see Part 8);
(c)
the key management practices employed comply with current AS 2805 part 6 series
requirements; and
Amended effective
27.04.11
(d)
PIN management procedures and practices comply with current AS 2805 part 3.1 requirements.
Amended effective
27.04.11
Annual PIN Security Audit
All Acquirers must complete PIN Security Compliance self-certification once every calendar year.
Acquirers must give the Company at least one month’s prior written notice of the date by which they
will complete their PIN Security Compliance self-certification.
5.3.3
Last amended
effective 13/04/07
PIN Security Compliance Checklists *
Note: Any direct or indirect application of, or reference in, this clause 5.3.3 to an Acquirer is deemed
to include a Self Acquirer.
The completed PIN Security Compliance Checklists (see Annexure I) must be used for the annual
compliance statement. It must be signed by the existing Acquirer, prospective Acquirer or NonMember Acquirer (as the case may be) and countersigned by its internal auditor.
Acquirers who have completed a Visa PIN Security Requirements Self Audit (appendix C of the PCI
PIN Security Requirements manual, version 2.0 dated January 2008 or later) within the immediately
preceding 6 months may optionally choose to complete only Part B of the PIN Security Compliance
Checklist (Annexure I) in which case a duly signed copy of the Visa checklist should accompany this
submission.
Australian Payments Clearing Association Limited
Amended effective
date 27.04.06
Inserted effective
01/01/11
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
5.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 5 - Acquirer Standards
A prospective Acquirer or Non-Member Acquirer seeking Certification pursuant to Part 2.1 must also
complete a PIN Security Compliance Checklist. The report of an agreed upon procedures engagement
required for Certification must also consider matters in the PIN Security Compliance Checklist. (See
2.1.3 and 2.1.3A.)
5.4
Inserted effective
date 27.04.06
Terminal Key Management *
Note: Any direct or indirect application of, or reference in, this clause 5.4 to an Acquirer is deemed to
include a Self Acquirer.
5.4.1
5.4.2
For all Terminal to Acquirer Links, Acquirers must ensure that:
(a)
Security for Transactions from Terminal to Acquirer complies with: AS2805 part 6 series;
Amended effective
27.04.11
(b)
PIN security and encryption complies with AS 2805 parts 3.1 and 5.4;
Amended effective
27.04.11
(c)
Key management practices comply with AS 2805 part 6.1;
(d)
Message Authentication must apply to all Acquirer Links for all financial messages;
(e)
The Message Authentication Code (MAC) must be calculated using, as a minimum, a DEA 3
(128-bit) key, Triple-DES and an algorithm conforming to AS 2805 part 4.1; and
(f)
all PIN and MAC cryptographic functions must be performed within an SCD.
Amended effective
27.04.11
Key Management Practices
Clause 5.4.2 is Confidential
5.4.3
Key Rolling Process for Session Keys
Session key roll over should occur without operator intervention and in a manner compliant with AS
2805 6.2, AS 2805 6.4 or other APCA approved, Terminal key management protocol.
5.5
5.6
Cardholder Data
Inserted effective
31/12/09
All parties to the Interchange, including merchants, Acquirers, third party processors and any
intermediate network entities shall maintain procedures and practices for preventing the unauthorised
disclosure of Cardholder Data which, includes but is not necessarily limited to the:
Amended effective
31/05/10
(a)
Primary Account Number
(b)
Cardholder Name
(c)
Service Code
(d)
Expiration Date
(As an example, compliance with the Payment Card Industry (PCI) Data Security Standard would be
sufficient to meet this requirement.)
Amended effective
31/05/10
Sensitive Authentication Data
Inserted effective
31/12/09
Sensitive authentication data, including but not limited to:
(a)
Full magnetic stripe (or equivalent)
(b)
CVC2/CVV2/CID
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
5.3
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 5 - Acquirer Standards
(c)
PIN/PIN Block
shall not be stored, outside of an SCD, subsequent to Authorisation.
Amended effective
31/05/10
5.7
[deleted]
Renumbered,
effective 31/12/09
5.8
Devices Running Multiple Applications *
Renumbered,
effective 31/12/09
Note: Any direct or indirect application of, or reference in, this clause 5.8 to an Acquirer is deemed to
include a Self Acquirer.
Where a device (e.g. PED) is running multiple applications, the SCD application and its associated data
(especially PINs and cryptographic keys) must be protected from any interference or corruption caused
by any other data or other application(s).
5.9
Inserted effective
31/12/09
TCP/IP Terminal Connectivity *
Note: Any direct or indirect application of, or reference in, this clause 5.9 to an Acquirer is deemed to
include a Self Acquirer.
5.9.1
Host Requirements
The following requirements apply to host systems which support Terminals using the TCP/IP protocol
for communications:
5.10
Stateful firewalls must protect all external entry points to the host environment;
Strong financial message protocol validation must be performed between Terminals and
acquiring hosts;
Acquiring host must be located in a secure, protected network separate from generic internal or
external access;
Production Security Control Modules must be accessible only to authorised production hosts and
authorised production applications. Where connected via TCP/IP they must be on a separate,
stand-alone network;
There shall be no uncontrolled connections between general internal and external networks and
Terminal/SCM networks (assuming they are all TCP/IP);
The host environment shall provide, at a minimum, an IPS or IDS between the perimeter network
firewall and acquiring host;
The host system must support appropriate threat management techniques relevant to the host’s
operating platform, such as malware protection with up to date signatures and maintenance,
vulnerability patching, etc;
All systems within the acquiring host environment must comply with all applicable requirements
of PCI-DSS;
The host shall provide a mechanism for the rapid disablement of known/suspected compromised
Terminals.
Amended effective
13/08/12
Renumbered,
effective 31/12/09
Good Design Principles
Acquirers need not adopt a standard Customer interface at Terminals, but that interface must be
completely unambiguous, i.e., the meaning and intent of each instruction and prompt must be clear and
convey only one meaning.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
5.4
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 5 - Acquirer Standards
5.11
Renumbered,
effective 31/12/09
Record of Transaction
A Record of Transaction generated by a Terminal must be laid out in a clear manner, with all printed
items shown in an unambiguous fashion. It must comply, as a minimum, with the standards detailed in
the EFT Code of Conduct.
In addition to these requirements, any Card number included on the Record of Transaction must have at
least four (4) digits excluded. The preferred method of truncation is to print the first six (6) digits and
the last (3) digits of the Card number on the Record of Transaction.
Last amended
effective 20/04/09
From 1 July 2009, Card expiry dates should be excluded from Cardholder Records of Transaction.
Inserted effective
20/04/09
For ATM Transactions, the Acquirer must be clearly identified on the Record of Transaction.
(Note: clause 11.4.2 contains additional requirements concerning a Record of Transaction for
Transactions which involve an ATM Operator Fee.)
Last amended
effective 03/03/09
5.12
Acquirer Requirements
Renumbered,
effective 31/12/09
5.12.1
Supported Cards
The Cards to be supported by an Acquirer are defined in each of its bilateral Interchange Agreements.
5.12.2
Supported Transactions
An Acquirer must be capable, as a minimum, of supporting the following Transactions:
5.12.3
Cash withdrawal Transactions
Amended effective
date 15.8.05
Balance enquiries
Amended effective
date 15.8.05
reversal of the above Transactions and enquiries.
Account Selection
At a minimum, account selection should provide for both Cheque and Savings accounts.
5.12.4
PIN Data *
Note: Any direct or indirect application of, or reference in, this clause 5.12.4 to an Acquirer is deemed
to include a Self Acquirer.
5.12.5
Where a Transaction contains PIN data (bit 52), that PIN data must be formatted in accordance with one
of the PIN Block formats specified in AS2805 part 3.1 with the exception of formats 1, 2 and 8. .
Last amended
effective 27.04.11
Privacy of Communication *
Inserted effective
20/10/08
Note: Any direct or indirect application of, or reference in, this clause 5.12.5 to an Acquirer is deemed
to include a Self Acquirer.
This clause applies to links between an EFTPOS Terminal and Acquirer.
Amended effective
01.01.12
For all Terminal to Acquirer links, Acquirers must ensure that privacy of communication complies with
AS2805 part 9 or any other privacy of communication standard approved by the Management
Committee.
Where AS2805.6.7 (DUKPT) is used to secure the dialogue between a Terminal and Acquirer,
compliance with AS2805.9 must be achieved as per Appendix C of AS2805.6.7.
Australian Payments Clearing Association Limited
Inserted effective
19.02.13
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
5.5
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 5 - Acquirer Standards
Renumbered,
effective 31/12/09
5.13
[deleted]
5.13.1
[deleted]
5.13.2
[deleted]
5.13.3
[deleted]
5.13.4
[deleted]
5.13.5
[deleted]
5.13.6
[deleted]
5.13.7
[deleted]
5.13.8
[deleted]
5.13.9
[deleted]
5.14
[deleted]
5.14.1
[deleted]
5.14.2
[deleted]
5.14.3
[deleted]
5.14.4
[deleted]
5.15
ATM Operational Procedures
5.15.1
ATM Interchange Operations Procedures
Renumbered,
effective 31/12/09
Renumbered,
effective 31/12/09
Standards that must be applied between Acquirers and Issuers in regard to the operation of ATM
Interchanges are set out in Parts 7 and 9.
5.15.2
Doubtful/Disputed Transactions
Part 7 (see 7.4 and 7.5) applies mandatory procedures applicable to Acquirers in regard to ATM
Doubtful/Disputed Transactions.
The next page is 6.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
5.6
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 6 - Acquirer EFTPOS Interchange Operations Procedures
PART 6 [deleted in its entirety]
The next page is 7.1
Australian Payments Clearing Association Limited
6.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
PART 7 ACQUIRER ATM INTERCHANGE OPERATIONS PROCEDURES
This Part 7 sets out the interchange procedures required to be followed by all CECS Members which participate
or propose to participate in Interchange with other CECS Members arising out of ATM Transactions.
The Company will require a Non-Member that wishes to arrange for Certification under Part 2 of the CECS
Manual to confirm that it satisfies applicable requirements of this Part 7.
7.1
Reports
7.1.1
General
Each Acquirer must ensure that all reports of the Interchange which it is required to produce for the
purposes of 7.1 contain information which:
(a)
(b)
(c)
(d)
satisfies the agreed internal audit requirements of both parties to the Interchange;
provides the ability to trace Items in the event of discrepancies/enquiries across the Interchange
Link;
assists in verifying settlement figures; and
provides statistical information to provide a basis for calculating applicable Interchange Fees.
All Transactions, whether approved or declined, that are processed through the ATM network must be
reported to assist with Cardholder enquiries and balancing procedures.
Interchange Settlement Reports (see 7.1.3) and Interchange Billing reports (see 7.1.4) are to be
exchanged on an exception basis to assist with resolution of discrepancies.
The format of all reports required under 7.1 is left to the individual CECS Member’s discretion,
provided that all minimum information requirements have been met.
7.1.2
ATM Interchange
Each Acquirer must produce a daily Transaction listing which contains the following:
Cardholder Number
Acquirer Sequence/Trace Number (set by Acquirer Host)
Issuer Sequence Number (set by Issuer Host)
Local Posting Date
Real Calendar Date and Timestamp of Transaction
Acquirer ATM Sequence Number
Transaction Type Performed
Amount of Transaction
Amount of any ATM Operator Fee
ATM Location
Authorisation response code
Terminal ID number
Last amended
effective 03/03/09
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
7.1.3
Interchange Settlement Reports (Value)
Each Acquirer must produce a daily Interchange Settlement Report for purposes of, and in accordance
with, Part 10;
7.1.4
Interchange Billing Reports
Each Acquirer must produce a monthly Interchange billing report for each Interchange Agreement that
provides for payment of an Interchange Fee, which specifies:
7.1.5
number of Transactions acquired;
Interchange Fee applicable to Transactions acquired by that institution;
total sum of Interchange Fees receivable in respect to acquired Transactions (derived by
multiplying the number of Transactions acquired, by the Interchange Fee applicable to
Transactions acquired by that institution);
number of Transactions issued;
Interchange Fee applicable to Transactions issued by that institution;
total sum of Interchange Fees payable in relation to issued Transactions (derived by multiplying
the number of Transactions issued, by the Interchange Fee applicable to Transactions issued by
that institution); and
net settlement figure for monthly Interchange Fee.
Last amended
effective 03/03/09
Retention Period
Unless applicable legislation or an institution’s policy require a longer retention period, each of the
reports produced under 7.1 are to be held by each institution for a minimum period of 12 months, in
such a manner that they are capable of being retrieved within 10 business days if required.
7.2
Operations
7.2.1
ATM Access
Some ATMs are located off-site. Such devices may be subject to restricted access due to their location
inside a store or shopping complex.
Some ATMs are located inside a branch; Cardholders will have access to these ATMs during banking
hours only.
Any Cards retained by an off-site ATM device (Retained Cards) will not generally be available for
return to the Cardholder until the security company attends the site to perform replenishing and/or
servicing of the device (see 7.7).
7.2.2
Transactions
The following minimum types of Transactions are available to Cardholders on ATMs:
Cash Withdrawal Transactions;
Balance enquiries; and
Reversals of the above Transactions and enquiries.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Account Selection
At a minimum, account selection should provide for both Cheque and Savings accounts.
7.2.3
Inserted
effective 17/12/13
EMV Phase 1
This clause 7.2.3 and its sub-clauses apply to ATM Transactions arising from the use of Australian IC
Cards at an EMV capable ATM during EMV Phase 1. For the avoidance of doubt during EMV Phase 1
CECS does not require ATMs to be EMV compliant.
Phase 1 processing is only applicable until such times as the Terminal and the relevant Interchange
Link(s) are upgraded to be EMV capable.
7.2.3.1
Account selection
All ATMs must provide account selection facilities, (minimum cheque/savings) when presented with
an Australian IC Card and credit (cash advance) when presented with an EMV combo (Scheme
credit/debit) card.
The Financial Request Message created for the ATM Transaction is to be presented to the Issuer with
the account selected by the cardholder mapped into bit 003. (See 9.11.3.)
7.2.3.2
Card Information
When an Australian IC Card or EMV combo card is presented and a debit (cheque/savings) is selected
or credit (cash advance) is selected that is to be routed bilaterally, the Acquirer may choose to use
either magnetic stripe sourced card information or optionally card information sourced from the IC to
generate the Financial Request Message.
Further, the ATM may retrieve the Track Two Equivalent Data from the IC. The Track Two
Equivalent Data formatted in accordance with AS 3524 and clause 9.11.3 (Data Element 35) may be
used to construct a Financial Request Message, which must be forwarded to the Issuer in accordance
with magnetic stripe processing formats and rules (as contained in this CECS Manual). Where this is
done the POS entry mode must accurately reflect the source of the card information (see 7.2.3.3).
7.2.3.3
Point of Sale Entry Mode
If Track Two Equivalent Data is obtained from an Australian IC Card then POS entry code “051”
(contact interface) or POS entry code “071” (contactless interface) must be used in the Financial
Request Message (refer 9.11.3).
7.2.3.5
Magnetic Stripe Fallback
If the Card information of an Australian IC Card or EMV combo card is unable to be read, then the
Track Two Data can be electronically captured from the card’s magnetic stripe and the POS entry code
“021” (refer 9.11.3) must be used in the Financial Request Message.
7.3
Interchange Fees
7.3.1
Fee Calculation
The basis, rate and payment of the Interchange Fee (if any) will be as agreed from time to time
bilaterally and is to be specified in the relevant Interchange Agreement.
Australian Payments Clearing Association Limited
Last amended
effective 03/03/09
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.3
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
7.3.2
Payment of Fee
Following receipt of Interchange Billing reports (see 7.1.4), usually within one to five business days of
the start of each month Interchange parties will exchange acquired Transaction data by telephone and
facsimile and verify and calculate net difference and agree amount due/to be paid. (This may involve
some negotiations and sharing of differences). Monthly Interchange Fee reports may be exchanged to
assist identification and resolution of large differences. Net fees will be settled by bank cheque,
warrant, drawing voucher, or such other method as may be agreed between the parties from time to
time.
7.4
Doubtful Transactions
7.4.1
Doubtful Transaction Defined
See definitions at 1.5.
7.4.2
Acquirer’s Responsibilities for Handling Doubtful Transactions
An Acquirer must investigate a likely Doubtful Transaction quickly to establish its final status (see
Appendix A, Part 7).
If the Transaction was not completed successfully at the ATM the Cardholder’s account could have
been debited, without receipt of Cash. A manual adjustment (credit) will need to be raised by the
Acquirer to the Issuer in this situation.
Amended effective
date 15.8.05
This manual adjustment will be made by warrant or by a mutually agreed means within 10 days, (or 15
days for third party). Details (as outlined in 7.1) are to be forwarded to the Issuer. (Contact details are
found at https://extranet.apca.com.au/).
If the Cardholder has been debited without receipt of Cash and the Acquirer has received value, see 7.5
Disputed Transactions.
Amended effective
date 15.8.05
Upon receiving advice of a Doubtful Transaction, the Acquirer must:
(a)
establish that value is not held as a result of an internal error;
(b)
prepare a Doubtful Transaction advice (in the form of Part 7, Appendix A or an electronic
version of this Appendix A) containing the following information for investigation by the
Issuers:
Acquirer Bank Id
ATM ID number and location
Transaction Date & time
Transaction type performed
Card Number
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.4
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
(c)
7.4.3
Amount of Transaction
Amount of any ATM Operator Fee
Instructions for passing correct entries
Brief explanation of circumstances concerning the Doubtful Transaction, and send it
promptly either by facsimile or e-mail transmission (as a rich text format attachment) to the
Issuer (see contact details in https://extranet.apca.com.au/); and
Last amended
effective 03/03/09
establish that Cash was dispensed from the ATM, i.e. by means of an ATM journal or bill
counter report.
Amended effective
date 15.8.05
Issuer Responsibilities
The Issuer must:
(a)
confirm receipt of the Doubtful Transaction advice via return facsimile or e-mail transmission
(as a rich text format attachment) within five (5) business days;
(b)
promptly initiate investigations and where necessary, consult with the Acquirer;
(c)
if the value of the relevant Doubtful Transaction is held by the Issuer, promptly provide value to
the Acquirer in accordance with the instructions on the relevant Doubtful Transaction advice;
(d)
once the validity of the Doubtful Transaction has been established, attend to settlement of the
value reported on the Doubtful Transaction advice as requested by the Acquirer; and
(e)
provide confirmation to the Acquirer that the value of the Doubtful Transaction has been settled
for.
The Issuer is not obliged to respond to claims from the Acquirer for Doubtful Transactions if the
Acquirer has not complied with its responsibilities within 20 business days of the Transaction date (see
7.4.2).
If the Cardholder has been debited without receipt of Cash from the ATM, the ATM Doubtful
Transactions is to be processed as a Disputed Transactions. See 7.5.
7.4.4
Amended effective
date 15.8.05
Retention of Records
All institutions are to maintain a record of details of Doubtful Transactions for at least 12 months.
7.5
Disputed Transactions
7.5.1
Disputed Transaction
Claims by the Cardholder not to have initiated or authorised an ATM Transaction must be investigated
by the Issuer and resolved with the Cardholder in the manner outlined in the EFT Code of Conduct.
The Cardholder is to be required to report these disputes to the Issuer. If a Cardholder approaches the
Acquirer, the Acquirer must advise the Cardholder to report the Disputed Transaction to the Issuer.
All Disputed Transactions are to be managed in the terms of the EFT Code of Conduct.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.5
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
7.5.2
Issuer’s Responsibilities
Upon receiving advice of a Disputed Transaction, the Issuer must:
(a)
establish where the value of the Disputed Transaction is held; e.g., establish that value is not
held as a result of internal error,
(b)
prepare a Disputed Transaction advice (in the form of Part 7, Appendix A or an electronic
version of this Appendix A) containing the following information for investigation by the
Acquirer:
Issuer ID
ATM ID number and location;
Transaction date and time;
system trace audit number;
Transaction type performed;
Card number;
amount of Transaction;
amount of any ATM Operator Fee
instructions for passing correcting entries;
Authorisation response Code
brief explanation of circumstances concerning dispute;
Last amended
effective 03/03/09
and send it either by facsimile or e-mail transmission (as a rich text format attachment) to the
Acquirer (see part 7 appendix A – Interchange Operations ATM Dispute Advice, contact details
are found on the APCA Extranet https://extranet.apca.com.au/), accompanied by the Issuer’s
Interchange or Interchange Settlement Report (as appropriate): see 7.1.2 and 7.1.3; and
(c)
7.5.3
Last amended
effective 03/03/09
grant written approval of any extension of time reasonably requested by the Acquirer for the
purposes of its investigation: see 7.5.3.
Acquirer’s Responsibilities
The Acquirer must:
(a)
confirm receipt from the Issuer of the Disputed Transaction advice via return facsimile or e-mail
transmission (as a rich text format attachment) within five (5) business days. (If confirmation is
not received, the Issuer should send a reminder, by facsimile or e-mail transmission (as a rich
text format attachment), requesting Acquirer to confirm receipt);
(b)
promptly initiate investigations through use of internal reporting mediums and, where
necessary, consultation with the Issuer;
(c)
if the value of the Disputed Transaction is held by the Acquirer, promptly provide value to the
Issuer in accordance with the instructions on the Disputed Transaction advice. (Where the
value has already been forwarded to the Issuer, the Acquirer should advise date and method of
value processed);
(d)
complete its investigation within 10 days of receipt of the Disputed Transaction details and
promptly notify the Issuer in writing of the outcome or whether more time is required to
complete its investigation;
Australian Payments Clearing Association Limited
Last amended
effective 03/03/09
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.6
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
(e)
provide confirmation to the Issuer that the value of the Disputed Transaction has been settled or
denied not later than 30 days after receipt of a Disputed Transaction advice. (Where the claim
is denied, appropriate reports are to be provided to verify that there was no equipment or system
malfunction at the time of the Transaction). The reports to be provided must include at least
two of the following:
a copy of the device’s journal roll or its electronic equivalent including evidence of notes
dispensed where appropriate;
a reconciliation report covering the period;
a statement confirming that the device in question was not in surplus at the time of the next
balancing operation, subsequent to the date of the Disputed Transaction; and
other evidence that the Transaction was reversed.
Last amended
effective 31/05/10
Last amended
effective 31/05/10
Where there are exceptional circumstances (which the Acquirer must promptly advise to the Issuer) the
Acquirer may invoke a single 10 day extension of time to complete its investigations i.e. The Acquirer
must complete its investigation and provide confirmation to the Issuer within 40 days of initial receipt
of a Disputed Transaction advice.
If the Acquirer fails to respond to the Issuer within 30 days, the Issuer is permitted to charge-back the
value amount to the Acquirer. (This period commences on and from the date the Disputed Transaction
advice is received at the correct area of the Acquirer).
The Issuer must fax or e-mail (as a rich text format attachment), a charge-back advice (substantially in
the form of Part 7, Appendix A or an electronic version of this Appendix A) to the Acquirer (see
contact details, https://extranet.apca.com.au/), giving 7 days’ warning of the proposed charge-back. In
the case where an Acquirer has sought a 10 day extension, this advice is to be sent on or after the
expiration of the 40-day period. In all other case, the advice is to be sent on the expiration of the 30day period.
(Note: As at the Commencement Date, EFT Code of Conduct requires the Issuer to advise the
Cardholder within 21 days of receipt of a complaint either of the outcome of the investigation or the
need for more time to complete the investigation. Unless there are exceptional circumstances which
the Issuer advises to the Cardholder in writing, the EFT Code of Conduct requires the Issuer to
complete its investigation within 45 days of receipt of the complaint. Times stipulated above are
intended to enable Issuers to be in a position to meet their obligations under the Code).
7.5.4
Re-presentment
Re-presentment by the Acquirer is allowed only if:
(a)
the charge-back is improper or invalid;
(b)
Cardholder received the requested Cash; or
Amended effective
date 15.8.05
(c)
the Acquirer has processed an adjustment for the disputed ATM Cash disbursement.
Amended effective
date 15.8.05
Re-presentment must be received by Issuer within 10 business days of the charge-back, otherwise it
will not be valid.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.7
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
7.5.5
Retention of Records
All Interchange parties are to maintain details of Disputed Transactions for at least 12 months.
7.5.6
Timing
Timing for processing of Disputed Transactions is governed by the requirements of the EFT Code of
Conduct and also by the requirements of the CECS Manual.
(Note: Currently the EFT Code of Conduct requires the Issuer to advise the Cardholder within 21 days of a
receipt of a complaint either of the outcome of the investigation or the need for more time to complete the
investigation. Unless there are exceptional circumstances which the Issuer advises to the Cardholder in
writing, the EFT Code of Conduct requires the Issuer to complete its investigation within 45 days of receipt
of the complaint. Times stipulated below are intended to enable Issuers to be in a position to meet their
obligations under the Code).
Issuer
Acquirer
Time Frame
1. Issuer receives Cardholder
complaint (EFT Code of
Conduct – Day 1)
2. Sends Disputed
Transaction advice to
Acquirer
As soon as practicable
3. Confirm receipt and
“received on” date. (CECS
Manual – Day 1)
Within 5 Business Days of
receiving the Disputed
Transaction Advice
On 5th Business Day or earlier
after sending of the original
advice, if no confirmation
received from the Acquirer.
Go back to Step 3.
4. Sends a reminder to the
Acquirer – if needed.
5. Investigate and resolve if
possible.
Prior to CECS – Day 10, i.e.,
CECS Manual Day 1 plus 9
calendar days.
6. Notify Issuer in writing of
the outcome of the
investigation and/or request
a 10 day extension if
needed.
On or prior to CECS – Day 10.
7. Advise Cardholder of
outcome or current status.
No later than EFT Code of
Conduct Day 21, i.e., EFT
Code – Day 1 plus 20 calendar
days.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.8
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Issuer
Acquirer
Time Frame
8. Confirm to the Issuer –
settlement or denial.
On or prior to CECS – Day 30
(or CECS – Day 40 if
extension was requested).
9. Initiate chargeback advice
– if appropriate.
On CECS – Day 23 if Acquirer
has ‘confirmed receipt’ (step 3
above) and Acquirer has failed
to respond further. (i.e., to
complete step 6 or 8)
chargeback to be sent on Day
30.
10. Post chargeback.
On CECS – Day 30 if Acquirer
has ‘confirmed receipt’ (step 3
above) and Acquirer has failed
to respond further. (i.e., to
complete step 6 or 8), and
Issuer completed step 9.
11. Initiate chargeback advice
– if appropriate.
On CECS – Day 33 if Acquirer
has ‘confirmed receipt’ (step 3
above) and Acquirer has
requested 10 day extension but
failed to respond further. (i.e.,
to complete step 8) chargeback
to be sent on Day 40.
12. Post chargeback.
On CECS – Day 40 if Acquirer
has ‘confirmed receipt’ (step 3
above) and Acquirer has
requested 10 day extension but
failed to respond further. (i.e.,
to complete step 8) and Issuer
completed step 11.
13. Advise Cardholder of final
outcome.
No later than EFT Code of
Conduct – Day 45.
Once the Acquirer has received the Disputed Transaction Advice, the investigation should be
completed within 10 days.
The Acquirer will notify the Issuer in writing of the outcome of the investigation as soon as possible
after completing the investigation. The Acquirer must promptly notify the Issuer in writing should
more time be required to complete its investigation (Step 6).
Unless there are exceptional circumstances (which it must promptly advise, in which event it may
invoke an extension of time, but being not more than a single extension of 10 days), the Acquirer must
provide confirmation to the Issuer that the value of the Disputed Transaction has been settled or denied
not later than 30 days after initial receipt of a Disputed Transaction advice (Step 8).
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.9
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Where the claim is denied, appropriate reports are to be provided to verify that there was no equipment
or system malfunction at the time of the Transaction. The reports to be provided must include at least
two of the following:
a copy of the device’s journal roll or its electronic equivalent including evidence of notes
dispensed where appropriate;
a reconciliation report covering the period;
a statement confirming that the device in question was not in surplus at the time of the next
balancing operation, subsequent to the date of the Disputed Transaction; and
other evidence that the Transaction was reversed.
If the Acquirer fails to respond to the Issuer within 30 days, or does not provide the supporting
documentation, the Issuer is permitted to charge-back the value amount to the Acquirer. (This period
commences on and from the date the Disputed Transaction advice is received at the correct area of the
Acquirer). The Issuer must fax or e-mail (as a rich text format attachment), a charge-back advice
(substantially in the form of Part 7, Appendix A) to the Acquirer (see contact details,
https://extranet.apca.com.au/) giving 7 days’ warning of the proposed charge-back. In the case where
an Acquirer has sought a 10-day extension, this advice is to be sent on or after the expiration of the 40day period (Step 11 and 12). In all other cases, the advice is to be sent on or after the expiration of the
30-day period (Step 09 and 10).
Last amended
effective 31/05/10
Amended effective
31/05/10
See also Part 4.5.4.
7.6
Enquiries
7.6.1
Cardholder Enquiries
Enquiries relating to Cardholders’ Transactions are to be directed to the Issuer.
7.6.2
Disputed ATM Transactions
Enquiries relating to Cardholder disputes/queries should be directed to the appropriate contact in
https://extranet.apca.com.au/.
7.6.3
Settlement Enquiries
Enquiries regarding settlement matters and any related discrepancies are to be directed to the
appropriate contact in https://extranet.apca.com.au/.
7.6.4
System Operational Enquiries
Both parties to an Interchange are to advise each other of any scheduled or unscheduled downtime.
All problems resulting in unscheduled downtime and general enquiries regarding the Interchange Link
problems are to be directed to the appropriate contact in https://extranet.apca.com.au/.
In the event that either institution has scheduled downtime resulting in the Interchange Link being
unavailable, a written advice is to be sent prior to this advising the date and approximate
commencement and completion times. This advice is to be directed to the appropriate contact in
https://extranet.apca.com.au/.
7.6.5
Escalation Procedures for Unscheduled Outages
Refer Part 7, Appendix B for escalation procedures.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.10
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
7.7
Cards Retained
A Card which has been retained by an ATM during operation for any reason is a “Retained Card” for
the purposes of this Part 7.
Where a Card has been retained by an ATM that is serviced by a branch, the branch may hold the Card
for one business day following its removal from the ATM.
Where the branch staff can determine the reason for the capture of the Card, it may be returned to the
Cardholder, within the above timeframe, upon successfully establishing the claimant’s identity and
provided that the Card was captured due to system or machine malfunction.
Where the branch staff have any doubt as to the claimant’s right to the Card, the claimant should be
advised to contact his or her own Issuer branch.
Where a Card has been retained at the request of the Card Issuer the Card is not to be returned to the
Customer under any circumstances, this includes where a Card has been retained due to excessive PIN
tries or where the Card Issuer has advised that the Card is a hot Card or expired Card.
All Cards that have been captured and not returned to a Cardholder are to be destroyed by the Acquirer
by cutting in half vertically through the magnetic stripe and embossed account number and must be
disposed of in an appropriate manner (bearing in mind the Card has a signature on it and if it is also a
credit Card will have an embossed account number all of which information may be still obtainable
from the destroyed Card).
The next page is 7A.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
7.11
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Appendix A - Disputed Transaction Advice
Last amended effective 31/05/10
APPENDIX 7A DISPUTED TRANSACTION ADVICE
INTERCHANGE OPERATIONS ATM DISPUTE ADVICE
ISSUER _____________________________
ACQUIRER _____________________________
FINANCIAL INSTITUTION DETAILS
Initiator Reference __________________ Date _____________
Contact Name
____________________
PROCESS TYPE
[ ] Doubtful Transaction
Tel __________________
Fax____________________
[ ] Disputed Transaction
DISPUTE TYPE & REASON
[ ] Cash Dispensing Error [ ] Duplicated Transaction [ ] Transaction Cancelled [ ] ATM Operator Fee Error
Details for reason of dispute/doubtful/chargeback:
TRANSACTION DETAILS
Trans Date _____________ Trans Time _______________
Dispute Amount
Sequence No ____________________
$__________ Amount Requested $____________Amount Received $ ______________
ATM Operator Fee Error Amount $_____Amount Disclosed $_________Amount Charged $___________
ATM ID
__________________
Location
__________________________________
*Interchange or Settlement Log must be provided
DISPUTE RESOLUTION / REPRESENTATION DETAILS
Ref No _____________________
Resolution /Representation Reason:
[ ] Claim Approved. Bank Warrant Issued on _______________ Bank Warrant No. ________________
[ ] Claim Approved. Please adjust account _________________________________________________
*Provide Reference, Card Number, Transaction Details on Voucher
[ ] Claim declined. Refer to comments below for reason:
[ ] ATM Terminal balanced on the next full settlement date after this Transaction and no surplus located
[ ] System log / audit trail / interchange report confirms Transaction was processed normally (evidence attached)
For example the notes dispensed were: (evidence attached)
Note Denomination
$20
$50
$100
Total Dispensed
Count
1
2
N/A
Amount
$20
$100
N/A
$120
Australian Payments Clearing Association Limited
7A.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Appendix A - Disputed Transaction Advice
Last amended effective 31/05/10
[
[
[
[
] No ATM Terminal malfunctions at the time of the Transaction
] Transaction was reversed (evidence attached)
] Other ______________________________________________________________________________________
] Supporting documentation provided
____________________________
Compiled By
___________________________
Department
______________
Date
Fax To:
INSTITUTION
Doubtful Transactions
Disputed Transactions
Australian Payments Clearing Association Limited
7A.2
Chargebacks
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Electronic Version
Appendix A - Disputed Transaction Advice
Last amended effective 31/05/10
INTERCHANGE OPERATIONS ATM DISPUTE ADVICE
Process Type
Doubtful transaction / Disputed Transaction / Chargeback
Issuer:
Acquirer:
Financial Institution Details:
Initiator Reference:
Date:
Contact Name:
e-mail Address:
Dispute Type & Reason
Cash dispensing error / Duplicated Transaction / Transaction cancelled /
ATM Operator Fee error
Details for reason of dispute/doubtful/chargeback
Transaction Details
(insert details)
* Interchange or Settlement Log must be provided
Transaction Date:
Transaction Time:
Sequence Number:
Disputed Amount:
$
Amount Requested:
$
Amount Received:
$
ATM Operator Fee Error Amount:
$
Amount Disclosed:
$
Amount Charged:
$
ATM/Terminal ID:
Location:
Dispute Resolution/Representation Details
Date sent:
Reference Number
Compiled by (name of person)
CLAIM APPROVED
Department:
(Give reason by selecting “Yes”, otherwise leave as “not applicable”)
Not applicable / Yes
Bank Warrant issued on
Not applicable / Yes
Please adjust account
Provide Reference, Card Number, Transaction Details on Voucher.
CLAIM DECLINED
Bank Warrant Number:
(Give reason by selecting “Yes”, otherwise leave as “not applicable”)
Not applicable / Yes
ATM/EFTPOS Terminal balanced on the next full settlement date after this Transaction and no
surplus located.
Not applicable / Yes
System log / audit trail / interchange report confirms Transaction was processed normally
(evidence attached).
Australian Payments Clearing Association Limited
7A.3
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Electronic Version
Appendix A - Disputed Transaction Advice
Last amended effective 31/05/10
For example, the notes dispensed were: (evidence attached)
Note Denomination
$20
$50
$100
Total Dispensed
Count
1
2
N/A
Amount
$20
$100
N/A
$120
Not applicable / Yes
No ATM/ Terminal malfunctions at the time of the Transaction.
Not applicable / Yes
Transaction was reversed. (evidence attached)
Not applicable / Yes
Other: (insert explanation):
Not applicable / Yes
Supporting documentation provided.
e-mail to:
Name of Financial Institution
Doubtful Transaction:
Disputed Transaction:
Chargeback:
Australian Payments Clearing Association Limited
7A.4
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Appendix B - Escalation Procedures
APPENDIX 7B ESCALATION PROCEDURES
Objective
This appendix aims to define the escalation procedure to be used in managing and resolving any
production problems affecting the ATM and/or the ATM Interchange link between XXXX and Xxxx.
This will ensure that all problems will be managed in accordance with an agreed production problem
process between the two parties to an Interchange.
Escalation Process
The proposed ATM Interchange escalation procedures are as defined in the attached escalation table.
The table displays the maximum elapsed resolution time (after report of the problem) for each of the
three severity levels and three levels of escalation. It is recommended that this process be applied 7
days a week 24 hours a day.
Escalation service levels will be based on severity levels determined and confirmed by the [Title of
Responsible Officer] for XXXX, and the [Title of Responsible Officer] for Xxxx, at the time of
notification of the problem.
Severity levels are as follows:
1 – (Critical):
2 – (Medium)
3 – (Low)
The product/service is unusable or unavailable.
System/online/network component down
Product/service unavailable
No bypass available
Any customer service impact – full , impending or limited
The product service is useable, but operations are restricted and a level of exposure
exists.
Limited/no access by network devices
Product/service degraded or restricted ( i.e. 1 of 2 communications links
down)
The product service is useable, but operations are restricted and a level of exposure
exists.
Day to day issue
Problem Identified
No customer impact
Resolution available
Although this process applies 24 hours a day / 7 days a week, only Severity 1 and Severity 2 problems
would be notified to the interchange partner and vice versa after business hours. Any Severity 3
problems which occur after hours can be notified on the next working day and will be tracked as
normal problem record.
Australian Payments Clearing Association Limited
7B.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Appendix B - Escalation Procedures
The response by the first level of escalation to problems notified will be an indication of the steps (or at
least the next step) which will be followed in order to develop a solution, and if possible, an indication
of the timeframe involved. This response will be given to XXXX and Xxxx as the case maybe:
Severity Level 1: raise PMS (problem) record; response within 30 minutes of notification of the
problem.
Severity Level 2: raise PMS (problem) record ; response within 60 minutes of notification of the
problem
Severity Level 3: raise PMS (problem) record; response by 5.30 pm on the next working day.
Escalation of Call
If the problem CANNOT be resolved within 30 mins (for Severity 1) or 60 mins (for Severity 2) after
first being reported, then it shall be escalated to the Second Escalation Level. In all cases [Title of
Responsible Officer] from XXXX and [Title of Responsible Officer] for Xxxx will take the role of
Problem Situation Manager.
Support staff from each Interchange party shall continue to resolve the problem while the problem
is being escalated
Every problem will be treated on its own merit(s). The contact points in each escalation level will
manage information flow from both parties and ensure that sufficient information is passed on to the
business areas concerned. If the resolution is taking longer than anticipated, the severity of the
problem may be changed with the concurrence of both parties. On exceptional situations regardless of
the severity of the problem [Title of Responsible Officer] (XXXX) and [Title of Responsible Officer]
(Xxxx) after consultation with the Second Escalation Level shall make an informed decision as to
whether to escalate the problem to the Third Escalation Level.
Situation management may be invoked by both parties based on the severity of the problem.
Depending on where the problem resides A situation manager shall be appointed by the [Title of
Responsible Officer] for XXXX or [Title of Responsible Officer] Xxxx to manage Severity 1 (in some
cases Severity 2) problems. The situation manager may appoint a number of Support and/or Area
Managers to co-ordinate activities across departments during a SEV 1 situation. Responsibilities
include;
Manages problem definition and resolution through Support managers.
Chairs checkpoint meetings (follows to agenda and tracks actions).
Puts recommendations/actions to [Title of Responsible Officer] and Business owner.
Communications to all involved parties in technology and IT team as appropriate.
Allocation of technical resources required.
Adherence to situation management process.
Liaison between support managers and [Title of Responsible Officer]/Business.
Reporting progress to the [Title of Responsible Officer]
Australian Payments Clearing Association Limited
7B.2
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Appendix B - Escalation Procedures
ATM INTERCHANGE ESCALATION TABLE
(XXXX-Xxxx)
LEVEL
ESCALATION LEVEL
SEVERITY
1+
SEVERITY
2+
SEVERITY
3+
RESOLUTION RESOLUTION RESOLUTION
TIME *
TIME *
TIME *
FIRST
XXXX OPERATOR TO Xxxx OPERATOR
30 MINS
60 MINS
60 MINS
4 HOURS
4 HOURS
1 DAY
[Title of Responsible Officer] to [Title of
Responsible Officer]
SECOND XXXX OPERATOR TO Xxxx OPERATOR
[Title of Responsible Officer] to [Title of
Responsible Officer]
THIRD
XXXX OPERATOR TO Xxxx OPERATOR
[Title of Responsible Officer] to [Title of
Responsible Officer]
CONTACT DETAILS
XXXX
RESPONSE Contact Details:
BY
Including Area
Name, Title of
Responsible Officer
5:30 PM
& 24 hour phone
numbers
Contact Details:
NEXT
Including Area
Name, Title of
Responsible Officer
WORKING & 24 hour phone
DAY.
numbers, pager
number, home and
mobile
Contact Details:
Including Area
Name, Title of
Responsible Officer
& 24 hour phone
numbers, pager
number, home and
mobile
Xxxx
Contact Details:
Including Area
Name, Title of
Responsible Officer
& 24 hour phone
numbers
Contact Details:
Including Area
Name, Title of
Responsible Officer
& 24 hour phone
numbers, pager
number, home and
mobile
Contact Details:
Including Area
Name, Title of
Responsible Officer
& 24 hour phone
numbers, pager
number, home and
mobile
SITUATION MANAGEMENT
XXXX
Xxxx
[Title of
Responsible
Officer]
[Title of
Responsible
Officer]
[Title of
Responsible
Officer]
[Title of
Responsible
Officer]
[Title of
Responsible
Officer]
[Title of
Responsible
Officer]
NOTE:
 Indicative MAXIMUM ELAPSED TIME (AFTER REPORT OF PROBLEM) FOR RESOLUTION BEFORE NEXT ESCALATION FOR ACTION.
Australian Payments Clearing Association Limited
7B.3
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 7 - Acquirer ATM Interchange Operations Procedures
Appendix B - Escalation Procedures
Severity levels are as follows:
Severity Level 1 (Critical): The product/service is unusable or unavailable.
-
Severity Level 2 (Medium): The product service is useable, but operations are restricted and a
level of exposure exists.
-
System/online/network component down, product/service unavailable, no bypass
available, customer service impact.
Limited/no access by network devices, product/service degraded or restricted,
impending/limited customer service impact.
Severity Level 3 (Low): The product/service is useable with no immediate impact.
circumvention has been identified.
-
Day to day issue, problem Identified, minimal customer impact, resolution available.
The next page is 8.1
Australian Payments Clearing Association Limited
7B.4
[ABN 12 055 136 519]
A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 8 – Device Security Standards
PART 8 DEVICE SECURITY STANDARDS *
Note: Any direct or indirect application of, or reference in, this clause 8 to an Acquirer is deemed to include a
Self Acquirer.
8.1
Device Security Standards
This Part 8.1 sets out the security standards applicable to secure cryptographic devices (SCD) that are
required to be met by all CECS Members, in relation to their Interchange with other CECS Members.
Amended effective
14/08/06
The Company will require all Non-Member Acquirers that wish to arrange for Non-Member
Certification under Part 2 to confirm that they satisfy the security requirements of this Part 8. A NonMember Acquirer that does not wish to arrange for Non-Member Certification under Part 2 may
nevertheless submit a device to the evaluation and approval processes set out in this Part 8.
Relevant Standards
The Company is committed to the use of the latest national and international standards in the
Interchange environment. The requirements contained in:
(a)
AS 2805
all parts
(b)
[deleted]
Deleted effective
27.04.11
(c)
[deleted]
Deleted effective
01.01.12
(d)
[deleted]
Deleted effective
27.04.11
(e)
Guidelines for EFT Security (see 1.3.4)
(f)
[deleted]
Deleted effective
13/08/12
(g)
ISO TR14742 Recommendations of cryptographic algorithms and their use
Inserted effective
01.01.12
(h)
PCI PIN Transaction Security, Version 3.x;
Inserted effective
13/08/12
(i)
PCI PIN Transaction Security Point of Interaction Derived Test Requirements version 3.x.
Inserted effective
13/08/12
are considered normative to this security standard.
8.2
Device Security Evaluation Criteria
An Evaluation Facility, approved by the Company, shall evaluate all SCDs, using the semi-formal
evaluation methodology described in AS 2805 part 14.1-2000 using the appropriate checklists from AS
2805 part 14.2 and applying such additional tests as experience and knowledge may dictate to ensure
the uttermost confidence in the security device when subject to known contemporary attacks
employing state-of-the-art knowledge.
Amended effective
date 14.11.05
PIN Entry Devices shall be evaluated using the requirements specified in 8.3, 8.4, and 8.5 and
additionally AS 2805 part 14.2 Annexes A, B, D and G if digital signature functionality is used. Where
a PIN Entry Device has PIN management functionality, including PIN translation, then it shall also be
evaluated using the requirements specified in Annex C of AS 2805 part 14.2.
Last amended
effective 20/4/09
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
8.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 8 – Device Security Standards
Alternatively, an Applicant may submit a PIN Entry Device, which has previously been evaluated and
determined to be compliant with the requirements specified in PCI PTS version 3.0, for evaluation
under clause 2.6.1(ii) of the CECS Manual. Such a device must be identical to the model and version
number of the device evaluated in relation to the PCI PTS version 3.0 requirements. Such a device
shall be evaluated using the PCI Plus Requirements specified for that type of device in Annexure N.
The Evaluation Facility shall submit the:
Inserted effective
13/08/12
(a)
PCI Evaluation Report; and
Inserted effective
13/08/12
(b)
PCI Plus Evaluation Report, which must explicitly state whether or not the device complies with
the Company’s feasibility requirements set out in the CECS Manual or CECS Guidelines,
Inserted effective
13/08/12
to the Company in support of the Applicant’s application for approval of such device under the CECS
Manual.
Inserted effective
13/08/12
In accordance with AS2805-14.2, PEDs shall provide privacy shielding such that during normal
operation, keys pressed will not be easily observable to other persons. (For example, the device could
be designed and installed so that the device can be picked up and shielded from monitoring by the
user's own body.) As an alternative, where the device, in itself, does not provide sufficient shielding it
is permissible to rely on external physical environment provided that the vendor supplies rules and
guidance as to how the visual observation is to be deterred by the environment in which the PED is to
be installed. Such rules and guidance must be provided to the Evaluation Facility, and to all
prospective purchasers, for evaluation.
Inserted effective
01.01.12
Security Control Modules shall be evaluated using AS 2805 part 14.2, Annexes A, C, D, E, F and
additionally Annex G if digital signature functionality is provided. Furthermore Annex H shall be used
to categorize the acceptable deployment environments for Security Control Modules. Uncontrolled
environments are not suitable for the deployment of Security Control Modules. The Functions
provided by the SCM shall be in accordance with clause 8.6.
Last amended
effective 20/4/09
Some of the checklist items in sections A.3 and B.3 of Annexes A and B to AS 2805 part 14.2 relate to
management of an SCD after deployment and therefore do not need to be considered by Approved
Evaluation Facilities when evaluating SCDs. However these sections are relevant to device
management (refer section 8.7) for Acquirer Certification and the annual PIN Security Audit.
Approved Evaluation Facilities should complete checklist item A.3.2 based on assurances from the
device manufacturer or an independent auditor.
Last amended
effective 20/4/09
Devices providing a Remote Management Solution for Security Control Modules shall be evaluated
using AS 2805 part 14.2, Annex A - Logical security characteristics only; Annexes D, E - Physical and
logical security characteristics only; Annex F - Physical and logical security characteristics only, and
Annex G if digital signature functionality is provided. Annex H shall be used to categorize the
acceptable deployment environments for a Remote Management Solution for Security Control
Modules. Uncontrolled environments are not suitable for the deployment of a Remote Management of
Security Control Modules solution.
Inserted effective
19.02.13
Key Transfer and Loading Devices shall be evaluated using AS 2805 part 14.2, Annexes E and F.
Last amended
effective 20/4/09
The calculation of attack potentials shall be performed using the method specified in Appendix B of
the PCI POS PIN Entry Device Derived Test Requirements.
All Terminals capable of supporting TCP/IP as a communications protocol shall additionally be
evaluated against the requirements in Annexure M.
Australian Payments Clearing Association Limited
Inserted effective
31/12/09
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
8.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 8 – Device Security Standards
8.2.1
Applicable Version of AS 2805 part 14.2
Inserted effective
20/04/09
From 20 April 2010 all devices shall be evaluated using AS 2805 part 14.2-2009 and all references to
AS 2805 part 14.2 in the CECS Manual shall be construed as a reference to AS 2805 part 14.2-2009.
Inserted effective
20/04/09
Prior to 20 April 2010:
(a)
if a device has ICC functionality then the ICC reader must be tested against the requirements in
AS 2805 part 14.2-2009; and
(b)
subject to 8.2.1(a), devices may be evaluated using AS 2805 part 14.2-2009 or AS 2805 part
14.2-2003;
and all references to AS2805 part 14.2 in the CECS Manual shall be construed accordingly.
8.2.2
Applicable Version of PCI PTS for PEDs
Inserted effective
13/08/12
All references to PCI PTS in the CECS Manual shall be construed as a reference to PCI PIN
Transaction Security, version 3.0 – 2011.
8.3
Interpretation
For the purposes of this evaluation the following terms in AS 2805 part 14 series (ISO 13491) are
understood to mean;
Not Feasible
Amended effective
27.04.11
Inserted effective
20/04/09
"Not Feasible" means in the case of attacks:
(a)
against the Cardholder PIN, the device is to be resistant to any Phase 1 attack costing
less than 26 PCI Points and to any Phase 2 attack costing less than 13 PCI Points;
Amended effective
13/08/12
(b)
against PIN-security related cryptographic keys, components and residues including
access codes and passwords protecting sensitive states, symmetric and private
cryptographic keys, MAC keys or other such sensitive data, the device is to be resistant
to any attacks costing less than 35 PCI Points and to any Phase 2 attack costing less than
15 PCI Points;
Amended effective
13/08/12
(c)
against the integrity of public keys, the device is to be resistant to any Phase 1 attack
costing less than 35 PCI Points and to any Phase 2 attack costing less than 15 PCI Points;
Amended effective
13/08/12
(d)
against Tamper Evident protections, the device is to be resistant to any Phase 1 attack
costing less than 14 PCI Points and to any Phase 2 attack costing less than 8 PCI Points;
Inserted effective
13/08/12
(e)
for EFTPOS devices, against the Magnetic-stripe reader and its connection path the
device is to be resistant to any Phase 1 attack costing less than 16 PCI Points and to any
Phase 2 attack costing less than 8 PCI Points;
Last amended
effective 13/08/12
(f)
for EFTPOS devices, against the ICC reader (if present) and its connection path, the
device is to be resistant to any Phase 1 attack costing less than 20 PCI Points and to any
Phase 2 attack costing less than 10 PCI Points;
Inserted effective
13/08/12
(g)
for EFTPOS devices, against prompts for cardholder data entry and display messages,
the device is to be resistant to any Phase 1 attack costing less than 18 PCI Points and to
any Phase 2 attack costing less than 9 PCI Points;
Inserted effective
13/08/12
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
8.3
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 8 – Device Security Standards
(h)
for ATM devices, the magnetic-stripe reader, associated software and connection path,
and against any ICC reader (if present) hardware, associated software and connection
path, and against the outer shell of the device, the device is to be resistant to any Phase 1
attack costing less than 14 PCI points and to any Phase 2 attack costing less than 9 PCI
Points;
Last amended
effective 13/08/12
(i)
for ATM devices, against unauthorised changing of prompts, the device is to be resistant
to any Phase 1 attack costing less than 16 PCI Points and to any Phase 2 attack costing
less than 9 PCI Points;
Inserted effective
13/08/12
(j)
for Unattended Devices ATM devices, against removal of ATM secure components, the
device is to be resistant to any Phase 1 attack costing less than 18 PCI Points and to any
Phase 2 attack costing less than 9 PCI Points; and
Inserted effective
13/08/12
(k)
for Unattended Devices (other than ATM Devices), against the removal of secure
components to protect against unauthorised removal and/or reinstallation, the device is to
be resistant to any Phase 1 attack costing less than 18 PCI points and to any Phase 2
attack costing less than 9 PCI Points.
Inserted effective
13/08/12
In this Part, “Phase 1” and “Phase 2” have the meaning given to those terms, or to cognate expressions
of them, in PCI PIN Transaction Security Point of Interaction Derived Test Requirements version 3.0,
Appendix B, and in relation to the term “Phase 2” incorporates any temporal limitation or requirement
specified in that document.
Inserted effective
13/08/12
Amended effective
27.04.11
ISO 11568 - Key Management (retail)
References to the ISO key management standard shall be taken as references to AS2805 part 6
series.
Amended effective
27.04.11
ISO 9797 series - Requirements for message authentication
References to the ISO message authentication standard shall be taken as references to AS 2805
part 4.1.
8.4
Amended effective
31/05/10
Physical Characteristics and Key Management Protocols
For the avoidance of doubt, PEDs employed within CECS shall:
When employing a master/session key, key-management scheme (e.g. AS 2805 part 6.4) meet,
at a minimum, the requirements of a Physically Secure Device as defined in AS 2805 part 3.1.
These devices may also be referred to as having tampered responsive characteristics.
When employing a unique key per Transaction key-management scheme (e.g. AS 2805 part 6.2)
meet, at a minimum, the requirements of Clause 10.2.5.2 of AS 2805 part 3.1. These devices
may also be referred to as having tampered evident characteristics.
If employing key-management schemes not specifically permitted in AS 2805 part 6 series,
Acquirers may seek approval for their deployment from the Management Committee.
Devices shall generate and verify Message Authentication Codes as per AS 2805 part 4.1 for all
value Transaction messages.
Use one of the PIN block formats, excluding format 1, specified in AS 2805 part 3.1. Format 3
is preferred.
Australian Payments Clearing Association Limited
Amended effective
27.04.11
Amended effective
27.04.11
Amended effective
27.04.11
Amended effective
27.04.11
Last amended
effective 27.04.11
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
8.4
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 8 – Device Security Standards
Use only those hash algorithms specified in ISO TR-14742 Recommendations on
Cryptographic Algorithms and their Use – Technical Report. Those algorithms must be
implemented in accordance with the guidelines given in that technical report.
8.5
Device Classification
8.5.1
Unattended Device
8.5.2
Inserted effective
31/05/10
A device intended for principal deployment in a location not subject to the regular day-to-day oversight
by a trusted employee of the Acquirer or their trusted agent (“Unattended Device”) shall have both
Tamper Responsive and Tamper Evident characteristics.
Amended effective
13/08/12
Each secure component intended for an unattended device must contain an anti-removal mechanism to
protect against unauthorised removal and/or unauthorised re-installation.
Inserted effective
13/08/12
Attended Device
Where devices complying with the requirements for PIN Entry devices given in AS 2805 part 3.1 but
not the requirements for a Physically Secure Device, as specified in AS 2805 part 3.1 and intended for
use within attended environments, those devices shall employ a unique or Transaction key based key
management scheme. Such devices shall not be deployed in unattended environments.
Amended effective
27.04.11
Rationale
Amended effective
27.04.11
AS 2805 part 3.1 allows a PIN entry device to have a lesser degree of physical security than does a
“Physically Secure Device” provided that certain conditions are met. The most significant of these
requirements is that no information remaining in the device at the end of the Transaction could, if
ascertained, be used to determine any PIN which had been entered into the device, even given
knowledge of all relevant data, which have ever been external to this device. A master/session keymanagement scheme (e.g. AS 2805 6.4) does not meet this requirement.
8.6
Limitations on Functions (SCM)
A Security Control Module (SCM) is a hardware device that provides an intentionally limited set of
cryptographic services.
The function set must be so designed that no single function, nor any combination of functions, can
result in disclosure of secret information, except as explicitly allowed by these specifications.
From 1 January 2013 all symmetric encryption functionality weaker1 than DEA-3 must have been
disabled within every deployed SCM.
Inserted effective
01.01.12
The only function calls and sensitive operator functions that can exist in the SCM are:
standard functions approved in writing by the Company (e.g., APCA2000 Specification for a
Security Control Module Function Set)
proprietary functions that are either:
-
totally equivalent to a series of standard functions and approved functions, or
-
approved in writing by the Company, or
-
limited to use only proprietary variants of *KM in function inputs and outputs
1 Reference ISO TR14742 for an understanding of which algorithms are weaker than DEA-3
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
8.5
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 8 – Device Security Standards
Proprietary functions, whether SCM function calls or operator functions, are specifically prohibited
from outputting any keys resident in the SCM, or protected by standard variants in any form
whatsoever.
No proprietary function, nor any combination of functions can result in the outputting of a clear-text
PIN, or the outputting of such a PIN except as component of a PIN block enciphered under a key used
only for protection of translated PIN blocks.
Where the functionality of the SCM includes the ability to print clear-text PINs for example on PIN
mailers, such functionality shall only become operative whilst the module is under dual control.
Where the SCM can have its functionality modified e.g. by loading of software, then unless any such
modification is performed while the SCM is in a sensitive state under dual control and that the software
or firmware is cryptographically authenticated any such modification is preceded by erasure of all
cryptographic keys and sensitive data in the SCM.
8.7
Device Management
8.7.1
PIN Entry Devices
PIN entry devices shall be managed in accordance with the requirements of AS 2805 part 14 series.
The Sponsor will submit to the Management Committee an annual compliance statement confirming
compliance with Annexes A.3 and B.3 of AS2805 part 14.2 in respect of any PEDs employed in
generating Interchange Transactions (see 5.3).
Amended effective
01.01.12
Last amended
effective 27.04.11
Annexure I, used in conjunction with the annual PIN Security Audit, provides the required
confirmation.
8.7.2
Security Control Modules (Host Security Modules)
SCMs shall be managed in accordance with the requirements of AS 2805 part 14.2. The Sponsor shall
submit to the Management Committee an annual compliance statement confirming compliance with
Annexes A.3, C.3, E.3 and either H.4 or H.5 in respect of any SCMs employed in the processing of
Interchange Transactions. (see Part 5.3)
Last amended
effective 31/12/09
Annexure I, used in conjunction with the annual PIN Security Audit, provides the required
confirmation.
SCMs should be configured in accordance with Section 0.3.5.2 of the APCA Specification for a
Security Control Module Function Set such that all functions not required for the normal operation of
the system are disabled. Additionally, where the SCM provides support for ISO format 1 PIN blocks,
such functionality must be disabled in all Acquiring and switching systems.
8.7.3
Last amended
effective 31/05/10
Key Loading and Transfer Devices
Devices used in the initial cryptographic key loading of PEDs shall be managed in accordance with the
requirements of AS 2805 part 14.2. The Sponsor shall submit to the Management Committee an
annual compliance statement confirming compliance with Annexes A.3, E.3 and F.3 of AS 2805 part
14.2 in respect of any devices employed in the initial loading and transfer of PED cryptographic keys
(see Part 5.3).
Last amended
effective 20/4/09
Annexure I, used in conjunction with the annual PIN Security Audit, provides the required
confirmation.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
8.6
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 8 – Device Security Standards
8.7.4
Inserted effective
31/12/09
TCP/IP Terminal Connectivity
The following requirements apply to all Terminals and associated host systems where TCP/IP
protocols are used for communications.
8.7.4.1
Inserted effective
31/12/09
Terminal Requirements
Terminals shall be additionally evaluated against the requirements of Annexure M.
Terminal identification is mandatory and may be implemented in part (at the financial
message protocol level) by using a (Terminal resident) MAC address as a (Terminal) serial
number or the PIN Pad Identification Definition (PPID).
Mutual authentication is mandatory and may be implemented at the network / transport layer
(e.g.: SSL, IPSec, et al) or at financial message layer (e.g.: AS2805 part 6.5 series).
Transport level message encipherment must be applied to the entire datagram encapsulating
the financial message.
End-to-end financial message encipherment must be provided using a method conformant to
AS 2805 part 9.
All operating systems must be hardened.
The Terminal must contain a firewall if it is based on a ‘general purpose computer’1.
The Terminal must support a malware scanning application if it is based on a general purpose
computer.
No software on the Terminal will listen on any network service port, i.e. Terminal software
may initiate “connect out” sessions only.
The Terminal must support an active patch management process (to ensure that both the
operating system and application environment is kept current and up to date to minimise
exposure to any discovered flaws in those environments).
The Terminal must comply with all applicable requirements of PCI-DSS.
The Terminal must, at a minimum, support 3DES encryption with full message encryption and
authentication.
Only unique key per Transaction or dynamic session keys are permitted for Terminal key
management. Terminals with dynamic session key changes (application level) are required to
change session keys every 256 Transactions or once per hour, whichever occurs first.
Any remote support of merchant network and Terminals must be via a correctly configured
and secured, remote access system, in accordance with all applicable requirements of PCI
DSS security requirements.
The Terminal application software must be secured against unauthorised changes or
substitution.
Amended effective
27.04.11
1 A ‘General Purpose Computer’ is any device running a full-function operating system, or variant thereof, that is either (a) available to the general
public, (b) operates on a hardware platform available to the general public, or (c) is capable of being re-programmed in the field (with or without
sensitive state access) without highly specialised skills and knowledge that are not typically available to the general public.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
8.7
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 8 – Device Security Standards
8.7.4.2
Inserted effective
31/12/09
Host Requirements
Requirements for associated host systems are contained in clause 5.9.1.
8.7.5
Inserted effective
19.02.13
Remote Management of Security Control Modules
The requirements of this clause, 8.7.5, apply to systems which support remote access for the
management of SCMs:
8.7.5.1
SCM Access Requirements:
SCMs shall be located in a secure, protected network, separate from generic internal or external
access.
There shall be no uncontrolled connections between general internal and external networks.
SCMs shall be accessible only to authorised hosts and authorised applications.
For TCP/IP implementations:
-
8.7.5.2
The SCM environment shall be protected at a minimum by an IPS or IDS between the
perimeter network firewall and the remote management device.
Stateful firewalls shall protect all external entry points to the SCM environment.
Such firewalls shall log and monitor all inbound and outbound traffic to the SCMs.
There shall be a procedure, which is audited on a regular basis, for the rapid disablement of
known/suspected compromised remote management devices.
Remote Management Solutions Requirements
Remote Management Solutions may only be used with APCA approved SCMs.
Remote Management Solutions shall be approved having been evaluated against the relevant Annexes
of AS2805.14.2:2009, specified in clause 8.7.2.
Those components of a Remote Management Solution that provide any services involved in the
management of a SCM shall meet the following requirements:
Remote Management Solutions shall support appropriate threat management techniques relevant
to their operating platform, such as malware protection with up to date signatures and
maintenance, vulnerability patching, etc.
Remote Management Solutions shall be cryptographically authenticated by the SCMs.
Remote management devices may only be deployed in a minimally controlled environment, a
controlled environment or a secure environment as per Annex H of AS2805.14.2:2009. At a
minimum:
-
The storage of the Remote Management Solution shall be under dual control;
The operation of the Remote Management Solution shall be under dual control; and
While the Remote Management Solution is in operation access shall be restricted to
authorised personnel.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
8.8
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 8 – Device Security Standards
8.7.5.3
Key Management of Remote Management Solutions
Key management requirements for Remote Management Systems are contained in clause 2.4.
The next page is 9.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
8.9
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
PART 9 STANDARD INTERCHANGE SPECIFICATION
This Part 9 sets out the interchange specifications required to be met by all CECS Members, to the extent
applicable to the capacities in which they participate (or are deemed to participate) in Interchange.
Although it is not necessary that all Interchanges engaged in by CECS Members and Non-Members conform to
this specification, it is a requirement that all Members are capable of supporting this interface and it is to be used
where bilateral agreement cannot be reached.
Amended effective
14/08/06
Inserted effective
date 12.05.06
The Company will require all Non-Member Acquirers that wish to arrange for Non-Member Certification under
Part 2 to confirm that they satisfy the Interchange specifications set out in this Part 9.
9.1
Purpose
The purpose of this Part 9 is to define the standard message set capable of supporting the range of
Interchange Transactions arising from Card-originated, debit Transactions and associated interactive
message traffic between CECS Members.
9.2
Scope
The scope of this Part is to specify CECS requirements for debit authorisation Interchange in sufficient
detail to allow construction and implementation of the required interface (see also Part 2.3).
The message specifications given in this Part 9 are based on the Australian Standard, AS2805
Electronic funds transfer - Requirements for interfaces. The requirements of this specification take
precedence over those of the AS2805 standard if any contention arises during the implementation of an
interface using this specification.
9.3
References
The following documents are referred to in this Part 9:
AS2805.2-2007/Amdt 2-2008
Electronic funds transfer - Requirements for interfaces
Part 2: Message structure, format and content
Last amended
effective 20/04/09
AS2805.4.1-2001/Amdt 1/2006
Electronic funds transfer - Requirements for interfaces
Part 4.1: Message authentication - Mechanism using a block cipher
Amended effective
27.04.11
AS2805.6.3-2000/Amdt 1/2003
Electronic funds transfer - Requirements for interfaces
Part 6.3: Key management - Session Keys - Node to node
AS2805.6.1-2002/Amdt 3/2007
Electronic funds transfer - Requirements for interfaces
Part 6.1: Key management - Principles
Amended effective
27.04.11
AS2805.16
Electronic funds transfer - Requirements for interfaces
Merchant Category Codes
Electronic funds transfer - Requirements for interfaces
Part 6.6: Key management – Session Keys – Node to node with
KEK replacement.
Amended effective
27.04.11
AS2805.6.6- 2006
9.3.1
Amended effective
27.04.11
Normative references
Unless specifically identified otherwise, the terms, definitions and specifications contained in the
referenced publications given in 9.3 are normative to this specification.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.4
Supported Message Types
Request
Response
Description
0100
0110
Authorisation Request
0200
0210
Financial Transaction Request
0220
0230
Financial Transaction Advice
0221
0230
Financial Transaction Advice Repeat
0420
0430
Acquirer Reversal Advice
0421
0430
Acquirer Reversal Advice Repeat
0520
0530
Acquirer Reconciliation Advice
0521
0530
Acquirer Reconciliation Advice Repeat
0800
0810
Network Management Request
0820
0830
Network Management Advice
9.5
Supported Transaction Set
9.5.1
Pre-authorised Transaction
A pre-authorised Transaction is a two-phase Transaction. An authorisation request (message type 100)
is used by the Card acceptor for the approval or guarantee of funds from the Card Issuer or their agent.
If an authorisation request is approved it is not to be debited against the Cardholder's account, which
will be performed by the Financial Transaction Advice (message type 220) that may follow.
The Issuer may put a temporary hold on the Cardholder's account for the amount authorized. In the
absence of the 0220 Advice Message (or a reversal of the pre-authorization) that completes the
Transaction, the lifetime of the pre-authorization request shall not exceed 24 hours.
Pre-authorisation Transactions are generated from devices such as fuel dispensers and Card-activated
phones. The Transaction is used where the Merchant or Terminal does not know the final cost of the
goods or services to be provided. The authorisation message will contain the maximum amount that
the Terminal is able to dispense. The Pre-authorisation response message will contain the Issuer
authorised amount for this Transaction. This value may be less than the requested value.
The Financial Transaction Advice that completes the Transaction must be for a value equal to or lower
than the amount for which the authorisation was approved.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
If the amount of the advice is greater than the amount authorised, the Transaction may be rejected by
the Issuer.
For Acquirer Reversal Advice messages the amount field shall contain the same value as in the original
Authorisation Request message.
9.5.2
Balance Enquiry Transaction
A Balance Enquiry Transaction requests the Issuer to provide information about the current balance
and available (cleared) funds of an account linked to the Card. The Transaction has no financial
impact on the account, other than fees that may arise from the execution of the Transaction.
A balance enquiry Transaction uses a Financial Transaction Request message (0200)
Acquirer Reversal Advice (0420) messages are used to handle error conditions arising from the
inability to complete the Transaction for example, failure to print a receipt if requested, timeouts etc.
9.5.3
Purchase Transaction
A Purchase Transaction is used by an Acquirer to request authorisation from the Issuer of a Card, to
complete a Cardholder initiated purchase Transaction with a Merchant or service provider.
Acquirer Reversal Advice (0420) messages are used to handle error conditions arising from the
inability to complete the Transaction.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.3
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.5.4
Cash Withdrawal Transaction
A Cash Withdrawal Transaction is used by an Acquirer to request authorisation from the Card Issuer to
complete a Cardholder initiated withdrawal request at a Terminal.
Amended effective
date 15.8.05
The approval issued by the Issuer must be for the total amount of the request; approval of partial
amounts is not supported.
The Acquirer Reversal Advice must be for the full amount contained in the request.
In the case where a partial dispense occurs, only for ATM Transactions, the Acquirer shall send a
Reversal Advice message for the full amount of the original Financial Transaction Request message,
followed by a Financial Transaction Advice message for the amount of the actual dispense.
9.5.5
Combined Purchase and Cash-Out
A combined purchase and Cash-out Transaction is an EFTPOS only Transaction where the Cardholder
is supplied with some goods and/or services and at the same time with Cash funds.
Australian Payments Clearing Association Limited
Amended effective
date 15.8.05
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.4
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.5.6
Fall-Back Transaction
Fall back Transactions are used when there is a failure to process an EFTPOS Transaction on line. The
failure could be at the Merchant’s device, the Merchant to Acquirer link or the Interchange. Fall-Back
Transactions can only be used in the case of specific failures as detailed in 6.2.3.
There are four specific fall-back modes for ICC originated Transactions namely:
1.
Chip Fallback: occurs where the Transactions rules require online authorisation and the
Terminal is unable to go online. Transaction processing proceeds in accordance with the
Issuer and Terminal default processing rules (EMV default processing).
2.
Technology Fallback: occurs when due to a fault of either the ICC or the IFD, the Terminal is
unable to retrieve data from the chip. Fallback is to magnetic-stripe.
3.
Manual Entry: occurs when the Terminal is unable to retrieve Card data from both the ICC
and the magnetic-stripe.
4.
Fallback Override refers to the situation where, when in Chip Fallback, the ICC returns a
decline, and where the Merchant, under certain specified conditions, chooses to override the
result.
Inserted effective
20/04/09
For additional details see Appendices B, G and H.
A reversal message may be sent when the Terminal fails to receive a 0230 Financial Transaction
Advice response or when the Terminal fails to authenticate the 0230 response message.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.5
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.5.7
Refund Transaction
A refund Transaction is initiated when a Merchant or service provider has a need to return funds to a
Cardholder in respect of a prior purchase, for example, if the Cardholder has returned unwanted goods.
Last amended
effective 9/02/07
Prior to the EFTPOS Deposit Commencement Date, a refund Transaction may also be initiated when a
Merchant or service provider has a need to:
Inserted effective
9/02/07
pay funds to a Cardholder in circumstances that the Issuer and the Acquirer have bilaterally
agreed; or
make a Medicare Claim Refund.
From the EFTPOS Deposit Commencement Date the refund Transaction is only to be used to return
funds to a Cardholder in respect of a prior purchase and the EFTPOS deposit Transaction must be used
for any other transfer of funds to a Cardholder.
9.5.8
Inserted effective
9/02/07
Reconciliation Transaction
Reconciliation Transactions are used between two end points of a link to confirm the number and value
of financial Transactions that have been approved since the last reconciliation process occurred.
For Acquiring nodes, the reconciliation totals must not be updated until the financial Transaction
response message is received from the Issuing node with an approval action code.
Separate reconciliation totals and processing is required for each interface between nodes.
A sending node must maintain a set of reconciliation totals for each reconciliation date that the node is
currently using in messages being sent. Similarly, the receiving node must maintain reconciliation
totals for each date that it is receiving.
Each node must support reconciliation dates of the current date, plus the following day. Transactions
with reconciliation dates that do not match one of these two dates may be rejected by the receiving
system.
In the case of bi-lateral links (both acquiring and issuing) separate reconciliation totals must be
maintained for messages sent and for those received i.e., they must not be netted.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.6
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.5.9
Inserted effective
20/04/09
Declined ICC Transactions
For ICC originated Transactions a declined Transaction is any Transaction where the Issuer sends, or
where an ICC responds with, a response within the permitted response time, declining the Transaction
for reasons which may include but are not limited to, PIN errors, account errors and insufficient funds.
Where the Transaction is declined by the ICC (AAC returned), the declined Transaction is not to be
forwarded to the Issuer, except where the merchant chooses to override the Card decision in which
case the fallback indicator “FBKO\” must be included in the 0220 Advice message sent to this Issuer
indicating that the override has occurred.
9.6
Network Management
Network management involves the initial and ensuing dialog between the applications running at both
end of the Interchange Link, which are required to start and maintain the reliable and secure flow of
financial messages. It includes messages to establish and restore communications at the application
layer (session establishment), the exchange of security keys, verification of link status and session
termination by either node.
Network Management Transactions include link Sign On/Off, Key Change Requests as well as link
status (echo) requests.
A Sign On request must precede any other message type on a link and must be immediately followed
with a Key Change Advice.
9.6.1
Sign On Request
A Sign On request is used by a node to request permission from the receiving node to transmit
financial messages. A Sign On is unidirectional and each endpoint is required to Sign On
independently.
A Sign On Request performs proof-of-endpoint processing as described in 9.6.4.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.7
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
A Sign On Request must precede any other message type on a link and, if successful, be immediately
followed by a Key Change Request.
9.6.2
Echo Test
Echo Test Transactions are used by both nodes of a link to ensure that the other node is receiving
messages and responding at an application's level. They do not indicate that the link is available for
use. These Transactions can be sent at any time once session keys have been established, that is
subsequent to a successful Key Change Transaction.
They must be sent where no activity has occurred on the link during the preceding sixty seconds and
the link is in the signed on state.
9.6.3
Key Change Advice
A Key Change Advice is required after each successful Sign On, and subsequently at intervals not
exceeding one hour or the transmission of 256 financial Transactions, to establish the session keys to
be used for MAC generation/verification and PIN encipherment/decipherment as described in 9.6.5.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.8
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.6.4
Sign Off Advice
A Sign Off Advice is used by either node to terminate the transmission of financial messages in both
directions.
9.7
Key Management
This section describes the Interchange key management and exchange process using DEA 3 (128-bit)
KEKs (Key Enciphering Keys) with proof of end-point capability. Reference can be made to AS
2805.6.3 or AS2805.6.6.
9.7.1
Amended
effective 28/9/06
AS 2805 Conformance
Key Management will conform to AS 2805 part 6.1.
9.7.2
Interchange Key Encrypting Keys
Each interchange node will contain an Interchange Send Key Encrypting Key (KEKs) and an
Interchange Receive Key Encrypting Key (KEKr). The Interchange Send KEK will be the same key as
the Interchange Receive KEK in the partnering node, similarly the Interchange Receive KEK will be
the same as the Interchange Send KEK in the partnering node. The manner by which these keys are
generated and installed must be agreed between the partners and employ one of the methods identified
in Appendix A
The Interchange Key Encrypting Keys are used to encipher and decipher the session keys when they
are transmitted between the nodes and in the proof of end points process.
Interchange Key Encrypting Keys shall be statistically unique and shall be changed, at a minimum,
once every two years.
NODE A
NODE B
Interchange Key Encrypting Key, send
(KEKs)
Interchange Key Encrypting Key receive
(KEKr)
9.7.3
=
=
Interchange Key Encrypting Key, receive
(KEKr)
Interchange Key Encrypting Key send
(KEKs)
Session Keys
Each node keeps four sets of session keys, two send sets and two receive sets.
Each set of session keys consists of three keys, MAC Key, PIN Protect Key and optionally a Data
Enciphering Key. Each session key is 128-bits long and stored in a secure manner.
The send session key sets are generated by the sending node and numbered "1" or "2". The send
session key sets are then forwarded to the receiving node to be used as the receive session key sets.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.9
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
The receive session key sets are received in a 0820 Network Management Advice message with bit 070
equal to 101 from the sending node. The set number of either "1" or "2" contained in bit 53 indicates
the receive session key set used by the receiving node to verify the MAC, decipher the data and
translate or verify the PIN.
One set of send session keys is used at a time and all Transactions sent from the sending node will
generate the MAC and encipher the PIN, if present, using the MAC Generator Key and PIN Protect
Key, respectively, from the same send session key set. The send session key set used is indicated by
bit 53 (contains "1" or "2") in each message.
Session Keys must be statistically unique and replaced, at a minimum, once every hour or on every 256
Transactions, whichever occurs first.
The Data Encipherment Key is unused. The Data Encipherment Key may optionally be included in the
Key Change Message (see Network Management Key Change Advice message format (9.10.17) and
9.11.6.
When enciphered for transmission, each session key type will use a unique variant of the Key
Enciphering Key in accordance with AS 2805 part 6.1
NODE A
NODE B
Send Session Keys Set 1
Receive Session Keys Set 1
MAC Key (KMACs1)
=
MAC Verification Key (KMACr1)
PIN Protect key (KPEs1)
=
PIN Protect key (KPEr1)
Data Encipherment Key (KDs1)
=
Data Decipherment Key (KDr1)
Send Session Keys Set 2
Receive Session Keys Set 2
MAC Key (KMACs2)
=
MAC Verification Key (KMACr2)
PIN Protect key (KPEs2)
=
PIN Protect key (KPEr2)
Data Encipherment Key (KDs2)
=
Data Decipherment Key (KDr2)
Receive Session Keys Set 1
Send Session Keys Set 1
MAC Verification Key (KMACr1)
=
MAC Key (KMACs1)
PIN Protect key (KPEr1)
=
PIN Protect key (KPEs1)
Data Decipherment Key (KDr1)
=
Data Encipherment Key (KDs1)
Receive Session Keys Set 2
9.7.4
Send Session Keys Set 2
MAC Verification Key (KMACr2)
=
MAC Key (KMACs2)
PIN Protect key (KPEr2)
=
PIN Protect key (KPEs2)
Data Decipherment Key (KDr2)
=
Data Encipherment Key (KDs2)
Establishing a Link
A link shall be established using the 0800/0810 Network Management Messages with a NMIC of Sign
On (001). Each side must be successfully Signed on before a session can be established.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.10
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
A proof of endpoints check is part of the sign on process.
A Random number (RNs) is generated along with its inverted form (RNr) both are enciphered under
KEKs. The enciphered RNs is forwarded to the interchange partner in Data Element 48 of the logon
request. The enciphered RNr is stored awaiting the logon response.
The interchange partner will, on receipt of the sign on request, generate the inverted form of the
enciphered RNs received (RNr) and return it, enciphered by KEKr, in the sign on response. The
enciphered RNr shall be forwarded in Data Element 48.
On receiving the sign on response, the enciphered RNr in the message is compared with the stored
version of enciphered RNr. If the two values match, proof of endpoints is established.
Following these messages the key change messages establish the current session keys. Then, and only
then, can other Transactions be processed.
Following is an example of the message flow to establish a link showing the key set used. The terms
"send" and "receive" are from Node A's viewpoint.
NODE A
0800 (Sign On)
NODE B
0810 (Sign On Reply)
0800 (Sign On)
0810 (Sign On Reply)
0820 (Key Change, Send Set 1)
0830 (Key Change Reply)
0830 (Key Change Reply)
0820 (Key Change, Receive Set 1)
0210 (Send set 1 keys)
etc.
9.7.5
0200 (Receive set 1 keys)
etc.
Changing Session Keys
The method of session key changes is detailed below.
While one set of send session keys is being used, the other send session key set is randomly generated
by the sending node and their KVCs generated, the keys are then enciphered under the Interchange
Send KEK and transmitted to the receiving node in a 0820 Network Management Advice message.
When a 0820 message is received by the receiving node, the session keys are deciphered using the
Interchange Receive KEK. These deciphered keys are set up as the set of receive keys specified by the
set number contained in bit 53 of the 0820 message. The Key Verification Codes (KVCs) are
calculated by the receiving node and transmitted to the sending node in bit 48 of the 0830 message.
When the 0830 Network Management Advice response message is received at the node initiating the
key change, the KVCs contained in the 0830 message are validated. If the KVCs are correct, the new
send session key set can be used immediately. If the KVCs are invalid, new send session key set must
be generated and the whole process is repeated.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.11
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.7.6
Sign Off
Either node may terminate the transmission of financial messages by sending a Sign Off Advice. A
Sign Off is accomplished by the transmission of a Network Management Advice Message with a
Network Management Information Code equal to 002.
9.7.7
Key Change During Normal Processing
A session key change can occur at any time; each node independently initiates the change of their send
keys. The sender will advise their sending session keys to the receiver using a 0820 Network
Management Advice message with a NMIC for key change (101). Once a valid response (0830
message) is received and the KVCs confirmed, the new keys can be used.
9.8
Time Out Parameters
Link timeouts will conform to Part 2.2.
9.9
Link Reconciliation
Link Reconciliation will be effected by the receipt of a Reconciliation Advice Message initiated by a
link end-point, typically the Acquirer, once in every 24-hour period. This message contains the
sender's totals (counts and the value if appropriate) of Financial and other Transactions that have
occurred on the link since the previous Link Reconciliation.
The Receiving party, typically the Issuer, acknowledges the Advice by sending a “0530”
Reconciliation Advice Response message that contains its own totals of the Transactions that it has
received in the settlement period.
9.9.1
Link Reconciliation Requirements
Link Reconciliation shall comply to the following;
(a)
Only 0520/0521 reconciliation advice messages and 0530 reconciliation response messages
shall be used in the reconciliation process.
(b)
Only one reconciliation advice message per logical interchange shall be sent by the Acquirer or
intermediate network node, every calendar day.
(c)
The reconciliation advice message shall contain all the totals for that link.
(d)
The transmission of the reconciliation advice message shall indicate the end of the
reconciliation period for that Acquirer or intermediate network facility.
(e)
The reconciliation messages shall not be used as the sole basis of financial settlement.
(f)
Field 15, Date Settlement usage shall be as follows;
the Acquirer, or intermediate network facility, is responsible for setting this field for all
Transactions being forwarded and may change the value of the field in order to forward a
Transaction. All Transactions (requests and advices) shall contain a Date Settlement
field value greater than that contained in previous reconciliation advice messages across
that link. The Acquirer or intermediate network facility, may start sending financial
messages with the following day's Date Settlement before closing the current
reconciliation period.
the institution receiving a message may reject a Transaction if the Date Settlement field
contains a date prior to the current reconciliation date.
all repeat Transactions shall contain the same settlement date as their original
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
(unrepeated) Transactions.
9.10
(g)
The reconciliation advice messages may be placed in a store and forward file with the aim of
sending all previous advice messages with the appropriate date prior to sending the
reconciliation message.
(h)
To ensure that all Transactions are completed prior to sending the reconciliation advice
message, the reconciliation advice message should not be formatted nor sent for at least the time
of the timeout period and preferably for at least two minutes, after the link settlement date has
changed for a link (cutover).
(i)
Where two related Transactions (e.g., an original request and its reversal or a pre-authorization
and its completion advice) are transmitted either side of cutover time, the two Transactions shall
contain different dates in their Date, settlement fields.
(j)
Advice messages should be added to the settlement totals only once, when they are first sent.
(k)
Reversal messages should be added to the settlement totals only when the original Transaction
has also been added.
Link Settlement Times
Link Reconciliation, for the day of reconciliation shall be effected on or by 22:00 hours, or other such
time as may be mutually agreed.
9.11
Message Formats
Full specifications for the messages and fields described herein are to be found in AS 2805 part 2. The
specifications and requirements of AS 2805 part 2 are taken to apply unless specified otherwise in this
Part 9.
The presence of a mandatory field is indicated by the letter ‘M’ in the right most columns in the
following tables. Conditional fields are indicated by the letter ‘C’ and optional fields by the letter "O".
9.11.1
0100 Authorisation Request Message
BIT
DESCRIPTION
ATTRIB
COMMENTS
-----
Message Type
Bit Map Primary
n
b
4
64
003
Processing Code
n
6
‘0100’
Digits 1&2 =
Digits 3&4 =
‘00’ for Pre-authorisation,
‘10’ if from Savings A/C,
M
‘20’ if from Cheque A/C,
Digits 5&6 =
‘00’.
004
Amount Transaction
n
12
Amount in format ‘$$$$$$$$$$cc’.
M
007
Transmission Date &
Time
n
10
Sender's message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit No.
n
6
A number assigned by the Card acceptor that
uniquely identifies a Transaction at a Terminal
for at least one calendar day and remains
unchanged for the life of the Transaction.
M
012
Time, Local Transaction
n
6
DEVICE Time in the format ‘HHMMSS’.
M
013
Date, Local Transaction
n
4
DEVICE Date in the format ‘MMDD’.
M
Australian Payments Clearing Association Limited
Inserted (re-instated)
effective 9/02/07
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.13
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
DESCRIPTION
ATTRIB
BIT
015
Date, Settlement
n
4
Acquirer’s Reconciliation Date having
the format ‘MMDD’.
M
018
Merchant’s Type
n
4
Merchant Category Code see AS 2805
part 16
M
022
POS Entry Mode
n
3
Permissible values
Amended effective
27.04.11
Last amended
effective 20/04/09
‘021’ - Magnetic Stripe with PIN Entry
capability, or
023
Card Sequence
Number
n
3
025
POS Condition Code
n
2
032
033
035
Acquiring Institution
Identification Code
n
Forwarding
Institution
Identification Code
n
Track 2 Data
z
..11
..11
..37
‘051’ – Integrated Circuit Card with PIN
Entry capability, or
‘071’ – Contactless Integrated Circuit
Card with PIN entry capability.
If available, this data should be included
A limited subset of the codes provided in
AS 2805 part 2 is supported. See clause
9.12.3
042
Retrieval Reference
Number
an
12
Card Acceptor
Identification Code
ans
Card Acceptor Name/
Location
ans
Additional Data,
National
ans
Additional Data
Private
ans
052
PIN Data
b
64
053
Security Related
Control Information
N
16
055
Integrated Circuit
Card related data
b
…999
064
Message
Authentication Code
b
64
043
047
048
15
40
…999
…999
C3
M
Amended effective
27.04.11
M
The IIN of the Acquirer or intermediate
network node if one is present. See
9.12.4 for usage of this field
C
Card Track 2 data field having the
format:
Last amended
effective 20/04/09
M5
Reference number supplied by the Card
acceptor, that remains unchanged for the
life of the Transaction, for example the
STAN plus transmission time, formatted
as SSSSSSHHMMSS
M
A code uniquely identifying a Merchant
location (see AS 2805 part 2, E3.3 and
appendix F)
M
DEVICE location description, formatted
as described in clause E6 of AS 2805 part
2.
M
Terminal Capability Code (see AS 2805
part 2, 4.4.25.21 and conditionally Card
Check value see Appendix C.
Acquiring DEVICE State Code – ‘n’.
Refer clause 9.12.8
PIN encrypted by the PIN Session key.
‘0000000000000001’ if Key Set 1 used,
‘0000000000000002’ if Key Set 2 used.
Last amended
effective 20/04/09
M
O
C2
Last amended
effective 20/04/09
M
See clause 9.12.11 for the required
contents of this field.
C4
MAC of all previous fields generated
with the Sender’s MAC Session key.
M
Australian Payments Clearing Association Limited
Last amended
effective 20/04/09
Amended effective
27.04.11
The Acquirer's, Issuer identification
number (IIN) issued by ISO through
Standards Australia. (see AS 2805 part 2,
clause 4.4.6)
‘LLTrack2 data’ where ‘LL’ is the data
length.
037
M
Last amended
effective 20/04/09
Inserted (re-instated)
effective 9/02/07
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.14
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Notes:
1.
9.11.2
This message is used in support of the Pre-authorization Transaction in unattended
environments e.g., fuel pumps and card phones. Manual entry of Card details is not
supported.
2.
Required for magnetic-stripe originated Transactions if field 035 present (Card swiped). Not
required for ICC originated Transactions if the 'off-line PIN validated by the Card' CVM was
used.
3.
From TAG 5F34 for ICC originated Transactions.
4.
Not required for magnetic-stripe originated or Phase 1 EMV Transactions.
5.
From TAG 57 for ICC originated Transactions.
Inserted effective
20/04/09
0110 Authorisation Request Response Message
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
003
Processing Code
n
3
004
Amount Transaction
n
007
Transmission Date &
Time
011
‘0110’
Echoed from the Financial Transaction Request
(‘0100’) message.
M
12
Issuer approved Transaction limit.
M3
n
10
Sender’s Message Date & Time in format
‘MMDDhhmmss’
M
Systems Trace Audit
Number
n
6
Echoed from the Financial Transaction Request
(‘0100’) message.
M
015
Date, Settlement
n
4
Echoed from the Financial Transaction Request
(‘0100’) message
M
032
Acquiring Institution
Identification Code
n
..11
Echoed from the Financial Transaction Request
(‘0100’) message.
M
033
Forwarding Institution
Identification Code
n
..11
The IIN of the Issuer or intermediate network
node if one is present. See 9.12.4 for usage of
this field
C1
038
Authorisation id
Response
an
6
An Issuer assigned code indicating approval.
C2
039
Response Code
an
2
‘00’ = approved, for other values refer to
Response Codes Table.
M
041
Card Acceptor Terminal
ID
ans
8
Echoed from the Financial Transaction Request
(‘0100’) message.
M
042
Card Acceptor
Identification Code
ans
15
Echoed from the Financial Transaction Request
(‘0100’) message.
M
047
Additional Data,
National
ans
…999
Card Check Value response code, see appendix C
and AS 2805 part 2, clause 4.4.25.3.
C
053
Security Related
Control Information
n
055
Integrated Circuit Card
related data
b
…999
064
Message Authentication
Code
b
64
16
‘0000000000000001’ if Key Set 1 used,
‘0000000000000002’ if Key Set 2 used.
Amended effective
27.04.11
M
See clause 9.12.11 for the required contents of
this field.
O4
MAC of all previous fields generated with the
Sender’s MAC Session key.
M
Australian Payments Clearing Association Limited
Last amended
effective 20/04/09
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.15
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Notes:
9.11.3
1.
Required if field present in associated 0100 Request message
2.
Required if request approved, may be omitted otherwise.
3.
Must contain zeroes if request is not approved.
4.
Not required for magnetic-stripe originated or Phase 1 EMV Transactions or where not provided
by the Issuer.
Inserted effective
20/04/09
0200 Financial Transaction Request Message
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
002
Primary Account
Number
n
..19
Processing Code
n
003
‘0200’
PAN having the format:
‘LLPAN data’ where ‘LL’ is the data length
6
C1
Transaction (Digits 1&2) =
‘00’ for Goods & Services
‘01‘ for Cash Withdrawal
‘09’ for Goods & Services with Cash
‘20’ for Refund of Goods & Services
‘21’ for Deposits
‘31’ for Balance Enquiry
Source Account (Digits 3&4) =
‘00’ if sub-field unused,
‘10’ if from Savings A/C,
‘20’ if from Cheque A/C,
‘30’ if from a Credit facility10.
M
Destination Account (Digits 5&6) =
‘00’ if sub-field unused,
‘10’ if to Savings A/C,
‘20’ if to Cheque A/C,
‘30’ if to a Credit facility10.
Last amended
effective 03/03/09
Last amended
effective 03/03/09
See AS 2805 part 2, clause 4.4.11, only the
mentioned codes are supported.
004
Amount, Transaction
N
12
Total Amount in format $$$$$$$$$$cc
M7
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
No.
n
6
A number assigned by the Card acceptor that
uniquely identifies a Transaction at a Terminal
for at least one calendar day and remains
unchanged for the life of the Transaction.
M
012
Time, Local
Transaction
n
6
DEVICE Time in the format ‘HHMMSS’.
013
Date, Local Transaction
n
4
DEVICE Date in the format ‘MMDD’.
014
Expiry Date
n
4
Last amended
effective 03/03/09
M
M
‘YYMM’, Card expiry date
Where the PAN is manually entered and the data
unavailable, this field may be omitted.
C2
015
Date, Settlement
n
4
Acquirer’s Business Date having the format
‘MMDD’
M
018
Merchant’s Type
n
4
Merchant Category Code see AS 2805 part 16
M
Australian Payments Clearing Association Limited
Amended effective
27.04.11
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.16
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
DESCRIPTION
022
POS Entry Mode
ATTRIB
n
COMMENTS
3
Last amended
effective 20/04/09
‘012’ - Manually entered with no PIN Entry
capability, or
‘021’ - Magnetic Stripe with PIN Entry, or
‘051’ – Integrated Circuit Card with PIN Entry
capability, or
M
‘071’ – Contactless ICC with PIN Entry
capability.
023
Card Sequence Number
n
3
If available, this data should be included
C11
025
POS Condition Code
n
3
A limited subset of the codes provided in AS
2805 part 2 is supported. See clause 9.12.3
M
028
Amount, Transaction
Fee
032
033
035
037
041
X+n8
Acquiring Institution
Identification Code
n
Forwarding Institution
Identification Code
n
Track 2 Data
z
Retrieval Reference
Number
an
..11
..11
..37
12
8
Fee charged by the ATM Operator for the
Transaction activity in the currency of Amount,
Transaction (bit 004)
Last amended
effective 26/08/14
Last amended
effective 03/03/09
C8,9
Amended effective
27.04.11
The Acquirer's, Issuer identification number
(IIN) issued by ISO through Standards Australia.
(see AS 2805 part 2, clause 4.4.6)
M
The IIN of the Acquirer or intermediate network
node if one is present. See 9.12.4 for usage of
this field
C4
Card Track 2 data field having the format:
‘LLTrack2 data’ where ‘LL’ is the data length.
For manually entered Transactions, this field
must not be present.
C1
Reference number supplied by the Card acceptor,
that remains unchanged for the life of the
Transaction, for example the STAN plus
transmission time, formatted as
SSSSSSHHMMSS
M
A unique code identifying the logical Terminal at
the Card acceptor location (see AS 2805 part 2,
E3.4)
M
Card Acceptor Terminal
ID
ans
042
Card Acceptor
Identification Code
ans
15
A code uniquely identifying a Merchant location
(see AS 2805 part 2, E3.3 and appendix F)
M
043
Card Acceptor Name/
Location
ans
40
DEVICE location description, formatted as
described in clause E6 of AS 2805 part 2.
M6
047
Additional Data,
National
ans
…999
Terminal Capability Code (see AS 2805 part 2,
4.4.25.21 and conditionally
Manual Entry Indicator and optionally Card
Check value see Appendix C
4
M5,13
Additional Data Private
ans
See clause 9.12.8
O
052
PIN Data
b
64
PIN encrypted by the PIN Session key.
C3
053
Security Related
Control Information
n
16
‘0000000000000001’ if Key Set 1 used,
055
Integrated Circuit Card
related data
B
…999
057
Amount Cash
n
064
Message Authentication
Code
b
M
See clause 9.12.13 & 9.12.14 for the required
contents of this field.
C12
12
The Cash component of the Transaction, zeroes
otherwise.
M
64
MAC of all previous fields generated with the
Sender’s MAC Session key.
M
Australian Payments Clearing Association Limited
Amended effective
13/04/07
Last amended
effective 20/04/09
048
‘0000000000000002’ if Key Set 2 used.
Last amended
effective 20/04/09
Inserted (reinstated) effective
9/02/07
Last amended
effective 26/08/14
Amended effective
15.8.05
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.17
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Where the Cardholder and Card are present at the time and place of the Transaction, the Card details
should be electronically captured by reading them from the Card or in the case of an IC Card retrieved
from the Card (Tag 57, Track 2 Equivalent Data). In these cases field 35 should contain the Card
information and field 2 must not be present. Additionally, field 52 is required for all Card originated
Transactions except, in the case of ICC Transactions, where the Cardholder verified offline CVM is
used. Where an IC Card is unable to be read, subject to the requirements of 6.2.3.4, the Card details
should be electronically captured by reading them from the Card's magnetic stripe. The magnetic stripe
read is indicated by the value “021” in field 22. Where the Card's magnetic stripe is unable to be read,
subject to the requirements of 6.3.4, the Transaction can be manually entered. The manual entry is
indicated by the value "012" in field 22. In the manual entry case, field 2 should be present and where
available field 14. For manual entry field 35 and 52 must not be present. See Appendices C and F for
details on manually entered Transactions.
Last amended
effective 20/04/09
Notes:
1.
Only one of the fields 002 or 035 must be present.
2.
Required if field 002 present (PAN manually entered).
3.
Required for magnetic-stripe originated Transactions if field 035 present (Card swiped). Not
required for ICC originated Transactions if the 'off-line PIN validated by the Card' CVM was used.
4.
Required field if an intermediate network node (or nodes) exists in the transmission path between
Acquirer and Issuer.
5.
Required for all Card-read Transactions, if the Card is unable to be read refer to Appendix C for
manual entry requirements for magnetic-stripe Cards and Appendix F for ICCs.
6.
Must contain only the words “Medicare Benefit” if a refund Transaction is being used to make a
Medicare Claim Refund – refer to clause 6.2.2A.
7.
For ATM Transactions, the amount shown in this field shall be exclusive of any ATM Operator
Fee, that is, it will represent the amount anticipated to be dispensed to the Cardholder.
8.
The 'X' portion must contain 'D' to indicate that the fee is due the Acquirer.
9.
If this field is included in a message, but no direct charge is to apply, then the n8 component of the
field must be set to zero.
Last amended
effective 20/04/09
Last amended
effective 20/04/09
Last amended
effective 13/04/07
Inserted effective
03/03/09
10. Recommended for ATM Transactions to/from a Credit facility. For example cash advances from a
credit card account.
11. From TAG 5F34 for ICC originated Transactions.
12. Not required for Deposit, Refund, magnetic-stripe originated and Phase 1 EMV Transactions.
Inserted effective
20/04/09
13. The population of field 47 is only mandatory subsequent to the interchange link being upgraded to
support EMV processing.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.18
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.11.4
0210 Financial Transaction Request Response Message
BIT
DESCRIPTION
---
Message Type
--003
ATTRIB
COMMENTS
n
4
Bit Map Primary
b
64
Processing Code
n
6
Echoed from the Financial Transaction Request
(‘0200’) message.
M
004
Amount Transaction
n
12
Echoed from the Financial Transaction Request
(‘0200’) message.
M
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
Echoed from the Financial Transaction Request
(‘0200’) message.
M
015
Date, Settlement
n
4
Echoed from the Financial Transaction Request
(‘0200’) message.
M
028
Amount, Transaction
Fee
X+n8
Echoed from the Financial Transaction Request
(0200) message
C
032
Acquiring Institution
Identification Code
n
..11
Echoed from the Financial Transaction Request
(‘0200’) message.
M
033
Forwarding Institution
Identification Code
n
..11
The IIN of the Issuer or intermediate network
node if one is present. See 9.12.4 for usage of
this field
C1
039
Response Code
an
2
‘00’ = approved, for other values refer to
Response Codes Table.
M
041
Card Acceptor Terminal
ID
ans
8
Echoed from the Financial Transaction Request
(‘0200’) message.
M
042
Card Acceptor
Identification Code
ans
15
Echoed from the Financial Transaction Request
(‘0200’) message.
M
047
Additional Data,
National
ans
…999
Card Check Value response code, see appendix C
and AS 2805-2, clauses 4.4.25.3.
C2
053
Security Related
Control Information
n
055
Integrated Circuit Card
related data
b
…999
057
Amount Cash
n
058
Ledger Balance
n
16
‘0210’
‘0000000000000001’ if Key Set 1 used,
‘0000000000000002’ if Key Set 2 used.
064
Account Balance,
Cleared Funds
n
O4
12
Echoed from the Financial Transaction Request
(‘0200’) message.
M
12
This field has the following format:
Message Authentication
Code
b
12
Last amended
effective 26/08/14
C3
This field has the following format:
‘S$$$$$$$$$cc’ - where ‘S’ = ‘D’ for a Debit
balance and ‘C’ for a Credit balance.
64
Amended effective
27.04.11
M
See clause 9.12.13 & 9.12.14 for the required
contents of this field.
‘S$$$$$$$$$cc’ – where ‘S’ = ‘D’ for a Debit
balance and ‘C’ for a Credit balance.
059
Last amended
effective 03/03/09
MAC of all previous fields generated with the
Sender's MAC Session key.
Australian Payments Clearing Association Limited
C3
M
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.19
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Notes:
9.11.5
1.
Required if field present in associated 0200 Request message.
2.
Optionally required if PAN manually entered and Card Check Value present and sent in the
associated 0200 request message.
3.
Required field for balance enquiries, at Issuer's discretion for other Transactions.
4.
Not required for magnetic-stripe originated Transactions or where not provided by the Issuer.
Inserted effective
20/04/09
0220/0221 Financial Transaction Advice Message
BIT
DESCRIPTION
---
Message Type
n
4
---
Bit Map Primary
b
64
001
Bit Map Secondary
b
64
002
Primary Account
Number
n
..19
Processing Code
n
003
ATTRIB
COMMENTS
‘0220’ - Advice or ‘0221’ - Advice repeat
Required if Data Element 90 is present for partial
dispense processing.
PAN having the format:
‘LLPAN data’ where ‘LL’ is the data length.
6
C
C1
Transaction (Digits 1&2) =
‘00’ for Goods & Services
‘01‘ for Cash Wdl
‘09’ for Goods & Services with Cash
‘20’ for Refund of Goods & Services
‘21’ for Deposits
Source Account (Digits 3&4) =
‘00’ if sub-field unused,
‘10’ if from Savings A/C,
‘20’ if from Cheque A/C,
‘30’ if from a Credit facility7.
M
Destination Account (Digits 5&6) =
‘00’ if sub-field unused,
‘10’ if to Savings A/C,
‘20’ if to Cheque A/C,
‘30’ if to a Credit facility7.
Last amended
effective 03/03/09
Last amended
effective 03/03/09
See AS 2805 part 2, clause 4.4.11, only the
mentioned codes are supported.
004
Amount Transaction
n
12
Amount in format ‘$$$$$$$$$$cc’
M
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
A number assigned by the Card acceptor, or the
Acquirer, that uniquely identifies a Transaction at
a Terminal for at least one calendar day and
remains unchanged for the life of the Transaction.
M
012
Time, Local
Transaction
n
6
DEVICE Time in the format ‘HHMMSS’.
013
Date, Local Transaction
n
4
DEVICE Date in the format ‘MMDD’.
014
Expiry Date
n
4
‘YYMM’, Card expiry date
Where the PAN is manually entered and the data
unavailable, this field may be omitted.
M
M
Inserted (reinstated) effective
9/02/07
C2
015
Date, Settlement
n
4
Acquirer’s Processing Date having the format
‘MMDD’.
M
018
Merchant’s Type
n
4
Merchant Category Code see AS 2805 part 16
M
Australian Payments Clearing Association Limited
Amended effective
27.04.11
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.20
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
022
DESCRIPTION
POS Entry Mode
ATTRIB
n
3
COMMENTS
‘012’ - Manually entered with no PIN Entry
capability, or
Last amended
effective 20/04/09
‘021’ - Magnetic Stripe with PIN Entry, or
‘051’ – Integrated Circuit Card with PIN Entry
capability, or
M
‘071’ – Contactless ICC with PIN Entry
capability
023
Card Sequence Number
N
3
If available, this data should be included
C8
025
POS Condition Code
n
2
A limited subset of the codes provided in AS
2805 part 2 is supported. See clause 9.12.3
M
028
Amount, Transaction
Fee
X+n8
Fee charged by the ATM Operator for the
Transaction activity in the currency of Amount,
Transaction (bit 004)
C6
032
033
035
Acquiring Institution
Identification Code
n
Forwarding Institution
Identification Code
n
Track 2 Data
z
..11
.11
..37
Last amended
effective 20/04/09
Amended effective
27.04.11
Last amended
effective 03/03/09
Amended effective
27.04.11
The Acquirer’s, Issuer identification number
(IIN) issued by ISO through Standards Australia.
(see AS 2805 part 2, clause 4.4.6)
M
The IIN of the Acquirer or intermediate network
node if one is present. See 9.12.4 for usage of
this field
C3
Card Track 2 data field having the format:
‘LLTrack2 data’ where ‘LL’ is the data length.
This data element may mirror the data contained
in the original request or advice message or be
truncated to include only the Primary Account
Number(PAN), Separator, Expiration Date and
Service Code in accordance with the
requirements of the Payment Card Industry (PCI)
Data Security Standard – Version 1.2.
037
038
041
Retrieval Reference
Number
an
Authorisation id
Response
an
Card Acceptor Terminal
ID
ans
12
6
8
nserted effective
31/12/09
C1
Reference number supplied by the Card acceptor,
that remains unchanged for the life of the
Transaction, for example the STAN plus
transmission
time,
formatted
as
SSSSSSHHMMSS
M
Echoed from the associated 0110 Authorisation
Response message if present (pre-authorised
Transaction)
C4
Amended effective
27.04.11
A unique code identifying the logical Terminal at
the Card acceptor location. In accordance with
AS 2805 part 2, E3.4 this field together with the
AIIC and CAIC uniquely identifies a Terminal
within Australia.
M
042
Card Acceptor
Identification Code
ans
15
A code uniquely identifying a Merchant location
(see AS 2805 part 2, E3.3 and appendix F)
M
043
Card Acceptor Name
Location
ans
40
DEVICE location description.
M5
047
Additional Data
National
Ans
…999
048
Additional Data Private
ans
053
Security Related
Control Information
n
4
16
Last amended
effective 26/08/14
Terminal Capability Code (see AS 2805 part 2,
4.4.25.21 and conditionally Electronic Fallback
Indicator and Card Check Value see AS 2805
part 2, clauses 4.4.25.1.11 and 4.4.25.3
M
See clause 9.12.8
O
‘0000000000000001’ if Key Set 1 used,
‘0000000000000002’ if Key Set 2 used.
Australian Payments Clearing Association Limited
Amended
effective 13/04/07
M
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.21
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
055
DESCRIPTION
Integrated Circuit Card
related data
b
ATTRIB
…999
COMMENTS
See clause 9.12.13 & 9.12.14 for the required
contents of this field.
057
Amount Cash
n
12
The Cash component of the Transaction, zeroes
otherwise.
064
Message Authentication
Code
b
64
MAC of all previous fields generated with the
Sender’s MAC Session key.
Mandatory if data element 90 not required,
otherwise excluded.
090
128
Original Data Elements
Message Authentication
Code
n
b
42
64
Required to contain the data elements of the
original Transaction for partial dispense
processing
MAC of all previous fields generated with the
Sender’s MAC Session key.
Mandatory if data element 90 present, otherwise
excluded.
C9
Last amended
effective 26/08/14
M
C
C
C
Where the Cardholder and Card are present at the time and place of the Transaction, the Card details
should be electronically captured by reading them from the Card or in the case of an IC Card, retrieved
from the chip (Tag 57, Track 2 Equivalent Data). In these cases field 35 should contain the Card
information and field 2 must not be present. Where an IC Card is unable to be read, subject to the
requirements of 6.2.3.4, the Card details should be electronically captured by reading them from the
Card’s magnetic stripe. The magnetic stripe read is indicated by the value “021” in field 22. Where the
Card’s magnetic stripe is unable to be read, subject to the requirements of 6.3.4, the Transaction can be
manually entered. The manual entry is indicated by the value “012” in field 22. In the manual entry
case, field 2 should be present and where available field 14. For manual entry field 35 and 52 must not
be present. See Appendices C and F for details on manually entered Transactions.
Last amended
effective 20/04/09
Notes:
1.
Only one of the fields 002 or 035 must be present.
2.
Required if field 002 present (PAN manually entered).
3.
Required field if an intermediate network node (or nodes) exists in the transmission path between
Acquirer and Issuer.
4.
Required if the data is present in the associated 0110 Authorisation Response message.
5.
Must contain only the words “Medicare Benefit” if a refund Transaction is being used to make a
Medicare Claim Refund – refer to clause 6.2.2A.
6.
For an ATM Partial Dispense this field must contain zero ('D000000000000') as no ATM Operator
Fee can be charged for an ATM Partial Dispense.
7.
Recommended for ATM Transactions to/from a Credit facility. For example cash advances from a
credit card account.
8.
From TAG 5F34 for ICC originated Transactions.
9.
Not required for deposit Transactions, Refund Transactions and magnetic-stripe originated and
phase 1 EMV Transactions.
Australian Payments Clearing Association Limited
Inserted effective
13/04/07.
Last amended
effective 03/03/09
Inserted effective
20/04/09
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.22
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.11.6
0230 Financial Transaction Advice Response Message
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
003
Processing Code
n
6
Echoed from the Financial Transaction Advice
(‘0220/0221’) message.
M
004
Amount Transaction
n
12
Echoed from the Financial Transaction Advice
(‘0220/0221’) message.
M
007
Transmission Date &
Time
n
10
Sender’s Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
Echoed from the Financial Transaction Advice
(‘0220/0221’) message.
M
015
Date, Settlement
n
4
Echoed from the Financial Transaction Request
(‘0220/0221’) message.
M
028
Amount, Transaction
Fee
Echoed from the Financial Transaction Advice
(‘0220/0221’) message.
C1
032
Acquiring Institution
Identification Code
n
..11
Echoed from the Financial Transaction Advice
(‘0220/0221’) message.
M
033
Forwarding Institution
Identification Code
n
..11
The IIN of the Issuer or intermediate network
node if one is present. See 9.12.4 for usage of
this field
C1
039
Response Code
an
2
‘00’ = approved, for other values refer to
Response Codes Table.
M
041
Card Acceptor Terminal
ID
ans
8
Echoed from the Financial Transaction Advice
(‘0220/0221’) message.
M
042
Card Acceptor
Identification Code
ans
15
Echoed from the Financial Transaction Advice
(‘0220/0221’) message.
M
053
Security Related
Control Information
n
16
‘0000000000000001’ if Key Set 1 used,
057
Amount Cash
n
12
Echoed from the Financial Transaction Advice
(‘0220/0221’) message.
M
064
Message Authentication
Code
b
64
MAC of all previous fields generated with the
sender’s MAC Session key.
M
X+n8
‘0230’
‘0000000000000002’ if Key Set 2 used.
M
Note:
1.
9.11.7
Last amended
effective 03/03/09
Last amended
effective 20/04/09
Required if field present in associated 0220/0221 messages.
0420/0421 Acquirer Reversal Advice/Repeat Message
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
‘0420’ - Advice or ‘0421’ - Advice repeat
001
Bit Map Secondary
b
64
002
Primary Account
Number
n
..19
003
Processing Code
n
6
Echoed from the request or Advice message.
M
004
Amount Transaction
n
12
Echoed from the request or Advice message.
M
M
PAN having the format:
‘LLPAN data’ where ‘LL’ is the data length.
Australian Payments Clearing Association Limited
C1
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.23
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
007
DESCRIPTION
Transmission Date &
Time
011
ATTRIB
COMMENTS
Sender's Message Date & Time in format
‘MMDDhhmmss’
n
10
Systems Trace Audit
No.
n
6
Echoed from the request or Advice message.
012
Time, Local
Transaction
n
6
DEVICE Time in the format ‘HHMMSS’.
013
Date, Local Transaction
n
4
DEVICE Date in the format ‘MMDD’.
014
Expiry Date
n
4
‘YYMM’
This data element should mirror the data
contained in the original 0100 or 0200.
M
M
M
M
C2
015
Date, Settlement
n
4
Acquirer’s Processing Date having the format
‘MMDD’.
M
022
POS Entry Mode
n
3
Echoed from the request or Advice message.
M
025
POS Condition Code
n
2
A limited subset of the codes provided in AS
2805 part 2 is supported. See clause 9.12.3
M
028
Amount, Transaction
Fee
Echoed from the Request or Advice message but
with X set to 'C'
C3
032
Acquiring Institution
Identification Code
n
Forwarding Institution
Identification Code
n
Track 2 Data
z
033
035
X+n8
..11
..11
..37
The Acquirer's, Issuer identification number (IIN)
issued by ISO through Standards Australia. (see
AS 2805 part 2, clause 4.4.6)
The IIN of the Acquirer or intermediate network
node if one is present. See 9.12.4 for usage of
this field
Amended effective
27.04.11
Last amended
effective 03/03/09
Amended effective
27.04.11
M
Inserted (reinstated) effective
9/02/07
C
Card Track 2 data field having the format:
‘LLTrack 2 data’ where ‘LL’ is the data length.
This data element may mirror the data contained
in the original request or advice message or be
truncated to include the Primary Account
Number(PAN), Separator, Expiration Date and
Service Code in accordance with the
requirements of the Payment Card Industry (PCI)
Data Security Standard – Version 1.2.
037
Retrieval Reference
Number
an
12
Echoed from the request or Advice message.
041
Card Acceptor Terminal
ID
ans
8
Echoed from the request or Advice message.
042
Card Acceptor
Identification Code
ans
15
Echoed from the request or Advice message.
043
Card Acceptor Name
Location
ans
40
Echoed from the request or Advice message.
047
Additional Data
National
ans
…999
Echoed from the request or Advice message.
053
Security Related
Control Information
n
055
Integrated Circuit Card
related data
b
…999
057
Amount Cash
n
12
16
‘0000000000000001’ if Key Set 1 used,
‘0000000000000002’ if Key Set 2 used.
Inserted effective
31/12/09
C1
M
M
M
M
C
M
See clause 9.12.13 & 9.12.14 for the required
contents of this field.
C4
Echoed from the request or Advice message
M
Australian Payments Clearing Association Limited
Last amended
effective 26/08/14
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.24
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
090
DESCRIPTION
Original Data Elements
ATTRIB
n
42
COMMENTS
Original data from the Transaction being
reversed:
a) Message Type - ‘nnnn’,
b) System Trace Audit No. - ‘nnnnnn’,
M
c) Local Date & Time - ‘MMDDhhmmss’,
d) Acquiring Institution - ‘nnnnnnnnnnn’,
e) Forwarding Institution - all zeroes
128
Message Authentication
Code
b
64
MAC of all previous fields generated with the
sender’s MAC Session key.
M
Notes:
1. Only one of the fields 002 or 035 must be present.
2. Required if field 002 present (PAN manually entered).
3. Required if present in the original Request message.
4. Not required for Deposit Transactions, Refund Transactions and magnetic-stripe
originated and Phase 1 EMV Transactions.
9.11.8
Inserted (reinstated) effective
9/02/07
Last amended
effective 20/04/09
0430 Acquirer Reversal Advice Response Message
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
003
Processing Code
n
6
Echoed from the Acquirer Reversal Advice
(‘0420/0421’) message.
M
004
Amount Transaction
n
12
Echoed from the Acquirer Reversal Advice
(‘0420/0421’) message.
M
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
Echoed from the Acquirer Reversal Advice
(‘0420/0421’) message.
M
015
Date, Settlement
n
4
Echoed from the Acquirer Reversal Advice
(‘0420/0421’) message.
M
028
Amount, Transaction
Fee
X+n8
Echoed from the Acquirer Reversal Advice
(‘0420/0421’) message.
032
Acquiring Institution
Identification Code
n
..11
Echoed from the Acquirer Reversal Advice
(‘0420/0421’) message.
M
033
Forwarding Institution
Identification Code
n
..11
The IIN of the intermediate network node if one
is present. See 9.12.4 for usage of this field
C
039
Response Code
an
2
‘00’ = approved, for other values refer to
Response Codes Table.
M
041
Card Acceptor Terminal
ID
ans
8
Echoed from the Acquirer Reversal Advice
(‘0420/0421’) message.
M
042
Card Acceptor
Identification Code
ans
15
Echoed from the Acquirer Reversal Advice
(‘0420/0421’) message.
M
053
Security Related
Control Information
n
16
‘0000000000000001’ if Key Set 1 used,
‘0000000000000002’ if Key Set 2 used.
M
057
Amount Cash
n
12
Echoed from the Acquirer Reversal Advice
(‘0420/0421’) message.
M
064
Message Authentication
Code
b
64
MAC of all previous fields generated with the
sender's MAC Session key.
M
‘0430’
Australian Payments Clearing Association Limited
Last amended
effective 03/03/09
C
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.25
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.11.9
0520/0521 Acquirer Reconciliation Advice/Repeat Message
BIT
DESCRIPTION
---
Message Type
n
4
---
Bit Map Primary
b
64
001
Bit Map Secondary
b
64
007
Transmission Date &
Time
n
10
011
Systems Trace Audit
Number
n
6
Sequential Number managed by the Acquirer
015
Date, Settlement
n
4
Initiator's Processing Date having the format
‘MMDD’ being the date to be reconciled.
032
Acquiring Institution
Identification Code
n
..11
The Initiator's, Issuer identification number (IIN)
issued by ISO through Standards Australia. (see
AS 2805 part 2, clause 4.4.6).
Security Related
Control Information
n
074
Credits Number
n
10
Number of Credit Transactions processed by the
Acquirer since the last Settlement.
M
075
Credit Reversals
Number
n
10
Number of Credit Reversal Transactions
processed by the Acquirer since the last
Settlement.
M
076
Debits Number
n
10
Number of Debit Transactions processed by the
Acquirer since the last Settlement.
M
077
Debit Reversals
Number
n
10
Number of Debit Reversal Transactions
processed by the Acquirer since the last
Settlement.
M
078
Transfers Number
n
10
Not used, must be zeroes
M
079
Transfer Reversals
Number
n
10
Not used, must be zeroes
080
Inquiries Number
n
10
Number
of
Account
Balance
Inquiry
Transactions processed by the Acquirer since the
last Settlement.
M
M
053
ATTRIB
COMMENTS
16
‘0520’ - Advice or ‘0521’ Advice repeat
M
Sender's Message Date & Time in format
‘MMDDhhmmss’
‘0000000000000001’ if Key Set 1 used,
‘0000000000000002’ if Key Set 2 used.
081
Authorisations Number
n
10
Number of Authorisation Transactions processed
by the Acquirer since the last Settlement.
083
Credits, Transaction
Fee Amount
n
12
The sum amount of ATM Operator Fees in all
Authorisation,
Financial
and
Reversal
Transactions where the fee amount is indicated as
a credit.
Debits, Transaction Fee
Amount
n
086
Credits Amount
n
087
Credit Reversals
Amount
n
Debits Amount
n
085
088
12
M
M
M
Amended effective
27.04.11
1
M
M
M
Last amended
effective 03/03/09
C
Last amended
effective 03/03/09
The sum amount of ATM Operator Fees in all
Authorisation,
Financial
and
Reversal
Transactions where the fee amount is indicated as
a debit.
C
16
Total amount of Credit Transactions processed by
the Acquirer since the last Settlement.
M
16
Total amount of Credit Reversal Transactions
processed by the Acquirer since the last
Settlement.
M
Total amount of Debit Transactions processed by
the Acquirer since the last Settlement.
M
16
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.26
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
DESCRIPTION
089
Debit Reversals
Amount
ATTRIB
n
COMMENTS
16
Total amount of Debit Reversal
Transactions processed by the Acquirer
M
Since the last Settlement
097
099
118
119
128
Amount, Net Settlement
x+n
Settlement Institution
Identification Code
n
Cash Total Number
n
Cash Total Amount
Message Authentication
Code
16
..11
10
n
16
b
64
‘X’ is set to ‘D’ if Net Value is a Debit or ‘C’ if
Net value is a Credit, followed by the Net amount
of Debit & Credit Transactions processed by the
Acquirer since the last Settlement.
M2
The Issuer identification number (IIN) of the
intended recipient of the reconciliation advice
message.
M1
Number of Cash Withdrawal Transactions
processed by the Acquirer since the last
Settlement.
M
Total amount of Cash Withdrawal Transactions
processed by the Acquirer since the last
Settlement.
M
MAC of all previous fields generated with the
sender’s MAC Session key.
M
Inserted (reinstated) effective
9/02/07
Note:
9.11.10
1.
Link reconciliation is performed between the nodes specified in fields 032 and 099.
2.
The amount is to be inclusive of ATM Operator Fees and the total Transaction value amount.
Last amended
effective 03/03/09
0530 Acquirer Reconciliation Advice Response Message
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
‘0530’
001
Bit Map Secondary
b
64
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
Echoed from the Acquirer Reconciliation Advice
(‘0520/0521’) message.
M
015
Date, Settlement
n
4
Echoed from the Acquirer Reconciliation Advice
(‘0520/0521’) message.
M
032
Acquiring Institution
Identification Code
n
..11
Echoed from the Acquirer Reconciliation Advice
(‘0520/0521’) message.
M
039
Response Code
an
2
‘00’ = approved, for other values refer to
Response Codes Table.
M
053
Security Related
Control Information
n
16
066
Settlement Code
n
1
‘01’ = In balance, ‘02’ = Out of Balance, ‘03’ =
Error.
M
074
Credits Number
n
10
Number of Credit Transactions processed by the
Issuer for the current reconciliation period.
M
075
Credit Reversals
Number
n
10
Number of Credit Reversal
processed by the Issuer for
reconciliation period.
M
M
‘0000000000000001’ if Key Set 1 used,
‘0000000000000002’ if Key Set 2 used.
Australian Payments Clearing Association Limited
Transactions
the current
M
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.27
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
076
DESCRIPTION
Debits Number
ATTRIB
077
Debit Reversals
Number
078
Transfers Number
n
079
Transfer Reversals
Number
n
080
Inquiries Number
n
10
Number
of
Account
Balance
Inquiry
Transactions processed by the Issuer for the
current reconciliation period.
M
M
n
10
n
10
COMMENTS
Number of Debit Transactions processed by the
Issuer for the current reconciliation period.
Number of Debit Reversal Transactions
processed for the current reconciliation period.
M
10
Not used, must be zeroes
M
10
Not used, must be zeroes
M
081
Authorisations Number
n
10
Number of Authorisation Transactions processed
by the Issuer for the current reconciliation period.
083
Credits, Transaction
Fee Amount
n
12
Total amount, of ATM Operator Fees processed
by the Issuer where the fee amount is indicated as
a credit.
Debits, Transaction Fee
Amount
n
086
Credits Amount
n
087
Credit Reversals
Amount
n
088
Debits Amount
n
089
Debit Reversals
Amount
n
Amount, Net Settlement
x +
n
085
097
12
Total amount of Credit Transactions processed by
the Issuer for the reconciliation period.
M
16
Total amount of Credit Reversal Transactions
processed by the Issuer for the current
reconciliation period.
M
16
Total amount of Debit Transactions processed by
the Issuer for the current reconciliation period.
M
16
Total amount of Debit Reversal Transactions
processed by the Issuer for the current
reconciliation period.
M
‘X’ is set to ‘D’ if Net Value is a Debit or ‘C’ if
Net value is a Credit, followed by the Net amount
of Debit & Credit Transactions processed by the
Issuer for the current reconciliation period.
M
Echoed from the Acquirer Reconciliation Advice
(‘0520/0521’) message.
M
Number of Cash Withdrawal
processed by the Issuer for
reconciliation period.
M
16
..11
118
Cash Total Number
n
10
128
Message Authentication
Code
b
Last amended
effective 03/03/09
16
n
n
O
O
Settlement Institution
Identification Code
Cash Total Amount
Last amended
effective 03/03/09
Total amount, of ATM Operator Fees processed
by the Issuer where the fee amount is indicated as
a debit.
099
119
M
16
64
Transactions
the current
Inserted (reinstated) effective
9/02/07
Total amount of Cash Withdrawal Transactions
processed by the Issuer for the current
reconciliation period.
M
MAC of all previous fields generated with the
sender’s MAC Session key.
M
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.28
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.11.11
0800 Network Management Sign On Request Message
0800 Network Management Sign On Request messages are used to establish or re-establish a link.
Sign On messages are uni-directional and each node must independently Sign On to establish a bidirectional flow of financial messages. Sign On messages require a Sign On Response (0810 with
Data Element 70 equal to 001). A Sign On can be initiated by either node and may be sent at any time.
Sign On messages initiates proof of endpoint processing by sending an enciphered random value in
data element 48.
BIT
DESCRIPTION
---
Message Type
---
ATTRIB
COMMENTS
n
4
b
64
‘0800’
001
Bit Map Secondary
b
64
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
A number assigned by the requestor that uniquely
identifies a Transaction for at least one calendar
day and remains unchanged for the life of the
Transaction.
M
033
Forwarding Institution
Identification Code
n
048
Additional Data Private
ans
..11
…999
M
The IIN of the sending network node.
Enciphered 64-bit random number used for
proof-of-end-point processing.
M
Last amended
effective 9/02/07
M
eKEKsV82(RNs), length 8 bytes
9.11.12
053
Security Related
Control Information
n
16
070
Network Management
Information Code
n
3
100
Receiving Institution
Identification Code
n
..11
KEK identifier. See 9.12.9 for usage of this field.
‘001’ – Sign On.
Inserted effective
9/02/07
O
M
The Issuer identification number (IIN) of the
intended recipient of the Sign On request
message.
M
0810 Network Management Sign On Request Response Message
A Network Management Sign On Response message is sent in response to a Network Management
Sign On Request message (0800 with NMIC equal to 001) to confirm that the link is operational and to
complete proof of endpoint processing.
A sign On Request Response message contains an enciphered random number in data element 48 with
a length of eight bytes.
The random number returned is the inverse of the random number sent in the corresponding Sign On
Request message: RNr = ~RNs
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
001
Bit Map Secondary
b
64
Last amended
effective 9/02/07
‘0810’
Australian Payments Clearing Association Limited
M
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.29
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
007
DESCRIPTION
Transmission Date &
Time
011
ATTRIB
n
10
Systems Trace Audit
Number
n
6
033
Forwarding Institution
Identification Code
n
..11
039
Response Code
an
048
Additional Data Private
ans
COMMENTS
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
Echoed from the Logon/Echo Request (‘0800’)
message.
M
The IIN of the sending node.
usage of this field
M
See 9.12.4 for
2
‘00’ = link operational, for other values refer to
Response Codes Table.
…999
This data element will contain an eight byte,
encrypted random number, created from the
inversion of the random number provided by the
requestor in the Logon request message.
M
Last amended
effective 9/02/07
M
eKEKrV84(RNr)
9.11.13
053
Security Related
Control Information
n
16
070
Network Management
Information Code
n
3
100
Receiving Institution
Identification Code
n
..11
Echoed from the Logon/Echo Request (‘0800’)
message.
‘001’ – Sign On.
Inserted effective
9/02/07
O
M
Echoed from the Logon/Echo Request (‘0800’)
message.
M
0820 Network Management Sign Off Advice Message
0820 Network Management Sign Off Advice messages are used to terminate financial message
processing on a link.
Sign Off messages cause the immediate termination of all request and advice message traffic on a
given link. A Sign Off can be initiated by either node and may be sent at any time.
BIT
DESCRIPTION
---
Message Type
---
ATTRIB
COMMENTS
n
4
b
64
‘0820’
001
Bit Map Secondary
b
64
M
007
Transmission Date &
Time
b
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
b
6
A number assigned by the requesting node that
uniquely identifies a Transaction for at least one
calendar day and remains unchanged for the life
of the Transaction.
M
033
Forwarding Institution
Identification Code
n
..11
The IIN of the sending node.
usage of this field
M
070
Network Management
Information Code
n
3
100
Receiving Institution
Identification Code
n
..11
See 9.12.4 for
‘002’ - Sign Off.
M
The Issuer identification number (IIN) of the
intended recipient of the Sign Off advice
message.
Australian Payments Clearing Association Limited
M
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.30
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.11.14
0830 Network Management Sign Off Advice Response Message
A Network Management Sign Off Advice Response message is sent in response to a Network
Management Sign On Advice message (0820 with NMIC equal to 002) to complete the logical
disconnection of the link.
9.11.15
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
001
Bit Map Secondary
b
64
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
Echoed from the Sign Off Advice (‘0820’)
message.
M
033
Forwarding Institution
Identification Code
n
..11
039
Response Code
an
2
‘00’ = Sign off successful
070
Network Management
Information Code
n
3
‘002’ - Sign Off.
100
Receiving Institution
Identification Code
n
..11
‘0820’
M
The IIN of the sending Node.
M
M
M
Echoed from the Sign Off advice (‘0820’)
message.
M
0800 Network Management Echo Request Message
Network Management Echo Request Messages are sent to confirm link status.
Network Management Echo Request Messages require a Network Management Echo Response (0810
with data element 70 equal to 301).
Echo Requests should be sent after one (1) minute of link inactivity.
BIT
DESCRIPTION
---
Message Type
n
b
64
001
Bit Map Secondary
b
64
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
A number assigned by the requestor that uniquely
identifies a Transaction for at least one calendar
day and remains unchanged for the life of the
Transaction.
M
033
Forwarding Institution
Identification Code
n
..11
The IIN of the sending node.
usage of this field
M
070
Network Management
Information Code
n
3
100
Receiving Institution
Identification Code
n
..11
---
ATTRIB
COMMENTS
4
‘0800’
M
See 9.12.4 for
‘301’ - Echo test
M
The Issuer identification number (IIN) of the
intended recipient of the Echo Request message.
Australian Payments Clearing Association Limited
M
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.31
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.11.16
0810 Network Management Echo Request Response Message
A Network Management Echo Request Response message is sent in response to a Network
Management Echo Request message (0800 with NMIC equal to 301). Successful receipt confirms the
operational status of the link.
9.11.17
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
001
Bit Map Secondary
b
64
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
Echoed from the Logon/Echo Request (‘0800’)
message.
M
033
Forwarding Institution
Identification Code
n
..11
The IIN of the sending node.
usage of this field
M
039
Response Code
an
2
‘00’ = approved, for other values refer to
Response Codes Table.
M
070
Network Management
Information Code
n
3
Echoed from the Logon/Echo Request (‘0800’)
message
M
100
Receiving Institution
Identification Code
n
..11
Echoed from the Logon/Echo Request (‘0800’)
message.
M
‘0810’
M
See 9.12.4 for
0820 Network Management (Key Change) Advice Message
Network Management Advice Messages are used to initiate the replacement of a set of session keys.
A Network Management Key Change Advice message requires a Network Management Key Change
Advice Response message (0830 with NMIC equal to 101)
Each Node shall send a Network Management Key Change Advice message immediately after
successful confirmation of a Sign On request.
Subsequently, while ever a Node remains signed on a Network Management Key Change Advice
message can be sent by either node at any time.
Data Element 48 is used to convey the new session keys enciphered under the interchange send, key
encrypting key (KEKs).
BIT
DESCRIPTION
Message Type
ATTRIB
n
4
COMMENTS
‘0820’
Bit Map Primary
b
64
001
Bit Map Secondary
b
64
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
A number assigned by requestor that uniquely
identifies a Transaction for at least one calendar
day and remains unchanged for the life of the
Transaction.
M
Forwarding Institution
Identification Code
n
The IIN of the sending node.
usage of this field
M
033
..11
M
Australian Payments Clearing Association Limited
See 9.12.4 for
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.32
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.11.18
BIT
048
DESCRIPTION
Additional Data Private
ATTRIB
ans
…999
COMMENTS
This field has two alternative constructions, see
clause 9.12.6
053
Security Related
Control Information
n
16
Key Set identifier. See 9.12.9 for usage of this
field.
070
Network Management
Information Code
n
3
100
Receiving Institution
Identification Code
n
..11
‘101’ – Key Change
M
Last amended
effective 9/02/07
M
M
The Issuer identification number (IIN) of the
intended recipient of the Key Change Advice
message.
M
0830 Network Management Advice (Key Change) Response Message
BIT
DESCRIPTION
ATTRIB
COMMENTS
---
Message Type
n
4
---
Bit Map Primary
b
64
‘0830’
001
Bit Map Secondary
b
64
007
Transmission Date &
Time
n
10
Sender's Message Date & Time in format
‘MMDDhhmmss’
M
011
Systems Trace Audit
Number
n
6
Echoed from the Key Change Advice (‘0820’)
message.
M
033
Forwarding Institution
Identification Code
n
..11
The IIN of the sending node.
usage of this field
M
039
Response Code
an
048
Additional Data Private
ans
M
See 9.12.4 for
2
‘00’ =Keys installed, for other values refer to
Response Codes Table.
…999
This field has two alternative constructions,
dependent on the number of fields that were
present in the request either
A nine byte data element containing the
calculated Key Verification Codes (KVCs) of the
interchange session keys received in the
corresponding 0820 message as follows;
KVC(KMACs) with length of 3 bytes
KVC(KPEs) with length of 3 bytes
KVC(KDs) with length of 3 bytes;
Last amended
effective 9/02/07
M
M
alternatively;
A six byte data element containing the calculated
Key Verification Codes (KVCs) of the
interchange session keys received in the
corresponding 0820 message as follows;
KVC(KMACs) with length of 3 bytes
KVC(KPEs) with length of 3 bytes
Last amended
effective 9/02/07
053
Security Related
Control Information
n
16
Echoed from Key Change Advice (‘0820’)
message.
M
070
Network Management
Information Code
n
..11
Echoed from the Key Change Advice (‘0820’)
message.
M
100
Receiving Institution
Identification Code
n
..11
Echoed from the Key Change Advice (‘0820’)
message
M
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.33
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.11.19
Inserted effective
9/02/07
0820 Network Management (KEK Change) Advice Message
Network Management Advice Messages are used to initiate the replacement of a Key Enciphering Key
(KEK) when Online RSA Key Method is used to change Key Enciphering Keys.
A Network Management KEK Change Advice message requires a Network Management KEK Change
Advice Response message (0830 with NMIC equal to 140).
Each Node shall send a Network Management KEK Change Advice message at least once every 2
years to comply with 2.2.6.2 (ii).
Data Element 112 is used to convey the new Send Key Encipherment Key (KEKs), enciphered under
the Interchange Public Key (IPK) of the recipient, which will have been previously provided to the
sender via a secure channel.
The new KEK may be used after the Network Management Advice Response message (0830) has been
received and the KVC validated.
BIT
DESCRIPTION
----001
007
Message Type
Bit Map Primary
Bit Map Secondary
Transmission Date &
Time
System Trace Audit
Number
n
b
b
n
4
64
64
10
n
6
Forwarding Institution
Identification Code
Security Related
Control Information
Network Management
Information Code
Receiving Institution
Identification Code
n
..11
n
16
n
3
n
..11
Key Management Data
b
011
033
053
070
100
112
9.11.20
ATTRIB
COMMENTS
…999
‘0820’
M
Sender’s Message Date & Time in format
‘MMDDhhmmss’.
A number assigned by the requestor that
uniquely identifies a Transaction for at least
one calendar day and remains unchanged for
the life of the Transaction.
The IIN of the sending node. See 9.12.4 for
usage of this field.
KEK identifier. See 9.12.9 for usage of this
field.
‘140’
The Issuer identification number (IIN) of the
intended recipient of the Key Change Advice
message.
See 9.12.12 for usage of this field.
M
M
M
M
M
M
M
Inserted effective
9/02/07
0830 Network Management (KEK Change) Advice Response Message
A Network Management Advice Response message is sent in response to a Network Management
Advice Request message.
Data Element 112 contains the KVC of the KEK sent in the 0820 request and is used to confirm that it
matches the KVC that was built with the KEK.
BIT
DESCRIPTION
----001
007
Message Type
Bit Map Primary
Bit Map Secondary
Transmission Date &
Time
ATTRIB
n
b
b
n
COMMENTS
4
64
64
10
‘0830’
M
Sender’s Message Date & Time in format
‘MMDDhhmmss’
Australian Payments Clearing Association Limited
M
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.34
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
BIT
011
033
039
053
070
100
112
9.12
DESCRIPTION
System Trace Audit
Number
ATTRIB
n
6
Forwarding Institution
Identification Code
Response Code
n
..11
an
2
Security Related
Control Information
Network Management
Information Code
Receiving Institution
Identification Code
Key Management Data
n
16
n
3
n
..11
b
…999
COMMENTS
A number assigned by the requestor that
uniquely identifies a Transaction for at least
one calendar day and remains unchanged for
the life of the Transaction.
The IIN of the sending node. See 9.12.4 for
usage of this field.
‘00’ = Keys stored. For other values, refer to
Response Codes Table.
Echoed from the KEK Change Advice
(‘0820’) message
‘140’
Echoed from the Key Change Advice (‘0820’)
message
KVC of the KEK sent in the 0820 KEK Change
Advice.
M
M
M
M
M
M
M
Fields
The definitions contained in AS2805 part 2 apply, unless otherwise stated.
9.12.1
Processing Code (field 3)
This field contains a 6-digit processing code constructed from three sub-fields;
1
Positions 1 and 2
Describes the specific Transaction as follows
00 = Purchase
01 = Cash Withdrawal
09 = Combined purchase and Cash out
Amended effective
15.08.05
20 = Refund
31 = Balance Enquiry
2
Positions 3 and 4
Source Account Type
00 = Field unused
10 = Savings Account
20 = Cheque Account
3
Positions 5 and 6
Destination Account Type
00 = Field unused
10 = Savings Account
20 = Cheque Account
Only the above-specified codes may be used.
9.12.2
Merchant's Type (field 18)
This field must contain the code that best describes the Merchant where the Transaction originated.
These codes can be found in the Australian Standard AS 2805 part 16 as Merchant Category Code and
the code selected should be the one that applies to the predominate activity conducted by that
Merchant. It must not be replaced by intermediate systems.
9.12.3
Amended effective
27.04.11
Point of Service Condition Code (field 25)
Only the following codes identified in AS 2805 part 2 may be used:
00 = Normal presentment
04 = Electronic Cash register interface
Amended effective
date 15.8.05
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.35
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
08 = Mail or telephone order
10 = Customer identity verified
41 = Cash Dispensing Machine i.e., an ATM
42 = Electronic Payment Terminal i.e., a POS Terminal
43 = Card Activated Fuel Dispenser
44 = Travel Ticket Vending Machines
9.12.4
Usage of Institution Identification Codes (fields 32, 33)
As described in AS 2805 part 2, clause 4.4.23, the usage of institution identification codes shall be in
accordance with the following table.
For Request or Advice messages
IID
Acquirer to A
Acquiring Institution
A to B
B to C
C to Card Issuer
Remains the same throughout the life of the Transaction
Forwarding Institution
(Acquirer)
A
B
C
A
B
C
(Card Issuer)
Issuer to C
C to B
B to A
A to Acquirer
Receiving Institution
For Response messages
IID
Acquiring Institution
Remains the same throughout the life of the Transaction
Forwarding Institution
(Card Issuer)
C
B
A
C
B
A
(Acquirer)
Receiving Institution
9.12.5
Service Restriction Code (field 40)
Field 40 is not supported.
9.12.6
Additional data private (field 48) for 0820 Key change Advice message
Field 48, within a 0820 Key Change Advice Message is used to transport the new session keys. As the
presence of the data encipherment session key is optional there are two alternative constructions of this
field. Note that the Data Encipherment key is unused in this interchange specification.
Without Data Encipherment Session Key
Data length - ‘032’,
16 byte encrypted MAC Session Key (KMACs),
16 byte encrypted PIN Protect Session Key (KPEs).
With Data Protect Session Key
Data length - '048'
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.36
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.12.7
16 byte encrypted MAC Session Key (KMACs),
16 byte encrypted PIN Protect Session Key (KPEs),
16 byte encrypted Data Encipherment Session Key (KDs, unused, may be zeroes).
Additional data private (field 48) for 0800/0810 Logon Request/Response messages
For Logon Request Messages (0800, NMIC 001), field 48 will contain an enciphered, 8 byte, random
number used for proof-of-end-point processing.
For the response message, this field will contain the enciphered, inverted value of the random number
provided in the request message.
9.12.8
Additional Data Private (field 48) for Financial Messages (01xx, 02xx, 04xx)
For details of this field refer to AS 2805 part 2. Note that many existing Interchanges provide a state code
in this field as follows;
For 01xx, 02xx and 04xx messages, the first byte of this field may contain a single byte state code as
follows:
0
1
2
3
4
5
6
7
8
9
Reserved for future use
Australian Capital Territory
New South Wales
Victoria
Queensland
South Australia
Western Australia
Tasmania
Northern Territory
Reserved for future use
Additional data may follow.
The inclusion of the state code in this field is deprecated and is not recommended for new
Interchanges.
9.12.9
Inserted effective
9/02/07
Security Related Control Information (field 53)
For Sign-on Request Messages (0800, NMIC 001) where Online RSA Key Method is used, field 53
will contain the identifier of the KEK used to generate eKEKsV82(RNs):
‘0000000000000010’ when KEK 1 has been used
‘0000000000000020’ when KEK 2 has been used.
For Key Change Advice Messages (0820, NMIC 101) where Online RSA Key Method is not used,
field 53 will contain the identifier of the interchange session key set being changed:
‘0000000000000001’ when interchange key set 1 is being changed
‘0000000000000002’ when interchange key set 2 is being changed.
For Key Change Advice Messages (0820, NMIC 101) where Online RSA Key Method is used, field 53
will contain the identifier of the KEK used to encipher the interchange session keys and the identifier
of the interchange session key set being changed:
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.37
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
‘0000000000000011’ when KEK 1 has been used and interchange key set 1 is being changed
‘0000000000000012’ when KEK 1 has been used and interchange key set 2 is being changed
‘0000000000000021’ when KEK 2 has been used and interchange key set 1 is being changed
‘0000000000000022’ when KEK 2 has been used and interchange key set 2 is being changed.
For KEK Change Advice Messages (0820, NMIC 140) where Online RSA Key Method is used, field
53 will contain the identifier of the KEK being changed:
‘0000000000000010’ when interchange KEK 1 is being changed
‘0000000000000020’ when interchange KEK 2 is being changed.
9.12.10
Re-numbered
effective 9/02/07
Network management information code (field 70)
The following 3-digit network management information codes shall be used:
Position 1
9.12.11
Positions 2 and 3
0 - System condition
01
Sign on
0 - System condition
02
Sign off
1 - System security
01
Key Change
1 - System security
40
KEK Change
3 - System audit control
01
Echo test
Inserted effective
9/02/07
Re-numbered
effective 9/02/07
Message Authentication Codes (fields 64 and 128)
Message Authentication codes shall be constructed in accordance with AS 2805 part 4.1. The MAC
size shall be 32-bits and stored left justified, right zero filled in the 64-bit field.
9.12.12
Inserted effective
9/02/07
Key Management Data (field 112)
For KEK Change Advice messages (0820, NMIC 140) where Online RSA Key Method is used, field
112 will contain the new KEK enciphered under the receiver’s Interchange Public Key (IPKr) and the
signed hash of the KEK using the sender’s Interchange Secret Key (ISKs).
The length of the field will be dependent of the key lengths of two RSA keys. The format of the field
will be as follows:
Description
Field length
KVC of KEK
KEK enciphered under IPKr
Signed hash of the KEK using ISKs
Size
3 bytes
3 bytes
Size of the modulus of IPKr
Size of the modulus of ISKs
For KEK Change Advice Response messages (0830, NMIC 140) where Online RSA Key Method is
used, field 112 will contain the KVC of the KEK.
Description
Field length
KVC of KEK
9.12.13
Size
3 bytes
3 bytes
EMV (Field 55) POS Messaging
Amended effective
26/08/14
Field 55 shall be formed in accordance with clause 4.4.26 of AS2805 part 2—2007Amdt 2-2008, as a
series of individual data objects, Tag, Length, Value (TLV) encoded as per ISO 7816-6. The order of
the data objects is not important.
Amended effective
27.04.11
Table 9-1 identifies the data elements required for each message type.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.38
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Inserted effective
20/04/09
95
Terminal Verification Result
5
9A
9C
5F2A
9F02
9F03
Transaction Date
Transaction Type
Transaction Currency Code
Amount, Authorised
Amount, Cash out
3
1
2
6
6
82
9F10
Issuer Application Data
9F1A
9F26
9F27
9F33
9F34
9F35
Terminal Country Code
Application Cryptogram
Cryptogram Information Data
Terminal Capabilities
CVM results
Terminal Type
Application Transaction
Counter
Unpredictable Number
9F36
9F37
2
04201
..127
..127
8A
91
Issuer Script Template 1
Issuer Script Template 2
Application Interchange
Profile
Authorisation Response Code
Issuer Authentication Data
0220
71
72
C
O
C
C
C
C
C
C
C
O
O
2
..16
0210
Len
02002
Name
0100
TAG
0110
Message Type
Comment
O
O
O
O
O
O
..32
C
2
8
1
3
3
1
C
C
C
C
C
C
2
C
4
C
Note 3
Note 5
TVR may have
changed in 0420
e.g. Issuer
authentication
failure
Note 4.
Format is Scheme
specific. Reversals
may contain
updated IAD data
ARQC/TC/AAC
Amended
effective
26/08/14
Amended
effective
26/08/14
Table 9-1 Field 55 Data Elements
The table above lists the minimum required data elements for field 55 by message type. Additional
TAGs may be included and shall be passed through interchange if valid.
Notes:
1.
A reversal shall contain the data from the original Transaction.
2.
Field 55 is not required for Deposit and Refund Transactions.
3.
The Authorisation Response Code is the actual response code used by the Issuer in generating the
ARPC cryptogram. Where both TAG 8A and Bit 39 are present, TAG 8A shall have precedence
and shall be passed to the Card unaltered, otherwise a rejection may occur when the ARPC
cryptogram is presented to the Card. In the absence of TAG 8A, Bit 39 may be mapped and
provided to the Card as TAG 8A. In 0220 messages TAG 8A is a Terminal generated value and
must be provided to the Issuer.
4.
Issuer application data. Present if provided by ICC in Generate AC command response.
5.
Required if on-line Issuer authentication performed.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.39
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Inserted effective
26/08/14
EMV (Field 55) ATM Interchanges
Field 55 shall be formed in accordance with clause 4.4.26 of AS2805 part 2—2007Amdt 2-2008, as a
series of individual data objects, Tag, Length, Value (TLV) encoded as per ISO 7816-6. The order of
the data objects is not important.
Len
04201
Name
0220
TAG
0210
Table 9-1 identifies the data elements required for each message type.
M = Mandatory
O = Optional
C = Conditional
02002
9.12.14
Comment
71
Issuer Script Template 1
..127
O
72
Issuer Script Template 2
..127
O
82
Application Interchange Profile
2
8A
Authorisation Response Code
2
O
Note 3
91
Issuer Authentication Data
..16
C
Note 5
95
Terminal Verification Result
5
9A
Transaction Date
3
9C
Transaction Type
1
5F2A
Transaction Currency Code
2
9F02
Amount, Authorised
6
M
M
M
M
M
M
M
M
C
C
M
C
M
C
C
TVR may have changed in
0420 e.g. Issuer
authentication failure
C
C
C
Present if provided
C
Excluding any fees if
applicable
Note 4.
9F10
Issuer Application Data
..32
9F1A
Terminal Country Code
2
9F26
Application Cryptogram
8
9F27
Cryptogram Information Data
1
M
M
C
C
M
M
M
M
Australian Payments Clearing Association Limited
C
Format is Scheme specific.
Reversals may contain
updated IAD data
C
Present if provided
C
C
ARQC/TC/AAC
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.40
Consumer Electronic Clearing System (CS3) CECS MANUAL
9F33
Terminal Capabilities
3
9F34
CVM results
3
9F35
Terminal Type
1
9F36
Application Transaction
Counter
2
9F37
Unpredictable Number
4
M
M
C
C
M
M
M
M
M
M
04201
Len
0220
Name
0210
TAG
02002
Part 9 - Standard Interchange Specification
Comment
C
C
Present if provided
C
14, Unattended, FI
controlled
C
Note 6
C
Table 9-1 Field 55 Data Elements
The table above lists the minimum required data elements for field 55 by message type for ATM
Interchange messages. Additional TAGs may be included and shall be passed through interchange if
valid.
Notes:
1.
A reversal shall contain the data from the original Transaction.
2.
Field 55 is not required for Deposit Transactions.
3.
The Authorisation Response Code is the actual response code used by the Issuer in generating the
ARPC cryptogram. Where both TAG 8A and Bit 39 are present, TAG 8A shall have precedence
and shall be passed to the Card unaltered, otherwise a rejection may occur when the ARPC
cryptogram is presented to the Card. In the absence of TAG 8A, Bit 39 may be mapped and
provided to the Card as TAG 8A. In 0220 messages TAG 8A is a Terminal generated value and
must be provided to the Issuer.
4.
Issuer application data. Present if provided by ICC in Generate AC command response.
5.
Required if on-line Issuer authentication is to be performed.
6.
The Issuer host may receive duplicate ATC values for each authorization when the previous
authorization request resulted in an online PIN failure. Issuers should consider not automatically
declining transactions solely due to this condition as an indication of fraudulent activity.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.41
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
9.13
Response Codes
9.13.1
Response Codes Table
CODE
MEANING
ACTION
00
Transaction approved or request completed
successfully
Complete - approved Transaction
01
Refer to Card Issuer
Decline Transaction
04
Pick up Card
Decline Transaction, retain Card
05
Do not Honour
Decline Transaction
06
Error
Decline Transaction
08
Honour with signature
Approve after signature validation
12
Invalid Transaction
Decline Transaction
13
Invalid Amount
Decline Transaction
14
Invalid Card Number
Decline Transaction
15
No such Issuer
Decline Transaction
19
Re-enter Transaction
Decline Transaction - retry
21
No action taken
Unmatched reversal processing
30
Format Error
Decline Transaction
31
Bank not supported by switch
Decline Transaction
33
Expired Card
Decline Transaction, retain Card
34
Suspected fraud
Decline Transaction, retain Card
36
Restricted Card
Decline Transaction, retain Card
38
Allowable PIN tries exceeded
Decline Transaction, retain Card
40
Requested Function Not supported
Decline Transaction
41
Lost Card
Decline Transaction, retain Card
43
Stolen Card
Decline Transaction, retain Card
44
No Investment account
Decline Transaction
51
Not sufficient funds
Decline Transaction
52
No Cheque account
Account requested not attached -declined
53
No Savings account
Account requested not attached -declined
54
Expired Card
Decline Transaction
55
Invalid PIN
Decline Transaction, Request PIN again
56
No Card record
Decline Transaction
57
Transaction not permitted to Cardholder
Decline Transaction
58
Transaction not permitted to Terminal
Decline Transaction
61
Exceeds withdrawal amount limits
Decline Transaction
64
Original amount incorrect
Decline Transaction
65
Exceeds Withdrawal Frequency Limit
Decline Transaction
67
Hot Card
Decline Transaction, retain Card
91
Issuer not available
Decline Transaction
92
Financial Institution/Intermediate network not
found for routing.
Decline Transaction
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.42
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
CODE
9.13.2
MEANING
ACTION
94
Duplicate transmission
Decline Transaction
95
Reconcile error
96
System malfunction
Decline Transaction
97
Settlement date advanced by 1 and totals
reset. Accompanied by ‘1’ totals in balance
or ‘2’ (totals out of balance) in Bit 66
settlement Code
Complete - approved Transaction
98
MAC error
Decline Transaction. Request Key change
Permitted Response Codes
0
1
1
0
0
2
1
0
0
2
3
0
0
4
3
0
0
5
3
0
0
8
1
0
0
8
3
0
Successful
00
Refer to Card Issuer
01
Pick up Card
04
Do not honour
05
Error
06
Honour with signature
08
Invalid Transaction
12
Invalid Amount
13
Invalid Card number
14
No such Issuer
15
Re-enter Transaction
19
No action taken(unmatched reversal)
21
Format error
30
Bank not supported by switch
31
Expired Card
33
Suspected fraud
34
Restricted Card
36
Allowable PIN retries exceeded
38
Requested function not supported
40
Lost Card
41
Stolen Card
43
No investment account
44
Not sufficient funds
51
No cheque account
52
No savings account
53
Expired Card
54
Invalid PIN
55
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.43
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
0
1
1
0
0
2
1
0
0
2
3
0
0
4
3
0
0
5
3
0
0
8
1
0
0
8
3
0
No Card record
56
Transaction not permitted to Cardholder
57
Transaction not permitted to Terminal
58
Exceeds withdrawal amount limits
61
Original amount incorrect
64
Exceeds withdrawal frequency limit
65
Hot Card
67
Issuer not available
91
No route
92
Duplicate transmission
94
Reconcile Error
95
System malfunction
96
Settlement Date advanced
97
MAC error
98
The next page is 9A.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E229 issued as CS3/r&p/001.14
9.44
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix A - KEK Establishment
APPENDIX 9A KEK ESTABLISHMENT
A.1
Introduction
The security of Interchange is critically dependent on the secure installation of the Interchange Key
Exchange Keys. It is critically important that safe, sound and secure practices be adopted for the
generation, handling, transport, storage and installation of interchange Key Encrypting Keys.
The initial establishment of Key Encrypting Keys shall employ one of the methods identified in this
appendix.
For those members employing APCA standard Security Control Modules (for example Eracom APCA
SCM 2000, or Thales), where RSA functionality exists, and the Native RSA initialisation method is
preferred.
A.2
AS2805.6.6 method
Inserted
Effective 28/9/06
This Interchange key initialisation process employs a RSA key pair generated internally by the Security
Control Module (SCM).
Inserted
Effective 28/9/06
With this method each SCM has a set of pre-generated RSA key pairs.
The key exchange procedure is the following:
A.3
Partners exchange (via a secure channel1) their public RSA keys (IPK) and the associated
verification codes;
Each partner authenticates and installs the partner’s IPK;
Key management proceeds in accordance with the requirements of AS2805 part 6.6.
Renumbered,
effective 28/9/06
Native RSA key method
This Interchange key initialisation process employs a RSA key pair generated internally by the Security
Control Module (SCM).
With this method each SCM has a set of pre-generated RSA key pairs.
When generated on request, the Interchange Key Encrypting Key (KEKs) is signed by the native
private key2 and encrypted by the partner’s public key. In this signed and encrypted format, the
Interchange KEKs will be sent to the partner where it will be translated into the form required by the
application (that is by encryption under the KM). For the receiving partner it will become KEK
Receive.
The key exchange procedure is the following:
Partners exchange (via a secure channel3) their public RSA keys. This is a prerequisite to generate
KEKs. The format of the data for the exchange of the public key uses three lines of text:
Last amended
effective 9/02/07
1 In the absence of a secure email channel, authenticity of public keys should be achieved by some other means, for example by verifying the
corresponding PVC-s through a different communication channel, such as telephone or facsimile.
2 Actually the hash of the key is signed.
3 In the absence of a secure email channel, authenticity of public keys should be achieved by some other means, for example by verifying the
corresponding PVC-s through a different communication channel, such as telephone or facsimile.
Australian Payments Clearing Association Limited
9A.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix A - KEK Establishment
1 – the public key modulus;
2 – the public key exponent; and
3 – the public key verification code (PVC).
Inserted effective
9/02/07
(Note that the ASCII hex presentation of data applies.)
Inserted effective
9/02/07
The PVC will be mutually confirmed over the telephone by the key exchange representatives;
Inserted effective
9/02/07
Each partner generates their KEK Send, that is cryptographically protected under RSA;
Each partner submits the protected KEK Send to the Interchange partner (typically by secure
email). The format of the data for the exchange of the KEK uses three lines of text:
Last amended
effective 9/02/07
1 – the signed hash;
2 – the encrypted KEK; and
3 – the key verification code (KVC).
Inserted effective
9/02/07
(Note that the ASCII hex presentation of data applies.)
Inserted effective
9/02/07
The KVC will be mutually confirmed over the telephone by the key exchange representatives.
Inserted effective
9/02/07
The received KEK becomes KEK Receive. KEK Receive is translated from encryption/signing
under RSA(s) to encryption under KM for local key database storage;
Both KEK Send and KEK Receive are stored in the required location in the key database; ensuring
that the corresponding KEK KVC matches on both sides;
The interchange is re-started using the new Interchange KEK keys.
The corresponding SCM functions are: C500 GETPUBLIC, C600 NODEKEKSEND, C610
NODEKEKREC.
Advantages
This method does not require any specific update/integration on the application part. i.e., the use of
RSA is completely transparent to the application and therefore all Interchange parties can exchange
keys through this method without any proprietary changes to their native application (as long as they
have the required functions in their SCM).
There is significant current experience with this method more so than with the other two random KEK
methods - this method has proved to be very efficient and reliable in practice.
Disadvantages
The main operational disadvantage is the dependency upon a particular (“dedicated”) security device.
In a generic case there is no guarantee that the used RSA key pair, from a particular SCM device, has
not changed since the last key exchange, e.g., if the device was reset or a new device installed.
Therefore the interchange key (KEK) change process requires exchange of RSA keys every time. For
this reason this method is currently implemented as an off-line process and as such it is not
recommended for automation.
A.4
Renumbered,
effective 28/9/06
KTK Method
This method relies on a transport 3DES key that is provided to the SCMs of both Interchange partners
and used to encrypt the Interchange KEKs. For key loading, KTK will typically be presented in
multiple XOR key components and each partner will contribute to its construction supplying at least
one component.
Australian Payments Clearing Association Limited
9A.2
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix A - KEK Establishment
In the APCA SCM specification SCMs, the functions used are D501 KEKGEN-6.3 and D502
KEKREC-6.3.
When generated on request, the Interchange key (KEK Send) is encrypted under the KTK and
submitted to the partner where it needs to be translated into the form required by the application
(encryption under the KM). For the receiving partner it will become KEK Receive.
The key exchange procedure is the following:
Each interchange partner generates at least one KTK component and submits it through a secure
channel to the corresponding Interchange partner for loading into an SCM;
KTK is loaded by each partner;
The KVCs are verified;
Each partner generates their KEK Send, that is cryptographically protected under KTK;
Each partner submits the protected (encrypted) KEK Send to the partner (typically by secure
email);
The received KEK becomes KEK Receive. KEK Receive is translated from encryption under
KTK to encryption under KM for local key database storage;
Both KEK Send and KEK Receive are stored in the required location in the key database; ensuring
that the corresponding KVC matches on both sides;
The interchange is re-started using the new Interchange keys.
Advantages
For parties that can not support RSA keys either functionally or by security policy, this is a simple
reliable ‘traditional’ approach. Its impact to the application design is the same as for the RSA native
method, i.e., either method may be used transparently to the application as long as the SCM interface
utility supports the corresponding SCM calls.
Disadvantages
The clear KTK components must be securely exchanged between the partners and also loaded into the
SCMs through a ‘secure key entry process’. They also must be securely stored e.g., in a safe. All these
operational support requirements increase the operational cost of this method and security risks (of staff
collusion, negligence, etc.).
A.5
Renumbered,
effective 28/9/06
KEK Component Method
This method is a ‘traditional’ method of the interchange key initialisation and as such is supported by
older Security Control Module designs. It is still maintained by many interchange partners and in
particular by many smaller organizations.
This method does not involve use of initial keys such as RSA or KTK but is based on direct manual
storage of 3DES interchange keys in the SCM devices, therefore the interchange keys (KEKs) in this
method are generated externally and are loaded into the device in components. The key material
requires a secure key loading procedure and also secure storage of the key components.
This method is included for ‘backward compatibility’ and for a fallback situation.
Australian Payments Clearing Association Limited
9A.3
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix A - KEK Establishment
The key exchange procedure is the following:
The partners generate interchange keys in at least two XOR components and exchange paper
components using a secure channel;
The keys are loaded into the SCM device under dual control - the corresponding KVCs are noted
for verification; the keys may also be encrypted under the KM for storage in the key data base.
The partners confirm the KVCs;
The paper components are stored in the secure storage (e.g., safes under dual control);
Afterwards, the KEKs are ready for use.
Advantages
This method is still in wide spread use across the industry. For this reason and because of its manual
handling nature, it is a good fallback solution.
The next page is 9B.1
Australian Payments Clearing Association Limited
9A.4
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix B - Electronic Fallback
CONFIDENTIAL
Deleted effective 19.02.13
APPENDIX 9B ELECTRONIC FALLBACK [Deleted]
The next page is 9C.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
9B.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
CONFIDENTIAL
Part 9 - Standard Interchange Specification
Appendix C - Manual Key Entry On Faulty Magnetic-Stripe Card Reads
Deleted effective 19.02.13
APPENDIX 9C MANUAL KEY ENTRY ON FAULTY MAGNETIC-STRIPE CARD READS [Deleted]
The next page is 9D.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
9C.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix D - Communications Philosophy
APPENDIX 9D COMMUNICATIONS PHILOSOPHY
There are a number of statements which together may be seen as encapsulating the philosophy for
communications between any two Interchange parties.
A.
A communications link will be maintained between the two interchange nodes for testing purposes. This
link will remain in place indefinitely after testing the initial implementation to enable bilateral testing of
modifications and enhancements.
B.
Sufficient lines will be provided between the parties production sites such that, should any single line
become inoperative, the remaining lines will be able to carry the anticipated peak load of Interchange
Transactions at that time.
C.
The parties will seek to have production Interchange line connected by alternative routes to minimise the
impact of single communication network failures.
D.
The parties will regularly ensure that each Interchange Link installed is operational, so that the loss of one
Interchange Link will not cause a total loss of service.
E
Triple DES, line encryption shall be used across all production lines.
The next page is 9E.1
Australian Payments Clearing Association Limited
9D.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix E - Interchange Bitmap
APPENDIX 9E INTERCHANGE BITMAP
0
1
0
0
0
1
1
0
0
2
0
0
0
2
1
0
0
2
2
X
0
2
3
0
0
4
2
X
0
4
3
0
0
5
2
X
0
5
3
0
0
8
0
0
0
8
1
0
0
8
2
0
0
8
3
0
1
2
3
4
7
11
12
13
14
15
18
22
23
25
28
32
33
35
37
38
39
41
42
43
47
48
52
53
C
M
M
M
M
M
M
C
M
M
M
C
M
M
C
M
M
M
M
M
C
O
C
M
M
M
M
M
M
C
C
M
M
M
C
C
M
M
M
M
M
M
C
M
M
M
C
M
M
C
C
M
M
M
M
C
O
C
M
M
M
M
M
M
C
M
M
M
M
C
C
C
M
M
M
M
M
M
C
M
M
M
C
M
M
C
C
M
M
M
M
M
C
O
M
M
M
M
M
M
C
M
M
M
M
C
M
M
M
M
M
M
C
M
M
M
C
C
M
M
M
M
C
O
M
M
M
M
M
M
C
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
C
C
57
58
59
64
66
70
M
M
M
M
M
C
C
M
M
C
M
M
M
M
M
M
M
M
M
M
74
75
76
77
78
79
80
81
83
85
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
B
I
T
Bit Map Extended
Primary Account Number
Processing Code
Amount, Transaction
Transmission Date & Time
System Trace Audit Number
Time, local Transaction
Date, local Transaction
Date, expiry
Date, settlement
Merchant’s type
POS Entry Mode
Card Sequence Number
POS Condition Code
Amount, Transaction Fee
Acquiring Institution ID code
Forwarding Institution ID code
Track 2 data
Retrieval Reference Number
Authorisation ID Response
Response Code
Card Acceptor Terminal ID
Card Acceptor ID Code
Card Acceptor Name/Location
Additional Data - National
Additional Data - private
PIN Data
Security Related Control
Information
Amount Cash
Ledger Balance
Account Balance, cleared funds
Mac
Settlement Code
Network management
Information Code
Credits, Number
Credit Reversals, number
Debits, Number
Debit Reversals, Number
Transfers, Number
Transfer Reversals, Number
Inquiries, Number
Authorisations, Number
Credits, Transaction Fee Amount
Debits, Transaction Fee Amount
Australian Payments Clearing Association Limited
9E.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix E - Interchange Bitmap
Credits, Amount
Credit Reversals, Amount
Debits, Amount
Debit Reversals, Amount
Original Data Elements
Amount, Net Settlement
Settlement Institution ID Code
Receiving Institution ID Code
Cash, Total Number
Cash, Total Amount
MAC
B
I
T
0
1
0
0
0
1
1
0
0
2
0
0
0
2
1
0
0
2
2
X
0
2
3
0
0
4
2
X
0
4
3
0
0
5
2
X
0
5
3
0
0
8
0
0
0
8
1
0
0
8
2
0
0
8
3
0
86
87
88
89
90
97
99
100
118
119
128
C
C
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
M
This table specifies fixed formats for all messages. "M" signifies that a data element is mandatory, “C” signifies
that it is conditional, while "" signifies that it is not permitted. Optional data elements are signified by the
letter "O".
The next page is 9F.1
Australian Payments Clearing Association Limited
9E.2
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
CONFIDENTIAL
Part 9 - Standard Interchange Specification
Appendix F - Manual Key Entry On Faulty ICC Card Reads
Deleted effective 19.02.13
APPENDIX 9F MANUAL KEY ENTRY ON FAULTY ICC CARD READS [Deleted]
The next page is 9G.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E227 issued as CS3/r&p/002.12
9F.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix G – Technology Fallback
CONFIDENTIAL
Inserted effective 20/04/08
APPENDIX 9G TECHNOLOGY FALLBACK
G.1
Introduction
The next page is 9H.1
Australian Payments Clearing Association Limited
9G.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 9 - Standard Interchange Specification
Appendix H – Fallback of ICC Declined Transactions
CONFIDENTIAL
Inserted effective 20/04/08
APPENDIX 9H FALLBACK OF ICC DECLINED TRANSACTIONS
H.1
Introduction
The next page is 10.1
Australian Payments Clearing Association Limited
9H.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 10 - Settlement
PART 10 SETTLEMENT
This Part 10 binds all CECS Members in relation to payment instructions cleared through CECS.
The Company will require a Non-Member Acquirer that wishes to arrange for Non-Member Certification under
Part 2 to confirm that its settlement procedures comply with the requirements of this Part 10.
10.1
General Principles
Value settlement for Transactions processed through an Interchange Link will be performed on each
business day in accordance with this Part 10.
10.2
Agreed Cut-off Time
The settlement cut-off time for value Transactions processed through an Interchange Link is to be
bilaterally agreed between the respective Issuers and Acquirers. Cut-off times may be agreed
bilaterally to be varied from time to time, but Interchange parties must be given at least one month’s
notice of a proposed change.
10.3
Interchange Settlement Reports
10.3.1
Requirement to Produce Interchange Settlement Reports
Amended effective
13/08/12
On each business day, each CECS Member must produce an Interchange Settlement Report which
details the total number and amount of value Transactions processed through its Interchanges, as at the
agreed cut-off times.
The settlement figure derived from the Interchange Settlement Report is to be incorporated in the
separate File Settlement Instructions to be submitted by:
(a)
each Acquirer, in respect of each Counterparty, and
(b)
by each Lead Institution, in respect of each counterparty for scheme advised net settlement
obligations,
which are required to effect CECS settlement.
10.3.2
RITS Low Value Settlement Service Contact – Settlement Issues
Last amended
effective 13/08/12
e-mail Fax
Reserve Bank of Australia
Primary
RITS Help Desk
[email protected]
10.4
Procedures
10.4.1
Fallback Procedures
Phone
(02) 9551 8063
1800 659 360
Value for Fallback Transactions will be obtained using a direct remittance drawing, warrant or other
mutually agreed means.
Australian Payments Clearing Association Limited
10.1
[ABN 12 055 136 519]
Amendment No. E226 issued as CS3/r&p/001.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 10 - Settlement
10.4.2
Amended effective
13/08/12
CECS Members may Provisionally Reconcile Obligations
CECS Members may bilaterally agree to provisionally reconcile their settlement obligations with
counterparties prior to submission of File Settlement Instructions via the RITS Low Value Settlement
Service. Each institution will, if bilaterally agreed, exchange its Interchange Settlement Report with its
Counterparty, reconcile the settlement figures, and immediately advise the other institution if the
figures cannot be reconciled.
If CECS Members are unable, or fail, to reconcile settlement positions prior to the final cut-off for
provision of settlement instructions via the RITS Low Value Settlement Service, then the parties may
bilaterally agree to withhold submission of a File Settlement Instruction until settlement figures are
reconciled.
Each Originator and Counterparty must ensure that its settlement data is recorded accurately by:
10.4.3
(a)
reviewing settlement figures in RITS before the institution leaves each evening; and
(b)
ensuring that the settlement figure in RITS match the settlement amount set out in the File
Settlement Instruction submitted by Originators via the RITS Low Value Settlement Service.
Amended effective
13/08/12
Obligation to Submit File Settlement Instructions to LVSS
Each Acquirer direct settler (for itself and each party on whose behalf it settles) must submit a File
Settlement Instruction specifying the net amount owed to it by, or payable to, each Counterparty,
calculated by reference to the Transaction amounts referable to that Counterparty in the daily
Interchange Settlement Report. Where the acquirer would normally expect a non-zero amount to be
referable to a Counterparty, but the amount in the Interchange Settlement Report is zero, the Acquirer
must submit a $0 File Settlement Instruction via the RITS Low Value Settlement Service.
Each Lead Institution must submit a File Settlement Instruction in respect of each counterparty for
scheme-advised net settlement obligations.
The final cut-off time for submission of File Settlement Instructions to the RITS Low Value Settlement
Service is 4.00 am/est/esst. All Acquirer direct settlers and Lead Institutions must endeavour to submit
all File Settlement Instructions to the RITS Low Value Settlement Service by 4.00 am on the day
following each business day.
Note: see clause 10.5.6 regarding the obligation to submit File Settlement Instructions for Transactions
processed on a weekend or public holiday.
All valid File Settlement Instructions submitted by CECS Members via the RITS Low Value
Settlement will be held for Nine AM (9am) Settlement on the settlement date, unless the Originator and
Counterparty bilaterally agree to earlier individual settlement or earlier multilateral settlement, if
permitted by the rules governing the RITS.
10.4.4
Last amended
effective 13/08/12
Settlement of Non-CECS Items
Subject to Regulation 8A.8 and the regulations and procedures governing any other Clearing System,
an Originator may also submit a File Settlement Instruction for value settlement amounts which relate
to payment instructions which are exchanged between CECS Members but which payment instructions
are not Items exchanged in CECS.
Australian Payments Clearing Association Limited
10.2
[ABN 12 055 136 519]
Amendment No. E226 issued as CS3/r&p/001.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 10 - Settlement
If such value settlement amounts for payment instructions which are exchanged between CECS
Members but which are not Items are incorporated into a File Settlement Instruction with respect to
Items exchanged in CECS, then settlement of such amounts must be performed in accordance with the
provisions of the Regulations and this CECS Manual (including without limitation any provisions
applicable when an FTS Event occurs as though those payment instructions are Items exchanged in
CECS).
10.4.5
Inserted effective
13/08/12
Rejection of File Settlement Instructions
In the event that a File Settlement Instruction is rejected by the RITS Low Value Settlement Service,
the Originator must promptly review and rectify all defects in the original File Settlement Instruction
and submit a revised File Settlement Instruction. The Originator may notify its counterparty, by its
LVSS Contact, of the estimated timing of submission of the revised File Settlement Instruction.
10.4.6
Inserted effective
13/08/12
Obligation to Monitor Accruing Settlement Obligation
Each Originator and Counterparty must monitor its accruing settlement obligations in the RITS Low
Value Settlement Service in the period prior to settlement. In the event a Counterparty disputes any
value or reference to a number of Transactions in an unsettled File Settlement Instruction submitted by
the Originator of that instruction, it will promptly notify the Originator, by its LVSS Contact, and the
provisions of clause 10.5 will apply.
10.4.7
Inserted effective
13/08/12
Recalling File Settlement Instructions
Subject to the rules governing RITS, an Originator may recall any File Settlement Instruction using a
File Recall Instruction.
If an Originator submits a File Recall Instruction in respect of a particular File Settlement Instruction, it
will promptly notify the relevant LVSS Contact of the Counterparty, and advise the reason for the
recall. The Originator must promptly identify the defect or error in the original File Settlement
Instruction, or otherwise address the reason for the recall. The Originator must promptly submit a new
File Settlement Instruction via the RITS Low Value Settlement Service if a new instruction is required.
10.4.8
Amended effective
13/08/12
Carry-over
In the event that an Originator is unable to submit a File Settlement Instruction to the RITS Low Value
Settlement Service by the final cut-off time, the parties may bilaterally agree that settlement will be
carried over to the next business day.
Settlement for Transactions that have occurred on a Friday will be effected on the following bank
business day, usually Monday. All Transactions processed after cut-off on Friday evening up until
settlement cut-off on the following Monday evening will be settled on the following bank business day.
If a public holiday occurs on a Monday, settlement for Friday’s Transaction will be effected on the
following Tuesday, and settlement for Transactions processed on the Saturday, Sunday, Monday and
Tuesday are effected on the following Wednesday morning.
Note: Refer to clause 10.5.6 of the CECS Manual for variation to normal settlement due to a public
holiday or a weekend.
Australian Payments Clearing Association Limited
10.3
[ABN 12 055 136 519]
Amendment No. E226 issued as CS3/r&p/001.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 10 - Settlement
10.5
Disputed Amounts
Amended effective
13.08.12
10.5.1
Resolution of Disputed Amounts
Amended effective
13.08.12
Subject to the rules governing the RITS Low Value Settlement Service, if at any time prior to
settlement, a Counterparty disputes any value or amount within a File Settlement Instruction submitted
by an Originator, it will promptly notify the Originator. The Originator must review the disputed File
Settlement Instruction and, if it identifies any error, promptly:
(a)
submit a File Recall Instruction to recall that particular File Settlement Instruction; and
(b)
submit a corrected File Settlement Instruction if required.
If for any reason the Originator is unable to recall a File Settlement Instruction in respect of which an
error is identified, the error is to be rectified after settlement using the adjustment mechanism set out in
clause 10.5.2.
If the Originator does not admit any error, and the parties are unable to resolve the dispute by 6.00am
Sydney time, then settlement will proceed as follows:
(c)
if the Originator owes a settlement obligation to the Counterparty under the disputed File
Settlement Instruction, settlement will proceed on the basis of that instruction; and
(d)
if the Counterparty owes a settlement obligation to the Originator under the disputed File
Settlement Instruction, the Counterparty may settle, or defer settlement of, the obligation in
accordance with the rules and requirements of the RITS Low Value Settlement Service.
In either case, the parties will co-operate in good faith to resolve the dispute expeditiously and settle for
the reconciled obligation immediately following resolution. To facilitate resolution, the Originator
must supply the following Transaction details within 5 business days:
The following text is confidential
Suitable records are to be maintained by each institution to record such discrepancies.
(Contact details for resolution of discrepancies are at the extranet site https://extranet.apca.com.au/).
This provision applies without prejudice to the right of any party to invoke the dispute resolution
procedures in Part 12 of the Regulations.
10.5.2
Amended
13.08.12
Adjustments to Settlement Amounts
All adjustments to settlement amounts caused by any error, whether identified prior to settlement or
after settlement, must be accounted for in the manner set out in this clause 10.5.2.
For each erroneous amount which is an Error of Magnitude, the Originator or Counterparty, whichever
first locates the error must notify the other immediately the details of the error are known. Once an
error is agreed by both CECS Members an adjustment (including interest calculated in accordance with
clause 10.5.7) must be effected as follows:
(a)
where the error is not an Error of Magnitude, adjusting payments may be made by including
amounts on a File Settlement Instruction;
Australian Payments Clearing Association Limited
10.4
[ABN 12 055 136 519]
Amendment No. E226 issued as CS3/r&p/001.12
effective
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 10 - Settlement
(b)
10.5.3
where the error is an Error of Magnitude institutions' treasury areas will need to be informed by
their clearings areas of the size of the error. Treasury areas will then settle the adjustment in
ESA funds (see clause 10.5.7). The transfer of ESA funds will be a treasury-based ESA Cash
transfer on RITS.
LVSS Data Available to Institutions
Last amended
effective 13/08/12
Each CECS Member will be able to view the following information in RITS:
10.5.4
(a)
its final multilateral net position, based on the aggregate values of all submitted File Settlement
Instructions, for CECS;
(b)
for 9am Settlement, interest adjustment transactions for clearing system interest accrued in
CECS over the previous day; and
(c)
after computing and making adjustments for (on a multilateral net basis) the cross Clearing
System national settlement position for that CECS Member as a consequence of its participation
in the Consumer Electronic Clearing System (CS3) and any other Clearing System operating on
a multilateral settlement basis (including but not limited to the High Value Clearing System
(CS4) if that system is settling on a multilateral basis in fallback mode because settlements
cannot occur in real time as a result of some contingency), its final net allocated cross Clearing
System settlement figure. On the day of deemed notification the CECS Member must settle its
final net allocated cross Clearing System settlement figure.
Amended effective
13/08/12
Back-up
The RITS Low Value Settlement Service will have full redundancy back-up.
10.5.5
Amended effective
13/08/12
Disabling Events
Procedures in a disabling event will be determined in consultation with the institutions concerned, the
Reserve Bank of Australia, and the Company, and will depend on the particular circumstances.
10.5.6
Amended effective
13/08/12
Variation to Normal Settlement
Settlement of payment obligations incurred in CECS will be effected in RITS on each business day.
Subject to the following, Acquirers and Lead Institutions must provide File Settlement Instructions to
the RITS Low Value Settlement Service on every day that Transactions are processed. For
Transactions processed after cut-off on Friday, Saturday, Sunday or a day which is a public holiday in
both Sydney and Melbourne, institutions must:
(a)
submit separate File Settlement Instructions for each of those days, or a single File Settlement
Instruction for all of those days, covering those Transactions, via the RITS Low Value
Settlement Service, by 4.00am est on the day following the next business day in Sydney or
Melbourne or both: and
(b)
settle for those figures on the second business day after the transactions are processed.
Clearing system interest will be calculated separately for each day’s exchanges.
Note: Refer to clause 10.4.8 for an example of a variation to settlement due to a public holiday or a
weekend.
Australian Payments Clearing Association Limited
10.5
[ABN 12 055 136 519]
Amendment No. E226 issued as CS3/r&p/001.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 10 - Settlement
10.5.7
Amended effective
13/08/12
Interest Adjustment
Where settlement in respect of any exchange of any Item is (for whatever reason) effected on a day
other than the day on which that Item is exchanged for value, the Originator of the File Settlement
Instruction in which that Item is included and the Counterparty concerned will make an adjustment of
interest in respect of that Item between them.
That interest adjustment is to be calculated at the interest rate (termed the “ESR” by the Reserve Bank
of Australia) payable by the Reserve Bank of Australia on overnight credit balances of Exchange
Settlement Accounts held with the Reserve Bank of Australia.
The RITS Low Value Settlement Service will display the net balance owing to or by each institution for
each day on which settlement figures are despatched, and display the interest on the net balance owing
for the number of days elapsed until the day of settlement using the ESR applicable to each of these
days during that period.
Each CECS Member acknowledges that:
(a)
(b)
10.5.8
if a settlement obligation is included in the Nine AM (9am) Settlement, RITS will:
(i.)
calculate the interest on the net position between the CECS Member direct settler for the
number of days elapsed between the value date of the exchange of the Item and the day
of settlement using the ESR applicable to each of the days during that period; and
(ii.)
automatically generate interest adjustment transactions for the settlement of clearing
interest obligations between each CECS Member direct settler and its Counterparties.
These interest adjustment entries will be incorporated into the Nine AM (9am) Settlement
for each CECS Member; and
if the settlement obligation is not included in the Nine AM (9am) Settlement, an adjustment for
interest is to be made between the parties concerned by RITS cash transfer, or as bilaterally
agreed.
Amended effective
13/08/12
Settlement Contact Points
The telephone and facsimile numbers to be used to contact the Reserve Bank of Australia and the
settlement contact points for each CECS Member are specified at https://extranet.apca.com.au/
Institutions must notify the Reserve Bank of Australia and the Company of any changes in its
settlement contact point (including a temporary change) at least one business day prior to the change.
Each institution is solely responsible for the consequences of any failure by it to notify the Reserve
Bank of Australia of any change to its settlement contact point in accordance with this clause.
Respective institutions’ contacts for settlement figures are also found at https://extranet.apca.com.au/
10.6
Amended effective
13/08/12
RITS Low Value Settlement Service
The RITS Low Value Settlement Service facility must be used to submit File Settlement Instructions,
File Recall Instructions and to receive responses and advices which Issuers and Acquirers have elected
to receive. Each Acquirer and Lead Institution must establish and maintain contingency arrangements
to ensure that File Settlement Instructions and, if necessary, File Recall Instructions, can be manually
submitted in RITS during any type of contingency event.
Australian Payments Clearing Association Limited
10.6
[ABN 12 055 136 519]
Amendment No. E226 issued as CS3/r&p/001.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 10 - Settlement
In the event that member user access to RITS is unavailable such that RITS Low Value Settlement
Service instructions cannot be entered, viewed or managed, then affected institutions must immediately
contact the RITS Help Desk by telephone and request assistance, and otherwise comply with the
requirements set out in the LVSS BCP Arrangements.
As soon as an applicant is advised by the Secretary that its application for CECS membership, as an
Acquirer and direct settler, has been accepted it must contact the RITS Help Desk to arrange testing
and implementation of its functional connectivity to the RITS Low Value Settlement Service. The
business rules and technical specifications for the RITS Low Value Settlement Service and the LVSS
BCP Arrangements can be accessed via links on the Company’s extranet.
The specifications for the RITS Low Value Settlement Service can be accessed via a link on the
Company’s extranet.
The next page is 10A.1
Australian Payments Clearing Association Limited
10.7
[ABN 12 055 136 519]
Amendment No. E226 issued as CS3/r&p/001.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 10 - Settlement
Appendix A - Exchange Summary Report
CONFIDENTIAL
Deleted effective 13/08/12
APPENDIX 10A [Deleted]
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E226 issued as CS3/r&p/001.12
10A.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 10 - Settlement
Appendix B - Interchange Settlement Report
CONFIDENTIAL
APPENDIX 10B INTERCHANGE SETTLEMENT REPORT
The next page is 11.1
Australian Payments Clearing Association Limited
10B.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 11 – ATM Direct Charging Rules
Inserted effective 03/03/09
PART 11 ATM DIRECT CHARGING RULES
This Part 11 contains the rules and standards that must be followed by:
-
Acquirers who acquire Transactions involving an ATM Operator Fee; and
-
Issuers who have agreed to engage in Interchange with an Acquirer with respect to such ATM Transactions.
The ATM Access Code (www.atmaccesscode.com.au) also contains provisions applicable to ATM Transactions
and, in particular, obliges its subscribers to engage in ATM Interchange Activities in accordance with (amongst
other things) this Part 11 and other applicable provisions of the CECS Manual.
11.1
General Principles
From the ATM Direct Charging Date Acquirers may charge an ATM Operator Fee if they comply
with:
(a) this Part 11 and, in particular, the obligation to disclose to the Cardholder the amount of the ATM
Operator Fee at a time that allows him or her to cancel the Transaction without incurring the ATM
Operator Fee (or any other fee); and
(b) any other applicable provisions in the CECS Manual.
For the avoidance of doubt this Part 11 has no application to ‘on-us’ ATM Transactions.
11.2
Amount and Variation of the ATM Operator Fee and Declines
This Part 11 does not in any way restrict:
(a) the amount of the ATM Operator Fee that an Acquirer may charge a Cardholder;
(b) the right of an Acquirer to vary the amount of its ATM Operator Fees; or
(c) the right of an Issuer to decline an ATM Transaction.
11.3
When Cardholders may be charged an ATM Operator Fee
11.3.1
Cash Withdrawal and Balance Inquiries
Acquirers may charge Cardholders an ATM Operator Fee for a Cash Withdrawal or a Balance Inquiry.
11.3.2
When an ATM Operator Fee may not be charged
No ATM Operator Fee may be charged if:
(a) a Cash Withdrawal or a Balance Inquiry is declined by the Issuer;
(b) a Cash Withdrawal results in a Partial Dispense; or
(c) a Cash Withdrawal or a Balance Inquiry is not completed successfully.
Australian Payments Clearing Association Limited
11.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 11 – ATM Direct Charging Rules
Inserted effective 03/03/09
11.4
Disclosure Rules
11.4.1
On Screen
The Cardholder must be advised of any ATM Operator Fee that will apply to a Cash Withdrawal or
Balance Inquiry. This advice must:
(a) be given on the ATM Screen as early as possible in the Transaction sequence;
(b) clearly and unambiguously display the ATM Operator Fee at a time that allows the Cardholder to
cancel the requested Cash Withdrawal or Balance Inquiry without incurring the ATM Operator
Fee or any other fee;
(c) comply with the following minimum requirements:
inform the Cardholder the he or she will be charged the ATM Operator Fee if he or she
proceeds with the Transaction;
display the amount of the ATM Operator Fee that will be charged (Note: the display must
show the amount of the fee in dollars and cents. Displaying a percentage value of the
Transaction amount is not permitted);
display the entity responsible for managing Cardholder enquiries concerning the ATM
Operator Fee (not the Issuer) including contact details, which must take the form of a
contact number or URL;
state that the Issuer may also charge the Cardholder a fee;
indicate how to CANCEL the Transaction; and
indicate how to ACCEPT the ATM Operator Fee and proceed with the Transaction; and
(d) if a Cardholder performs more than one ATM Transaction in a single session then the
requirements in (a), (b) and (c) above must be complied with for each ATM Transaction in respect
of which the Cardholder will be charged an ATM Operator Fee.
(Note: each Acquirer should consider the GST law and how it may apply to ATM Operator Fees.
Whether or not an ATM Operator Fee is being levied by an Authorised Deposit Taking Institution may
be a relevant consideration.)
For example:
If you continue with this transaction, you will be charged
$X.XX
by the [institution responsible for the transaction and contact
number or url]
Your card Issuer may also
charge you a fee for using this ATM
To continue please press here
To cancel please press here
Continue
Cancel
Australian Payments Clearing Association Limited
11.2
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 11 – ATM Direct Charging Rules
Inserted effective 03/03/09
11.4.2
Record of Transaction
If the Cardholder elects to receive a Record of Transaction (that is, a receipt) then the Record of
Transaction must comply with the following minimum requirements (in addition to those specified in
clause 5.8):
(a) the ATM Operator Fee must be itemised as a discrete item and not be bundled together with any
withdrawal amount;
(b) the ATM Operator Fee must be described as an “ATM Operator Fee” or similar; and
(c) the recipient of the ATM Operator Fee or the entity responsible for managing Cardholder enquires
regarding the fee (that is either the Acquirer or the ATM Deployer) must be displayed, including
contact details, which must take the form of a contact number or URL.
For example:
TRANSACTION RECORD
DATE:
xx/xx/xx
TIME
xx:xx
TERMINAL
ATMXXXX
Card Number 501233*******123
Seq. Number 000123
Withdrawal
$XXX.xx
ATM Operator Fee
Available Balance
Current Balance
$X.xx
$XXX.xx
$XXX.xx
Thank you for using “ACQUIRER NAME”
Please contact us at www.ACQUIRER
NAME.com.au or 1800 123 321
11.5
Message Flow
11.5.1
Cash Withdrawal
The ATM Operator Fee is to be contained in bit 28 as an 'X + n8' field of the Financial Transaction
Request and Response messages (see AS 2805 -2:2007 clause 4.4.5). The 'X' portion of the fee data
element will contain a 'D' to indicate that the fee is due the Acquirer. Standard, error free, message flow
is illustrated below.
Acquirer
Issuer
0200 Transaction
Request
bit 4 = transaction amount
bit 28 = fee as D$$$cc
bit 57 = requested amount
0210 Transaction
Response
bit 4 = transaction amount
bit 28 = fee as D$$$cc
bit 57 = requested amount
Response Code = Approve
Australian Payments Clearing Association Limited
11.3
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 11 – ATM Direct Charging Rules
Inserted effective 03/03/09
11.5.2
Declined Transactions
No fees are to be levied on failed or declined Transactions. In the case of a decline, bit 28 will contain
(as an echo) the fee amount from the Transaction request message, acquirers must take care that such
fees are not accumulated. The message flow is illustrated below.
Acquirer
Issuer
0200 Transaction
Request
bit 4 = transaction amount
bit 28 = fee as D$$$cc
bit 57 = requested amount
0210 Transaction
Response
bit 4 = transaction amount
bit 28 = fee as D$$$cc
bit 57 = requested amount
Response Code = Decline
11.5.3
Partial Dispense and Fees
The operation of a Partial Dispense is illustrated below. The essential features are:
(a) The Acquirer will initiate an 0420 Reversal Advice Message with bits 4 (Amount, Transaction)
and bit 57 (Amount, cash) identical to the 0200 Request message. Bit 28 (Amount, Transaction
Fee) will be identical to the same field in the request message but with the indicator digit 'X' set to
'C' for credit.
In the subsequent Transaction Advice message, bit 4 and 57 will contain identical amounts and be
equal to the actual amount dispensed by the ATM. In the Transaction Advice message bit 28 must be
set to zero ('D000000000000') as no ATM Operator Fee is applicable in this case (see clause 11.3(b)
above).
Australian Payments Clearing Association Limited
11.4
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 11 – ATM Direct Charging Rules
Inserted effective 03/03/09
Acquirer
Issuer
0200 Transaction
Request
bit 4 = transaction amount
bit 28 = fee as D$$$cc
bit 57 = requested amount
0210 Transaction
Response
bit 4 = transaction amount
bit 28 = fee as D$$$cc
bit 57 = requested amount
Requested Amount less
X
Adds Fee to Debits,
Transaction Fee Amount
0420 Reversal
Advice
bit 4 = transaction amount
bit 28 = fee as C$$$cc
bit 57 = requested amount
0430 Reversal
Response
bit 4 = transaction amount
bit 28 = fee as C$$$cc
bit 57 = requested amount
0220 Transaction
Advice
Adds Fee to Credits,
Transaction Fee Amount
bit 4 = Dispensed amount
bit 28 = fee as D0000
bit 57 = Dispensed amount
0230 Transaction
Advice Response
bit 4 = Dispensed amount
bit 28 = fee as D0000
bit 57 = Dispensed amount
11.5.4
Balance Inquiries
ATM Operator Fees may be levied on Balance Inquiries. To prevent the ATM Operator Fee
overdrawing the account Issuers may, in cases where this could occur, decline the Transaction
(response code = 51 – insufficient funds).
The balance returned must reflect the impact of the ATM Operator Fee.
The inclusion of an ATM Operator Fee converts a Balance Inquiry Transaction to a financial
Transaction (previously a non-financial Transaction) as such the fee value must be included in daily
Interchange Settlement Reports.
Acquirers must ensure that full reversal processing is available on Balance Inquiries. Bit 28 of the 0420
message shall contain the same value as in the 0200 message but with the indicator 'X' set to 'C'
indicating the value is owed to the Issuer.
Australian Payments Clearing Association Limited
11.5
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 11 – ATM Direct Charging Rules
Inserted effective 03/03/09
Acquirer
Issuer
0200 Transaction
Request
bit 3 = 31, Balance Enquiry
bit 28 = fee as D$$$cc
0210 Transaction
Response
bit 58 = Ledger balance
bit 59 = Account Balance
bit 28 = echoed from 0200
Response Code = Approve
Add fee to Debits, Transaction
Fee Amount
OR
0210 Transaction
Response
bit 58 = Empty
bit 59 = Empty
bit 28 = echoed from 0200
Response Code = Decline
If no response
0420/1 Reversal
Advice
bit 28 = fee as C$$$cc
0430 Reversal
Advice Response
bit 28 = fee as C$$$cc
Add fee to Credits,
Transaction Fee Amount
11.5.5
Use of Bit 28 when no ATM Operator Fee is being levied
Bit 28 is a conditional field that does not have to be present for every ATM Transaction. If an ATM
Operator Fee is being levied then it must be included in the 0200 message and all subsequent messages
(as described above). However if an ATM Operator Fee is not being levied then bit 28 can either be
omitted or included with the n8 component being set to zero. Issuer systems must accommodate both
possibilities.
11.6
Settlement of ATM Operator Fees
ATM Operator Fees are to be included in daily settlement figures and settled in accordance with Part
10 of the CECS Manual.
11.7
Transition
For a period of 3 months commencing on the ATM Direct Charging Date an Acquirer may comply
with the rules in this clause 11.7 in lieu of compliance with the Disclosure Rules in clause 11.4.
Australian Payments Clearing Association Limited
11.6
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 11 – ATM Direct Charging Rules
Inserted effective 03/03/09
11.7.1
Disclosure by External Signage
The Cardholder must be advised of any ATM Operator Fee that will apply to a Cash Withdrawal or
Balance Inquiry via external signage. This external signage must:
(a) be at least 7cm x 7cm;
(b) be located on the facia of the machine, in prominent view and near to the ATM’s:
(i)
Card reader;
(ii)
screen; or
(iii)
keypad;
(c) use the following words “Please Note: A $n.nn ATM Operator Fee applies for Transactions at this
ATM” or words to similar effect;
(d) use a font and size that is similar in appearance and size to bold Arial 20 point.
For example:
Please Note:
A $n.nn ATM
Operator Fee
applies for
transactions at
this ATM.
11.7.2
Disclosure of Entity Responsible
The ATM must also clearly display the entity responsible for managing Cardholder enquiries
concerning the ATM Operator Fee (not the Issuer) including contact details, which must take the form
of a contact number or URL.
11.7.3
Records, Contact Point and Disputed Transactions
Acquirers that rely upon the transitional provisions in this clause 11.7 must:
(a) keep records of the following information for at least 15 months from the ATM Direct Charging
Date:
(i)
the location of each ATM in relation to which clause 11.7 will apply (“Applicable
ATM”);
(ii)
the date upon which external signage was affixed to each Applicable ATM; and
(iii)
the date upon which each Applicable ATM became compliant with the Disclosure Rules
in clause 11.4 and the external signage was removed;
Australian Payments Clearing Association Limited
11.7
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 11 – ATM Direct Charging Rules
Inserted effective 03/03/09
(b) at any time prior to the day that is 15 months after the ATM Direct Charging Date, provide this
information to any ATM Issuer upon request; and
(c) at least 1 month before the ATM Direct Charging Date, nominate a contact point to receive
requests pursuant to (b) above;
(d) include in any response to an ATM Issuer pursuant to clause 7.5.3(e) with respect to a Disputed
Transaction at an Applicable ATM the information described in (a)(ii) and (iii) above for that
ATM; and
(e) not deny a Disputed Transaction relating to the amount of the ATM Operator Fees for using an
Applicable ATM if the Disputed Transaction occurred prior to the date upon which the Applicable
ATM became compliant with the Disclosure Rules in clause 11.4 and the external signage was
removed.
(Note: please refer to the following clauses in the other parts of the CECS Manual for provisions
relating to ATM Operator Fees: 2.1.2, 4.1.2, 4.5, 7.1.2, 7.4.2, 7.5, Appendix 7A and Part 9.)
Next page is 12.1
Australian Payments Clearing Association Limited
11.8
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 12 – Prepaid Cards
Inserted effective 19/04/10
PART 12 PREPAID CARDS
This Part 12 sets out the standards required to be met by all CECS Members which participate or propose to
participate in the issuance and/or acceptance of Prepaid Cards.
12.1
Card Characteristics
Prepaid Program Providers and sponsoring Issuers must ensure that Prepaid Cards comply with the
following requirements.
12.1.1
Card Physical Characteristics
Prepaid Cards must as a minimum, meet the specifications detailed in AS 3521, 3522 and 3524. These
standards contain requirements for physical characteristics, dimensions, layout of information and
format for encoding Tracks 1 and 2 of the magnetic stripe.
(Note: Cards that do not comply with these requirements may not be able to generate Transactions at
ATMs and/or EFTPOS terminals.)
12.1.2
Minimum Descriptive Requirements for Prepaid Cards
Prepaid Cards may, on their front face:
(a)
be clearly indentified as a Prepaid Card; and
(b)
clearly indicate that they should only be used when online authorisation is available (the words
"Electronic use only" or similar are recommended).
The embossing of the PAN and expiry date on Prepaid Cards is optional.
(Note: Prepaid Program Providers and sponsoring Issuers should consider the requirements of other
regulatory instruments such as the Australian Securities and Investment Commission’s Regulatory
Guide 185: Non-Cash Payment Facilities and as an example, its requirements in respect of expiry
dates.)
12.1.3
Encoding and Transmission of Track 2 Data
Prepaid Program Providers and sponsoring Issuers must ensure encoding of Track 2 on Prepaid Cards
in accordance with the requirements of AS 3524 (encoding of Track 1 and Track 3 on Prepaid Cards is
optional).
Acquirers are required to transmit all Track 2 data received by the Acquirer from the Terminal, to the
Issuer without alteration.
12.1.4
Personalisation
There are no mandatory requirements for the personalisation of Prepaid Cards.
12.1.5
Minimum Signature Panel Requirements
There is no mandatory requirement for a signature panel on Prepaid Cards.
Australian Payments Clearing Association Limited
12.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Part 12 – Prepaid Cards
Inserted effective 19/04/10
12.2
PIN Standards
The use of a PIN for Cardholder authentication is not mandatory.
However, when prompted for a PIN, the entry of a four digit number by the Cardholder is mandatory to
facilitate the carriage of the Transaction across the CECS network.
12.3
Unique BINs
Prepaid Program Providers and sponsoring Issuers must ensure that Prepaid Cards are only issued
under BINs that are unique from BINs under which non Prepaid Cards are issued.
12.4
Supported Transactions
Subject to clauses 12.8 and 12.9 below, Prepaid Program Providers and sponsoring Issuers must be able
to accept and process (or decline using specified Response Codes) each of the Transactions specified in
clause 3.4.
12.5
Test Cards
Prepaid Program Providers and sponsoring Issuers that give notice of the introduction of a new BIN or
a change to the routing of an existing BIN for a Prepaid Card pursuant to Regulation 4A.2 must liaise
with the affected CECS Members to ensure production of any necessary test Cards in sufficient time to
allow testing to occur before the applicable Institutional Identifier Change Date.
12.6
Interchange Settlement
12.6.1
Interchange Billing Reports
In Interchange Billing Reports (clauses 4.1.2 and 6.1.2), Prepaid Card Transactions and any associated
fees and charges may be separately categorised.
12.6.2
Settlement
Prepaid Card Transactions shall be settled in accordance with Part 10.
12.7
Disputes
Prepaid Cards are not generally issued with a secure owner authentication mechanism. Therefore,
unless bilaterally agreed to the contrary:
(a)
Prepaid Cardholder disputes are to be resolved by the applicable Prepaid Program Provider; and
(b)
the other parties involved in the Transaction must co-operate with the Prepaid Program Provider.
It is recommended that CECS Members agree to apply standard CECS dispute resolution processes to
Transactions initiated with Prepaid Cards if a PIN (the security of which is managed in accordance
with clause 3.2 of the CECS Manual) was issued to the original Prepaid Cardholder.
Settlement disputes between CECS Members are to be resolved in accordance with Part 10.
12.8
[deleted]
12.9
[deleted]
Next page is AA.1
Australian Payments Clearing Association Limited
12.2
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure A - Acquirer Certification Checklist
ANNEXURE A ACQUIRER CERTIFICATION CHECKLIST
Amended effective 31/05/10
TO:
SENIOR MANAGER OPERATIONS
AUSTRALIAN PAYMENTS CLEARING ASSOCIATION LIMITED
LEVEL 6, 14 MARTIN PLACE
SYDNEY NSW 2000
RE:
CONSUMER ELECTRONIC CLEARING SYSTEM (CS3)
FROM:
NAME OF APPLICANT (“Applicant”)
PLACE OF INCORPORATION
AUSTRALIAN COMPANY NUMBER /
AUSTRALIAN BUSINESS NUMBER /
AUSTRALIAN REGISTERED BODY NUMBER
REGISTERED OFFICE ADDRESS
NAME OF CONTACT PERSON
TELEPHONE NUMBER
FACSIMILE NUMBER
EMAIL ADDRESS
Certification Objectives
The objective of Certification is to ensure that:
each CECS Member that is an Acquirer confirms for the benefit of each other CECS Member and the Company
that it meets the technical, operational and security requirements applicable to Acquirers which are set out in Part 2
and 5 of the CECS Manual as applicable;
each CECS Member which:
-
becomes an Acquirer; or
acquires, modifies or upgrades devices, interchanges or systems,
to that extent confirms, for the benefit of each other CECS Member and the Company, that its system or
enhancements to its system (as the case may be) meet all applicable technical, operational and security
requirements for Acquirers as set out in the CECS Manual; and
each CECS Member which is Certified renews its Certification at least triennially or on such other date as
determined by the Management Committee.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E222 issued as CS3/r&p/002.10
AA.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure A - Acquirer Certification Checklist
The following table is to be completed in conjunction with the Certification guidelines provided for each heading. The
guideline checklists are to be maintained by the CECS Member. In the context of this checklist "Approved" means
devices for which an Approval Letter issued by the Company is held.
REQUIRED CAPABILITIES FOR ACQUIRER
DEVICES (To be completed in conjunction with the Device Certification Guidelines)
Required Capabilities for Acquirer re-Certification
(Please complete all sections below)
Applicable Sections
AA.1 (a) PEDs satisfy applicable security standards and Letters of Approval, issued
by the Company are held for all PEDs employed in Interchange.
Or
(b) PEDs are otherwise confirmed as holding existing approval from the
Company.
Part 8 & Part 2.6
Part 2.6.2 & Part 8
For individual item certification identify device or exemption request number.
SECURITY CONTROL MODULES (To be completed in conjunction with the SCM Certification Guidelines)
AA.2 (a) SCMs satisfy applicable security standards and Letters of Approval, issued
by the Company are held for all SCMs employed in Interchange.
Or
(b) SCMs are otherwise confirmed as holding existing approval from the
Company.
Part 8 & Part 2.6
Part 2.6.2 & Part 8
For individual item certification identify device or exemption request number.
INTERCHANGE CAPABILITIES (To be completed in conjunction with the Interchange Certification Guidelines)
AA.3 Interchange satisfies applicable standards.
Parts 2.2, 2.3 & 9
For individual item certification identify interchange or exemption request number.
OPERATIONAL CAPABILITIES (To be completed in conjunction with the Operational Certification Guidelines)
AA.4 Operating environment satisfies applicable standards.
Part 7
For individual item certification identify item or exemption request number.
DATA PROTECTION REQUIREMENTS
AA.5 Sensitive Authentication and Cardholder data protection satisfies applicable
requirements.
Part 5.5 & 5.6
SETTLEMENT CAPABILITIES (To be completed in conjunction with the Settlement Certification Guidelines)
AA.6 Settlement procedures comply.
Part 10
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E222 issued as CS3/r&p/002.10
AA.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure A - Acquirer Certification Checklist
REPRESENTATIONS AND UNDERTAKINGS
By signing this Certification Checklist, the Applicant named below:
(a)
acknowledges that for the Applicant to qualify for membership of CECS the Applicant must have obtained
Certification in accordance with the CECS Regulations and Manual and that this Certification Checklist is
required to obtain that Certification;
(b)
warrants and represents that it satisfies the requirements applicable generally to Acquirers as set out in Part 2 and
Part 5, as applicable, of the CECS Manual as at the date of this Certification Checklist and that the information
contained in this completed Certification Checklist is correct and accurately reflects the results of system testing
against current CECS standards and including, if applicable, use of an appropriate test script supplied by the
Company;
(c)
agrees that if the Applicant is granted Certification, in consideration of such Certification, to:
(d)
(i)
immediately notify the Company if it becomes, or has become, aware that any information contained in
this Certification Checklist is wrong or misleading (including without limitation because of any omission
to provide relevant additional information); and
(ii)
provide to the Company with that notification full particulars of that wrong or misleading information;
and
agrees that if the Applicant is granted Non-Member Certification, the Company may at any time revoke that
Certification if it is satisfied, in good faith, that the Non-Member is unable to comply with the standards set out
in Part 2 and/or Part 5, as applicable, of the CECS Manual. (A Non-Member will be notified of any proposed
revocation and given the opportunity to be heard).
Terms used in this Checklist in a defined sense have the same meanings as in the CECS Manual unless the context
requires otherwise.
SIGNED FOR AND ON BEHALF OF THE APPLICANT
By signing this Certification Checklist the signatory states that the signatory is duly authorised to sign this Certification
Checklist for and on behalf of the Applicant.
Name of Authorised Person
Signature of Authorised Person
Office Held
Date
AUDITOR SIGNOFF
By signing this Certification Checklist the signatory states that the signatory is duly authorised to sign this Certification
Checklist as auditor for and on behalf of the Applicant and that the signatory is satisfied with the accuracy of the
responses contained within the certification checklist.
Name of Auditor
Signature of Auditor
Date
The next page is AB.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E222 issued as CS3/r&p/002.10
AA.3
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure B - Acquirer Certification - General Guidelines
ANNEXURE B ACQUIRER CERTIFICATION - GENERAL GUIDELINES
General Notes for Completion of Certification Guidelines
This guide is designed to provide a level of guidance to applicable staff within CECS Members to assist CECS
Members in satisfying the requirements for Certification as defined in the CECS Regulations and Manual. Annexures
D through G provide individual checklists that are to be completed by each CECS Member and retained by the CECS
Member for production to the Company if required.
The guide provides a reference to the applicable clause in the CECS Manual, and the applicable YES, NO or Not
Applicable box is to be ticked. Where the NO box is ticked the CECS Member will be required to provide the
appropriate Exemption Request when returning the Certification Checklist to APCA.
Notes for Auditors
The objective for auditors is to perform an independent review of the CECS Certification Checklist completed by the
CECS Member, and to form an opinion on the completeness and accuracy of the CECS Certification Checklist, as
provided by the CECS Member to facilitate sign-off.
Suggested Audit Process / Procedures
1.
Obtain the completed Certification Checklist from the CECS Member.
2.
Select a representative sample of questions from the certification guidelines, including:
 all questions which indicate non compliance with the CECS Manual; and
 a sample of questions which indicate compliance with the CECS Manual.
3.
Perform a walk through of each of the selected questions with the relevant staff within the CECS Member,
focusing on how they have assured themselves that the responses to the certification guideline questions are
complete and accurate.
4.
Where non compliance is noted on the Certification Checklist, ensure that the CECS Member have an adequate
and timely action plan in place, including:
remedial actions which will ensure future compliance to the CECS Manual;
realistic and appropriate resolution time frames; and
 accountability is allocated to the relevant staff within the CECS Member.
5.
Raise all concerns with the CECS Member and achieve satisfactory resolution/agreement.
Note
The auditor should continually be asking the relevant staff within the CECS Member as to:
how they ensure compliance with the CECS Manual; and
to provide evidence which demonstrates that their CECS compliance control/monitoring procedures are operating
effectively.
The next page is AC.1
Australian Payments Clearing Association Limited
AB.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure C - Issuer Certification Checklist
ANNEXURE C ISSUER CERTIFICATION CHECKLIST
Amended effective 03/09/07
TO:
SENIOR MANAGER OPERATIONS
AUSTRALIAN PAYMENTS CLEARING ASSOCIATION LIMITED
LEVEL 6, 14 MARTIN PLACE
SYDNEY NSW 2000
RE:
CONSUMER ELECTRONIC CLEARING SYSTEM (CS3)
FROM:
NAME OF APPLICANT (“Applicant”)
PLACE OF INCORPORATION
AUSTRALIAN COMPANY NUMBER /
AUSTRALIAN BUSINESS NUMBER /
AUSTRALIAN REGISTERED BODY NUMBER
REGISTERED OFFICE ADDRESS
NAME OF CONTACT PERSON
TELEPHONE NUMBER
FACSIMILE NUMBER
EMAIL ADDRESS
Certification Objectives
The objective of Certification is to ensure that:
each CECS Member that is an Issuer confirms for the benefit of each other CECS Member and the Company that it
meets the technical, operational and security requirements applicable to Issuers which are set out in Parts 2 and 3 of
the CECS Manual as applicable;
each CECS Member which:
-
becomes an Issuer; or
-
acquires, modifies or upgrades devices, interchanges or systems,
to that extent confirms, for the benefit of each other CECS Member and the Company, that its system or
enhancements to its system (as the case may be) meet all applicable technical, operational and security
requirements for Issuers as set out in the CECS Manual; and
each CECS Member which is Certified renews its Certification at least triennially.
The following table is to be completed in conjunction with the Certification guidelines provided for each heading. The
guideline checklists are to be maintained by the CECS Member. In the context of this checklist "Approved" means
devices for which an Approval Letter issued by the Company is held.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E213 issued as CS3/r&p/006.07
AC.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure C - Issuer Certification Checklist
Required Capabilities for Issuer re-Certification
(Please complete all sections below)
Applicable Sections
1.1 Issued cards satisfy applicable Card-related standards
Part 3.1
1.2 SCMs satisfy applicable security standards and approval letters, issued by the
Company are held for all SCMs employed in Interchange;
or
SCMs are otherwise confirmed as holding existing approval from the Company
(if yes, insert sunset date).
For individual item certification identify device or exemption request number.
Parts 2.1.9 and 2.6
1.3 Interchange satisfies applicable AS2805 standards.
For individual item certification identify interchange or exemption request
number.
Parts 2.2, 2.3 and 9
1.4 PIN management and security satisfies applicable standards.
For individual item certification identify item or exemption request number.
Part 3.2
1.5 Supports required transaction set.
For individual item certification identify item or exemption request number.
Part 3.4
1.6 Satisfies requirements for sponsored Issuers.
For individual item certification identify item or exemption request number.
Part 3.5
1.7 Operating environment satisfies applicable standards.
For individual item certification identify item or exemption request number.
Part 4
1.8 Settlement procedures comply.
For individual item certification identify item or exemption request number.
Part 10
Part 2.6.2
REPRESENTATIONS AND UNDERTAKINGS
By signing this Certification Checklist, the Applicant named below:
(a)
acknowledges that for the Applicant to qualify for membership of CECS the Applicant must have obtained
Certification in accordance with the CECS Regulations and Manual and that this Certification Checklist is
required to obtain that Certification;
(b)
warrants and represents that it satisfies the requirements applicable generally to Issuers as set out in Part 2 and
Part 3, as applicable, of the CECS Manual as at the date of this Certification Checklist and that the information
contained in this completed Certification Checklist is correct and accurately reflects the results of system testing
against current CECS standards and including, if applicable, use of an appropriate test script supplied by the
Company;
(c)
agrees that if the Applicant is granted Certification, in consideration of such Certification, to:
(i)
immediately notify the Company if it becomes, or has become, aware that any information contained in
this Certification Checklist is wrong or misleading (including without limitation because of any omission
to provide relevant additional information); and
(iii)
provide to the Company with that notification full particulars of that wrong or misleading information;
and
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E213 issued as CS3/r&p/006.07
AC.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure C - Issuer Certification Checklist
(d)
agrees that if the Applicant is granted Non-Member Certification, the Company may at any time revoke that
Certification if it is satisfied, in good faith, that the Non-Member is unable to comply with the standards set out
in Part 2 and/or Part 3, as applicable, of the CECS Manual. (A Non-Member will be notified of any proposed
revocation and given the opportunity to be heard).
Terms used in this Checklist in a defined sense have the same meanings as in the CECS Manual unless the context
requires otherwise.
SIGNED FOR AND ON BEHALF OF THE APPLICANT
By signing this Certification Checklist the signatory states that the signatory is duly authorised to sign this Certification
Checklist for and on behalf of the Applicant.
Name of Authorised Person
Signature of Authorised Person
Office Held
Date
AUDITOR SIGNOFF
By signing this Certification Checklist the signatory states that the signatory is duly authorised to sign this Certification
Checklist as auditor for and on behalf of the Applicant and that the signatory is satisfied with the accuracy of the
responses contained within the certification checklist.
Name of Auditor
Signature of Auditor
Date
The next page is AD.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E213 issued as CS3/r&p/006.07
AC.3
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure D - Device and Interchange Certification Guidelines
ANNEXURE D DEVICE AND INTERCHANGE CERTIFICATION GUIDELINES
These guidelines are provided for the assistance of a Member in the certification process. They are to be retained by the
Member and produced to the Company upon request.
CECS Manual
Reference
Requirement
Yes
No
Acquirers
2.2
Network and Interchange Requirements
2.3
Interchange Technical Specification
2.1.9
Devices, compliance and Management
5.4
Key Management Practices
2.5 and 5.5
Third Party and Merchant Checks
Interchange Guidelines Completed By:
Name of Person Completing the Guide
Signature of the Person Completing the Guide
Office Held
Date
The next page is AE.1
Australian Payments Clearing Association Limited
AD.1
[ABN 12 055 136 519]
N/A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure E - Acquirer Operational Certification Guidelines
ANNEXURE E ACQUIRER OPERATIONAL CERTIFICATION GUIDELINES
These guidelines are provided for the assistance of a Member in the certification process. They are to be retained by the
Member and produced to the Company upon request.
Acquirers
CECS Manual
Reference
Requirement
Part 2
General Requirement
7.1
Types of Reports
7.1.5
Retention Period
7.7
Cards Retained
Adequate procedures to ensure Acquirer responsibilities are met
7.4.2
Doubtful Transactions
Adequate procedures to ensure Acquirer responsibilities are met
7.5.3
Disputed Transactions
Adequate procedures to ensure Acquirer responsibilities are met
7.6
Enquiries
Adequate procedures to ensure Acquirer responsibilities are met
2.2
Service Levels
Yes
No
Operational Guidelines Completed By:
Name of Person Completing the Guide
Signature of the Person Completing the Guide
Office Held
Date
The next page is AF.1
Australian Payments Clearing Association Limited
AE.1
[ABN 12 055 136 519]
N/A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure F - Settlement Certification Guidelines
ANNEXURE F SETTLEMENT CERTIFICATION GUIDELINES
These guidelines are provided for the assistance of a Member in the certification process. They are to be retained by the
Member and produced to the Company upon request.
CECS Manual
Reference
Requirement
10.3
Are there procedures in place to produce settlement reports?
10.4
Are there procedures in place to produce and submit File Settlement
Instructions and reconcile the settlement figures?
Yes
No
N/A
Last amended effective 13/08/12
Settlement Guidelines Completed By:
Name of Person Completing the Guide
Signature of the Person Completing the Guide
Office Held
Date
The next page is AG.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E226, issued as CS3/r&p/001.12
AF.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure G - Issuer Certification Guidelines
ANNEXURE G ISSUER CERTIFICATION GUIDELINES
These guidelines are provided for the assistance of a Member in the certification process. They are to be retained by the
Member and produced to the Company upon request.
CECS Manual
Reference
Requirement
Part 2
General Requirements
3.1.1
Identification of Issuers
3.1.2
Physical Characteristics for Cards
3.1.3
Minimum Embossing Requirements for Cards
3.1.4
Encoding Requirements
3.1.5
Signature panel requirements
3.2.1
PIN Management and Security
3.2.2
PIN Attempts
3.3
Card Expiry
3.4
Supported Transactions
3.5
Sponsored Issuers
10.3
Are there procedures in place to produce settlement reports?
10.4
Are there procedures in place to produce and submit File Settlement
Instructions and reconcile the settlement figures?
Yes
No
N/A
Last amended effective 13/08/12
Issuer Standards Certification Guidelines Completed By:
Name of Person Completing the Guide
Signature of the Person Completing the Guide
Office Held
Date
The next page is AH.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E226, issued as CS3/r&p/001.12
AG.1
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure H - CECS Operational Broadcast Form
ANNEXURE H CECS OPERATIONAL BROADCAST FORM
Main
APCS
<< Previous
BECS
Next >>
CECS
Close
HVCS
Last amended effective 2/10/06
Create PDN
ACDES
Corporate
.
Disclaimer:
This document has been compiled in good faith from information provided by third parties. No representation or
warranty is made by APCA as to the truth or accuracy of the information and APCA, its officers, employees and
agents expressly disclaim all and any liability in respect of the information.
DOCUMENT TITLE
<CECS Member>
<Brief Broadcast Title>
DOCUMENT NUMBER
CECS CS3\COB\nnn.yyyy
DETAILS
Date of Advice:
Notifying Member:
Member Experiencing Difficulty:
<DD/MMM/YYYY>
Drop down list of CECS Members
Drop down list of CECS Members
CONTACT POINT
Name:
Phone Number:
Fax Number:
Email Address:
<Contact Name>
<Contact Phone>
<Contact Fax>
<Contact Email>
PAYMENT SYSTEM AFFECTED
CECS - Consumer Electronic Clearing System
PROCESSES AFFECTED
Drop down list of processes affected which may directly or indirectly impact other CECS Members:
Unscheduled network outage;
Scheduled network outage;
Exchange of Operational Information; and
Disruptive Event.
EXPECTED DURATION OF AFFECTED PROCESS
Date Occurred / Scheduled:
Start Time of Outage:
End Time of Outage:
<DD/MMM/YYY>
<HH:MM> (Approximate)
<HH:MM> (Approximate)
Australian Payments Clearing Association Limited
AH.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure H - CECS Operational Broadcast Form
COMMUNICATION PROCESS
Advise CECS Members:
Advise Non-CECS Members:
APCA to provide prepared Statement:
Refer media to affected CECS Member:
<YES / NO>
<YES / NO>
<YES / NO> Please attach text of statement in Attachments below.
<YES / NO>
COMMENTS
Free form text.
ATTACHMENTS
Attach any CECS Operational Broadcast (COB) related documents here.
APCA Comments
The next page is AI.1
Australian Payments Clearing Association Limited
AH.2
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure I - PIN Security Audit Checklist
ANNEXURE I PIN SECURITY AUDIT CHECKLIST
I1
Last amended effective 27/04/11
Introduction
This checklist presents mandatory questions relating to general procedures and controls associated with the
management of PINs and the associated cryptographic practices. The mandatory questions are based on the
requirements of AS 2805.
The following documents are referred in this checklist;
Amended effective
date 27/04/11
AS2805.3.1-2008
Electronic funds transfer – Requirements for interfaces
Part 3: PIN Management and Security
AS2805.6.1-2002/Amdt 3/2007
Electronic funds transfer – Requirements for interfaces
Part 6.1: Key management – Principles
Amended effective
date 27/04/11
AS2805.14.2-2009
Electronic funds transfer – Requirements for interfaces
Part 14.2: Secure Cryptographic Devices (retail) – Security compliance
checklists for devices used in magnetic stripe systems
Amended effective
date 27/04/11
Inserted effective
01/01/11
Part A – CECS PIN Security Audit
I2
General Security Controls
Please provide the details for all your ATM and POS devices that you currently have deployed.
Please use a separate sheet if necessary.
ATM
I2.1
POS
Manufacturer
Model No.
Inserted effective
01.01.12
Approx
Quantity.
Any clear-text PIN block format combined with a PIN encryption process has the characteristics that, for
different accounts, encryption of the same PIN value under a given encryption key does not predictably
produce the same encrypted results. (Note the format 0 and format 3 PIN blocks specified in AS 2805 part
3.1 meet this requirement.)
Last amended
effective 27/04/11
Reference AS 2805 part 3.1, clause 12.3.1.
I2.2
Documented procedures exist, and are followed to ensure all PINs are encrypted using DEA 3 when
transmitted outside a Secure Cryptographic Device. PINs are not to be stored in any form. If a transaction
is logged, the encrypted PIN block must be masked or deleted from the record before it is logged.
Last amended
effective 27/04/11
Reference AS 2805 part 3.1 clauses 5.2 and 12.2.
I2.3
No procedure requires or permits the Cardholder to disclose the PIN in an oral or written manner.
Reference AS 2805 part 3.1, clause 5.4.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
AI.1
Last amended
effective 27/04/11
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure I - PIN Security Audit Checklist
I2.4
Operating procedures and the design of devices utilized require that the Cardholder can reasonably prevent
others from observing the entered PIN.
Last amended
effective 27/04/11
Reference AS 2805 part 3.1, clause 10.2.7.
I3
Device Management
I3.1
Each type of SCD used in Interchange, and those devices providing a Remote Management Solution for
Security Control Modules has been evaluated by a Company accredited Evaluation Facility using the
method in Section 2 against the criteria in Section 8 and has been approved for use by the Company.
Last amended
effective 19.02.13
Reference AS 2805 part 3.1, clause 10.2.5; AS 2805 part 14-2, this Manual Parts 2.6 and 8.
I3.2
Clear text PINs and Clear-text keys exist only in an SCD designed for use in its operational environment.
I3.3
Any SCD capable of encrypting a key and producing a cryptogram of that key is protected against
unauthorised use to encrypt known keys or known key components. This protection takes the form of either
or both of the following:
Dual Access controls are required to enable the key encrypting functions; and
Physical protection of the equipment (e.g. locked access to it) under dual control.
Reference AS 2805 part 14-2, clauses E12 and E13.
I3.4
Documented procedures exist, and are followed, to determine that an SCD has not been subject to
unauthorised modification or substitution prior to loading cryptographic keys. This assurance takes the
form of one or more of the following procedures:
Physical inspection and/or testing of the equipment immediately prior to key loading; and
Physical protection of the equipment.
I3.5
Documented procedures exist, and are followed, to ensure that the SCD is physically protected (e.g. locked
access) to protect against the possibility that the SCD may be stolen, modified in an unauthorised way, and
then returned to storage without detection.
I3.6
Documented procedures exist to ensure that keys are not installed in any SCD where suspicious alteration
of an SCD has been detected until the SCD has been inspected and a reasonable degree of assurance has
been reached that the SCD has not been subject to any unauthorised physical or logical modifications.
I3.7
If the SCD can translate a PIN from one PIN block format to another or if the SCD verifies PINs, then
procedures exist, and are followed, to prevent or detect, repeated unauthorised calls resulting in the
exhaustive determination of PINs.
I3.8
Documented procedures exist, and are followed, to determine that the SCD is managed in accordance with
the privacy shielding requirements in section 8.2.
Inserted effective
01.01.12
I3.9
From 1 January 2013 all symmetric encryption functionality weaker than DEA-3 has been disabled within
every deployed SCM.
Inserted effective
01.01.12
13.10
Documented procedures exist, and are followed, to ensure that any Remote Management Solution for an
SCM is managed in accordance with the requirements of section 8.7.4.2.
Inserted effective
25/06/13
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
AI.2
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure I - PIN Security Audit Checklist
I4
General Key Management
I4.1
Documented procedures exist, and are followed to control keys so that they exist in only one or more of the
permissible forms:
In a SCD;
Encrypted under a DEA 2 or DEA 3 key; and
Managed as two or more full length components using the principles of dual control and split
knowledge.
I4.2
Documented procedures exist and are followed to ensure a person entrusted with a key component
reasonably protects that component such that no person (not similarly entrusted with that component) can
observe or otherwise obtain that component.
I4.3
Documented procedures exist and are followed to ensure keys and key components are generated using a
random or pseudo-random process such that it is not possible to determine that some keys are more
probable than other keys from the set of all possible keys.
I4.4
Documented procedures exist to ensure each of the following:
A key is changed if its compromise is known or suspected;
Keys encrypted under or derived from, a compromised key are changed;
Key is not changed to a variant or a transformation of the compromised key; and
The amount of time in which the compromised key remains active is consistent with the risk to all
affected parties.
I4.5
Documented procedures exist and are followed to ensure a key is used for only a single designated purpose.
I4.6
Documented procedures exist and are followed to ensure that when a key is installed under dual control
using key components that these key components are only combined within a SCD.
I4.7
Key components are combined to form a key by a process such that no active bit of the key could be
determined without knowledge of all components. Key components are combined using one of the
following functions:
I4.8
XOR; and
Encryption via DEA.
Documented procedures exist and are followed to ensure when in secure transit, cleartext key components
are protected from compromise in one of the following manners:
Key components are transported in separate tamper-evident packaging; and
Key components are transported in a device meeting the requirements of a Physically Secure Device.
Reference AS 2805 part 3.1.
I4.9
Documented procedures exist and are followed to ensure a cleartext key component is:
Under the supervision of a person authorised by management with access to this component;
Locked in a security container in such a way that can be obtained only by a person with authorized
access;
In secure transit; and
In a physically secure SCD.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
AI.3
Amended effective
27/04/11
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure I - PIN Security Audit Checklist
I4.10
Documented procedures exist and are followed to ensure if keys are loaded or transported using an
electronic key loading device then:
Last amended effective 7/12/07
The key loading device has been evaluated and meet the applicable security requirements (see I3.1);
The key loading device is under the supervision of a person authorised by management, or is stored in a
secure manner (e.g. in a safe) such that no unauthorised person may have access to it; and
The key loading device is designed or controlled so that only authorised personnel under dual control
can utilise and enable it to output a key into another SCD. Such personnel ensure that the transfer is
not being monitored, e.g. that there is no key recording device inserted between the SCDs.
I4.11
Documented procedures exist and are followed to protect the transfer of a key or key component into SCDs
so as to prevent the disclosure of the key or key components. Examples of procedures include physical
inspection of the SCD equipment to detect evidence of monitoring and dual custody of the loading process.
I4.12
Documented procedures exist and are followed to ensure that a key exists at only the minimal number of
locations consistent with the operation of the system (e.g. including disaster recovery purposes, dual
processing sites).
I4.13
Documented procedures exist and are followed, to prohibit, except by chance, the entry or use of the same
key in more than one PIN entry device.
I4.14
If for archival purposes, reconstruction of a given key is required at a later date, procedures exist and are
followed to ensure the key is retained in a form such as to preclude it being intentionally used again as
active keying material.
I4.15
Documented procedures exist and are followed to ensure a key shared between communicating parties is
not shared, except by chance, between any other communicating parties.
I4.16
Procedures exist and are followed to ensure a key or key component that has been used for a cryptographic
purpose is erased or destroyed when it is no longer required using approved destruction procedures.
I5
Miscellaneous Key Management Practices*
Note: Any direct or indirect application of, or reference in, this clause I5, to an Acquirer is deemed to
include a Self Acquirer.
I5.1
Documented procedures exist and are followed to ensure that when a key transport key (KTK) is changed
because its compromise is known or suspected, an organisation which has previously shared the key is
informed of the compromise even if the KTK is no longer in use.
I5.2
Documented procedures exist and are followed to monitor cryptographic synchronisation errors and to
investigate multiple synchronisation errors to ensure the SCD is not being misused to determine keys or
PINs.
I5.3
Documented procedures exist and are followed to ensure if two or more of a key’s components are stored
within the same security container (which is under dual control), then the components are secured in tamper
evident packaging to preclude one component holder from gaining access to the other component.
I5.4
Documented procedures exist and are followed to ensure a key loading device does not retain a clear-text
copy of any key it has successfully transferred.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
AI.4
Amended effective
01.01.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure I - PIN Security Audit Checklist
I5.5
If personal computers are used to load encryption keys into a PIN entry device, procedures exist and are
followed to ensure, at a minimum the following controls:
The software loads the encryption key without recording the value in non-volatile storage;
Hardware used for the key loading function is maintained under dual control;
Hardware use is monitored and logs of key loading activity are maintained;
Cable attachments and hardware are examined before each use to ensure that the equipment is free
from tampering;
That the computer is started from power off position for each site’s key loading activity; and
An SCD is used in conjunction with the personal computer to complete all cryptographic processing
and for the storage of all encryption keys.
I5.6
Documented procedures exist and are followed to maintain a record of every instance when a container
securing cryptographic materials is opened to record date, time, person(s) involved and the purpose of the
access.
I5.7
Documented, auditable, key management procedures exist and are followed for the secure management of
any Acquirer controlled key used in the authentication processes associated with PED software
authentication.
Amended effective
01.01.12
Inserted effective 9/02/07
Part B - Visa PIN Security Audit Supplemental Requirements
Part B Inserted effective 01/01/11
This section is to be completed by those Acquirers submitting a completed, audited, Visa PIN Security
Requirements Self Audit as an alternative to completing Part A of this checklist (see 5.3.3). The completed,
and signed, Visa checklist should accompany this submission.
I6.1
Compliance with the requirements of the Visa PIN Security Requirements Self Audit has been confirmed.
I6.2
Documented procedures exist and are followed for each of the individual requirements in the Visa PIN
security Requirement Self Audit.
I6.3
Documented procedures exist, and are followed to ensure all PINs are encrypted using DEA 3 when
transmitted outside a Secure Cryptographic Device. PINs are not to be stored in any form. If a transaction
is logged, the encrypted PIN block must be masked or deleted from the record before it is logged.
Reference AS 2805 part 3 clauses 5.2 and 12.2.
I6.4
No procedure requires or permits the Cardholder to disclose the PIN in an oral or written manner.
Reference AS 2805 part 3, clause 5.4.
I6.5
Each type of SCD used in Interchange and those devices providing a Remote Management Solution for
Security Control Modules have been evaluated by a Company accredited Evaluation Facility using the
method in Section 2 against the criteria in Section 8 and has been approved for use by the Company. An
SCD includes but is not limited to an ATM, PED, SCM or Key Loading and Transfer Device.
Amended effective
25/06/13
Reference AS 2805 part 3, clause 10.2.5; AS 2805 part 14-2, this Manual Parts 2.6 and 8.
I6.6
Clear text PINs and Clear-text keys exist only in an SCD designed for use in its operational environment.
I6.7
Documented procedures exist, and are followed, to determine that the SCD is managed in accordance with
the privacy shielding requirements in section 8.2.
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
AI.5
Inserted effective
01.01.12
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure I - PIN Security Audit Checklist
I6.8
Documented, auditable, key management procedures exist and are followed for the secure management of
any Acquirer controlled key used in the authentication processes associated with PED software
authentication.
Inserted effective
01.01.12
I6.9
If the SCD can translate a PIN from one PIN block format to another or if the SCD verifies PINs, then
procedures exist, and are followed, to prevent or detect, repeated unauthorised calls resulting in the
exhaustive determination of PINs.
Inserted effective
25/06/13
I6.10
Documented procedures exist, and are followed, to ensure that any Remote Management Solution for an
SCM is managed in accordance with the requirements of section 8.7.4.2.
Inserted effective
25/06/13
I6.11
From 1 January 2013, all symmetric encryption functionality weaker than DES-3 has been disabled within
every deployed SCM.
Inserted effective
25/06/13
SIGNED FOR AND ON BEHALF OF THE APPLICANT
By signing this Audit Checklist the signatory states that the signatory is duly authorised to sign this Audit Checklist for
and on behalf of the Applicant.
Name of Authorised Person
Signature of Authorised Person
Office Held
Date
AUDITOR SIGNOFF
By signing this Audit Checklist the signatory states that the signatory is duly authorised to sign this Audit Checklist as
auditor for and on behalf of the Applicant and that the signatory is satisfied with the accuracy of the responses contained
within the audit checklist.
Name of Auditor
Signature of Auditor
Date
The next page is AJ.1
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
AI.6
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
ANNEXURE J CECS Laboratory Accreditation Checklist
This self-assessment questionaire specifies the accreditation criteria that a laboratory must meet in order to become
accredited to conduct SCD security testing to the Companies requirements. Labs approved by the Company according
to this criteria are allowed to conduct testing of Secure Cryptographic Devices for comformance to the Companies SCD
security requirements. The criteria was derived using the National Institute of Standards and Technology Handbook
150 as a basis. The checklist items are numbered to correspond to the requirements found in Sections 4 and 5 of that
handbook.
Yes
4.1
Organisation
4.1.1
The laboratory or the organisation of which it is part shall be an entity that
can be held legally responsible.
Legal name of laboratory ownership:
4.1.2
It is the responsibility of the laboratory to carry out its testing and calibration
activities in such a way as to meet the requirements of this handbook and to
satisfy the needs of the client, the regulatory authorities or organisations
providing recognition.
4.1.3
The laboratory management system shall cover work carried out in the
laboratory’s permanent facilities, at sites away from its permanent facilities,
or in associated temporary or mobile facilities.
4.1.4
If the laboratory is part of an organisation performing activities other than
testing and/or calibration, the responsibilities of key personnel in the
organisation that have an involvement or influence on the testing and/or
calibration activities of the laboratory shall be defined in order to identify
potential conflicts of interest.
No
N/A
Note 1
Where a laboratory is part of a larger organisation, the organisational arrangements should be such that
departments having conflicting interests, such as production, commercial marketing, or financing do
not adversely influence the laboratory’s compliance with the requirements of this handbook.
Note 2
If the laboratory wishes to be recognized as a third-party laboratory, it should be able to demonstrate that
it is impartial and that it and its personnel are free from any undue commercial, financial, and other
pressures that might influence their technical judgment. The third-party testing or calibration laboratory
should not engage in any activities that may endanger the trust in its independence of judgment and
integrity in relation to its testing or calibration activities.
4.1.5
The Laboratory shall:
a)
have managerial and technical personnel with the authority and
resources needed to carry out their duties, to identify the occurrence of
departures from the quality system or from the procedures for
performing tests and/or calibrations, and to initiate actions to prevent
or minimise such departures (see also 5.2).
Australian Payments Clearing Association Limited
AJ.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
b)
have arrangements to ensure that its management and personnel are
free from any undue internal and external commercial, financial, and
other pressures and influences that may adversely affect the quality of
their work.
c)
have policies and procedures to ensure the protection of its clients’
confidential information and proprietary rights, including procedures
for protecting the electronic storage and transmission of results.
d)
have policies and procedures to avoid involvement in any activities
that would diminish confidence in its competence, impartiality,
judgment, or operational integrity.
e)
define the organization and management structure of the laboratory, its
place in any parent organization, and the relationships between quality
management, technical operation, and support services.
f)
specify the responsibility, authority, and interrelationships of all
personnel who manage, perform, or verify work affecting the quality
of the tests and/or calibrations.
g)
provide adequate supervision of testing and calibration staff, including
trainees, by persons familiar with methods and procedures, the purpose
of each test and/or calibration, and the assessment of the test or
calibration results.
h)
have technical management who has overall responsibility for the
technical operations and who will provide the resources needed to
ensure the required quality of laboratory operations.
No
N/A
Name of Person:
Area of
Responsibility:
Repeat as necessary
i)
appoint a member of the staff as quality manager (however named)
who, irrespective of other duties and responsibilities, shall have
defined responsibility and authority for ensuring that the quality
system is implemented and followed at all times. The quality manager
shall have direct access to the highest level of management at which
decisions are made on laboratory policy or resources.
j)
appoint deputies for key managerial personnel (see note).
Name(s):
Note
Individuals may have more than one function and it may be impractical to appoint deputies for every
function.
4.1.6
Staff members shall be knowledgeable in the following areas:
a)
General requirements of the test methods;
Australian Payments Clearing Association Limited
AJ.2
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
b)
Familiarity with classes of hardware platforms (for software-based
cryptographic algorithms;
c)
Voltage and temperature measurement (EFP/EFT);
d)
Computer security concepts;
e)
Finite state machine model analysis;
f)
Production grade, tamper evident, and tamper detection and response
techniques;
g)
Software design specifications, including high-level languages and
formal models;
h)
Key management techniques and concepts;
i)
EMI/EMC techniques;
j)
Cryptographic self-test techniques;
k)
CECS-approved cryptographic algorithms;
l)
Operating system concepts;
m)
Familiarity with cryptographic
cryptographic algorithms; and
n)
Familiarity with the Common Criteria (ISO/IEC 15408:2005).
terminology
and
families
of
4.2
Quality Systems
4.2.1
a)
The laboratory shall establish, implement, and maintain a quality
system appropriate to the scope of its activities.
b)
The laboratory shall document its policies, systems, programs,
procedures and instructions to the extent necessary to ensure the
quality of the test and/or calibration results.
c)
The system’s documentation shall be communicated to, understood by,
available to, and implemented by the appropriate personnel.
4.2.2
The laboratory’s quality system policies and objectives shall be defined in a
quality manual (however named). The overall objectives shall be documented
in a quality policy statement, which shall be issued under the authority of the
chief executive. It shall include at least the following:
a)
The laboratory management’s commitment to good professional
practice and to the quality of its testing and calibration in servicing its
clients;
Australian Payments Clearing Association Limited
AJ.3
[ABN 12 055 136 519]
No
N/A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
b)
The management’s statement of the laboratory’s standard of service;
c)
The objectives of the quality system;
d)
A requirement that all personnel concerned with testing and calibration
activities within the laboratory familiarize themselves with the quality
documentation and implement the policies and procedures in their
work; and
e)
The laboratory management’s commitment to compliance with this
handbook.
No
N/A
Note
The quality policy statement should be concise and may include the requirement that tests and/or
calibrations shall always be carried out according to stated methods and clients’ requirements. When the
test and/or calibration laboratory is part of a larger organization, some quality policy elements may be in
other documents.
4.2.3
a)
The quality manual shall include or make reference to the supporting
procedures including technical procedures.
b)
It shall outline the structure of the documentation used in the quality
system.
c)
It shall contain or reference procedures for software handling and
integrity.
d)
It shall contain or reference procedures for maintaining records of
Quality System activities.
4.2.4
The roles and responsibilities of technical management and the quality
manager, including their responsibility for ensuring compliance with this
handbook, shall be defined in the quality manual.
4.3
Document Control
4.3.1
General
The laboratory shall establish and maintain procedures (internally generated
or from external sources) to control all documents that form part of its quality
system, such as regulations, standards, other normative documents, test and/or
calibration methods, as well as drawings, software, specifications,
instructions, and manuals.
Note 1
In this context, “document” could be policy statements, procedures, specifications, calibration tables,
charts, textbooks, posters, notices, memoranda, software, drawings, plans, and so forth. These may be on
various media, whether hard copy or electronic, and they may be digital, analog, photographic, or written.
Note 2
The control of data related to testing and calibration is covered in 5.4.7. The control of records is covered
in 4.12.
Australian Payments Clearing Association Limited
AJ.4
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
4.3.2
Approving and issuing documents
4.3.2.1
a)
All documents issued to personnel in the laboratory as part of the
quality system shall be reviewed and approved for use by authorised
personnel before being issued.
b)
A master list or an equivalent document control procedure identifying
the current revision status and distribution of documents in the quality
system shall be established and be readily available to preclude the use
of invalid and/or obsolete documents.
4.3.2.2
The procedure(s) adopted shall ensure that:
a)
authorized editions of appropriate documents are available at all
locations where operations essential to the effective functioning of the
laboratory are performed.
b)
documents are periodically reviewed and, where necessary, revised to
ensure continuing suitability and compliance with applicable
requirements.
c)
invalid or obsolete documents are promptly removed from all points of
issue or use, or otherwise ensured against unintended use.
d)
obsolete documents retained for either legal or knowledge preservation
purposes are suitably marked.
Quality system documents generated by the laboratory shall be uniquely
identified. Such identification shall include:
a)
the date of issue and/or revision identification;
b)
page numbering;
c)
the total number of pages or a mark to signify the end of the document;
and
d)
the issuing authority or authorities.
4.3.3
Document Changes
4.3.3.1
Changes to documents shall be reviewed and approved by the same function
that performed the original review unless specifically designated otherwise.
The designated personnel shall have access to pertinent background
information upon which to base their review and approval.
4.3.3.2
Where practicable, the altered or new text shall be identified in the document
or the appropriate attachments.
4.3.3.3
If the laboratory’s documentation control system allows for amending
documents by hand pending the reissue of the documents, the procedures and
authorities for such amendments shall be defined.
Australian Payments Clearing Association Limited
AJ.5
[ABN 12 055 136 519]
No
N/A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
a)
No
N/A
Amendments shall be clearly marked, initialled, and dated. A revised
document shall be formally reissued as soon as practicable.
4.3.3.4
Procedures shall be established to describe how changes in documents
maintained in computerised systems are made and controlled.
4.4
Reviewing requests, tenders, and contracts
4.4.1
The laboratory shall establish and maintain procedures for reviewing requests,
tenders, and contracts. The policies and procedures for these reviews leading
to a contract for testing and/or calibration shall ensure that:
a)
the requirements, including the methods to be used, are adequately
defined, documented, and understood (see 5.4.2); and
b)
the appropriate test and/or calibration method is selected and capable
of meeting the clients’ requirements (see 5.4.2).
Note 1
The request, tender, and contract review should be conducted in a practical and efficient manner, and the
effect of financial, legal, and time schedule aspects should be taken into account. For internal clients,
reviews of requests, tenders, and contracts can be performed in a simplified way.
Note 2
The review of capability should establish that the laboratory possesses the necessary physical, personnel,
and information resources, and that the laboratory’s personnel have the skills and expertise necessary for
performing the tests and/or calibrations in question. The review may also encompass results of earlier
participation in interlaboratory comparisons or proficiency testing and/or the running of trial test or
calibration programs using samples or items of known value to determine uncertainties of measurement,
limits of detection, confidence limits, and so forth.
Note 3
A contract may be any written or oral agreement to provide a client with testing and/or calibration
services.
4.4.2
Records of reviews, including any significant changes, shall be maintained.
Records shall also be maintained of pertinent discussions with a client relating
to the client’s requirements or the results of the work during the period of
execution of the contract.
Note
For review of routine and other simple tasks, the date and the identification (for example, the initials) of
the person in the laboratory responsible for carrying out the contracted work are considered adequate.
For repetitive routine tasks, the review need be made only at the initial inquiry stage or on granting of the
contract for ongoing routine work performed under a general agreement with the client, provided that the
client’s requirements remain unchanged. For new, complex, or advanced testing and/or calibration tasks,
a more comprehensive record should be maintained.
4.4.3
The review shall also cover any work that is subcontracted by the laboratory.
4.4.4
The client shall be informed of any deviation from the contract.
Australian Payments Clearing Association Limited
AJ.6
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
4.4.5
If a contract needs to be amended after work has commenced, the same
contract review process shall be repeated and any amendments shall be
communicated to all affected personnel.
4.5
Subcontracting tests and calibrations
4.5.1
When a laboratory subcontracts work whether because of unforeseen reasons
(for example, workload, need for further expertise or temporary incapacity) or
on a continuing basis (for example, through permanent subcontracting,
agency or franchising arrangements), this work shall be placed with a
competent subcontractor. A competent subcontractor is one that, for example,
complies with this handbook for the work in question.
4.5.2
The laboratory shall advise the client of the arrangement in writing and, when
appropriate, gain the approval of the client, preferably in writing.
4.5.3
The laboratory is responsible to the client for the subcontractor’s work, except
in the case where the client or a regulatory authority specifies which
subcontractor is to be used.
4.5.4
The laboratory shall maintain a register of all subcontractors that it uses for
tests and/or calibrations and a record of the evidence of compliance with this
handbook for the work in question.
4.6
Not required
4.7
Service to the client
4.7.1
The laboratory shall afford clients or their representatives cooperation to
clarify the client’s request and to monitor the laboratory’s performance in
relation to the work performed, provided that the laboratory ensures
confidentiality to other clients.
No
N/A
Note 1
Such cooperation may include:
a)
Providing the client or the client’s representative reasonable access to relevant areas of the
laboratory for the witnessing of tests and/or calibrations performed for the client; and
b)
Preparation, packaging, and dispatch of test and/or calibration items needed by the client for
verification purposes.
Note 2
Clients value the maintenance of good communication, advice and guidance in technical matters, and
opinions and interpretations based on results. Communication with the client, especially in large
assignments, should be maintained throughout the work. The laboratory should inform the client of any
delays or major deviations in the performance of the tests and/or calibrations.
Note 3
Laboratories are encouraged to obtain other feedback, both positive and negative, from their clients (for
example, client surveys). The feedback should be used to improve the quality system, testing and
calibration activities, and client service.
Australian Payments Clearing Association Limited
AJ.7
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
4.8
Complaints
4.8.1
The laboratory shall have a policy and procedure for resolving complaints
received from clients or other parties.
4.8.2
Records shall be maintained of all complaints and of the investigations and
corrective actions taken by the laboratory (see also 4.10).
4.9
Control of nonconforming testing and/or calibration work
4.9.1
The laboratory shall have a policy and procedure that should be implemented
when any aspect of its testing and/or calibration work, or the results of this
work, do not conform to its own procedures or the agreed requirements of the
client. The policy and procedures shall ensure that:
a)
the responsibilities and authorities for managing nonconforming work
are designated and actions (including halting of work and withholding
of test reports and calibration certificates, as necessary) are defined
and taken when nonconforming work is identified;
b)
an evaluation of the significance of the nonconforming work is made;
c)
corrective actions are taken immediately, together with any decision
about the acceptability of the nonconforming work;
d)
where necessary, the client is notified and work is recalled; and
e)
the responsibility for authorising the resumption of work is defined.
No
N/A
Note
Identification of nonconforming work or problems with the quality system or with testing and/or
calibration activities can occur at various places within the quality system and technical operations.
Examples are customer complaints, quality control, instrument calibration, checking of consumable
materials, staff observations or supervision, test report and calibration certificate checking, management
reviews and internal or external audits.
4.9.2
Where the evaluation indicates that the nonconforming work could recur or
that there is doubt about the laboratory’s operations complying with its own
policies and procedures, the corrective action procedures given in 4.10 should
be promptly followed.
4.10
Corrective action
4.10.1
General
The laboratory shall establish a policy and procedure and shall designate
appropriate authorities for implementing corrective action when
nonconforming work or departures from the policies and procedures in the
quality system or technical operations have been identified.
Note
A problem with the quality system or with the technical operations of the laboratory may be identified
through a variety of activities, such as control of nonconforming work, internal or external audits,
management review, and feedback from clients or staff observations.
Australian Payments Clearing Association Limited
AJ.8
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
4.10.2
No
N/A
Cause analysis
The procedure for corrective action shall start with an investigation to
determine the root cause or causes of the problem.
Note
Cause analysis is the key and sometimes the most difficult part in the corrective action procedure. Often
the root cause is not obvious, and thus a careful analysis of all potential causes of the problem is required.
Potential causes could include client requirements, the samples, sample specifications, methods and
procedures, staff skills and training, consumables, or equipment and its calibration.
4.10.3
4.10.4
Selecting and implementing corrective actions
a)
Where corrective action is needed, the laboratory shall identify
potential corrective actions. It shall select and implement the action or
actions most likely to eliminate the problem and to prevent recurrence.
b)
Corrective actions shall be to a degree appropriate to the magnitude
and the risk of the problem.
c)
The laboratory shall document and implement any required changes
resulting from corrective action investigations.
Monitoring corrective actions
The laboratory shall monitor the results to ensure that the corrective actions
taken have been effective.
4.10.5
Additional audits
Where the identification of non-conformances or departures casts doubts on
the laboratory’s compliance with its own policies and procedures, or on its
compliance with this handbook, the laboratory shall ensure that the
appropriate areas of activity are audited according to 4.13 as soon as possible.
Note
Such additional audits often follow the implementation of the corrective actions to confirm their
effectiveness. An additional audit should be necessary only when a serious issue or risk to the business is
identified.
4.11
Preventive action
4.11.1
a)
Needed improvements and potential sources of non-conformances,
either technical or concerning the quality system, shall be identified.
b)
If preventive action is required, action plans shall be developed,
implemented, and monitored to reduce the likelihood of the occurrence
of such non-conformances and to take advantage of the opportunities
for improvement.
4.11.2
Procedures for preventive actions shall include the initiation of such actions
and application of controls to ensure that they are effective.
Australian Payments Clearing Association Limited
AJ.9
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
No
N/A
Note 1
Preventive action is a proactive process to identify opportunities for improvement rather than a reaction
to the identification of problems or complaints.
Note 2
Apart from the review of the operational procedures; the preventive action might involve analysis of data,
including trend and risk analyses and proficiency testing results.
4.12
Controlling records
4.12.1
General
4.12.1.1
The laboratory shall establish and maintain procedures for identification,
collection, indexing, access, filing, storage, maintenance, and disposal of
quality and technical records. Quality records shall include reports from
internal audits and management reviews, as well as records of corrective and
preventive actions.
4.12.1.2
a)
All records shall be legible and shall be stored and retained in such a
way that they are readily retrievable in facilities that provide a suitable
environment to prevent damage or deterioration and to prevent loss.
b)
Retention times of records shall be established.
Note
Records may be in any media, such as hard copy or electronic media.
4.12.1.3
All records shall be held secure and in confidence.
4.12.1.4
The laboratory shall have procedures to protect and back up records stored
electronically and to prevent unauthorised access to or amendment of these
records.
4.12.2
Technical records
4.12.2.1
a)
The laboratory shall retain records of original observations, derived
data, and sufficient information to establish an audit trail, calibration
records, staff records, and a copy of each test report or calibration
certificate issued, for a defined period.
b)
The records for each test or calibration shall contain sufficient
information to facilitate, if possible, identification of factors affecting
the uncertainty and to enable the test or calibration to be repeated
under conditions as close as possible to the original.
c)
The records shall include the identity of personnel responsible for the
sampling, performance of each test and/or calibration, and checking of
results.
Note 1
In certain fields it may be impossible or impracticable to retain records of all original observations.
Australian Payments Clearing Association Limited
AJ.10
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
No
N/A
Note 2
Technical records are accumulations of data (see 5.4.7) and information that result from carrying out tests
and/or calibrations and which indicate whether specified quality or process parameters are achieved.
They may include forms, contracts, work sheets, workbooks, check sheets, work notes, control graphs,
external and internal test reports and calibration certificates, clients’ notes, papers, and feedback.
4.12.2.2
Observations, data, and calculations shall be recorded at the time they are
made and shall be identifiable to the specific task.
4.12.2.3
a)
When mistakes occur in records, each mistake shall be crossed out, not
erased, made illegible or deleted, and the correct value entered
alongside. All such alterations to records shall be signed or initialled
by the person making the correction.
b)
In the case of records stored electronically, equivalent measures shall
be taken to avoid loss or change of original data.
4.12.2.4
4.12.2.5
Records covering the following are required:
1.
Quality System;
2.
Staff training dates and competency reviews;
3.
Software versions and updates;
4.
Test Equipment and instrument calibration (software documentation
updates if applicable);
5.
Acceptance/rejection of modules submitted for test;
6.
Comprehensive logs for tracking samples and test activities;
7.
Problems with test systems and documentation for off-line until repair
to restore status; and
8.
Test data (including any diagrams, photos, and graphic images) and
official reports.
Testing equipment or verification records should include the following:
1.
Equipment name or description;
2.
Model, style, serial number or other unique ID;
3.
Manufacturer;
4.
Date received and date placed in service;
5.
Current location, where appropriate;
6.
Condition when received (e.g., new, used, reconditioned);
7.
Copy of manufacturer’s instructions, where available;
Australian Payments Clearing Association Limited
AJ.11
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
8.
Notation of all equipment variables requiring verification;
9.
The range of verification;
10.
The resolution of the instrument and its allowable error;
11.
Date of next calibration and/or verification;
12.
Date and result of last calibration and/or verification;
13.
Details of maintenance carried out to date and planend for the future;
14.
History of any damage, malfunction, modification or repair;
15.
Identity of the laboratory individual or external service responsible for
calibration; and
16.
Source of reference standard and traceability.
4.13
Internal audits
4.13.1
a)
According to a predetermined schedule and procedure, the laboratory
shall periodically conduct internal audits of its activities to verify that
its operations continue to comply with the requirements of the quality
system and this handbook. The internal audit program shall address all
elements of the quality system, including the testing and/or calibration
activities. It is the responsibility of the quality manager to plan and
organize audits as required by the schedule and requested by
management.
b)
Such audits shall be carried out by trained and qualified personnel who
are, wherever resources permit, independent of the activity to be
audited.
Note
The cycle for internal auditing should normally be completed in one year.
4.13.2
When audit findings cast doubt on the effectiveness of the operations or on
the correctness or validity of the laboratory’s test or calibration results, the
laboratory shall take timely corrective action, and shall notify clients in
writing if investigations show that the laboratory results may have been
affected.
4.13.3
The area of activity audited, the audit findings and corrective actions that
arise from them shall be recorded.
4.13.4
Follow-up audit activities shall verify and record the implementation and
effectiveness of the corrective action taken.
4.14
Management reviews
4.14.1
According to a predetermined schedule and procedure, the laboratory’s
executive management shall periodically conduct a review of the laboratory’s
quality system and testing and/or calibration activities to ensure their
continuing suitability and effectiveness, and to introduce necessary changes
Australian Payments Clearing Association Limited
AJ.12
[ABN 12 055 136 519]
No
N/A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
No
N/A
or improvements.
The review shall take account of:
a)
the suitability of policies and procedures;
b)
reports from managerial and supervisory personnel;
c)
the outcome of recent internal audits;
d)
corrective and preventive actions;
e)
assessments by external bodies;
f)
the results of inter-laboratory comparisons or proficiency tests;
g)
changes in the volume and type of the work;
h)
client feedback;
i)
complaints; and
j)
other relevant factors, such as quality control activities, resources, and
staff training.
Note 1
A typical period for conducting a management review is once every 12 months.
Note 2
Results should feed into the laboratory planning system and should include the goals, objectives, and
action plans for the coming year.
Note 3
A management review includes consideration of related subjects at regular management meetings.
4.14.2
a)
Findings from management reviews and the actions that arise from
them shall be recorded.
b)
The management shall ensure that those actions are carried out within
an appropriate and agreed timeframe.
5.0
Technical Requirements for Accreditation
5.1
General
5.1.1
Many factors determine the correctness and reliability of the tests and/or
calibrations performed by a laboratory. These factors include contributions
from:
human factors (5.2);
accommodation and environmental conditions (5.3);
test and calibration methods and method validation (5.4);
equipment (5.5);
Australian Payments Clearing Association Limited
AJ.13
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
measurement trace ability (5.6 and Annex B);
sampling (5.7); and
the handling of test and calibration items (5.8).
5.1.2
The extent to which the factors contribute to the total uncertainty of
measurement differs considerably between (types of) tests and between (types
of) calibrations. The laboratory shall take account of these factors in
developing test and calibration methods and procedures, in training and the
qualification of personnel, and in selecting and calibrating the equipment it
uses.
5.2
Personnel
5.2.1
a)
The laboratory management shall ensure the competence of all who
operate specific equipment, perform tests and/or calibrations, evaluate
results, and sign test reports and calibration certificates.
b)
When using staff members, who are undergoing training, appropriate
supervision shall be provided. Personnel performing specific tasks
shall be qualified on the basis of appropriate education, training,
experience, and/or demonstrated skills, as required.
No
N/A
Note 1
In some technical areas (for example, non-destructive testing), it may be required that the personnel
performing certain tasks hold personnel certification. The laboratory is responsible for fulfilling specified
personnel certification requirements. The requirements for personnel certification might be regulatory,
included in the standards for the specific technical field, or required by the client.
Note 2
The personnel responsible for the opinions and interpretation included in test reports should, in addition
to the appropriate qualifications, training, experience, and satisfactory knowledge of the testing carried
out, also have:
5.2.2
a)
relevant knowledge of the technology used for manufacturing the
items, materials, products, and others tested, or the way they are used
or intended to be used, and of the defects or degradations which may
occur during or in service;
b)
knowledge of the general requirements expressed in the legislation and
standards; and
c)
an understanding of the significance of deviations found with regard to
the normal use of the items, materials, products, and others concerned.
The management of the laboratory shall formulate the goals with respect to
the education, training, and skills of the laboratory personnel. The laboratory
shall have a policy and procedures for identifying training needs and
providing training of personnel. The training program shall be relevant to the
present and anticipated tasks of the laboratory.
Australian Payments Clearing Association Limited
AJ.14
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
5.2.3
5.2.4
a)
The laboratory shall use personnel who are employed by, or under
contract to, the laboratory.
b)
Where contracted and additional technical and key support personnel
are used, the laboratory shall ensure that such personnel are supervised
and competent and that they work according to the laboratory’s quality
system.
No
The laboratory shall maintain current job descriptions for managerial,
technical, and key support personnel involved in tests and/or calibrations.
Note
Job descriptions can be defined in many ways. As a minimum, the following should be defined:
5.2.5
a)
The responsibilities with respect to performing tests and/or
calibrations;
b)
The responsibilities with respect to the planning of tests and/or
calibrations and evaluation of results;
c)
The responsibilities for reporting opinions and Interpretations;
d)
The responsibilities with respect to modifying methods and developing
and validating new methods;
e)
Expertise and experience required;
f)
Qualifications and training programs; and
g)
Managerial duties.
a)
The management shall authorize specific personnel to perform
particular types of sampling, test and/or calibration, to issue test
reports and calibration certificates, to give opinions and
interpretations, and to operate particular types of equipment.
b)
The laboratory shall maintain records of the relevant authorizations,
competence, educational and professional qualifications, training,
skills, and experience of all technical personnel, including contracted
personnel.
c)
This information shall be readily available and shall include the date
on which authorization and/or competence is confirmed.
5.3
Accommodation and environmental conditions
5.3.1
a)
Laboratory facilities for testing and/or calibration, including but not
limited to energy sources, lighting, and environmental conditions, shall
be such as to facilitate correct performance of the tests and/or
calibrations.
Australian Payments Clearing Association Limited
AJ.15
[ABN 12 055 136 519]
N/A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
5.3.2
b)
The laboratory shall ensure that the environmental conditions do not
invalidate the results or adversely affect the required quality of any
measurement. Particular care shall be taken when sampling and tests
and/or calibrations are undertaken at sites other than a permanent
laboratory facility.
c)
The technical requirements for accommodation and environmental
conditions that can affect the results of tests and calibrations shall be
documented.
a)
The laboratory shall monitor, control, and record environmental
conditions as required by the relevant specifications, methods and
procedures or where they influence the quality of the results. Due
attention shall be paid, for example, to biological sterility, dust,
electromagnetic disturbances, radiation, humidity, electrical supply,
temperature, and sound and vibration levels, as appropriate to the
technical activities concerned.
b)
Tests and calibrations shall be stopped when the environmental
conditions jeopardize the results of the tests and/or calibrations.
5.3.3
There shall be effective separation between neighbouring areas in which there
are incompatible activities. Measures shall be taken to prevent crosscontamination.
5.3.4
Access to and use of areas affecting the quality of the tests and/or calibrations
shall be controlled. The laboratory shall determine the extent of control based
on its particular circumstances.
5.3.5
Measures shall be taken to ensure good housekeeping in the laboratory.
Special procedures shall be prepared where necessary.
5.4
Test and calibration methods and method validation
5.4.1
a)
The laboratory shall use appropriate methods and procedures for all
tests and/or calibrations within its scope. Methods and procedures to
be used include sampling, handling, transport, storage, and preparation
of items to be tested and/or calibrated, and, where appropriate, an
estimation of the measurement uncertainty as well as statistical
techniques for analysis of test and/or calibration data.
b)
The laboratory shall have instructions on the use and operation of all
relevant equipment, and on the handling and preparation of items for
testing and/or calibration, or both, where the absence of such
instructions could jeopardize the results of tests and/or calibrations.
c)
All instructions, standards, manuals, and reference data relevant to the
work of the laboratory shall be kept up-to-date and shall be made
readily available to personnel (see 4.3).
d)
Deviation from test and calibration methods shall occur only if the
deviation has been documented, technically justified, authorized, and
accepted by the client.
Australian Payments Clearing Association Limited
AJ.16
[ABN 12 055 136 519]
No
N/A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
No
N/A
Note
International, regional, or national standards or other recognized specifications that contain sufficient
and concise information on how to perform the tests and/or calibrations do not need to be supplemented
or rewritten as internal procedures if these standards are written in a way that they can be used as
published by the operating staff in a laboratory. It may be necessary to provide additional documentation
for optional steps in the method or additional details.
5.4.2
5.4.3
5.4.4
Selecting methods
a)
The laboratory shall use test and/or calibration methods, including
methods for sampling, that meet the needs of the client and which are
appropriate for the tests and/or calibrations it undertakes. Methods
published in international, regional, or national standards shall
preferably be used. The laboratory shall ensure that it uses the latest
valid edition of a standard unless it is not appropriate or possible to do
so.
b)
When necessary, the standard shall be supplemented with additional
details to ensure consistent application.
c)
When the client does not specify the method to be used, the laboratory
shall select appropriate methods that have been published either in
international, regional, or national standards, or by reputable technical
organizations, or in relevant scientific texts or journals, or as specified
by the manufacturer of the equipment. Laboratory-developed methods
or methods adopted by the laboratory may also be used if they are
appropriate for the intended use and if they are validated.
d)
The client shall be informed as to the method chosen.
e)
The laboratory shall confirm that it can properly operate standard
methods before introducing the tests or calibrations. If the standard
method changes, the confirmation shall be repeated.
f)
The laboratory shall inform the client when the method proposed by
the client is considered to be inappropriate or out-of-date.
Laboratory-developed methods
a)
The introduction of test and calibration methods developed by the
laboratory for its own use shall be a planned activity and shall be
assigned to qualified personnel equipped with adequate resources.
b)
Plans shall be updated as development proceeds and effective
communication among all personnel involved shall be ensured.
Non-standard methods
a)
When it is necessary to use methods not covered by standard methods,
these shall be subject to agreement with the client and shall include a
clear specification of the client’s requirements and the purpose of the
test and/or calibration.
Australian Payments Clearing Association Limited
AJ.17
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
b)
No
N/A
The method developed shall have been validated appropriately before
use.
Note
For new test and/or calibration methods, procedures should be developed prior to the tests and/or
calibrations being performed and should contain at least the following information:
a)
appropriate identification;
b)
Scope;
c)
description of the type of item to be tested or calibrated;
d)
parameters or quantities and ranges to be determined;
e)
apparatus and equipment, including technical performance
requirements;
f)
reference standards and reference materials required;
g)
environmental conditions required and any stabilization period needed;
h)
description of the procedure, including;
i)
affixing of identification marks, handling, transporting, storing, and
preparing of items;
j)
checks to be made before the work is started;
k)
checks that the equipment is working properly and, where required,
calibration and adjustment of the equipment before each use;
l)
the method of recording the observations and results;
m)
any safety measures to be observed;
n)
criteria and/or requirements for approval or rejection;
o)
data to be recorded and method of analysis and presentation; and
p)
the uncertainty or the procedure for estimating uncertainty.
5.4.5
Validating methods
5.4.5.1
Validation means to confirm by examination and to provide objective
evidence that the particular requirements for a specific intended use are
fulfilled.
5.4.5.2
a)
b)
The laboratory shall validate non-standard methods, laboratorydesigned or developed methods, standard methods used outside their
intended scope, and amplifications and modifications of standard
methods to confirm that the methods are fit for the intended use. The
validation shall be as extensive as is necessary to meet the needs of the
given application or field of application.
The laboratory shall record the results obtained, the procedure used for
Australian Payments Clearing Association Limited
AJ.18
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
No
N/A
the validation, and a statement as to whether the method is fit for the
intended use.
Note 1
Validation may include procedures for sampling, handling, and transporting.
Note 2
The techniques used for determining the performance of a method should be one of, or a combination of,
the following:
calibration using reference standards or reference materials;
comparison of results achieved with other methods;
interlaboratory comparisons;
systematic assessment of the factors influencing the result; and
assessment of the uncertainty of the results based on scientific
understanding of the theoretical principles of the method and practical
experience.
Note 3
When some changes are made in the validated non-standard methods, the influence of such changes
should be documented and, if appropriate, a new validation should be carried out.
5.4.5.3
The range and accuracy of the values obtainable from validated methods (for
example, the uncertainty of the results, detection limit, selectivity of the
method, linearity, limit of repeatability and/or reproducibility, robustness
against external influences and/or cross-sensitivity against interference from
the matrix of the sample/test object), as assessed for the intended use, shall be
relevant to the clients’ needs.
.
Note 1
Validation includes specifying the requirements, determining the characteristics of the methods, checking
that the requirements can be fulfilled by using the method, and issuing a statement on the validity.
Note 2
As method development proceeds, regular review should be carried out to verify that the needs of the
client are still being fulfilled. Any change in requirements requiring modifications to the development
plan should be approved and authorized.
Note 3
Validation is always a balance between costs, risks, and technical possibilities. There are many cases in
which the range and uncertainty of the values (for example, accuracy, detection limit, selectivity, linearity,
repeatability, reproducibility, robustness, and cross-sensitivity) can only be given in a simplified way due
to lack of information.
5.4.6
Estimating the uncertainty of measurement
5.4.6.1
A calibration laboratory, or a testing laboratory performing its own
calibrations, shall have and shall apply a procedure to estimate the uncertainty
of measurement for all calibrations and types of calibrations.
Australian Payments Clearing Association Limited
AJ.19
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
5.4.6.2
No
N/A
Testing laboratories shall have and shall apply procedures for estimating the
uncertainty of measurement. In certain cases, the nature of the test method
may preclude rigorous, metrologically and statistically valid calculation of the
uncertainty of measurement. In these cases, the laboratory shall at least
attempt to identify all the components of uncertainty and make a reasonable
estimate, and shall ensure that the form of reporting of the result does not give
a wrong impression of the uncertainty. A reasonable estimate shall be based
on knowing how the method performs and on the measurement scope and
shall make use of, for example, previous experience and validation data.
Note 1
The degree of rigour needed in estimating the uncertainty of measurement depends on factors such as:
1.
the requirements of the test method;
2.
the requirements of the client; and
3.
the existence of narrow limits on which decisions on conformance to a specification are based.
Note 2
In those cases where a well-recognized test method specifies limits to the values of the major sources of
uncertainty of measurement and specifies the form of presentation of calculated results, the laboratory is
considered to have satisfied this clause by following the test method and reporting instructions (see 5.10).
5.4.6.3
When estimating the uncertainty of measurement, all uncertainty components
that are of importance in the given situation shall be taken into account using
appropriate methods of analysis.
Note 1
Sources contributing to the uncertainty include, but are not necessarily limited to, the reference standards
and reference materials used, methods and equipment used, environmental conditions, properties and
condition of the item being tested or calibrated, and the operator.
Note 2
The predicted long-term behaviour of the tested and/or calibrated item is not normally taken into account
when estimating the measurement uncertainty.
Note 3
For further information, see ISO 5725 series and the Guide to the Expression of Uncertainty in
Measurement (see 1.4).
Amended effective date 27/04/11
5.4.7
Safe guarding of data
5.4.7.1
Calculations and data transfers shall be subject to appropriate checks in a
systematic manner.
5.4.7.2
When computers or automated equipment are used for acquiring, processing,
recording, reporting, storing or retrieving of test or calibration data, the
laboratory shall ensure that:
a)
computer software developed by the user is documented in sufficient
detail and is suitably validated as being adequate for use;
Australian Payments Clearing Association Limited
AJ.20
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
b)
procedures are established and implemented for protecting the data;
such procedures shall include, but not be limited to, integrity and
confidentiality of data entry or collection, data storage, data
transmission, and data processing; and
c)
computers and automated equipment are maintained to ensure proper
functioning and are provided with the environmental and operating
conditions necessary to maintain the integrity of test and calibration
data.
No
N/A
Note
Commercial off-the-shelf software (for example, word processing, database, and statistical programs) in
general use within their designed application range may be considered to be sufficiently validated.
However, laboratory software configuration or modifications should be validated as in 5.4.7.2a).
5.5
Equipment
5.5.1
a)
The laboratory shall be furnished with all items of sampling,
measurement and test equipment required for the correct performance
of the tests and/or calibrations (including but not limited to standard
laboratory bench equipment, digital storage oscilloscope or logical
analyzer (to view outputs from ports), tools to perform physical
security conformance tests, sampling, preparing of test and/or
calibration items, processing, and analysis of test and/or calibration
data).
b)
In those cases where the laboratory needs to use equipment outside its
permanent control, it shall ensure that the requirements of this
handbook are met.
a)
Equipment and its software used for testing, calibration, and sampling
shall be capable of achieving the accuracy required and shall comply
with specifications relevant to the tests and/or calibrations concerned.
b)
Calibration programs shall be established for key quantities or values
of the instruments where these properties have a significant effect on
the results.
c)
Before being placed into service, equipment (including that used for
sampling) shall be calibrated or checked to establish that it meets the
laboratory’s specification requirements and that it complies with the
relevant standard specifications. It shall be checked and/or calibrated
before use (see 5.6).
5.5.2
5.5.3
Equipment shall be operated by authorized personnel. Up-to-date instructions
on the use and maintenance of equipment (including any relevant manuals
provided by the manufacturer of the equipment) shall be readily available for
use by the appropriate laboratory personnel.
5.5.4
Each item of equipment and its software used for testing and calibration and
significant to the result shall, when practicable, be uniquely identified.
Australian Payments Clearing Association Limited
AJ.21
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
5.5.5
5.5.6
No
N/A
Records shall be maintained of each item of equipment and its software
significant to the tests and/or calibrations performed. The records shall
include at least the following:
a)
the identity of the item of equipment and its software;
b)
the manufacturer’s name, type identification, and serial number or
other unique identification;
c)
checks that equipment complies with the specification (see 5.5.2);
d)
the current location, where appropriate;
e)
the manufacturer’s instructions, if available, or reference to their
location;
f)
dates, results and copies of reports and certificates of all calibrations,
adjustments, acceptance criteria, and the due date of next calibration;
g)
the maintenance plan, where appropriate, and maintenance carried out
to date; and
h)
any damage, malfunction, modification or repair to the equipment.
The laboratory shall have procedures for safe handling, transport, storage, use
and planned maintenance of measuring equipment to ensure proper
functioning and to prevent contamination or deterioration.
Note
Additional procedures may be necessary when measuring equipment is used outside the permanent
laboratory for tests, calibrations, or sampling.
5.5.7
a)
Equipment that has been subjected to overloading or mishandling,
gives suspect results, or has been shown to be defective or outside
specified limits, shall be taken out of service. It shall be isolated to
prevent its use or clearly labelled or marked as being out of service
until it has been repaired and shown by calibration or test to perform
correctly.
b)
The laboratory shall examine the effect of the defect or departure from
specified limits on previous tests and/or calibrations and shall institute
the “Control of nonconforming testings and/or calibration work”
procedure (see 4.9).
5.5.8
Whenever practicable, all equipment under the control of the laboratory and
requiring calibration shall be labelled, coded, or otherwise identified to
indicate the status of calibration, including the date when last calibrated and
the date or expiration criteria when recalibration is due.
5.5.9
When, for whatever reason, equipment goes outside the direct control of the
laboratory, the laboratory shall ensure that the function and calibration status
of the equipment are checked and shown to be satisfactory before the
equipment is returned to service.
Australian Payments Clearing Association Limited
AJ.22
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
5.5.10
5.5.11
No
N/A
When intermediate checks are needed to maintain confidence in the
calibration status of the equipment, these checks shall be carried out
according to a defined procedure.
Where calibrations give rise to a set of correction factors, the laboratory shall
have procedures to ensure that copies (for example, in computer software) are
correctly updated.
5.5.12
Test and calibration equipment, including both hardware and software, shall
be safeguarded from adjustments that would invalidate the test and/or
calibration results.
5.6
Measurement traceability
5.6.1
General
a)
All equipment used for tests and/or calibrations, including equipment
for subsidiary measurements (for example, for environmental
conditions) having a significant effect on the accuracy or validity of
the result of the test, calibration, or sampling shall be calibrated before
being put into service.
b)
The laboratory shall have an established program and procedure for
the calibration of its equipment.
Note
Such a program should include a system for selecting, using, calibrating, checking, controlling, and
maintaining measurement standards, reference materials used as measurement standards, and measuring
and test equipment used to perform tests and calibrations.
5.6.2
Specific requirements
5.6.2.1
Calibration
a)
For calibration laboratories, the program for calibration of equipment
shall be designed and operated so as to ensure that calibrations and
measurements made by the laboratory are traceable to the International
System of Units (SI) (Système international d’unités).
b)
A calibration laboratory establishes traceability of its own
measurement standards and measuring instruments to the SI by means
of an unbroken chain of calibrations or comparisons linking them to
relevant primary standards of the SI units of measurement. The link to
SI units may be achieved by reference to national measurement
standards. National measurement standards may be primary standards,
which are primary realizations of the SI units or agreed representations
of SI units based on fundamental physical constants, or they may be
secondary standards which are standards calibrated by another national
metrology institute.
c)
When using external calibration services, trace-ability of measurement
shall be assured by the use of calibration services from laboratories
that can demonstrate competence, measurement capability, and
traceability.
Australian Payments Clearing Association Limited
AJ.23
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
d)
No
N/A
The calibration certificates issued by these laboratories shall contain
the measurement results, including the measurement uncertainty
and/or a statement of compliance with an identified metrological
specification (see also 5.10.4.2).
Note 1
Calibration laboratories fulfilling the requirements of this handbook are considered to be competent. A
calibration certificate bearing an accreditation body logo from a calibration laboratory accredited to this
handbook, for the calibration concerned, is sufficient evidence of traceability of the calibration data
reported.
Note 2
Traceability to SI units of measurement may be achieved by reference to an appropriate primary standard
(see VIM:1993, 6.4) or by reference to a natural constant, the value of which in terms of the relevant SI
unit is known and recommended by the General Conference of Weights and Measures (CGPM) and the
International Committee for Weights and Measures (CIPM).
Note 3
Calibration laboratories that maintain their own primary standard or representation of SI units based on
fundamental physical constants can claim trace-ability to the SI system only after these standards have
been compared, directly or indirectly, with other similar standards of a national metrology institute.
Note 4
The term “identified metrological specification” means that it must be clear from the calibration
certificate which specification the measurements have been compared with, either by including the
specification or by giving an unambiguous reference to the specification.
Note 5
When the terms “international standard” or “national standard” are used in connection with traceability,
it is assumed that these standards fulfil the properties of primary standards for the realization of SI units.
Note 6
Traceability to national measurement standards does not necessarily require the use of the national
metrology institute of the country in which the laboratory is located.
Note 7
If a calibration laboratory wishes or needs to obtain traceability from a national metrology institute other
than in its own country, this laboratory should select a national metrology institute that actively
participates in the activities of BIPM either directly or through regional groups.
Note 8
The unbroken chain of calibrations or comparisons may be achieved in several steps carried out by
different laboratories that can demonstrate traceability.
5.6.2.1.2
There are certain calibrations that currently cannot be strictly made in SI
units. In these cases, calibration shall provide confidence in measurements by
establishing traceability to appropriate measurement standards such as:
a)
the use of certified reference materials provided by a competent
supplier to give a reliable physical or chemical characterization of a
material;
Australian Payments Clearing Association Limited
AJ.24
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
5.6.2.2
5.6.2.2.1
b)
the use of specified methods and/or consensus standards that are
clearly described and agreed on by all parties concerned; and
c)
Participation in a suitable program of inter-laboratory comparisons is
required where possible.
No
N/A
For testing laboratories, the requirements given in 5.6.2.1 apply for measuring
and test equipment with measuring functions used, unless it has been
established that the associated contribution from the calibration contributes
little to the total uncertainty of the test result. When this situation arises, the
laboratory shall ensure that the equipment used can provide the uncertainty of
measurement needed.
Note
The extent to which the requirements in 5.6.2.1 should be followed depends on the relative contribution of
the calibration uncertainty to the total uncertainty. If calibration is the dominant factor, the requirements
should be strictly followed.
5.6.2.2.2
Where traceability of measurements to SI units is not possible and/or not
relevant, the same requirements for traceability to, for example, certified
reference materials, agreed methods, and/or consensus standards, are required
as for calibration laboratories (see 5.6.2.1.2).
5.6.3
Reference standards and reference materials
5.6.3.1
Reference standards
5.6.3.2
a)
The laboratory shall have a program and procedure for the calibration
of its reference standards.
b)
Reference standards shall be calibrated by a body that can provide
traceability as described in 5.6.2.1.
c)
Such reference standards of measurement held by the laboratory shall
be used for calibration only and for no other purpose, unless it can be
shown that their performance as reference standards would not be
invalidated. Reference standards shall be calibrated before and after
any adjustment.
Reference materials
Reference materials shall, where possible, be traceable to SI units of
measurement or to certified reference materials. Internal reference materials
shall be checked as far as is technically and economically practicable.
5.6.3.3
Intermediate checks
Checks needed to maintain confidence in the calibration status of reference,
primary, transfer, or working standards and reference materials shall be
carried out according to defined procedures and schedules.
Australian Payments Clearing Association Limited
AJ.25
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
5.6.3.4
No
N/A
Transport and storage
The laboratory shall have procedures for safe handling, transporting, storing,
and using reference standards and reference materials to prevent
contamination or deterioration and to protect their integrity.
Note
Additional procedures may be necessary when reference standards and reference materials are used
outside the permanent laboratory for tests, calibrations, or sampling.
5.7
Sampling
5.7.1
a)
The laboratory shall have a sampling plan and procedures for sampling
when it carries out sampling of substances, materials, or products for
subsequent testing or calibration.
b)
The sampling plan, as well as the sampling, procedure, shall be
available at the location where sampling is undertaken. Sampling
plans shall, whenever reasonable, be based on appropriate statistical
methods. The sampling process shall address the factors to be
controlled to ensure the validity of the test and calibration results.
Note 1
Sampling is a defined procedure whereby a part of a substance, material, or product is taken to provide
for testing or calibration of a representative sample of the whole. Sampling may also be required by the
appropriate specification for which the substance, material, or product is to be tested or calibrated. In
certain cases (for example, forensic analysis), the sample may not be representative but is determined by
availability.
Note 2
Sampling procedures should describe the selection, sampling plan, withdrawal, and preparation of a
sample or samples from a substance, material, or product to yield the required information.
5.7.2
Where the client requires deviations, additions, or exclusions from the
documented sampling procedure, these shall be recorded in detail with the
appropriate sampling data, included in all documents containing test and/or
calibration results, and communicated to the appropriate personnel.
5.7.3
The laboratory shall have procedures for recording relevant data and
operations relating to sampling that forms part of the testing or calibration
that is undertaken. These records shall include the sampling procedure used,
the identification of the sampler, environmental conditions (if relevant) and
diagrams or other equivalent means to identify the sampling location as
necessary and, if appropriate, the statistics upon which the sampling
procedures are based.
5.8
Handling of test and calibration items
5.8.1
The laboratory shall have procedures for the transportation, receipt, handling,
protection, storage, retention, and/or disposal of test and/or calibration items,
including all provisions necessary to protect the integrity of the test
or calibration item, and to protect the interests of the laboratory and the client.
Australian Payments Clearing Association Limited
AJ.26
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
5.8.2
5.8.3
5.8.4
a)
The laboratory shall have a system for identifying test and/or
calibration items.
b)
The identification shall be retained throughout the life of the item in
the laboratory.
c)
The system shall be designed and operated so as to ensure that items
cannot be confused physically or when referred to in records or other
documents.
d)
The system shall, if appropriate, accommodate a sub-division of
groups of items and the transfer of items within and from the
laboratory.
a)
Upon receipt of the test or calibration item, abnormalities or departures
from normal or specified conditions, as described in the test or
calibration method, shall be recorded.
b)
When there is doubt as to the suitability of an item for test or
calibration, or when an item does not conform to the description
provided, or the test or calibration required is not specified in
sufficient detail, the laboratory shall consult the client for further
instructions before proceeding and shall record the discussion.
a)
The laboratory shall have procedures and appropriate facilities for
avoiding deterioration, loss, or damage to the test or calibration item
during storage, handling, and preparation.
b)
Handling instructions provided with the item shall be followed.
c)
When items have to be stored or conditioned under specified
environmental conditions, these conditions shall be maintained,
monitored, and recorded.
d)
Where a test or calibration item or a portion of an item is to be held
secure, the laboratory shall make arrangements for storing and
protecting the condition and integrity of the secured items or portions
concerned.
No
N/A
Note 1
Where test items are to be returned into service after testing, special care is required to ensure that they
are not damaged or injured during the handling, testing, or storing and waiting processes.
Note 2
A sampling procedure and information on storage and transport of samples, including information on
sampling factors influencing the test or calibration result, should be provided to those responsible for
taking and transporting the samples.
Note 3
Reasons for keeping a test or calibration item secure can be for reasons of record, safety or value, or to
enable complementary tests and/or calibrations to be performed later.
Australian Payments Clearing Association Limited
AJ.27
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
5.9
Assuring the quality of test and calibration results
5.9.1
a)
The laboratory shall have quality control procedures for monitoring
the validity of tests and calibrations undertaken.
b)
The resulting data shall be recorded in such a way that trends are
detectable and, where practicable, statistical techniques shall be
applied to the reviewing of the results.
c)
This monitoring shall be planned and reviewed and may include, but
not be limited to, the following:
1)
regular use of certified reference materials and/or internal
quality control using secondary reference materials;
2)
participation in inter-laboratory comparison or proficiencytesting programs;
3)
replicate tests or calibrations using the same or different
methods;
4)
retesting or recalibration of retained items; and
5)
correlation of results for different characteristics of an item.
Note
The selected methods should be appropriate for the type and volume of the work undertaken.
5.10
Reporting the results
5.10.1
General
a)
The results of each test, calibration, or series of tests or calibrations
carried out by the laboratory shall be reported accurately, clearly,
unambiguously and objectively, and according to any specific
instructions in the test or calibration methods.
b)
The results shall be reported, usually in a test report or a calibration
certificate (see note 1). It shall include all the information requested
by the client, and necessary for the interpretation of the test or
calibration results, and required by the method used. This information
is normally that required by 5.10.2 and 5.10.3 or 5.10.4.
c)
In the case of tests or calibrations performed for internal clients, or in
the case of a written agreement with the client, the results may be
reported in a simplified way. Any information listed in 5.10.2 to
5.10.4 that is not reported to the client shall be readily available in the
laboratory which carried out the tests and/or calibrations.
d)
The laboratory has the capability to digitally sign or apply an integrity
mechanism to electronic copies of test reports.
Australian Payments Clearing Association Limited
AJ.28
[ABN 12 055 136 519]
No
N/A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
e)
If a test report is digitally signed, the laboratory provides a secure
means of conveying the necessary information to APCA for signature
verification
f)
The laboratory uses confidentiality mechanisms to prevent
unauthorized disclosure of electronic copies of test reports delivered
by any of the available means.
No
N/A
Note 1
Test reports and calibration certificates are sometimes called test certificates and calibration reports,
respectively.
Note 2
The test reports or calibration certificates may be issued as hard copy or by electronic data transfer
provided that the requirements of this handbook are met.
5.10.2
Test reports and calibration certificates
Each test report or calibration certificate shall include at least the following
information, unless the laboratory has valid reasons for not doing so:
a)
a title (for example, “Test Report” or “Calibration Certificate”);
b)
the name and address of the laboratory, and the location where the
tests and/or calibrations were carried out, if different from the address
of the laboratory;
c)
unique identification of the test report or calibration certificate (such as
the serial number), and on each page an identification to ensure that
the page is recognized as a part of the test report or calibration
certificate, and a clear identification at the end of the test report or
calibration certificate;
d)
the name and address of the client;
e)
identification of the method used;
f)
a description of, the condition of, and unambiguous identification of
the item or items tested or calibrated;
g)
the date of receipt of the test or calibration item or items where this is
critical to the validity and application of the results, and the date or
dates when the test or calibration were performed;
h)
reference to the sampling plan and procedures used by the laboratory
or other bodies where these are relevant to the validity or application
of the results;
i)
the test or calibration results with, where appropriate, the units of
measurement;
j)
the names, functions, and signatures or equivalent identification of
persons authorizing the test report or calibration certificate; and
Australian Payments Clearing Association Limited
AJ.29
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
k)
No
N/A
where relevant, a statement to the effect that the results relate only to
the items tested or calibrated.
Note 1
Hard copies of test reports and calibration certificates should also include the page number and total
number of pages.
Note 2
It is recommended that laboratories include a statement specifying that the test report or calibration
certificate shall not be reproduced except in full, without written approval of the laboratory.
5.10.3
Test reports
5.10.3.1
In addition to the requirements listed in 5.10.2, test reports shall, where
necessary for the interpretation of the test results, include the following:
5.10.3.2
a)
deviations from, additions to, or exclusions from the test method, and
information on specific test conditions, such as environmental
conditions;
b)
where relevant, a statement of compliance or non-compliance with
requirements and/or specifications;
c)
where applicable, a statement on the estimated uncertainty of
measurement; information on uncertainty is needed in test reports
when it is relevant to the validity or application of the test results,
when a client’s instruction so requires, or when the uncertainty affects
compliance to a specification limit;
d)
where appropriate and needed, opinions and interpretations (see
5.10.5); and
e)
additional information that may be required by specific methods,
clients, or groups of clients.
In addition to the requirements listed in 5.10.2 and 5.10.3.1, test reports
containing the results of sampling shall include the following, where
necessary, for the interpretation of test results:
a)
the date of sampling;
b)
unambiguous identification of the substance, material, or product
sampled (including the name of the manufacturer, the model or type of
designation and serial numbers as appropriate);
c)
the location of sampling, including any diagrams, sketches or
photographs;
d)
a reference to the sampling plan and procedures used;
e)
details of any environmental conditions during sampling that may
affect the interpretation of the test results; and
Australian Payments Clearing Association Limited
AJ.30
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
f)
any standard or other specification for the sampling method or
procedure, and deviations, additions to, or exclusions from the
specification concerned.
5.10.4
Calibration certificates
5.10.4.1
In addition to the requirements listed in 5.10.2, calibration certificates shall
include the following, where necessary, for the interpretation of calibration
results:
5.10.4.2
a)
the conditions (for example, environmental) under which the
calibrations were made that have an influence on the measurement
results;
b)
the uncertainty of measurement and/or a statement of compliance with
an identified metrological specification or clauses thereof; and
c)
evidence that the measurements are traceable (see note 2 in 5.6.2.1.1).
a)
The calibration certificate shall relate only to quantities and the results
of functional tests.
b)
If a statement of compliance with a specification is made this shall
identify which clauses of the specification are met or not met.
c)
When a statement of compliance with a specification is made omitting
the measurement results and associated uncertainties, the laboratory
shall record those results and maintain them for possible future
reference.
d)
When statements of compliance are made, the uncertainty of
measurement shall be taken into account.
5.10.4.3
When an instrument for calibration has been adjusted or repaired, the
calibration results before and after adjustment or repair, if available, shall be
reported.
5.10.4.4
A calibration certificate (or calibration label) shall not contain any
recommendation on the calibration interval except where this has been agreed
with the client. This requirement may be superseded by legal regulations.
5.10.5
Opinions and interpretations
When opinions and interpretations are included, the laboratory shall
document the basis upon which the opinions and interpretations have been
made. Opinions and interpretations shall be clearly marked as such in a
test report.
Note 1
Opinions and interpretations should not be confused with inspections and product
certifications as intended in AS/NZS ISO/IEC 17020 and ISO/IEC Guide 65.
Amended effective date 27/04/11
Australian Payments Clearing Association Limited
AJ.31
[ABN 12 055 136 519]
No
N/A
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure J - CECS Laboratory Accreditation Checklist
Amended effective 27/04/11
Yes
No
N/A
Note 2
Opinions and interpretations included in a test report may comprise, but not be limited to, the following:
1.
an opinion on the statement of compliance/non-compliance of the results with requirements;
2.
fulfilment of contractual requirements;
3.
recommendations on how to use the results; and
4.
guidance to be used for improvements.
Note 3
In many cases it might be appropriate to communicate the opinions and interpretations by direct dialogue
with the client. Such dialogue should be written down.
5.10.6
5.10.7
Testing and calibration results obtained from subcontractors
a)
When the test report contains results of tests performed by
subcontractors, these results shall be clearly identified.
b)
The subcontractor shall report the results in writing or electronically.
c)
When a calibration has been subcontracted, the laboratory performing
the work shall issue the calibration certificate to the contracting
laboratory.
Electronic transmission of results
In the case of transmission of test or calibration results by telephone, telex,
facsimile, or other electronic or electromagnetic means, the requirements of
this handbook shall be met (see also 5.4.7).
5.10.8
Format of reports and certificates
The format shall be designed to accommodate each type of test or calibration
carried out and to minimize the possibility of misunderstanding or misuse.
Note 1
Attention should be given to the layout of the test report or calibration certificate, especially with regard
to the presentation of the test or calibration data and ease of assimilation by the reader.
Note 2
The headings should be standardized as far as possible.
5.10.9
Amendments to test reports and calibration certificates
a)
Material amendments to a test report or calibration certificate after
issue shall be made only in the form of a further document, or data
transfer, which includes the statement:
“Supplement to Test Report [or Calibration Certificate], serial number
… [or as otherwise identified],” or an equivalent form of wording.
b)
Such amendments shall meet all the requirements of this handbook.
c)
When it is necessary to issue a complete new test report or calibration
certificate, this shall be uniquely identified and shall contain a
reference to the original that it replaces.
Australian Payments Clearing Association Limited
AJ.32
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS MANUAL
Annexure K - Exemption Request Form
Amended effective 25/06/13
ANNEXURE K EXEMPTION REQUEST FORM
Member:
Approval to disclose to eftpos Payments Australia Limited given / not given (delete as applicable):
Authorised by:_____________________
Date:_____________________
Date of Request:
Section & clause
number of
requirement
If exemption is
sought in respect
of a particular
device, insert
Manufacturer,
model, revision
and software
version
Requirement for
which Member is not
in compliance
Type in the actual
wording of the
Requirement with
which the Member is
not complying
Date of Original Request:
Risk
Rank
Compensating Controls
Situation
(reason for noncompliance)
Describe the
situation, including
when and why outof-compliance
occurred.
Describe the risks
the out-ofcompliance situation
poses
High,
Medium
or
Low
List the compensating controls
that reduce the risk
Reference Number:
Residual
Action to be taken and
Risk
timeframe
High,
Medium
or
Low
List what you are doing to
correct the non-compliance
For Extension Request
Indicate the reason why an
extension is sought
Promised date of correction
Indicate the date when the
situation will be corrected.
Risk Weighting
HIGH
 potential loss of integrity of PINs
MEDIUM
 potential reduced integrity of PINS
LOW
potential material losses to Members, Card
Acceptors or Cardholders
potential changes to financial content of
transaction
potential mass fraud
potential loss of public confidence
potential monetary losses to Members, Card
Acceptors or Cardholders could be significant.
Australian Payments Clearing Association Limited
minimal affect on the integrity of PINs
potential monetary losses to Members would not
be significant.
[ABN 12 055 136 519]
Amendment Number E228 issued as CS3/r&p/001.13
AK.1
Consumer Electronic Clearing System (CS3) CECS Manual
Annexure L
Contingency File Exchange Form
(Part 2.9.3)
Inserted effective 2/10/06
CECS Contingency File Exchange Form
Date sent:
/
/
CONFIDENTIAL COMMUNICATION:
This communication is confidential and intended only for the use of the addressee. If you have received this communication in error, please notify the financial institution from which you
have received it, at the telephone number given, to arrange disposal. Unauthorised use of the information in this message may result in legal proceedings against the user. Thank you.
[Full Name of Receiving Member]
To:
Fax number:
Email:
Please refer to the email file exchange contacts database for details of Receiving Member’s facsimile number / email address.
[Full Name & ACN/ARBN/ABN of Sending
Member]
From:
Fax number:
Email:
Authorised Contact:
(Name & position)
Signature:
We advise that due to a Disruptive Event we are experiencing a partial/total loss of our ability to send on-line transactions. We
seek your assistance in receiving and processing our transactions in Contingency File format as detailed below.
Sending
Filename:
File size :
Number of Items in file:
Total Value of file:
Debits
$
Credits
$
Expected Transmission (Date/Time):
Sending Files:
File will be sent using the following Contingency
Exchange Arrangement
Email File Exchange
Alternate electronic link
Physical Medium – using ____________
Other – please specify ______________
Please acknowledge successful receipt of our file(s) by contacting:
Contact
(Name & position)
Contact Phone:
Please acknowledge successful processing and anticipated settlement date of our file(s) by contacting:
Contact
(Name & position)
Contact Phone:
Settlement Date:
Australian Payments Clearing Association Limited
AL.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS Manual
Annexure M
Minimum Evaluation Criteria for IP Enabled Terminals
Last Amended Effective 27/04/11
ANNEXURE M MINIMUM EVALUATION CRITERIA FOR IP ENABLED TERMINALS
The requirements set out in this Annexure M must be complied with from 1 January 2011. Prior to that date
compliance is recommended.
M.1
Introduction
Terminals supporting TCP/IP protocols, their manufacturer and management and installation information
shall be evaluated for compliance with the requirements specified in this annexure.
M2
IP Protocols/Services Requirements
M2.1
The following requirements pertain to the data link (layer 2) and IP (layer 3) protocol suites:
1.
The manufacturer provides specific 'best practices' for using the data link and IP layers to
developers, integrators and end users.
2.
The manufacturer has exercised due diligence in ensuring that the above protocol suites do not
contain known vulnerabilities.
M2.2
The following compliance statements relate to the security of the transport (layer 4) protocol suites (e.g.,
TCP, UDP) as a whole:
1.
The Terminal manufacturer has clearly identified all the transport layer protocols present in the
Terminal.
2.
The Terminal manufacturer has exercised ‘due diligence’ to ensure that the declared IP Protocols
do not contain known vulnerabilities.
3.
Specific best practices for using the declared transport layer protocols are covered in the security
guidance made available to application developers, system integrators and end-users of the
Terminal.
M2.3
The following compliance statements relate to the security protocols (e.g. SSL, IPSec, PPTP, PPP’s LCP
with CHAP, Radius or TACACS, or proprietary protocols) as a whole. Manufacturers shall answer ‘Yes’ if
at least one of the declared security protocols meets a particular requirement. Further, a specific
configuration of each declared security protocol shall be provided by the manufacturer.
1.
The Terminal manufacturer has clearly identified all the security protocols present on the
Terminal.
2.
The Terminal manufacturer has exercised ‘due diligence’ to ensure that the declared security
Protocols do not contain known vulnerabilities.
3.
Specific best practices for using declared security protocols are covered in the security guidance
made available to application developers, system integrators and end-users of the Terminal.
4.
The Terminal either encrypts, or enables the encryption of, all sensitive data sent over a network
connection and uses a session key for that purpose.
5.
Session keys are established in a secure manner, using appropriate key management procedures,
such as those listed in AS2805 part 6 series.
Amended effective date 27/04/11
6.
To ensure the confidentiality of sensitive data, the terminal supports 3DES and/or AES as
Australian Payments Clearing Association Limited
AM.1
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS Manual
Annexure M
Minimum Evaluation Criteria for IP Enabled Terminals
Last Amended Effective 27/04/11
encryption algorithms to be used by financial applications.
7.
The length of symmetric (secret) keys used in the Terminal is at least 112 bits.
8.
Before encrypting data, the Terminal generates a MAC or signed message digest that is used for
message integrity checking, by the host system.
9.
The Terminal implements one of the secure SHA series for MAC or message digest computation;
as used by financial applications: SHA-224, SHA-256, SHA-384, SHA-512 or AS2805.4
compliant mechanisms.
10. The Terminal is able to authenticate the server based on a public key cryptographic method with
the appropriate algorithm/key length, and uses either the RSA or DSS algorithms.
11. When RSA or DSS algorithms are used, the length of the public keys used by the Terminal is at
least 2048 bits.
12. The Terminal is able to verify the authenticity of certificates it receives.
13. The Terminal only contains those certificates necessary for its operation (i.e., no generic
certificates)
14. The key management policy relating to cryptographic keys or certificates for the Terminal is
documented.
15. The lifetimes of keys associated with different types of use (e.g., session keys, software update
authorization keys, etc.) are documented.
The random number generation process has been validated against NIST SP 800-22 or equivalent.
M2.4
The following compliance statements relate to the security of (layer 7) network applications (e.g. DHCP,
HTTP, FTP, TFTP, SMTP, SNMP, etc) as a whole:
1.
The Terminal manufacturer has clearly identified all of the network applications present on the
Terminal in the Network Applications Declaration form.
2.
The Terminal manufacturer has exercised ‘due diligence’ to ensure that the declared network
applications do not contain known vulnerabilities.
3.
Specific best practices for using the available network applications are covered in the security
guidance made available to application developers, system integrators and end-users of the
Terminal.
4.
The Terminal does not use IP addresses for the authentication of systems.
5.
Where authentication is used for management access, the Terminal ensures the confidentiality of
passwords by using an appropriate security protocol.
6.
The Terminal keeps track of all connections and restricts the number of client sessions that can
remain active on the Terminal to the minimum necessary number.
7.
The Terminal sets time limits for sessions and ensures that sessions are not left unattended and
active for longer than necessary.
8.
The Terminal enforces authentication for connecting to network applications.
Australian Payments Clearing Association Limited
AM.2
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS Manual
Annexure M
Minimum Evaluation Criteria for IP Enabled Terminals
Last Amended Effective 27/04/11
M2.5
The following compliance statements relate to the security management of the Terminal:
1.
The manufacturer has put in place due change-control procedures.
2.
The certified firmware is protected and stored in such a manner as to preclude unauthorised
modification, e.g. by using dual control or standardised cryptographic authentication procedures.
3.
The Terminal is assembled in a manner that ensures that the components used in the
manufacturing process are those hardware and software components that were certified and that
unauthorised substitutions have not been made.
4.
Production software that is loaded onto Terminals at the time of manufacture is transported, stored
and used in a way that prevents unauthorised modifications and/or substitutions.
5.
The software provider has provided assurance that all firmware and software and any updates have
been certified as free from unauthorised modifications.
6.
The Terminal manufacturer has a vulnerability disclosure policy that addresses the timely
distribution to platform users of information related to newly found vulnerabilities in the Terminal.
This information includes both a clear identification of the vulnerability and the recommended
mitigation.
7.
The Terminal manufacturer implements adequate mechanisms, procedures and documentation to
ensure that required security patches are created, distributed and applied.
8.
The Terminal supports the validation of the integrity and origin of all application software and
software updates.
9.
All manual Terminal security initialisation must be conducted under dual control and related
evidence kept for audit.
M3
Financial Transaction Security Requirements
1.
Support for financial message encipherment compliant to AS 2805 part 9 is provided.
2.
Processing of customer PIN data at the Terminal is confined to secure cryptographic hardware that
has been accredited by APCA.
Australian Payments Clearing Association Limited
AM.3
[ABN 12 055 136 519]
Consumer Electronic Clearing System (CS3) CECS Manual
Annexure N
PCI Plus Requirements
Amended effective 26/08/14
AS 2805 Requirement
POS Devices and fully
integrated Unattended
Payment Terminals (UPTs)
UPTs with
external
controller
ATMs
A3: to protect the important cryptographic
keys that may not be held in the Encrypting
PIN Pad (EPP)
No
No
Yes
A5: some physical protections for the outer
casing
No
No
Yes
A5A: Use of non-standard components for the
device
Yes
No
Yes
A6: tamper evidence (still important in those
cases where tamper responsiveness can be
defeated)
Yes
No
Yes
A9, A10 and A12: requirements which ensures
device is safe from cold boot attack
No
No
Yes
A13 and A14: tamper responsive on non-EPP
secure components
No
No
Yes
A16, A17 and A21: requirements associated
with ensuring the application software and
firmware are safe and, in the case of ATMs,
requirements associated with ensuring the
ATM processor driving the EPP (and other
secure components)
Yes
No
Yes
A24-A27 and A30: requirements associated
with ensuring the ATM/EPP is in a sensitive
state when necessary
No
Yes
Yes
A29: If cryptographic keys are lost for any
reason, e.g. a long-term absence of applied
power, the device will enter a non-operational
state
Yes
No
Yes
B2 and B16: protecting the path to the display
to prevent misuse of prompts
No
No
Yes
B14, B19 and B20: multi-acquirer
Yes
No
No
D1 – D6: MACing
Yes
No
Yes
CECS 5.12.5: Privacy of communication
complies with AS2805 part 9 or any other
privacy of communication standard approved
by the Management Committee.
Yes
Yes
No
References below are to requirements specified in
Annexes A, B and D of AS 2805.14.2 or clauses of
the CECS Manual
Australian Payments Clearing Association Limited
[ABN 12 055 136 519]
Amendment No. E229, issued as CS3/r&p/001.14
AN.1
				
											        © Copyright 2025