BASE24-EPS

2020 JUNE
BASE24-eps Features
UP Retail Payments Solution

UP Framework

Availability Reliability Endpoints API Orchestration Security

UP BASE24-eps Ecosystem
Channels Payment Types
Connectivity
ATM POS Online Debit Prepaid Customer ID Token
Payment Networks Host
Mobile Branch Tailored Credit Stored Value Account Virtual

UP BASE24-eps Baseline Business Functions

Monitoring &
Device Management Authentication Authorization
Reporting

Acquiring Switching & Routing Security & Fraud Connectivity

Functionality for modern payments

Device Management
Driving customer engagement
THE CHALLENGE
• Managing a network of
devices carries high
operational costs and capital
expenses
• Ensuring operational
effectiveness across growing
and diverse network
endpoints
• Adopting new and
continuously evolving
standards and payment types
DEVICE SUPPORT
• Access to multiple device handler interfaces
• Capability to monitor and report device health across the full
estate provides comprehensive insight
EXTENSIVE CONNECTIVITY
• Support of open APIs enables connections to new devices
• Access to third party CRM’s enriches the customer experience
RAPID DEPLOYMENT
• Efficient deployment of new capabilities through Software
Development Kits
• Faster implementation of new requirements through packaged
interfaces
• Efficient integration and configuration to other systems enabled
by the UP Framework
Device Handlers
• Used to control devices such as ATM or POS devices

• Translates between device native messages and internal formats

• Exercises device control:

− Operations: Balancing, cutover, settlement, supply management, etc.
− Device Control: Configuration downloads, faults and responses, key changes, etc.

• Dedicated communications lines or dial-up over multiple protocols

• Specific device handlers for specific message formats:

− ATM and POS, Diebold and NCR, direct-connect and dial-up, fault messages, etc.

• Ongoing updates that follow manufacturer feature changes

Acquiring Transactions
Meeting Consumer Expectations
THE CHALLENGE
• Rapidly emerging standards
and transaction types
• Broadening your ecosystem
while maintaining service
• Ensuring a uniform and
positive customer experience
across all channels
REGIONAL AND INTERNATIONAL SCHEMES
SUPPORTED
• Integrated network interfaces to local networks
• Integrated scheme interfaces global schemes
OPEN API CHANNELS
• Gateway provider agnostic approach
• Pre-packaged components for API services enablement
included in UP Framework
EMERGING CHANNEL CONNECTIVITY
• Efficiently define and deploy new interfaces and connections
through configuration
Authentication
Securing the customer experience
THE CHALLENGE
• Ensuring transaction integrity
• Prioritizing customer
experience without
compromising the transaction
• Managing additional
compliance and payment
method requirements
FLEXIBILITY ON CONFIGURATION CHANGES
• Rapidly respond to the latest fraud strategies by scripting new
rules
• Reduce dependency on costly IT resources by making changes
at the business level
CUSTOMER CENTRIC AUTHENTICATION
• Consistent customer engagement through workflow
management
MULTIPLE AUTHENTICATION CAPABILITIES
• Flexible design allows quick integration of rules and compliance
mandates
• New means of authentication included for emerging payment
types and offerings
Switching and Routing
Ensuring customer confidence with process efficiency
THE CHALLENGE
• Managing the routing
transactions
• Increase in consumer initiated
transactions (non-card or
account to account payments)
• Complexity of real time
payments and additional
services require more digital
endpoints
SEQUENTIAL ROUTING
• Ability to route to other processes during the authorization
process – like a fraud system
CUSTOMER ID TO ACCOUNT ROUTING
• Enables new payment types to be easily introduced by defining
routing and authorization rules via scripting
SCRIPTED AUTHORIZATION
• Ensures efficient business level authorization and routing
/switching rules to network interface logic
Security and Fraud
Secure at the speed of fraud
THE CHALLENGE
• Simplify and automate security
• Meet the latest industry
requirements
• Adopt changing regulations and
standards quickly
TRANSACTION SECURITY
• Key and PIN management supported by an extensive range of
hardware security module interfaces
• All mandate updates are included in quarterly service pack
releases
REGULATORY REQUIREMENTS
• Service Pack releases include regulatory requirement
responses such as PCI requirements, data at rest tokenization,
etc.
MANAGED LISTS
• Reduce risk with specified rules by transaction or limit profiles
• Incorporate flexible rules based on types of individuals,
countries, etc.
Monitoring and Reporting
#SleepAtNightAbility of system health
THE CHALLENGE
• Adding new functionality may
compromise current system
health
• Managing daily business while
meeting growth expectations
and future goals
• Ensuring all payment activities
are monitored
EXTENSIVE JOURNAL DATA
• Data extracts provides all necessary transaction data for
settlement processes
• Data integrity maintained through audit trail journals of
transactions
• On-line Journal Extracts for “near real-time” feeds to other
systems
APPLICATION MANAGEMENT
• System health is maintained by monitoring:
− Counters such as messages
− Thresholds – high and low
ENTERPRISE REPORTING AND MONITORING
• Integrates with third party monitoring systems
• Single view of system health, including event logs
Connectivity (host to network)
Universal connectivity
THE CHALLENGE
• Ensuring continuous connection
of endpoints
• Maintaining transaction integrity
while managing the growing
complexity of endpoints
• Ensuring endless connectivity
well into the future
STAND IN CAPABILITIES
• Ensure continuity of transaction flow and authorization services
with stand in capability
• 24x7 availability with active/active functionality
GLOBAL CONNECTIVITY AND EASE OF INTERFACE
CONFIGURATION
• All major international and many regional and domestic card
schemes are supported
• Emerging non card schemes supported
• Software development toolkit aids rapid configuration and
deployment of new interfaces
• Orchestration and management of interfaces pre-integrated into
system
Base24-EPS
Enhanced and extendable environment

SDK • Toolkits for extension of core functions

Complexity of implementation
Development • Configuration and scripting tools to create new
Toolkits endpoints – Powered by UPF
Time to market

Business • SOA based interaction and integration with

Services BASE24-eps

• Modify authorisation, extract and perusal

Scripting processing via user defined scripts

Managed Lists • Maintain data lists at a business level via UI

Configuration • Comprehensive configuration capabilities

Transaction Flow – Our Card at Our Device
Back-End / Batch Systems Desktop
9
Scripted Online File Updated Configuration
Extracts Extracts Update AUTH HSM and Control
Changes Files

Extract Refresh End-Of-Period

Journal AUTH

25 6 24
Online
Journal File Update Transaction ATM Device Handler Requests ATM
Security 26 3 2 27 1 28
Host - ISO Online
ISO 8583 I/F Framework 8 10 Online
POS
Requests POS Device Handler Requests
U C
Immediate Pay.
Online
ISO 20022 I/F Framework 4
Requests P o Router ISO I/F
Online
Host - ISO
Requests
Online 4 F n 18 22 19 21 20
ATM / POS Requests Device Handler Framework Online
f 5 7 11 Network I/F Requests Network
Online
Network Requests Network I/F Framework i Scripting
Fraud
g Engine Risk I/F Risk Mgmt.
Screens

“Other” Endpoint
Messages
“Other” I/F Framework 17 23 12 16 29 13 15 30 14 31
as Needed EMV
EMV I/F Chip Mgmt.
Integrated Server – 1 Instance Scripts

BASE24-eps
Transaction Steps – Our Card at Our Device
1. Consumer initiates a transaction at a device driven by BASE24-eps
2. Device transmits request message to BASE24-eps
3. Device Handler translates native message to TDEs (Transaction Data Elements)
4. Router evaluates 7 parameters to route transaction or (in this example) choose a script
5. Script Engine begins executing authorization logic from the selected script
6. Authorization and related files are called to learn about processing parameters
7. Scripting Engine determines next step is PIN Verification call
8. Control passes to Transaction Security for PIN Verification
9. Transaction Security calls the HSM for the desired cryptography
10. HSM returns result to Transaction Security
11. Control returns to Scripting Engine for next script steps
12. Control passes to Risk system interface for real-time fraud screen (optional)
13. Risk Interface sends risk request to Risk application
14. Risk system executes the real-time screen, and produces a result (rule tripped and fraud score)
15. Risk response sent to Risk interface
16. Risk interface translates Risk response into TDEs
17. Risk information analyzed by script as part of authorization
18. Control passes to ISO Host I/F which translates TDEs to ISO message
19. ISO request sent to Host
20. Host performs final authorization and generates a response
21. Response sent to ISO Host I/F
22. ISO Host I/F translates ISO to TDEs
23. Control passes back to the Scripting Engine for continued authorization steps
24. Script makes all database updates, such as usage and balance
25. Journal writes transaction response record to Journal File
26. Control passes to the Device Handler, which translates TDEs to native message
27. Response message transmitted to Device
28. Device fulfils consumer’s transaction
29. Control passes to the Risk interface to send the transaction for a near-real-time fraud screen
30. Transaction is sent to the Risk system.
31. Risk system performs the near-real-time fraud screen.
BASE24-eps UI
Interchange Services
Interchange Services
Host and Network Interfaces

• Host system interfaces

− ISO 8583 standard (1987 & 1993 versions)

• Network Interfaces
− All major global, national, and regional networks +

• Standard message types (financial, authorization, reversal, network management,

etc.)
• Store and Forward File (SAF) support
• Timer support (timeouts, network management, wait-for-traffic, etc.)

• Mandate support corresponding to network schedules

• Version independence minimizes the impact of implementing mandates
Routing Flexibility

Combines Multiple Parameters

• Source Route Profile
• Destination Route Profile
• Transaction Type
• “From” Account Type
• “To” Account Type
• Authentication Method (PIN or PINless)
Routing Flexibility
Sequential Routing

• Permits calls to an external application during authorization processing

− The Scripted logic determines when to make the call
− Processing is suspended for that transaction at that point in the script
− Upon external application’s response, script starts where it left off
− Scripted logic evaluates the external response

• Supports multiple Sequential Routing calls per transaction

• Common example: Calls to a “real-time” anti-fraud screen

Authorization Services
Scripted Control
SCRIPT MANAGEMENT
• Online repository of all scripts
• Add, Edit, Delete scripts online
• Dual control for rolling in changes
• “Compile” scripts real-time

SCRIPTED AUTHORIZATION
PROVIDES
• Access to cardholder data
– Positive authorization
– Negative authorization
– Balance authorization
– Limits and Usages
– Pre-authorization
• Access to custom data
Authorization Services

• Authorization file refresh

− Cards, accounts, balances, and others may be fully or partially refreshed
− Starting balance + usages determine available balance
• Stand-in authorization
• Pre-Authorization services
− Validate one or more limits
− Validate the PIN and number of bad PIN tries
− Card security validations, such as iCVV, CVC and EMV ARQC
• Post-authorization process
− Forwarding transaction data as an advice to another system
− Store-and-forward facility for stand-in authorization results
Sample Script
# VISA_PURCH_BNK2
# This is the purchase authorization script for BNK2 Prefixes from Visa.
# ---------------------------------------------------------------------------------------------------------------
void VISA_PURCH_BNK2();
{
# Check if Internet Transaction
if ( exists( TDE.E_COM_TAG ) )
{
# Check Country
if (TDE.ACQ_CNTRY_CDE = ‘123’ )
# Moonland
{
# Check Merchant Category Code
if ( TDE.CRD_ACCPT_BUS_CDE = '7995' )
# Betting (including Casino Gaming)
{
# Block the transaction (Deny, do not honour)
TDE.ACT_CDE_SET( 100 );
return;
}
}
}
# Approve the transaction.
TDE.ACT_CDE_SET( "000" );
return;
}
Managed List

• Dynamically configure
data used by
authorization scripts
• Reduce complexity of
authorization scripts
• Improves ability to
respond to market
changes or fraud attacks
Limits Configuration

Flexible Limits
Configuration

Rolling Limits
• Not reset at the end
of each usage period
• Usage accumulators
are maintained for
each selected unit of
time (e.g. minutes,
hours, weeks)
Cardless Support

Use of virtual token to

identify a customer,
(e.g. Customer ID,
email address,
mobile number,
national ID)

Route transactions based on

customer identification or bank
account number, (e.g. IBAN,
BBAN, BIC, RTTN)
Delivery Channel Management
ATM Driving
• Self Service Banking/ATM
– NCR
– Diebold
– IFX
– Triton
– Tidel
• EMV, Multi-App, Multi-
Currency, Surcharging
• Cash deposit – Bunch
Note Acceptor (BNA)
• Check deposit (non-
envelop) – Check
Processing Module
(CPM)
• AKDS (Automatic Key Distribution System)
• States & Screens: The Paragon tools
• FRAMEWORKS for connectivity provide rapid development – reduce time to
market for new delivery channels
ATM Channel Management

Perform actions to
ATMs individually or
in a group
ATM Channel Management

ATM status information for

hardware fitness and supply levels
Delivery Channel Management
POS Driving

POS Acquirer Managing all facets of POS device

▪ APACS ▪ Merchant & terminal configuration
▪ Hypercom ▪ POS transactions support
▪ SPDH ▪ Security (MAC, PIN encryption)
▪ Visa II ▪ Logon/Logoff
▪ Draft capture options
▪ Close batch
▪ EMV support
▪ Multiple Currency
support
Dynamic Currency Conversion (DCC)

• Dynamic Currency Conversion allows card transactions to be processed

in the cardholder’s home currency
• The generated revenue is “moved” from the issuing side to the acquiring
side of the transaction.
• DCC enablement for:
– POS Acquiring
– ATM Acquiring
– Card-Not-Present & eCommerce Acquiring
• DCC authorization framework and ISO 8583 interface to 3rd party DCC
host
• Optional out of the box connection to MONEX with profit sharing model
Dynamic Currency Conversion (DCC)
Transaction Security Services

• Cardholder Authentication • Hardware Security vendors

– DES and Triple DES PIN encryption supported:
– IBM DES PIN verification – Atalla
– VISA PVV PIN verification – Thales (Racal)
• Message Authentication – SafeNet (Eracom)
• Card Verification (CVV, CVV2, CVC, CVC2, – IBM Crypto Express2
CSC, iCVV) – Bull
• Manages shared keys with external networks
– Key generation
– Encrypted key storage
– PIN translation
• Automated Key Distribution System (ATM)
• Full EMV MOA CAM Support (VSDC, qVSDC)
Security Considerations

• PA-DSS certified
• Latest PCI compliance including TLS 1.2 compliant
• User security and audit controls - Roles, filters, and permissions dictate access
to functions and data
• Can be integrated to LDAP Active Directory
EMV Processing

BASE24-eps supports:
• Contact and contactless
• Multi Application EMV Cards
• EMV Post Issuance Scripts
• EMV issuer applications:
− CCD 4.1 (EMV 2004)
− German SECCOS 6
− M/Chip 2.1 (EMV 1996)
− M/Chip 4 (EMV 2000)
− M/Chip 4 and M/Chip Advance (next generation chip platform for contact and dual interface)
− UKIS 3.1.1 (EMV 1996)
− VIS 1.3.2 (EMV 1996)
− VIS 1.4 (EMV 2000)
− VIS 1.5 and VCPS 2.1 (encouraged for new implementations)
Additional Key Features

• 24/7 High Availability

• Option for Active/Active
• Pre-Authorization
• Stand-In Authorization with Store and Forward (SAF) service
• Sequential Routing
• Multi Application EMV Card Support
• EMV Post Issuance Scripts
• M/Chip Advance, VIS1.5 EMV issuing
• Dynamic Currency Conversion (DCC)
• Tokenization Service Support – Visa Digital Enablement Program (VDEP/VTS) &
MasterCard Digital Enablement Service (MDES)
• PA-DSS 2.1 and TLS 1.2
• Version Independence
QA