jamtronix

This is part 4 of a series on Australian payment systems.

This post describes the Australian EFTPOS system, also known as CECS. The one infrastructure is used to process both credit cards and debit cards. [1]

First we'll start with some definitions. In an EFTPOS transaction, there are 4 important participants

• the 'card holder' - the person who wants to buy some goods and pay for it with their card
• the 'card acceptor' - the merchant who wants to take payment for goods
• the 'card issuer' - the bank that issued the debit or credit card to the card holder (i.e. the cardholder's bank)
• the 'acquiring bank' - the bank that runs the EFTPOS terminal issued to the card acceptor (i.e. the merchants bank)

First off, the card gets swiped through the EFTPOS terminal (aka a PINpad) which reads the card number off the magnetic stripe on the back. Then the merchant enters in the amount to charge the card and the cardholder selects what account to pay with, and (if necessary) enters a PIN. The EFTPOS terminal then connects through to a computer (called an 'EFTPOS Switch') at the merchant's bank. This connection can be over PSTN, or ISDN, or X.25 or even IP. There are lots of different communication protocols in use, however in all cases, the message will be encoded into a message format called AS2805. Like many things labelled 'Australian', AS2805 actually comes from overseas - it's a dialect of ISO8583.

Once the transaction gets the 'acquiring' bank (i.e. the bank that issued the terminal to the merchant), the acquiring EFTPOS Switch then looks in the AS2805 message, and pulls out the first 6 digits of the card number. These 6 digits are called a Bank Identification Number (BIN). This tells the acquirer which bank issued the card. The acquirer then looks up a routing table to see if the acquirer has an 'interchange agreement' with that card issuer. I.e. is there a way for the acquirer to both send the transaction on to the issuer, and also (later) settle the transaction with the issuer. If the answer to both questions is yes, then the acquiring switchs sends the transaction on to the issuer's switch, the issuer's switch then looks up the relevant card record in it's database, checks the account balance and PIN and what not, and decides whether to approve or decline the transaction. The response is then put in to another AS2805 message that gets sent by the issuer switch to the acquiring switch, the acquiring switch forwards the response on to the terminal that initiated the transaction, and then the terminal prints out a receipt. At this point then:

1. the cardholder has gotten some goods from the merchant,and
2. the cardholder has had money taken out of their account by the card issuer.

   But there's still 2 more steps that need to happen before the transaction is complete:

3. the card issuer needs to transfer money to the acquirer
4. the acquirer needs to credit the merchant's account

In other words, the transaction has been processed (sometimes called cleared) but not yet settled. Like BECS, EFTPOS transactions use a 'Deferred Net Settlement'process. Overnight, each acquirer summarizes the previous days EFTPOS transactions and calculates it's net position with each issuer (and issuers likewise calculate their net position with each acquirer), and then transactions are posted in to RITS to move the net total from each issuer's ESA to each acquirer's ESA.

The acquirer then splits up the total sum transferred to it's ESA across all the merchants who performed transactions, using it's own switch's record of transactions processed on that trading day.

Footnotes

• [1] There are some differences between paying by Credit Card (VISA/MasterCard) and paying by Debit Card (i.e. when you select cheque or savings), although mostly though these differences affect the rate that the merchant gets charged for the privilege of accepting EFTPOS payments, not the communication or settlement of the transactions so we'll ignore those for the moment and group all the different types of EFTPOS transactions together.