Questions:

  • ISO8583 fields
    1. Which type transactions contain field DE2 (PAN)?
    2. Having a field DE4 (Amount) set as "000000001234" and field DE49 (Currency code) set as "840". What was a transaction amount in AUD?
    3. What STAN means?
    4. Would you know at least two PAN Entry modes (DE22)?
    5. What is the DE39 response code for "Issuer or switch inoperative"?
    6. What is a content of the field DE52 (PIN block) for?
    7. Would you know what is the field "Original Data Elements" for?
    8. Would you know what is the field DE55 for?
  • ISO8583 Human parser
    • Parse manually binary data provided:
       0000(0000) 00 A1 30 31 31 30 72 38 00 81 02 E0 81 00 31 36 ..0110r8......16
      0016(0010) 34 36 35 31 32 33 34 35 36 30 33 30 38 38 38 38 4651234560308888
      0032(0020) 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 0000000000000001
      0048(0030) 30 30 30 33 31 30 31 38 33 33 30 36 30 30 30 33 0003101833060003
      0064(0040) 33 35 30 38 30 33 31 30 31 31 30 34 30 30 30 36 3508031011040006
      0080(0050) 34 31 34 32 34 33 30 30 38 30 30 30 30 30 30 31 4142430080000001
      0096(0060) 38 31 31 32 33 34 35 36 37 38 39 30 31 30 31 4C 811234567890101L
      0112(0070) 6F 6E 64 6F 6E 20 20 20 20 20 20 20 20 20 20 20 ondon
      0128(0080) 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
      0144(0090) 20 20 20 20 20 20 20 38 32 36 30 30 34 31 35 31 826004151
      0160(00A0) 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0...............
    1. Retrieve message type
    2. All message fields and their values

Answers:

  • ISO8583 introduction
    1. Transactions with a payment impact like payment, balance enquiry, reversals (not e.g. reconciliations, management messages)
    2. Based on actual exchange rate it should be $13.31AUD
    3. System Trace Audit Number
    4. Manual PAN entry, Magnetic card swipe, ICC
    5. 91
    6. Allows card issuer to decypher PIN data and validate card holder
    7. For financial messages linking as payment & reversal, so these can be clearly identified in acquirer's payment system
    8. EMV data (result of communication between payment terminal and ICC card)
  • ISO8583 Human parser
    1. 0110
    2. Expected output:
      002:       [4651234560308888]
      003: [000000]
      004: [000000000100]
      007: [0310183306]
      011: [000335]
      012: [080310]
      013: [1104]
      025: [00]
      032: [414243]
      039: [00]
      041: [80000001]
      042: [811234567890101]
      043: [London ]
      049: [826]
      056: [1510]

Questions:

  • BP-Sim introduction
    1. Which database is being used by BP-Sim?
    2. What does RPC stands for?
    3. Write at least four BP-Sim advantages 
    4. Write at least two BP-Sim disadvantages
    5. Describe in your words and single sentence what BP-SeeEMV module for?
  • ISO8583 introduction
    1. How would you easily recognize ISO8583-1987 message from ISO8583-1993?
    2. Having a message type of 1530, what kind of message it designates?
    3. Construct message type field for ISO8583-1987, payment advice request response
    4. Construct message type field for ISO8583-1993, network management request repeat
    5. What length has ISO8583 Primary bitmap in bits?
    6. How would you recognize that secondary bitmap is present in a ISO8583 message?
    7. What can you tell about ISO8583 data element which is described as "n 12"? 
    8. What can you tell about ISO8583 data element which is described as "VAR LLL ans .. 40"?
    9. Check your payment card and guess a format of its expiry date (ignore backslash '/')
  • Incomplete ISO8583 message
    • binary data:
      00 C9 30 31 30 30 F2 3C 04 81 20 E0 81 00 
    1. Can you guess header type used?
    2. Which ISO8583 standard would you use for parsing this message?
    3. Which message type the message is?
    4. This message is incomplete, but would you be able to tell if secondary bitmap is indicated to be present or not?
    5. How many fields are expected to follow based on bitmap data provided?

Answers:

  • BP-Sim introduction
    1. SQLite
    2. Remote procedure call
    3. High performance, multi-platform support, short development cycle, SQL database, flexible customisation, source code shared across multiple product families
    4. Not recognized as payment network certification tool yet, limited range of EMV support, cross-user configuration rewrites
    5. Emulates EMV payment terminal & issuer for contact and contactless transactions.
  • ISO8583 introduction
    1. First character of message type tells 0: ISO8583-1987 or 1: ISO8583-1993
    2. ISO8583-1993, reconciliation advice response
    3. 0210
    4. 1801
    5. 64bits
    6. Presence of a first bit in a primary bitmap tells. If "0" only the primary bitmap is present, otherwise secondary bitmap follows the primary.
    7. Numeric fixed size field having a length of 12 characters.
    8. Alphanumeric field with variable length up to 40 characters, being preempted with a three characters wide length indicator.
    9. MMYY or "n 4"
  • Incomplete ISO8583 message
    1. As the message is incomplete it can be guessed 2b length inclusive, or 2b exclusive - either is correct
    2. ISO8583-1987
    3. 0100 - Authorisation request
    4. Secondary bitmap should be present - as per byte 0xF2 (most significant bit is "1") 
    5. 17

Questions:

  • Binary operations
    1. XOR 10010001 with 11111111
    2. XOR ABCDEF with 00FF00
    3. What party would be used for 00110011 to pass its parity check?
    4. What party would be used for 10111111 to pass its parity check?
  • Characters encodings
    1. Convert binary to hexadecimal: 10110011 11010111 01101001 11000100 10110011
    2. Convert hexadecimal to ASCII: 546869732069732065617379
    3. Convert EBCDIC to ASCII: E38889A240A2A38199A3A240A396408285408995A3859985A2A38995874B
    4. Decide if data got encoded in ASCII or EBCDIC: 303132332041534349492069732065617379
    5. Decide if data got encoded in ASCII or EBCDIC: F0F1F2F340C5C2C3C4C9C34089A2408581A2A8
  • Key operations
    1. Combine 3 x 64bit keys: E316FDB594674CB6 & 26B5AB61672A5BF2 & 796E76985EEA2058
    2. Combine 2 x 128bit keys: BC084098802CBFF8E9BCC8EA2A922098 & 1A2019FDC2FBA2C8796EB57064150EF7
    3. Tell parity for a key: B1C02121564E1EE221D78D414EC00C59
    4. Force odd parity for a key: 7BE2C6479093A09DBB8BF13CC75930FD
    5. Check KCV for key: C88CE0911391A8BC0761855B83C18CE651735223EFDA0B37
    6. Is following key valid for payments operations, explain why: EE9653770081418E8796CF8E27D14DE7
  • DES operations
    1. Decrypt single DES message A02776897AF6E34E9C2FCB27BA0FF23153599CC8D381E21A with key E316FDB594674CB6
    2. Decode result out of question 1 from hexadeciaml to ASCII
    3. Decode data 1E80EA3015F38AD8 with single DES key B0C02021574E1EE3, encode with key 20D78C414EC00D59, and decode with B0C02021574E1EE3 again
    4. Decode data 1E80EA3015F38AD8 with 3DES (ECB) key B0C02021574E1EE320D78C414EC00D59
    5. Decode data 1E80EA3015F38AD8 with 3DES (ECB) key B0C02021574E1EE320D78C414EC00D59B0C02021574E1EE3
    6. Explain why are 3/ & 4/ & 5/ still giving the same result
    7. Encode data F551177C84F0AED886FCC04F8BC7B42E with 3DES (CBC) key 7BE2C6479093A09DBB8BF13CC75930FD
    8. Encode data F551177C84F0AED886FCC04F8BC7B42E with 3DES (ECB) key 7BE2C6479093A09DBB8BF13CC75930FD
    9. Compare results from previous 2 steps and elaborate on result difference as input data and key is the same

Answers:

  • Binary operations
    1. 11101101
    2. AB32EF
    3. Even
    4. Odd
  • Characters encodings
    1. B3D769C4B3
    2. This is easy
    3. This starts to be interesting.
    4. ASCII
    5. EBCDIC
  • DES operations
    1. BCCD204CADA7371C
    2. A628596542D71D3090D27D9A4E872E6F
    3. Even
    4. 7AE3C7469192A19DBA8AF13DC75831FD
    5. B6D045
    6. No, only Odd parity keys are allowed
  • DES Operations
    1. 49206C696B652063727970746F6772617068790000000000
    2. I like cryptography
    3. 0123456789ABCDEF
    4. 0123456789ABCDEF
    5. 0123456789ABCDEF
    6. 3/ 3DES is single DES on same data starting with decode, encode, decode, 4/ & 5/ are same just in 4 is key extended to 192 bits with its first half
    7. 46454443424139383736353433323130 (ASCII FEDCBA9876543210)
    8. 464544434241393866A01E5A6680EF08
    9. Cypher chaining starts in a second step, so first encryption iteration result is same

Questions:

  • Networking basics:
    1. Name today's major communication protocol
    2. Which service is the UDP protocol used for?
    3. IP address 127.0.0.0 leads where?
    4. Which service is bound to TCP network socket 80?
    5. How would you diagnose that a network device is available?
    6. What tool would you use to diagnose that a network socket is listening on a network device?
    7. Which device is safer, network switch or network hub and why?
    8. What does DMZ stands for?
    9. Explain a difference between 2B length excluded and 2B length included header
  • Payment cards
    1. When I swipe a card on POS, terminal reads chip, Track 1, or Track 2?
    2. Is HiCo cards better then LowCo and why?
    3. What is "=" value on Track 2 for?
    4. Why are ICC cards more secure then Track2 cards?
  • Payment network
    1. Name three main transaction originating types of devices
    2. Write at least 3 services provided by a payment switch
    3. Write at least 2 payment switch vendors or switch names
    4. Write at least 3 services provided by an authorisation platform
  • Payment transactions
    1. What is a "Network management" message for?
    2. How is "Balance enquiry" message related to "Payment advice" message?
    3. Is the APACS format a stream or bitmap message format?
    4. Is the AS2805 format a stream or bitmap message format?
    5. What is a purpose of a bitmap in a ISO8583 message?

Answers:

  • Networking basics
    1. TCP/IP
    2. Network device monitoring
    3. Localhost
    4. WWW
    5. Ping its IP address
    6. telnet address port
    7. Switch, because hub broadcasts all packets to all nodes
    8. Demilitarized zone
    9. Difference is if header itself counts into or not
  • Payment cards
    1. Both Track 1 & Track 2
    2. Hi-co cards are having higher coercivity, which makes them harder to accidentally rewrite
    3. It is a delimiter between PAN and expiry date
    4. You can't copy chip data because of missing CA's private encryption key
  • Payment network
    1. ATM, POS, eCommerce website
    2. Transaction routing, Security validation, Device drivers, Terminal & Merchant management, Monitoring, Event management
    3. ACI, NCR, Alaric, FIS, Lucis
    4. CMS, Authorisation, Card issuing, Balance enquiry, Account monitoring, Stand-in processing, PIN handling, Fraud detection, Whitelisting, blacklisting
  • Payment transactions
    1. Echo, Keep alive, Key exchange
    2. Payment advice usually follows the Balance enquiry message
    3. Stream
    4. Bitmap
    5. Tells presence of particular field
 

 

 

BP-Tools

BP-Tools is a set of freeware applications for EFT testing, benchmarking and transaction service development.

See more...

Download...

Download Flyer...

BP-Sim

The Babylon Payments Simulator (BP-Sim) is a family of highly efficient regression and stress testing tools, designed for deployment in development and pre-production environments. BP-Sim allows users to perform an extensive range of tests across the chain of payment services.

See more...

Download Flyer...

BP-Processing

The Babylon Payments Processing Suite(BP-Processing) is a suite of EFTlab's products for realtime payment transaction processing and authorisation.

See more...