Mastering ISO 8583 Message Networking with Golang (opens in new tab)

(alovak.com)

43 pointsalovak1y ago7 comments

7 comments

For those who don't know what ISO 8583 is: it defines message formats used in payment card transactions (credit cards, debit cards, etc); used by point-of-sale terminals, ATMs, etc

kuekacang1y ago

Also many are still using the og 1987 version

Rygian1y ago

Remember to not log any sensitive stuff though (credit card number in full, cvv, mag stripe, ongoing payment data,...) if you like your PCI audits to go smoothly.

I wonder if this code has proper masking in place for logs. The following line is not reassuring:

    slog.Info("received message", "message", fmt.Sprintf("%x", rawMessage))

alovakOP1y ago

It will dump everything for sure. Here I address this by showing how to filter data properly when displaying it: https://alovak.com/2024/08/15/mastering-iso-8583-messages-wi...

``` // to make it right, let's filter the value of CVV field when we output it filterCVV := iso8583.FilterField("8", iso8583.FilterFunc(func(in string, data field.Field) string { if len(in) == 0 { return in } return in[0:1] + strings.Repeat("*", len(in)-1) }))

// don't forget to apply default filter filters := append(iso8583.DefaultFilters(), filterCVV)

err = iso8583.Describe(requestMessage, os.Stdout, filters...) require.NoError(t, err) ```

alovakOP1y ago

Hey! While I'm motivated to write, I've decided not to stop after my first post on ISO 8583 messages (https://alovak.com/2024/08/15/mastering-iso-8583-messages-wi...) and write a second one. This time, it's about ISO 8583 networking: how to connect to a server, send and receive ISO 8583 messages, and how to create a network client for this using Golang. You can read the blog post here: https://alovak.com/2024/08/27/mastering-iso-8583-message-net....

The post describes how to create a simple version of the client, but if you're interested in the topic, you can find a production-ready, battle-tested Golang package here: https://github.com/moov-io/iso8583-connection.

And to understand how the whole e2e flow works starting from the seller and finishing with issuer authorizeing the transaction, you can check a demo project here: https://github.com/alovak/cardflow-playground

alexjplant1y ago

Never did I think I'd see somebody I know personally hit the front page of HN... hope you and the rest of the Moov crew are doing well! I got to see these libraries in action (and deal with some mutual TLS auth issues) during my time helping out with connectivity to the card networks' sandbox environments. Things were working very smoothly even 2+ years ago so "battle-tested" is probably an understatement at this point :))

alovakOP1y ago

Hey! Alex, nice to meet you here :)))

j / k navigate · click thread line to collapse

7 comments

skissane1y ago

For those who don't know what ISO 8583 is: it defines message formats used in payment card transactions (credit cards, debit cards, etc); used by point-of-sale terminals, ATMs, etc

kuekacang1y ago

Also many are still using the og 1987 version

Rygian1y ago

Remember to not log any sensitive stuff though (credit card number in full, cvv, mag stripe, ongoing payment data,...) if you like your PCI audits to go smoothly.

I wonder if this code has proper masking in place for logs. The following line is not reassuring:

    slog.Info("received message", "message", fmt.Sprintf("%x", rawMessage))

alovakOP1y ago

It will dump everything for sure. Here I address this by showing how to filter data properly when displaying it: https://alovak.com/2024/08/15/mastering-iso-8583-messages-wi...

// don't forget to apply default filter filters := append(iso8583.DefaultFilters(), filterCVV)

err = iso8583.Describe(requestMessage, os.Stdout, filters...) require.NoError(t, err) ```

alovakOP1y ago

alexjplant1y ago

alovakOP1y ago

Hey! Alex, nice to meet you here :)))

j / k navigate · click thread line to collapse