d-bis/as4-411
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
as4-411/docs/protocols/cards.md
defiQUG c24ae925cf
Some checks failed
CI / lint (push) Has been cancelled
Details
CI / build (push) Has been cancelled
Details
Initial commit: AS4/411 directory and discovery service for Sankofa Marketplace 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-08 08:44:20 -08:00

40 lines
1.9 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Card Networks (Visa, Mastercard, Amex, Discover, Diners)
## Scope
Card rails are **private routing artifacts** (BIN tables, acquirer routing). There is **no public "discover Visa endpoint"** behavior. Ingestion is from internal systems only; strong encryption and access controls apply. The directory stores routing tables and returns directives to an ISO8583/API switch. Never store PAN; BIN ranges only. Merchant ID (MID), Terminal ID (TID), and contract identifiers are **Tier 2** (confidential)—encrypt at rest and restrict access. See [data-classification](../security/data-classification.md).
## Identifier Taxonomy
- **pan.bin** — BIN/IIN range (68 digits only); never full PAN.
- **mid**, **tid**, **caid** — Merchant/terminal/card-acceptor IDs (tenant-scoped).
- **processorId** / **acquirerId** — Tenant/contract scoped.
- **network.brand** — Constraint: visa, mastercard, amex, discover, diners.
Do not store PAN or token values in plaintext.
## Endpoints
- **iso8583.tcp** — Host:port, mTLS/VPN.
- **api.https** — Base URL + auth.
- **file.sftp** — Clearing files.
- **mq** — Internal switch.
Profile indicates channel (e.g. visa-base1, mc-mip).
## BIN-Table Model
- Artifact type: **bin_table**. Payload: versioned entries with binPrefix, binLength, brand, region, routingTarget, optional tenantId.
- Resolver matches request BIN to longest-matching prefix and returns directive with target_address = routingTarget. Per-tenant overrides supported.
## Directive Outputs
- ISO8583: target_protocol iso8583, target_address host:port.
- API: target_protocol api/https, target_address base URL.
Capabilities: auth.request/response, clearing.presentment, chargeback, reversal, advice, tokenization, 3ds.
## Security
- Store BIN ranges only; no PAN/token. Field-level encryption for merchant/terminal IDs. Strict RBAC and audit for card-related records. See security/key-reference-model.md.
Reference in New Issue View Git Blame Copy Permalink