Settings

Theme

Mastering ISO 8583 Message Networking with Golang

alovak.com

43 points by alovak a year ago · 7 comments

Reader
skissane a year ago

For those who don't know what ISO 8583 is: it defines message formats used in payment card transactions (credit cards, debit cards, etc); used by point-of-sale terminals, ATMs, etc

Rygian a year ago

Remember to not log any sensitive stuff though (credit card number in full, cvv, mag stripe, ongoing payment data,...) if you like your PCI audits to go smoothly.

I wonder if this code has proper masking in place for logs. The following line is not reassuring:

    slog.Info("received message", "message", fmt.Sprintf("%x", rawMessage))
  • alovakOP a year ago

    It will dump everything for sure. Here I address this by showing how to filter data properly when displaying it: https://alovak.com/2024/08/15/mastering-iso-8583-messages-wi...

    ``` // to make it right, let's filter the value of CVV field when we output it filterCVV := iso8583.FilterField("8", iso8583.FilterFunc(func(in string, data field.Field) string { if len(in) == 0 { return in } return in[0:1] + strings.Repeat("*", len(in)-1) }))

    // don't forget to apply default filter filters := append(iso8583.DefaultFilters(), filterCVV)

    err = iso8583.Describe(requestMessage, os.Stdout, filters...) require.NoError(t, err) ```

alovakOP a year ago

Hey! While I'm motivated to write, I've decided not to stop after my first post on ISO 8583 messages (https://alovak.com/2024/08/15/mastering-iso-8583-messages-wi...) and write a second one. This time, it's about ISO 8583 networking: how to connect to a server, send and receive ISO 8583 messages, and how to create a network client for this using Golang. You can read the blog post here: https://alovak.com/2024/08/27/mastering-iso-8583-message-net....

The post describes how to create a simple version of the client, but if you're interested in the topic, you can find a production-ready, battle-tested Golang package here: https://github.com/moov-io/iso8583-connection.

And to understand how the whole e2e flow works starting from the seller and finishing with issuer authorizeing the transaction, you can check a demo project here: https://github.com/alovak/cardflow-playground

  • alexjplant a year ago

    Never did I think I'd see somebody I know personally hit the front page of HN... hope you and the rest of the Moov crew are doing well! I got to see these libraries in action (and deal with some mutual TLS auth issues) during my time helping out with connectivity to the card networks' sandbox environments. Things were working very smoothly even 2+ years ago so "battle-tested" is probably an understatement at this point :))

Keyboard Shortcuts

j
Next item
k
Previous item
o / Enter
Open selected item
?
Show this help
Esc
Close modal / clear selection