Field 64 (MAC) is derived by creating a composite (a simple linear concatenation) of the following fields:
- Field 2 (PAN)
- Field 3 (Processing Code)
- Field 4 (Transaction Amount)
- Field 11 (System Trace Audit Number (STAN))
- Field 14 (Expiry Date)
- Field 25 (Reason Code)
- Field 32 (Acquirer Institution ID Code)
- Field 38 (Approval Code)
- Field 39 (Response Code)
The resulting value is encrypted it with a MAC key. If a field is not present in a particular message, it is omitted from the composite.
The encryption method used is a single DES calculation. Using a Thales/Racal HSM, the encryption/MAC generation is performed within the Elavon host system using HSM command "M6" and the decryption/MAC validation is performed using the HSM command "M8".
Key management will be performed manually. A three-part transport key will be created by Elavon and then sent in the clear (but in an appropriately secure manner) to the third party integrator. Elavon will then send a MAC key (encrypted under the transport key) to the third party integrator.