Field 64: MAC

Format: b32

Description: The MAC is derived by creating a composite (a linear concatenation) of the following fields (see below) and encrypting it with the MAC key provided by Elavon.

  • PAN (Field 2)
  • Processing Code (Field 3)
  • Amount (Field 4)
  • System trace audit (Field 11)
  • Expiry Date (Field 14)
  • Reason Code (Field 25)
  • Acquirer ID (Field 32)
  • Authorisation Code (Field 38)
  • Response Code (Field 39)
  • If a field is not present in a particular message, it is omitted from the composite.
  • Varying length fields 2 and 32 must be prepended with their 2-byte lengths. Furthermore, if the length is an odd number, the data portion must be prepended with a zero (note that the length value should not be increased). For example, an 11-digit Acquirer ID of ‘01008600009’ would be added to the composite as ‘11001008600009’.
  • As the authorisation code (Field 38) may contain alpha characters, it should be represented in ASCII encoding. For example, an authorisation code of ‘XYZ123’ would be added to the composite as ‘58595A313233’. A code of ‘19’ would be added as ‘313920202020’.
  • The 3-digit response code (Field 39) should be prepended with a zero such that 4 digits are added to the composite.
  • The composite, once created, should be right-padded with zeros (if necessary) such that the overall composite length is divisible by 8.
  • The encryption method used is a single DES calculation. Using a Thales / Racal HSM, MAC generation is performed within the Elavon host system using the ‘M6’ command. MAC validation is performed using the ‘M8’ command.
  • Key management will be performed manually. A three-part transport key will be created by Elavon and then sent in the clear (but in an appropriately secure manner) to the third party integrator. Elavon will then send a MAC key (encrypted under the transport key) to the third party integrator.