Read the 4-digit ISO 8583 Message Type Indicator (MTI): 0100 is an authorization request, 0110 is the response
Parse the Primary Bitmap (8 bytes) and optional Secondary Bitmap to determine which of the up to 128 data elements are present in the message
Extract key fields: DE2 (Primary Account Number / PAN), DE3 (Processing Code), DE4 (Transaction Amount), DE7 (Transmission Date/Time), DE11 (System Trace Audit Number / STAN), DE22 (Point of Service Entry Mode), and DE49 (Currency Code)
Apply authorization logic and construct the 0110 response with DE38 (Authorization Identification Response / approval code) and DE39 (Response Code): 00 for approval, 05 for do not honor, 51 for insufficient funds
Echo back all mandatory request fields in the response, including DE11 (STAN) and DE37 (Retrieval Reference Number), so the acquirer can match request to response
Validate field lengths using the ISO 8583 field type definitions: LLVAR (2-digit length prefix), LLLVAR (3-digit), and fixed-length fields must match exactly
Known gotchas
Bitmap bits are 1-indexed from the left (bit 1 = DE1 = Secondary Bitmap flag); a common mistake is treating the bitmap as 0-indexed
The STAN (DE11) must be echoed exactly in the response — mismatches cause the acquirer to treat the response as unmatched and may result in a timeout reversal
ISO 8583 has multiple versions (1987, 1993, 2003) and many proprietary extensions; always confirm which version and field mapping your network or processor uses
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp