NEXO IMPLEMENTATION SPECIFICATION

NEXO IMPLEMENTATION SPECIFICATION

nexo implementation specifications serve as the guidelines on how a payment acceptance solution should be interacting with an Acquirer Host or a Terminal Management Host using nexo FAST specifications and nexo protocols.
OVERVIEW

Deliverables (published specifications) for each standard included in the nexo implementation scope include:

  • POI Payment Application Specifications
  • Specifications on how to manage security
  • Integration/usage of the ISO 20022 Card Payment Exchange Protocols
  • Implementation specifications
  • Test Plans for the POI Payment Application and the Acquirer Host incoming interface
HOW DOES IT WORK?

THE SCOPE

It describes, within the framework of a nexo implementation project, the following:

  • The functions of the HAP application with detailed description of the messages and data elements when the nexo FAST application has to interact with the nexo Acquirer protocol;
  • An interface application for the terminal management system TMAP with detailed description of the messages and data elements used for configuration and maintenance purposes when the nexo FAST application has to interact with the nexo TMS protocol;
  • The interaction between the sale system and the dedicated interface (SCAP) using the nexo Retailer protocol when it has to interact with the payment point of interaction (POI).
IMPLEMENTATION

A VENDOR IMPLEMENTATION

A Vendor implementing a nexo FAST POI terminal has to support:

  • A nexo FAST Application, Version 3.1 and up;
  • An interface to the Host Acquirer Protocol responsible for handling the nexo Acquirer protocol;
  • An interface to the Terminal Manager responsible for handling the nexo TMS protocol;
  • Connections to at least one Acquirer host in the operational environment. However the POI shall support a multi acquirer environment;
  • Connection to one TMS host for at least the purpose of parameters download;
  • Cryptographic mechanisms described in nexo specifications.
  • Optionally, an interface to the sales system responsible for handling the nexo Retailer protocol;

AN ACQUIRER IMPLEMENTATION

  • An acquirer implementing the nexo Acquirer protocol has to support:
  • The nexo Acquirer protocol;
  • The cryptographic mechanisms described in nexo specifications;
  • The nexo TMS protocol if the acquirer is also the Terminal Manager as well.

A TERMINAL MANAGER IMPLEMENTATION

  • A Terminal Manager implementing the nexo TMS protocol has to support:
  • The TMS protocol;
  • The cryptographic mechanisms described in nexo specifications.

CRYPTOGRAPHIC MECANISMS & KEY MANAGEMENT

  • Cryptographic mechanisms & key management
  • DUKPT as key derivation mechanism for PIN Encryption, Card Data Encryption and MAC protection;
  • The Triple-DES algorithm for PIN and Card Data Encryption;
  • Retail-CBC-MAC with SHA-256 for Message Authentication Code (MAC);
  • Key download via TMS protocol is optional. Key download, requires asymmetric cryptography if implemented. If the TMS protocol is not used for key download, then keys are loaded locally in the POI or by other means.

nexo Implementation Specifications