Receiving Smart Data Files Directly from MasterCard International

Receiving Smart Data Files Directly From MasterCard International

Revision #: 2.2

DRAFT\\stl-a102\Sd1997.2\SDTranslate\Requirements\Translation Requirements.doc

Page 110/15/2018 10:25 AM

Receiving Smart Data Files Directly from MasterCard International

A.Description......

B.High Level Overview......

C.Requirements......

1)FTP Server/SSH Server......

2)Pretty Good Privacy (PGP)/ Secure Copy......

3)Changing Userid/Passwords......

4)Submission of Smart Data Data to MasterCard......

D.Files Shipped to User......

1)Naming of Files......

2)File Formats......

E.Summary

A.Description

MasterCard International offers the dissemination of Smart Data Corporate Purchasing and Travel & Expense Data via FTP Push,Secure Copy (part of SSH software Suite), HTTPS, or MFE. This document outlines the steps required to receive a production feed.

B.High Level Overview

Smart Data Files will be generated at MasterCard International. The default layout is the CDF (Common Data Format), although other formatsare available (check the online setup form) and custom formats can be coded and shipped by MasterCard. A request for a custom format should be made through your card Issuer/MasterCard representative.

Pretty Good Privacy (PGP) encryption software is a requirement for data encryption for all distribution methods except MFE. PGP encryption software utilizes the public/private key model. A file will be encrypted using a public key given to MasterCard International by the end user. The file will be shipped to the end user's system where it will be decrypted using the same key with which the file was encrypted.

C.Requirements

At a high level, the following must be present for a user to receive Smart Data Files directly from MasterCard International.

  • FTP or SSH (Secure Copy) Server
  • Pretty Good Privacy (PGP) encryption software compatible with version 5.0
  • Ability to change usernames/passwords at specified intervals
  • Active submission of Smart Data data to MasterCard’s Provider Data Repository

1)FTP Server/SSH Server

The client's FTP/SSH server must be configured to grant access to MasterCard International. (It is strongly recommended that the end user restrict access to their FTP/SSH server to MasterCard International’s domain range: 12.22.155.224 to 12.22.155.254.)

In addition, the following information must be provided to MasterCard International:

a)IP Address and server name. MasterCard International must be notified at least a month in advance if the IP address, or server name, is going to change.

b)Username/Password to login to server - Per MasterCard International security standards, the password will need to be changed every 30 to 90 days. For more information, as well as exceptions to this policy, please see the section on Changing Usernames/Passwords.

c)Directory where CDF files will be shipped.

2)Pretty Good Privacy (PGP)/ Secure Copy

Because the files being shipped contain sensitive information about customers' transactions, a strong encryption package is required on both ends of the Internet file transfer. MasterCard International supports PGP for this security purpose. Smart Data files will be encrypted at MasterCard International before they are shipped to the customer. (Please note that MasterCard reserves the right to change the encryption software as newer technology becomes available).

a)End user’s PGP version must be compatible with PGP version 5.0 on UNIX, OR

b)End user must create a public key:

(1)with the never expire option. (Note: A user can change their key, upon request.)

(2)using the DSS/Diffie-Hellman option.

3)Changing Userid/Passwords

MasterCard International’s security standards require that the FTP/SSH server’s username/password change at certain intervals. The password should be changed between thirty and ninety days. MasterCard International will require the user send a semi-colon (;) delimited file containing at least twelve userid/password changes. The file must be in the following format:

username;password;effective date

Where:

  • Username - Username MasterCard will use to login to the FTP/SSH server
  • Password - Password MasterCard will use to login to the FTP/SSH server
  • Effective Date - Date the username/password will be effective. In format: CCYYMMDD (Example: 19990103 ).

For example:

bls3555;mypass;19990203

Important Note:

  • For some customers, the logistics of having to change passwords on a regular basis, has presented a significant challenge to a smooth implementation of the delivery of files.
  • The requirements for monthly password changes should be regarded as a recommendation from MasterCard’s Information Security department. We understand that Customer sites have their own unique security rules and constraints.
  • MasterCard is willing to be flexible and deviate from this policy at the customer’s written request, and with the permission of their Issuer.

4)Submission of Smart Data Data to MasterCard

Before the FTP Push process can begin, a user's Smart Data data must be present in MasterCard's system. Contact the card Issuer to verify data is being actively submitted to MasterCard.

D.Files Shipped to User

1)Naming of Files

The usual naming convention of the pushed files is as follows:

<USERID>_CCYYMMDD_hhmmssXX_ <sequence number>.cdf.pgp

where:

<USERID> is the user ID used in creating the PGP/Secure Copy Key

CC - Century

YY - Year

MM - Month

DD - Day

hh - Hour

mm - minute

ss - second

<sequence number> – Sequential number assigned to files in format 000001. This will allow the user to process the files in the correct order.

For example:

RSB9999A_20010128_163758SB_000001.cdf.pgp …. RSB9999A_20010129_143251SB_000002.cdf.pgp ….

Note: Files are shipped on an "on receipt" basis meaning that customer data is processed at MasterCard as soon as it is received from an upstream system. Therefore, it is possible to have multiple files shipped on a given day or it is possible not to have any files shipped on a given day depending on how the customer data was sent to MasterCard.

2)File Formats

Multiple formats are available in which to ship customer data. Please consult with your card Issuer and/or MasterCard as to which file format will be transmitted to you.

E.Summary

The following steps should be taken to become a user of the Smart Data File Delivery file distribution method:

1)Ensure that an FTP/SSH server is available at your site.

2)Ensure that your security software version is compatible with the requirements outlined above.

3)Verify that your Smart Data is already being sent to MasterCard by contacting your card Issuer.

4)Send an email to MasterCard () and to your card Issuer stating your wish to receive Smart Data files via FTP Push to start the enrollment process.

5)Complete the Smart Data File Delivery Sign-Up Form in its entirety.

6)Create a PGP/Secure Copy Public Key.

7)Create a password file (see the template below).

8)Mail (or send via email to ) an electronic version of the public key, and the password file to:

MasterCard International

Attn: Kerry Walker (FTP)

2200 MasterCard Boulevard

O’Fallon, MO 63366-7263

USA

9)Please feel free to email questions regarding this process to .

Password File
User Name / Password / Effective Date (CCYYMMDD)

MasterCard International’s security standards require that the FTP/SSH server’s username/password change at certain intervals. The password should be changed between thirty and ninety days. MasterCard International will require the user send a semi-colon (;) delimited file containing at least twelve userid/password changes. The file must be in the following format:

username;password;effective date

Where:

  • Username - Username assigned by your FTP server’s administrator thatMasterCard will use to login to the FTP/SSH server
  • Password - Password assigned by your FTP server’s administrator that MasterCard will use to login to the FTP/SSH server
  • Effective Date –Beginning Date the username/password will be effective. In format: CCYYMMDD (Example: 19990103 ).

For example:

bls3555;mypass;19990203

Important Note:

  • For some customers, the logistics of having to change passwords on a regular basis, has presented a significant challenge to a smooth implementation of the delivery of files.
  • The requirements for monthly password changes should be regarded as a recommendation from MasterCard’s Information Security department. We understand that Customer sites have their own unique security rules and constraints.
  • MasterCard is willing to be flexible and deviate from this policy at the customer’s written request, and with the permission of their Issuer.

MasterCard InternationalPage: 1