Working on an idea, just wanted to get some clarification on this question. I thought this would be a good place to start.
Does the data sent from a point of sale purchase to the issuing bank include location of merchant? For example, if some bought a product from a retail store with a Chase credit card, does Chase always know the location of the store? If not, why does it not for those instances?
And do visa/mastercard process a credit card the same way they process a debit card?
Yes. The most common message format is ISO-8583. Check out the contents of data elements 41 & 43. They identify terminal and store.
No. The ISO-8583 data elements show different fields for credit and debit. There are also different aspects to each, for example in the US you don’t (yet) use PINs with credit cards.
Yes, even down to the specific cash register within the store. Because they have to send back an approval or rejection message, and they need to know where to send it.
But it’s not an actual physical address – just an identifying number (three part: merchant, store, register), which the card processor looks up in their database to verify.
Note that this is usually summarized on your bill; it will only show the merchant name and the city where the store is located (sometimes the street name or a store number when there are more than one store within the same city). But the actual records of the card processor have all the details, down to the specific register and which clerk was working the register at that time.
This can be used in fraud investigations. The detail is used to identify which register was used and the specific time, then the fraud investigator can fast forward through the video of that register to get to that specific time, and then watch the customer & clerk through the transaction.
Thank you guys. You are very helpful.
amarone…
does the 41,43 and the price elements stay the same regardless if it debit or credit?
So, the location data in the message is just an indicator to match up on another database. So if a layman reads strictly the message, there is nothing that would divulge the location of the purchase?
Yes.
A layman would not ever see the credit request message itself. If the layman did see it, there is a good chance (but not certain) that the store in the message matches the store ID found on the customer receipt in a header or trailer line - typically a 4-digit number.
There is also a possibility that the terminal ID will match the terminal number in the header/trailer of the receipt, although this is less likely to match than the store number.
It is fairly common to see the store number on your credit card bill, but not terminal number.
The answers above are somewhat correct, although it is a little more nuanced and less standardized than they may lead you to believe. In theory and more often than not fields 41 and 43 will identify a specific terminal within a specific store, with field 43 indicating the store address. But it is up to the merchant processor (or merchant themselves, in the case of a larger chain handling this themselves) to populate these values correctly. Sometimes this is not done. Also, there is no standard way of determining the terminal ID, most companies I have worked with will just make up their own naming convention, usually including something to identify the store as well.
In addition, there are many flavors of ISO8583 implementations out there, and your transaction will likely pass through quite a few before reaching the destination card processor or issuer. I know of a few prominently used companies whose specification actually does not include a field 43 store location equivalent, meaning this information is lost at this leg. I don’t think I’ve ever seen a store purchase on my statement without at least the city and state, so I suspect in these cases the entity receiving the message without the location has the location on file for reconstruction purposes.
There was one thing mentioned that was incorrect, namely that the card processor knows which clerk instigated the transaction. I have never seen this information sent up with the transaction. This doesn’t mean that this information cannot be reversed engineered in the case of a fraud investigation, but this process would involve research on the merchant side as well - this information (and potentially accurate store location information) is not automatically available at your card processor.
As for debit versus credit the messages will largely be the same, although different enough so it is possible to tell the difference. For example, a PIN based debit transaction will likely have a different account type in field 3 than a signature based credit transaction, and of course it will have the PIN information as well.
If a branded debit card (Visa, MasterCard) is presented as a credit card, rather then used with a PIN, won’t the transaction look exactly like a credit card?
Driver8 is correct in that even though this is a “standard”, implementations all vary. And not all authorizers use ISO-8583 - there are several proprietary interfaces out there.
In some cases the terminal ID is left up to the merchant; in others the authorizer specifies it and will reject anything with an unknown ID.
To find the POS operator will indeed generally require research, although it is pretty trivial to do by the merchant (but not the processor). The merchant can easily see who was signed on where at the time of the transaction.
Typically, yes, although “exactly” may be too strong. It isn’t unheard of for specifications to include Visa specific fields, for example, which may make it look different from a Mastercard branded card. But in general the messages will look the same, and often look exactly the same. And once again with all the ISO8583 flavors messages could look slightly different at one part of the flow but not so much at another.
Driver, what is your background?
I am a software engineer for a company that provides software for payment processing. This transaction flow conversation is what I do 
I would like to speak further but I’m sure it be out of scope of this thread. Would you please PM me? If not, thank for your input.