ATM networks process card transactions across millions of terminals through authorization switches. The design must be highly available, idempotent, and sub-second responsive to meet the expectations of cardholders and the contractual SLAs of card networks.
ISO 8583 Message Protocol
ATMs communicate with the switch using the ISO 8583 financial message format. A message consists of the MTI (message type indicator), a bitmap indicating which data elements are present, and the data elements themselves: card number, processing code, amount, transmission datetime, STAN (system trace audit number), terminal ID, merchant ID, and PIN block. MTI 0200 is an authorization request, 0210 is the authorization response, and 0420 is a reversal request.
Authorization Switch Flow
The card is inserted and the ATM encrypts the PIN using its HSM (hardware security module), then sends a 0200 authorization request to the acquirer switch. The acquirer routes the request to the card network (Visa or Mastercard) based on the BIN, which is the first 6 digits of the card number. The card network routes the request to the issuer switch. The issuer validates the card, checks the available balance, and applies fraud rules. A 0210 response is returned with a response code: 00 means approved, 51 means insufficient funds, and 05 means do not honor. The ATM dispenses cash or displays an error based on the response code.
PIN Verification
The customer enters their PIN, which the ATM HSM encrypts into a PIN block following ISO 9564 format. The encrypted PIN block is included in the authorization request. The issuer decrypts the PIN block using their own HSM and compares the result with the stored PIN offset. The raw PIN is never transmitted in plaintext. Each incorrect PIN attempt increments a PIN_try_counter on the card record. After 3 wrong attempts the card is blocked and further transactions are declined.
Idempotency and Reversals
Each transaction is uniquely identified by the combination of STAN, terminal_id, and date. The switch deduplicates on this composite key and returns the cached response if a duplicate request is detected. If the ATM does not receive a response within the timeout of 8 seconds, it sends a 0420 reversal message to undo the authorization. Reversals are processed idempotently so that duplicate reversal messages do not double-reverse a transaction.
Account Debit Flow
On approval, the issuer creates two ledger entries: a debit to the customer account and a credit to a suspense account. Cash is then dispensed by the ATM. At end of day, settlement nets all transactions between the acquirer and issuer banks. Settlement failures trigger the chargeback process, in which the issuer disputes the transaction and the acquirer must investigate and resolve the discrepancy.
High Availability
The switch must be active-active with no single point of failure. Geographic redundancy is maintained across two data centers with synchronous replication for transaction state. Each ATM is configured with a failover list and switches to the secondary switch if the primary is unreachable. The target availability is 99.999%, which corresponds to no more than 5.26 minutes of downtime per year.
Frequently Asked Questions: ATM Network and Banking Switch
What are ISO 8583 MTI message types and how are they used in ATM transactions?
ISO 8583 MTI is a 4-digit code identifying the message class, function, and origin. Key values: 0200 = acquirer financial request (withdrawal), 0210 = its response, 0400 = reversal request, 0800 = network sign-on. The second digit denotes class (1=Authorization, 2=Financial, 4=Reversal, 8=Network Mgmt), the third the function (0=Request, 1=Response, 2=Advice), and the fourth the originator. ATMs send 0200 to the banking switch, which routes to the issuer; the issuer returns 0210 with a response code (00=approved, 51=insufficient funds).
How does STAN-based idempotency and reversal work in a banking switch?
The STAN (ISO 8583 field 11) is a 6-digit sequence number per terminal per business day. The switch stores STAN+terminal+date as a composite idempotency key. Duplicate 0200 messages return the cached 0210 without re-authorizing. For reversals, a 0400 message carries the original STAN in field 56; the switch matches it to the original authorization, credits the account, and returns a 0410. The date component handles STAN rollover at 999999.
How does PIN block encryption with an HSM protect cardholder PINs at an ATM?
The ATM’s encrypting PIN pad encrypts the PIN into a PIN block (e.g., ISO Format 0/3/4) using a Triple DES or AES PIN Encryption Key. The block XORs the PIN with the PAN to prevent replay. An HSM at the acquirer or switch decrypts and re-encrypts under the zone master key before forwarding to the issuer. PINs never appear in plaintext outside the HSM. Key management uses ANSI X9.24 DUKPT: each transaction derives a unique key so a compromised transaction key reveals nothing about others.
How does BIN-based routing direct a card transaction to the correct card network?
The BIN (first 6u20138 digits of the PAN, ISO 8583 field 2) is matched against a BIN table u2014 a range-to-network/issuer lookup stored as a trie or sorted interval table for O(log N) lookup. The result identifies the card network (Visa, Mastercard, Amex, Discover) and the issuer’s endpoint. The switch forwards the 0200 message over the corresponding network connection. BIN tables are updated from registry files published by the card networks and cached in memory with periodic refreshes.
How is an ATM network designed for active-active high availability?
Multiple switch instances run simultaneously, each able to process any transaction. ATMs maintain dual connections (primary + secondary switch). A shared transaction log (synchronous replication via Oracle RAC, CockroachDB, or Paxos) keeps STAN deduplication state consistent across instances. ISO 8583 0800/0810 echo messages serve as application-level heartbeats. On primary-link failure the ATM re-routes to the secondary within seconds. Switch nodes are deployed across separate availability zones so a site outage does not affect the full network.
See also: Stripe Interview Guide 2026: Process, Bug Bash Round, and Payment Systems
See also: Coinbase Interview Guide
See also: Scale AI Interview Guide 2026: Data Infrastructure, RLHF Pipelines, and ML Engineering