Annex 1: Bank Link technical specifications - LHV Pank

1/2Annex 1:Bank Link technical specificationsValid from1 January 20141. GENERAL1.1 A Bank Link query means an HTTP POST query with specifiedparameters. Each query contains the service number. A list of parametersand a query processing algorithm has been assigned to each service.Queries from the Merchant to the Bank are directed to the URLhttps://www.lhv.ee/banklink.2. PAYMENT QUERIES2.1 Query 1001.The Merchant sends the Customer’s Transaction request to the Bank. Uponsuccessful payment, the response query “1101” will be sent to the Merchant.The response query “1901” will be sent in case of payment failure.10 VK_REC_NAME 100 Name of payee11 VK_SND_ACC 34 Payer’s account number12 VK_SND_NAME 100 Name of payer13 VK_REF 20 Payment order reference number14 VK_MSG 210 Payment details15 VK_T_DATE 10 Date of payment (DD.MM.YYYY)- VK_MAC 700 Verification code, i.e. signature- VK_LANG 3 Desired language ofcommunication- VK_CHARSET 12 ISO-8859-1 (default), UTF-8 orWINDOWS-1257- VK_AUTO Y = automatic reply by the BankNO FIELD DIGITS DESCRIPTION1 VK_SERVICE 4 Service number (1001)2 VK_VERSION 3 Crypto algorithm used (008)3 VK_SND_ID 15 Query submitter’s ID (Merchant’sID)4 VK_STAMP 20 Query ID5 VK_AMOUNT 17 Payment amount. Decimals andcents separated with a dot ".". Nothousands separator.6 VK_CURR 3 Currency code (EUR)7 VK_ACC 34 Payee’s account number8 VK_NAME 70 Name of payee9 VK_REF 20 Payment order reference number10 VK_MSG 210 Payment details- VK_MAC 700 Verification code, i.e. signature- VK_RETURN 60 URL for transaction response query- VK_LANG 3 Desired language of communication- VK_CHARSET 12 ISO-8859-1 (default), UTF-8 orWINDOWS-12572.2 Query 1002The Merchant sends the Customer’s Transaction request to the Bank. Thepayee’s name and account number are taken from the Bank Link Agreement.NO FIELD DIGITS DESCRIPTION1 VK_SERVICE 4 Service number (1002)2 VK_VERSION 3 Crypto algorithm used (008)3 VK_SND_ID 15 Query submitter’s ID (Merchant’sID)4 VK_STAMP 20 Query ID5 VK_AMOUNT 17 Payment amount. Decimals andcents separated with a dot ".". Nothousands separator.6 VK_CURR 3 Currency code (EUR)7 VK_REF 20 Payment order reference number8 VK_MSG 210 Payment details- VK_MAC 700 Verification code, i.e. signature- VK_RETURN 200 URL for transaction responsequery- VK_LANG 3 Desired language ofcommunication- VK_CHARSET 12 ISO-8859-1 (default), UTF-8 orWINDOWS-12572.3 Response query 1101Used for notification of a successful domestic paymentNO FIELD DIGITS DESCRIPTION1 VK_SERVICE 4 Service number (1101)2 VK_VERSION 3 Crypto algorithm used (008)3 VK_SND_ID 15 Query submitter’s ID (Bank’s ID)4 VK_REC_ID 15 Query recipient’s ID (Merchant’sID)5 VK_STAMP 20 Query ID6 VK_T_NO 20 Payment order number7 VK_AMOUNT 17 Amount paid8 VK_CURR 3 Currency code (EUR)9 VK_REC_ACC 34 Payee’s account number2.4 Response query 1901Used for notification of an unsuccessful transactionNO FIELD DIGITS DESCRIPTION1 VK_SERVICE 4 Service number (1901)2 VK_VERSION 3 Crypto algorithm used (008)3 VK_SND_ID 15 Query submitter’s ID (Bank’s ID)4 VK_REC_ID 15 Query recipient’s ID (Merchant’sID)5 VK_STAMP 20 Query ID6 VK_REF 20 Payment order reference number7 VK_MSG 255 Payment details- VK_MAC 700 Verification code, i.e. signature- VK_LANG 3 Desired language ofcommunication- VK_AUTO Y = automatic reply by the Bank3. AUTHENTICATION QUERIES3.1 Query 4001A query submitted by the Merchant for identification of the Internet Bank user.The portal creator must bear in mind that the Bank checks theVK_DATE/VK_TIME fields against the server time. In case of significantdifferences between the Bank’s time and the portal’s server time, all entrieswill be cancelled. The Bank’s server time has been synchronised with thentp.estpak.ee server.NO FIELD DIGITS DESCRIPTION1 VK_SERVICE 4 Service number (4001)2 VK_VERSION 3 Crypto algorithm used (008)3 VK_SND_ID 15 Query submitter’s ID (Merchant’sID)4 VK_REPLY 4 Expected response package code(3001,3002)5 VK_RETURN 200 URL for transaction responsequery6 VK_DATE 10 Date of package generation(DD.MM.YYYY)7 VK_TIME 8 Time of package generation(HH24:MM:SS)- VK_CHARSET 12 ISO-8859-1 (default), UTF-8 orWINDOWS-1257- VK_MAC 700 Verification code, i.e. signature3.2 Response query 3001The user’s ID and the date and time of package generation are submitted tothe Merchant. For security reasons, the Merchant must check the time of thepackage submission (VK_DATE and VK_TIME).NO FIELD DIGITS DESCRIPTION1 VK_SERVICE 4 Service number (3001)2 VK_VERSION 3 Crypto algorithm used (008)3 VK_USER 16 N/A4 VK_DATE 10 Date of package generation(DD.MM.YYYY)5 VK_TIME 8 Time of package generation(HH24:MM:SS)6 VK_SND_ID 15 Query submitter’s ID (Bank’s ID)- VK_CHARSET 12 ISO-8859-1 (default), UTF-8 orWINDOWS-1257AS LHV PANKTARTU MNT 2, 10145 TALLINN 6 800 400 INFO@LHV.EE

2/2- VK_MAC 700 Verification code, i.e. signature3.3 Response query 3002The user’s ID and the date and time of package generation are submitted tothe Merchant. The VK_INFO field contains the name/value pairs, separatedwith semicolons: "NAME:value" (e.g. "PERSON:37508166516;NAME:JAANSAAR"). For security reasons, the Merchant must check the time of thepackage submission (VK_DATE and VK_TIME).NO FIELD DIGITS DESCRIPTION1 VK_SERVICE 4 Service number (3002)2 VK_VERSION 3 Crypto algorithm used (008)3 VK_USER 16 N/A4 VK_DATE 10 Date of package generation(DD.MM.YYYY)5 VK_TIME 8 Time of package generation(HH24:MM:SS)6 VK_SND_ID 15 Query submitter’s ID (Bank’s ID)7 VK_INFO 300 Field containing user’s personaldata- VK_CHARSET 12 ISO-8859-1 (default), UTF-8 orWINDOWS-1257- VK_MAC 700 Verification code, i.e. signature3.4 Authentication query 4002The package submitted by Merchant for the user’s identification, with randomnonss.NO FIELD DIGITS DESCRIPTION1 VK_SERVICE 4 Service number (4002)2 VK_VERSION 3 Crypto algorithm used (008)3 VK_SND_ID 15 Query submitter’s ID (Merchant’sID)4 VK_REC_ID 15 Query submitter’s ID (Bank’s ID)5 VK_NONCE 50 Random nonss generated byquery submitter6 VK_RETURN 60 URL for transaction responsequery- VK_CHARSET 12 ISO-8859-1 (default), UTF-8 orWINDOWS-1257- VK_MAC 700 Verification code, i.e. signature4. PUBLIC KEYS4.1 LHV accepts certificate queries or self-signed certificates. Public keys areexchanged upon conclusion of the agreement. We apply X.509-compliant.PEM-format keys/certificates – i.e. the content is in BASE64 encoding and fitbetween ––BEGIN… –– and ––END… –– tags. The private key generated bythe Customer must be at least 1,024 bits.4.2 The keys can be generated via the openssl utility. We recommendadhering to the following:(i)(ii)(iii)Signature algorithm - sha1RSAPublic key – RSA (1024 Bits)Validity: not more than 10 years5. FINDING THE VERIFICATION CODE VK_MAC5.1 VK_MAC, the electronic signature used in the queries, is calculated basedon a previously agreed algorithm. The algorithm version is determined by thequery parameter VK_VERSION. Only version 008 is currently applied. Thesignature VK_MAC is sent in BASE64 encoding, VK_MAC(MAC008) iscalculated by using the public key algorithm and the secure hashing algorithmSHA-1. MAC008(x1,x2,…,xn) := RSA( SHA-1(p(x1)|| x1|| p(x2)|| x2 || … ||p(xn )||xn), d, n)(i)(ii)(iii)(iv)(v)x1, x2, …, xn are the query parametersp is a function of the length of the parameter in bytes. The length is formattedto a three-digit string. Thus, length 1 ' "001". Empty fields have a length of"000".d is the RSA secret exponentn on RSA modulus|| - adding-up of stringsAS LHV PANKTARTU MNT 2, 10145 TALLINN 6 800 400 INFO@LHV.EE