Australia Standards 2805 (AS2805) is the standard for Electronic Funds Transfer (EFT) and Payments in Australia and New Zealand. AS2805 is also used for some implementations in South Africa and SE Asian.
AS2805 is owned by Australia Standards and was developed by various voluntary working groups within Committee IT/5. The implementation of AS2805 standards across all industries is clearly defined by the Australian Payments Clearing Association (APCA) as part of the Consumer Electronic Clearing System (CECS) and detailed in the CECS Manual.
Contrary to popular belief AS2805 is not a rename of the ISO8583 standard in the Australia Standards numbering system, as is the case with most international standards.
ISO8583 was first published in 1987, while AS2805 was published two years earlier in 1985, after a lengthy period of draft and review in Australia, New Zealand and South Africa. ISO8583 consists of three (3) parts:
- Part 1: Messages, Data Elements and Code Values
- Part 2: Application and Registration Procedures for Institution Identification Codes (IIC)
- Part 3: Maintenance Procedures for Messages, Data Elements and Code Values
All three (3) parts of ISO8583 are concentrated on only message formats between devices (EFTPOS and ATM) and an acquiring host. ISO8583 can be seen as a small subset of the AS2805 standard and there is no clear guide for uniform implementation as is the case with CECS. AS2805 on the other hand consist of at least thirty three (33) separate published parts and covers general EFT topics such as:
- Card Management & Authorisation
- Card Detail Updating
- PIN Management
- Key Management and Security
- Message Authentication
- Privacy and Data Encryption
- Communications
- Message Structure between Devices and Acquiring Host
- Message Structure between Hosts
- File Transfers
The thirty three (33) AS2805 standards published so far are the following:
| 2805.1 | Part 1: | Communications | |
| 2805.2 | Part 2: | Message Structure, format and content | |
| 2805.3.1 | Part 3.1: | PIN Management and Security – General | |
| 2805.3.2 | Part 3.2: | PIN Management and Security – Offline | |
| 2805.4.1 | Part 4.1: | Message Authentication – Mechanisms Using a Block Cipher | |
| 2805.4.2 | Part 4.2: | Message Authentication – Mechanisms Using a Hash Function | |
| 2805.5.1 | Part 5.1: | Ciphers – Data Encipherment Algorithm 1 (DEA 1) | |
| 2805.5.2 | Part 5.2: | Ciphers – Modes of Operation for an n-bit block cipher algorithm | |
| 2805.5.3 | Part 5.3: | Ciphers – Data Encipherment Algorithm 2 (DEA 2) | |
| 2805.5.4 | Part 5.4: | Ciphers – Data Encipherment Algorithm 3 (DEA 3) & related techniques | |
| 2805.6.1.1 | Part 6.1.1: | Key Management – Principles | |
| 2805.6.1.2 | Part 6.1.2: | Key Management – Symmetric Ciphers, their Key Management & Life Cycle | |
| 2805.6.1.4 | Part 6.1.4: | Key Management – Asymmetric Cryptosystems – Key Management & Life Cycle | |
| 2805.6.2 | Part 6.2: | Key Management – Transaction keys | |
| 2805.6.3 | Part 6.3: | Key Management – Session Keys – Node to Node | |
| 2805.6.4 | Part 6.4: | Key Management – Session Keys – Terminal to Acquirer | |
| 2805.6.5.1 | Part 6.5.1: | Key Management – TCU Initialisation – Principles | |
| 2805.6.5.2 | Part 6.5.2: | Key Management – TCU Initialisation – Symmetric | |
| 2805.6.5.3 | Part 6.5.3: | Key Management – TCU Initialisation – Asymmetric | |
| 2805.6.6 | Part 6.6: | Key Management – Session Keys – Node to Node with KEK Replacement | |
| 2805.9 | Part 9: | Privacy of Communications | |
| 2805.10.1 | Part 10.1: | File Transfer Integrity Validation | |
| 2805.10.2 | Part 10.2: | Secure File Transfer (Retail) | |
| 2805.11 | Part 11: | Card Parameter Table | |
| 2805.12.1 | Part 12.1: | Message Content – Structure and Format | |
| 2805.12.2 | Part 12.2: | Message Content – Codes | |
| 2805.12.3 | Part 12.3: | Message Content – Maintenance of Codes | |
| 2805.13.1 | Part 13.1: | Secure Hash Functions – General | |
| 2805.13.2 | Part 13.2: | Secure Hash Functions – MD5 | |
| 2805.13.3 | Part 13.3: | Secure Hash Functions – SHA-1 | |
| 2805.14.1 | Part 14.1: | Secure Cryptographic Devices (Retail) – Concepts, Requirements and Evaluation Methods | |
| 2805.14.2 | Part 14.2: | Secure Cryptographic Devices (Retail) – Security Compliance Checklist for Devices used in Financial Transactions | |
| 2805.16 | Part 16: | Merchant Category Codes |
The AS2805 standard also provides three (3) published Handbooks related to the AS2805 standard:
| HB 127 | EFT – Implementing Message Content Standards – Conversion Handbook | |
| HB 128 | EFT – Implementing Message Content Standards – Terminal Handbook | |
| HB 129 | EFT – Implementing Message Content Standards – Interchange Handbook |
There are a number of guideline white papers available to assist the implementation of EFT related functionality such as:
- Card Management & Production
- EFTPOS/POS Software Management
- EFTPOS and POS Product Management
- Software and Configuration File Downloading
- Retail Electronic Data Exchange (EDT) that covers price downloads, ordering and statistics
- Retail Automation
- Terminal Management
- Merchant Management
- Cashier Management
- Fraud Monitoring and Management
Cryptography & Payments 
Wonderful website. Plenty of useful info here. I’m sending it to a few friends ans additionally sharing in delicious.
And obviously, thank you on your sweat!
Highly descriptive article, I liked that a lot. Will
there be a part 2?
Are the AS 2805 standards available anywhere for personal use, without having to shell out $200-$300 to SAI Global?