04 — ISO-8583 Proxy

A single proxy between your channels and the switch — encrypts, tokenizes and balances along the way.

Transactional proxy that normalizes messaging between your channels (native TCP ISO-8583, JSON or SOAP) and your switch or banking core in ISO-8583. In the same hop it runs cryptographic transformations via HSM and spreads load across multiple backends, with a persistent queue and circuit breakers.

Request a diagnostic

IMPACT IN PRODUCTION

3 in → 1 out

TCP ISO-8583 · JSON · SOAP → ISO-8583

Added latency (p95)+8 ms

Throughput per node4,500 tps

Inbound → outbound protocols3 → 1

Solution pillars

Four fronts,
a single defense.

Each pillar can be contracted independently, but it reaches its full potential when they work together on the same control plane.

Multi-protocol ingress

Accepts ISO-8583 over native TCP, JSON or SOAP. Always delivers ISO-8583 to the transactional switch or banking core. No client rewrite, no backend changes.

Encrypt and tokenize on the fly

Per-field encryption, decryption, tokenization and detokenization via HSM. PAN, PIN block and track2 protected before crossing the backend boundary.

Queues and balancing

Message queue with back-pressure and persistence. Round-robin or least-busy balancing across HSMs and backends, with automatic per-destination circuit breakers.

High availability

Active-active multi-node deployments. Per-message retries and in-flight persistence during failover — no transaction is lost.

Architecture

One proxy,
three ingress protocols.

Channels speak their native protocol. The proxy converts, transforms and routes. The switch and the core always receive ISO-8583, no matter where the transaction came from.

· Logical flow

01 · Ingress channels

multi-protocol

POS · ATM · external switch

native TCP ISO-8583

Digital banking · APIs

JSON / REST

Legacy systems

SOAP / WS

ingress · 3 protocols

02 · ISO-8583 Proxy

Ziglabit

Adapter

parsing · normalization

Transform

HSM · encrypt · tokenize

Queue

back-pressure · persist

Balancer

round-robin · least-busy

native TCP · Thales

03a · HSM Pool

Thales

payShield 10K

primary

payShield 10K

secondary

ISO-8583 · TCP

03b · Switch / Core

destination

Transactional switch

authorizer

Banking core

settlement

Per-field transformations

Every sensitive bit
passes through the HSM.

Configurable per flow: which fields are tokenized, which are symmetrically encrypted, which are translated between zones. Policy travels with the message, not with backend code.

Field

Operation

Direction

DE 2

PAN

Tokenization · Detokenization

→ in → vault

DE 35

Track 2

AES-256 encryption

→ in → backend

DE 45

Track 1

AES-256 encryption

→ in → backend

DE 52

PIN block

Translation ZPK → BDK/DUKPT

→ translate

DE 55

EMV data (ARQC)

Cryptogram validation

→ in → issuer

DE 64

MAC

Verification / generation

→ both

DE 128

Extended MAC

Verification / generation

→ both

ISO 8583 1987 / 1993 / 2003. Other custom bitmaps are configured per counterparty.

Balancing and resilience

Three strategies.
Configurable per pool.

No single strategy fits every pool. The proxy lets you mix — least-busy on HSMs, sticky on the core — without restarting.

Weighted round-robin

Even distribution across HSMs or backends, weighted by declared capacity. Useful when the fleet is homogeneous.

HSM poolbackend pool

Least-busy

Each message goes to the node with the shortest queue. Recommended when per-operation cryptographic times are heterogeneous.

HSM pool

Sticky by counterparty

Messages from the same session or issuer always land on the same node. Preserves cache affinity and sequence.

backend pool

· Queues and resilience · primitives

Persistent queue

In-flight messages written to disk before client ack. No message is lost during failover.

Back-pressure

The proxy throttles ingress when the backend or HSM queue exceeds the configured threshold.

Circuit breaker

A destination with N consecutive failures is automatically isolated. It re-enters when it answers a health probe.

Idempotent retries

Re-sends messages flagged as safe (echo test, repeat) until policy is exhausted — without duplicating authorizations.

Compliance

Auditable out of the box.

Each control has persistent, exportable, cryptographically signed digital evidence.

PCI-DSS

PCI HSM

PCI PIN

ISO 8583:1987/93/2003

FIPS 140-2 L3

Integrations

Connect with what you already have.

Certified connectors for the most widely used core systems and observability platforms across LATAM.

Prosa

E-Global

Visa BASE I/II

Mastercard MIP

AmEx

JCB

Tibco EMS

Kafka

IBM MQ

+8 ms

Added latency (p95)

4,500 tps

Throughput per node

3 → 1

Inbound → outbound protocols

active-active

Default topology

Next solution →

Custom secure development

Explore

Ready to defend?

Let’s talk architecture, not slides.

Book 30 min