For those who don't know what ISO 8583 is: it defines message formats used in payment card transactions (credit cards, debit cards, etc); used by point-of-sale terminals, ATMs, etc
Remember to not log any sensitive stuff though (credit card number in full, cvv, mag stripe, ongoing payment data,...) if you like your PCI audits to go smoothly.
I wonder if this code has proper masking in place for logs. The following line is not reassuring:
```
// to make it right, let's filter the value of CVV field when we output it
filterCVV := iso8583.FilterField("8", iso8583.FilterFunc(func(in string, data field.Field) string {
if len(in) == 0 {
return in
}
return in[0:1] + strings.Repeat("*", len(in)-1)
}))
The post describes how to create a simple version of the client, but if you're interested in the topic, you can find a production-ready, battle-tested Golang package here: https://github.com/moov-io/iso8583-connection.
And to understand how the whole e2e flow works starting from the seller and finishing with issuer authorizeing the transaction, you can check a demo project here: https://github.com/alovak/cardflow-playground
Never did I think I'd see somebody I know personally hit the front page of HN... hope you and the rest of the Moov crew are doing well! I got to see these libraries in action (and deal with some mutual TLS auth issues) during my time helping out with connectivity to the card networks' sandbox environments. Things were working very smoothly even 2+ years ago so "battle-tested" is probably an understatement at this point :))