Flossx83 is ISO 8583 Simulation Tool For Indie Devs its a processing platform. Designed for core banking, regulatory audits, and fintech developers, it offers full-stack financial transaction simulation, tokenization, fraud scoring, and real-time visibilityβall without vendor lock-in.
Inspired by kernel-grade software principles and Level-1 PCI DSS architectures, this suite provides a transparent, composable, and self-hostable card switch solution for BFSI engineers, security auditors, and compliance professionals.
| Section | Description |
|---|---|
| π¦ Flossx83 Overview | What Flossx83 is and why it exists |
| πΌοΈ System Diagrams | Visual architecture and system flow |
| π₯οΈ POS Terminal Simulator | GUI tool for ISO 8583 message creation |
| β¨ At a Glance | One-line summary of each core component |
| π Project Roadmap | Milestones, dates, and live status πWhere Do We Stand ?π |
| π― Project Goals | Objectives, philosophy, and scope |
| π οΈ Key Features | Deep dive into each component |
| π PCI & Security Practices | Compliance and tokenization details |
| π¦ Getting Started | Step-by-step local setup guide |
| π§ͺ Testing Philosophy | Design for auditors, fuzzers, regressions |
| π Legal Notice | Disclaimer and usage terms |
| π§ Roadmap | Whatβs done, whatβs coming |
| π€ Contributing | How to participate |
| π Full Docs | Wiki, API, compliance |
| βοΈ Maintainers | Core team and contact |
| Component | Description |
|---|---|
| π Card Switch Engine | ISO 8583 TCP/HTTP engine (Spring Boot), tokenizes & routes messages |
| π₯οΈ POS/ATM Simulator | PyQt5 GUI to craft and send ISO 8583 messages with drag-and-drop interface |
| π¨ Fraud Detection | Python FastAPI microservice for real-time rule/ML scoring |
| π Admin Dashboard | React-based interface for real-time tracing, logs, and drilldowns |
| π HSM Tokenization | AES256-based PCI-safe tokenization module (Java crypto) |
| π§Ύ Audit Logger | Immutable JSON logs for every event (ingress, parse, fraud, persist) |
| # | Milestone (Q2 2025) | Target Date | Status | Description |
|---|---|---|---|---|
| 1 | Audit Logger | Mid June 2025 | π§ In Progress | Immutable, append-only event logging (JSONL & text). Core & fraud engine integration. |
| 2 | ML-Infused Fraud Engine | Late June 2025 | π’ Up Next | Plug-in machine learning & rule-based fraud scoring for ISO8583 messages. |
| 3 | Stable Release v1.0 | Early July 2025 | π‘ On Deck | Complete, production-ready switch: core engine, fraud, logging, and admin modules. |
| 4 | TestOps: End-to-End Automation | Early July 2025 | π‘ On Deck | Automated E2E transaction, fraud, and audit test suite (CI-ready). |
| 5 | DevOps Integration (CI/CD) | Early July 2025 | π‘ On Deck | Streamlined pipelines for build, test, release, and deploy. |
| 6 | Documentation Suite | Mid July 2025 | π’ Lining Up | Enterprise-grade API docs, user guides, architecture diagrams, live usage examples. |
| 7 | IaC & Deployment Scripts | Mid July 2025 | π’ Lining Up | Docker, Kubernetes, and Terraform scripts for one-click infra on cloud or local. |
| 8 | Cloud Testing & SRE/Observability | Late July 2025 | π’ Lining Up | Cloud-native test flows, monitoring dashboards, and real-time logging/metrics. |
| 9 | Real-World Benchmarking & Perf Tests | Late July 2025 | π’ Lining Up | Throughput, latency, and reliability benchmarks simulating live card network workloads. |
ποΈ This roadmap is dynamicβmilestones and statuses are updated as we advance! Jump into Issues or Projects to track live progress or contribute.
- Deliver a complete ISO 8583 infrastructure for message routing, testing, audit, and compliance.
- Provide zero-black-box observability into all stages of transaction lifecycle.
- Empower developers and auditors to simulate, trace, and verify payment flows E2E.
- Tokenize and protect sensitive card data with compliance-first defaults.
- Serve as a reference-grade BFSI backendβfor QA, integration, and regulatory education.
- Parses and routes ISO 8583 messages (MTI + Fxx).
- Supports both TCP and HTTP ingress with protocol detection.
- Integrates with:
- Tokenization service (AES/CBC, HSM-style)
- Fraud Engine (REST call)
- Audit logs (immutable JSON)
- PostgreSQL persistence
- Dual-mode message sender (TCP + HTTP)
- Dynamic form: auto-randomize or enter ISO fields manually
- Supports all common Fxx fields (2, 3, 4, 7, 11, 52, etc.)
- View request/response with breakdown
- Easily replicates regression/fuzzing scenarios
- REST microservice for fraud analysis
- Scoring logic via rule or pluggable ML
- Outputs
fraud,suspicious,clean, with metadata - Returns JSON payloads for routing/audit tagging
- Logs every system event as structured JSON
- Append-only, timestamped, traceable
- Easy to grep, visualize, and export
- Web dashboard for:
- Real-time ISO message tracing
- Audit log drilldowns
- Transaction visualizations
- Searchable logs and fraud scores
| Category | Practice |
|---|---|
| PAN/CVV | Immediately tokenized using AES256 + salt |
| Logs | Masked fields only, redact all sensitive content |
| Persistence | Tokenized transactions persisted, never raw card data |
| Audit Trail | Every component logs structured entries to immutable log file |
| Compliance Mode | Follows PCI-DSS Level 1 recommendations for dev/test infrastructure |
git clone https://github.com/gracemann365/flossx83.git
cd flossx83cd java-switch
./mvnw spring-boot:runcd atm-pos-sim-TCP_CLIENT
python3 v3.pycd fraud-engine
uvicorn main:app --reload- Regression-fuzz ready: Randomizable fields
- Auditor mode: Full trace per transaction
- Bank emulation: Loopback approvals/rejections
- See Everything: Logs, traces, and flows fully transparent
This software is distributed "AS IS", for educational, demo, and financial test lab purposes only. Do not use with real card data or production environments unless you meet full PCI compliance independently. All responsibilities for regulatory usage lie solely with the deployer. See LICENSE for full legal disclaimer.
- Core TCP ISO8583 Engine
- HSM Tokenization
- Audit Logging
- Fraud Engine (REST)
- POS Simulator (GUI)
- Admin Dashboard (React)
- Downstream Bank/Network Routing
- Compliance modules (SOX, PCI templates)
This project follows a review-first, audit-by-default contribution model. Please open a Discussion or Issue before submitting PRs.
| Resource | Link |
|---|---|
| π Wiki | ISO 8583 Suite Wiki |
| π οΈ API Reference | api/README.md (coming soon) |
| π§ Architecture | docs/arch-overview.md |
| π PCI Compliance Notes | docs/compliance.md |
Maintained by the FLOSSX83 Core Contributors β for audit professionals, fintech infra engineers, and open-compliance researchers.
- David Grace - Owner & Chief Engineer
- Goutham Rajesh - Product Manager & Launch Strategy
- For critical issues, contact:
gracemann365@gmail.com
Flossx83 β because auditable finance shouldn't cost $500,000 a year.