COPAUS2C
Source: app-authorization-ims-db2-mq/cbl/COPAUS2C.cbl
Type: CICS transaction program (DB2)
COPAUS2C — Mark Authorization Message Fraud
Purpose
This CICS program records or updates fraud markings on card authorization messages. It is called (via CICS COMMAREA, not shown as a standalone transaction entry point in these facts) to persist a fraud-related record into the CARDDEMO.AUTHFRDS DB2 table — either inserting a new row for an authorization message, or, if that row already exists, updating its fraud flag and report date. This supports the CardDemo authorization module's fraud-tracking/reporting capability.
How it works
Processing is driven entirely from MAIN-PARA (the only paragraph CICS transfers control to; it in turn performs FRAUD-UPDATE under one condition):
- Timestamp setup —
MAIN-PARAissuesEXEC CICS ASKTIMEandEXEC CICS FORMATTIMEto get the current date (WS-CUR-DATE), which is moved intoPA-FRAUD-RPT-DATE. - Derive authorization timestamp — The program reconstructs a human-readable timestamp (
WS-AUTH-TS) from the incomingPA-AUTH-ORIG-DATE(year/month/day) andPA-AUTH-TIME-9C(computed as999999999 - PA-AUTH-TIME-9C, then split into HH/MI/SS/SSS). This suggests the incoming time field is stored in an inverted/complemented numeric form. - Field mapping — A long sequence of
MOVEstatements copies commarea fields (card number, auth type, expiry date, message type/source, response codes, transaction amount, merchant details, transaction ID, match status, fraud action flag, account/customer IDs) into DB2 host variables matching theAUTHFRDStable columns. - Insert attempt — An
EXEC SQL INSERT INTO CARDDEMO.AUTHFRDSis executed, converting the auth timestamp withTIMESTAMP_FORMATand settingFRAUD_RPT_DATEtoCURRENT DATE. - If
SQLCODE = 0: success — status set to success (WS-FRD-UPDT-SUCCESS), message'ADD SUCCESS'. - If
SQLCODE = -803(duplicate key): the program falls back toFRAUD-UPDATEto update the existing row instead. - Any other non-zero
SQLCODE: status set to failed, and a formatted error message withSQLCODE/SQLSTATEis built intoWS-FRD-ACT-MSG. - FRAUD-UPDATE paragraph — Executes an
EXEC SQL UPDATEagainstCARDDEMO.AUTHFRDS, settingAUTH_FRAUDandFRAUD_RPT_DATEfor the row matchingCARD_NUMandAUTH_TS. Success or failure is again reflected inWS-FRD-UPDT-STATUSandWS-FRD-ACT-MSG. - Control returns to CICS via
EXEC CICS RETURN(no transaction ID passed, so no explicit continuation is specified in this program).
Inputs & outputs
- DFHCOMMAREA (Linkage Section input/output) — sole interface into the program:
WS-ACCT-ID,WS-CUST-ID— account/customer identifiers.WS-FRAUD-AUTH-RECORD(via copybookCIPAUDTY) — the full authorization message data (card number, auth type/time/date, response codes, transaction/merchant details, match status) that gets persisted.WS-FRAUD-STATUS-RECORD— output area:WS-FRD-ACTION(input flag indicating report ('F') or remove ('R') fraud — used to setAUTH_FRAUD),WS-FRD-UPDATE-STATUS(output: success/failed),WS-FRD-ACT-MSG(output: human-readable result/error message).- Copybook
CIPAUDTY— defines the layout of the incoming authorization record fields (PA-*fields referenced throughoutMAIN-PARA). - DB2 table
CARDDEMO.AUTHFRDS— read/write target: INSERTinMAIN-PARAto create a new fraud record.UPDATEinFRAUD-UPDATEto modify an existing record'sAUTH_FRAUDandFRAUD_RPT_DATEwhen a duplicate key is detected.- No physical files (VSAM/QSAM) are used — this is a pure CICS/DB2 program with no
fileslisted by the parser. - CICS services used:
ASKTIME,FORMATTIME(bothNOHANDLE, meaning CICS exceptions are suppressed rather than trapped explicitly), andRETURN.
Things to know
- No file I/O — all data enters/exits via the COMMAREA; there is no direct terminal (BMS map) interaction in this program despite it being a CICS transaction.
- NOHANDLE on ASKTIME/FORMATTIME — any failure in these CICS calls is silently ignored (no explicit error branch), so a bad date/time conversion would not be flagged to the caller.
- Time field inversion logic is non-obvious:
WS-AUTH-TIME = 999999999 - PA-AUTH-TIME-9Cis a hard-coded "complement" calculation to decode the original time; the reason for this encoding is not documented in the source and should be verified with the producer ofPA-AUTH-TIME-9C. - Error handling relies on SQLCODE branching:
SQLCODE = 0→ success.SQLCODE = -803(duplicate key violation) → triggers fallback toFRAUD-UPDATE, meaning insert-then-update is the intended pattern for idempotent fraud marking. This is a specific hard-coded DB2 return code dependency.- Any other non-zero code → treated as a generic "SYSTEM ERROR DB2" and surfaced in
WS-FRD-ACT-MSG, but the program does not roll back or take any DB2-specific corrective action — it simply reports failure back to the caller via the commarea. - No explicit COMMIT/ROLLBACK appears in this program; transaction boundary/commit control is presumably managed by the CICS/DB2 sync point mechanism outside this code, which should be confirmed.
- Hard-coded values: literal date/time format mask
'YY-MM-DD HH24.MI.SSNNNNNN'used inTIMESTAMP_FORMAT(both insert and update), and the constant999999999used in time decoding — both are magic values with no in-code explanation. - Two SQL statements only (
INSERTandUPDATE) against the same table; parser correctly listsCARDDEMO.AUTHFRDStwice, once per statement. - WS-FRD-ACTION (
'F'=report fraud,'R'=remove fraud) is simply written toAUTH_FRAUDwithout validation in this program — any other value passed by the caller would be stored as-is, since no range/value check is shown here.
DB2 tables
CARDDEMO.AUTHFRDS, CARDDEMO.AUTHFRDS
CICS commands
ASKTIME NOHANDLE, FORMATTIME, RETURN
Copybooks
CIPAUDTY
Paragraph flow
flowchart TD
MAIN_PARA["MAIN-PARA"]
FRAUD_UPDATE["FRAUD-UPDATE"]
MAIN_PARA --> FRAUD_UPDATE
Paragraphs
| Paragraph | Line | Performs |
|---|---|---|
| MAIN-PARA | 89 | FRAUD-UPDATE |
| FRAUD-UPDATE | 221 |