How are prepaid recharge pins generated?

To answer the question in one line, the prepaid recharge pins or voucher activation codes are generated and stored in a server called Voucher Server.

A telecom network mainly consists of Core Network Elements ( BTS, MSC, HLR etc.) and Intelligence Network( IN). The core network’s function is mainly radio connectivity and switching where as IN network’s function is that of call charging, recharge handling, billing etc.

Voucher Server is a part of Intelligence Network.

So let’s understand this in detail for the sake of better understanding of voucher based recharges and then pin generation process.

Voucher Recharge:

In the voucher recharge, a subscriber generally dials a USSD short code which includes voucher activation code ( eg: *121*35353899399390#). Then if the voucher code is correct, the account is credited with recharge amount.

Although there are other channels also available for the voucher recharge like SMS, WebPortal etc depending on the service provider, but I am going to explain USSD flow here.

A simple description of USSD based voucher refill is below:

1. Subscriber dials the USSD short code with voucher code. The request goes to the BTS ( Base Transceiver System).
2. BTS forwards the request to the BSC ( Base Station Subsystem) which is a part of Core Telecom Network.
3. BSC forwards the request to MSC ( Mobile Service Switching system) which does some verifications etc. (Let’s not go into details).
4. MSC will forward the request to HLR ( Home Location Register) which understands the USSD code that it’s a recharge request.
5. HLR forwards the recharge request to Recharge handling system of IN ( Intelligence Network). The IN holds the subscriber database including different balances, tariffs, recharge rules ,charging rules etc. The Intelligence Network consists of many other systems which are not shown here.
6. Recharge handling component sends the voucher code which was received from subscriber to Voucher Server to check it’s value and also to change it’s status to “USED”. If the voucher is already in USED state, then recharge will fail.
7. Voucher Server will respond with the voucher details.
8. Recharge handling system will update the balance in the SDP ( Subscriber Data Point). SDP is the component of the IN which holds all the subscriber’s account details including balance, life-cycle etc.
9. SDP responds with success or failure for the update request.
10. to 14. The recharge response is sent back to subscriber.

Voucher PIN Generation:

As mentioned already, Voucher Server is the system where voucher pins are generated and stored.

On the Voucher Server, the administrator will provide the Transaction Amount, Expiry, Serial Number Range, Agent Details etc. as an input and an algorithm present on system will generate the voucher codes. Generally these codes are encrypted.

When the vouchers are created, they are in “Generated” or “Created” state. These pins can not be used for recharges unless they are in “AVAILABLE” state. So, a state change is performed on these vouchers are per requirement ( usually before printing them) to make them in “AVAILABLE” state. Once that is done, the vouchers are ready to use.

Last point, when the user perform the recharge, the voucher state is change to “USED” and it can not further be used to refill the account.

Above description is just to give a high level idea on how the voucher pins are generated and how recharge works.

In actual scenario, there are much more call flows and systems involved and that also varies from one operator to another ( although there is a lot common in that as well).

Hope you like the answer !

Thanks

EDIT1:

As far as hacking of Voucher Server is concerned, it's not possible or at least very very difficult to hack into Voucher Server.

This server is not directly connected to any external system so that one can not hack the voucher database from public IP. Also these voucher pins are DES Encrypted.

However, only people having access to Voucher System with decryption code can see the voucher codes. But this is not easy as the telecom operators have very stringent auditing process and if someone is caught stealing those vouchers , then there could be legal implications.

I was a part of team which use to generate vouchers for Bharti Airtel 3 years ago and I could see those vouchers :). I mean all of them. But we never did anything fishy.