SecurMed

The UKNI MVS receives web service transactions that have badly formed XML for pack expiry date. The UKNI MVS rejects the transaction and returns a NMVS_TE_XM_02 error.

The XML schema defines that the expiry date for a pack is one of the following:

• A valid date stated as YYMMDD (following the GS1 standard)
• The last day of the month for a valid date stated as YYMM00

The web services endpoint interrogates the transaction and validates the expiry date for the pack according to the following regular expression:

([0-9]{2})((0[1-9])|(1[0-2]))((0[0-9])|([1-2][0-9])|(3[0-1]))

This regular expression evaluates the six-digit date YYMMDD as follows:

YY must be in the range 00 to 99
MM must be in the range 01 to 12
DD must be in the range 00 to 31

Example: Packs where the date YYYY/MM has been incorrectly encoded in the 2D Matrix. e.g. October 2021 has been encoded as 202110 instead of 211000.

It appears affected software solutions may not be validating the expiry date scanned to confirm that it meets the GS1 date format of YYMMDD (or YYMM00). Additionally, the solution may not properly handle exceptions for XML schema violations leading to multiple resubmissions of transactions with the same invalid XML.

Recommendations

Software Suppliers should review their solutions to ensure they are implemented to:

1. Evaluate the expiry date scanned using a regular expression consistent with the one noted above and only proceed to a submission if the date is valid
2. Recognise and handle technical exceptions that are not a normal NMVS application response i.e. not an NMVS_SUCCESS or NMVS_ERROR and in every case trigger an appropriate warning message to the End-user such that they can take appropriate action. In these cases, the system should NOT attempt to retry the transaction.

If a software solution appears to include one or both of the deficiencies listed above, it should be updated accordingly and deployed to the client base as a matter of urgency.