Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Users Guide
August 2011
Copyright
2011 CyberSource Corporation. All rights reserved. CyberSource Corporation ("CyberSource") furnishes this document and the software described in this document under the applicable agreement between the reader of this document ("You") and CyberSource ("Agreement"). You may use this document and/or software only in accordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the information contained in this document is subject to change without notice and therefore should not be interpreted in any way as a guarantee or warranty by CyberSource. CyberSource assumes no responsibility or liability for any errors that may appear in this document. The copyrighted software that accompanies this document is licensed to You for use only in strict accordance with the Agreement. You should read the Agreement carefully before using the software. Except as permitted by the Agreement, You may not reproduce any part of this document, store this document in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written consent of CyberSource.
Trademarks
CyberSource, the CyberSource logo, SmartCert, and PaylinX are registered trademarks of CyberSource Corporation in the U.S. and other countries. The Power of Payment, CyberSource Payment Manager, CyberSource Risk Manager, CyberSource Decision Manager, and CyberSource Connect are trademarks and/or service marks of CyberSource Corporation. All other brands and product names are trademarks or registered trademarks of their respective owners.
ii
CyberSource Corporation
Contents
Chapter 1
Introduction ......................................................................................................................................1 Introduction to the Silent Order POST...............................................................................................1 Processing an Order ....................................................................................................................2 Partial Authorization ...................................................................................................................3 Enabling Partial Authorization ............................................................................................3 How a Partial Authorization Works.....................................................................................3 Requesting a Full Authorization Reversal ..................................................................................4 Using Decision Manager with the Silent Order POST ...............................................................4 Working with Subscriptions and Customer Profiles...................................................................5 Using this Guide..........................................................................................................................5 Additional Resources ..................................................................................................................6 Introduction to Payer Authentication Services...................................................................................6 Preparing to Use Payer Authentication .......................................................................................6 Using and Storing Payer Authentication Data ............................................................................6 API Results ..........................................................................................................................7 Standard Transaction and Payer Authentication Searches ..................................................9 Payer Authentication Reports ..............................................................................................9 Storing Payer Authentication Data ......................................................................................9 Customer Experience with Payer Authentication .....................................................................10 Successful Order with Payer Authentication .....................................................................10 Unsuccessful Order with Payer Authentication.................................................................11
Chapter 2
Configuring the Business Center Settings....................................................................................13 Choosing Your Default Settings ......................................................................................................13 Payer Authentication.................................................................................................................13 Available Level II and Level III Fields .............................................................................14 Reply Management ...................................................................................................................15 Card Number......................................................................................................................16 Workflow ...........................................................................................................................16 Appearance ........................................................................................................................17 Receipt Page ......................................................................................................................17 Decline Page ......................................................................................................................18
Silent Order POST Users Guide August 2011
iii
Cancel Page .......................................................................................................................20 Notification Fields ....................................................................................................................20 Transaction Receipts..........................................................................................................20 Specific Settings ................................................................................................................21 Downloading Security Scripts .........................................................................................................22
Chapter 3
Creating and Customizing Checkout Pages ................................................................................25 Creating Checkout Pages .................................................................................................................25 Gathering the Information for the Checkout Page ...........................................................................26 Product Information ..................................................................................................................26 URL for Sending Your Orders..................................................................................................27 Credit Card Information............................................................................................................27 Maestro (UK Domestic) Card............................................................................................27 MasterCard and Diners Club Alliance...............................................................................28 Card Verification Number .................................................................................................28 Electronic Checks Information .................................................................................................30 Signature Function ....................................................................................................................31 Request Token ..........................................................................................................................32 Payment and Address Information ...........................................................................................32 Custom Fields ...........................................................................................................................32 Submit Button ...........................................................................................................................33 Customizing the Silent Order POST ................................................................................................33 Order Information Fields ..........................................................................................................33 Level II and Level III Fields .....................................................................................................37 Customer Information Fields ....................................................................................................37 Payment Information Fields......................................................................................................40 Decision Manager Fields ..........................................................................................................45 Order Confirmation Fields........................................................................................................46 Custom Fields ...........................................................................................................................50
Chapter 4
Interpreting and Customizing Receipt Pages ..............................................................................51 Creating Receipt Pages ....................................................................................................................51 Parsing and Interpreting the Reply...................................................................................................52 Decisions...................................................................................................................................52 Reason Codes............................................................................................................................53 Tracking Orders ........................................................................................................................53 Order Number....................................................................................................................53 Request ID .........................................................................................................................53 Link to Request..................................................................................................................53 Request Token ...................................................................................................................54 Determining the Receipt Information .......................................................................................54 Customizing the Receipt Page .........................................................................................................54 Order Result Fields ...................................................................................................................55 Reason Codes............................................................................................................................61
iv
CyberSource Corporation
Contents
Chapter 5
Testing the Silent Order POST .....................................................................................................65 Using the Test Version of the Silent Order POST ...........................................................................65 Using the Debug Page ......................................................................................................................66
Appendix A
Sample Reply Data and Receipts ..................................................................................................69 Reply Data........................................................................................................................................69 Successful Order .......................................................................................................................69 Partial Authorization .................................................................................................................71 Order to Review ........................................................................................................................73 Request...............................................................................................................................73 Reply ..................................................................................................................................74 Failed Order ..............................................................................................................................75 Transaction Receipts ........................................................................................................................75 Customers Receipt ...................................................................................................................75 Merchants Receipt ...................................................................................................................76 Customers Receipt with a Partial Authorization .....................................................................78 Merchants Receipt with a Partial Authorization......................................................................79
Appendix B
Description of Return Codes .........................................................................................................81 AVS Codes.......................................................................................................................................81 Card Verification Codes...................................................................................................................83 Smart Authorization Factor Codes...................................................................................................84
Appendix C
Level II and Level III Field Requirements ..................................................................................87 TSYS ................................................................................................................................................87 Order-Level Fields ...................................................................................................................87 Item-Level Fields ......................................................................................................................91 FDC Nashville Global......................................................................................................................94 Order-Level Fields ...................................................................................................................94 Item-Level Fields ......................................................................................................................99 GPN................................................................................................................................................103 Order-Level Fields ..................................................................................................................103 Item-Level Fields ....................................................................................................................107 RBS WorldPay Atlanta ..................................................................................................................109 Order-Level Fields ..................................................................................................................109 Item-Level Fields ....................................................................................................................114 FDC Compass ................................................................................................................................118 Order-Level Fields ..................................................................................................................118 Item-Level Fields ....................................................................................................................121 Chase Paymentech..........................................................................................................................125 Order-Level Fields .................................................................................................................125 Item-Level Fields ....................................................................................................................129 FDMS Nashville.............................................................................................................................133
Order-Level Fields ..................................................................................................................133 Item-Level Fields ....................................................................................................................136 FDMS South ..................................................................................................................................138 Order-Level Fields ..................................................................................................................138 Item-Level Fields ....................................................................................................................141 Index ..............................................................................................................................................145
vi
CyberSource Corporation
The following table lists changes made in the last releases of this document:
Release
August 2011 July 2011
Changes
Added important note regarding processing electronic checks with TeleCheck. See Electronic Checks Information on page 30. Added Level II and Level III field requirements for FDC Compass, Chase Paymentech, FDMS Nashville, and FDMS South. See Appendix C, Level II and Level III Field Requirements, on page 87. Updated Level II and Level III fields. See Available Level II and Level III Fields on page 14 and Customizing the Silent Order POST on page 33. Added Level II and Level III fields. See Available Level II and Level III Fields on page 14 and Customizing the Silent Order POST on page 33. Renamed and updated Reply Data Fields section. See Reply Management on page 15. Updated Decision Manager section. See Using Decision Manager with the Silent Order POST on page 4. Updated Subscriptions and Customer Profiles section. See Working with Subscriptions and Customer Profiles on page 5. Added Decision Manager fields to screen orders containing travel data. See Using Decision Manager with the Silent Order POST on page 4. Added full authorization reversal functionality. For more information, see Requesting a Full Authorization Reversal on page 4. Added the support of new card types. See Payment Information Fields on page 40. Added the ability to return card number and BIN number on customers receipt. See Reply Management on page 15. Added a Cancel Page option for partial authorization enabled merchants. See Cancel Page on page 20. Added information about partial authorizations. See Partial Authorization on page 3.
June 2010
May 2010
vii
Release
January 2010 June 2009
Changes
Added new payment fields for the new payment processor: RBS WorldPay Atlanta. See Payment Information Fields on page 40. Updated the electronic check authorization consent statement. For more information, see Check Statement on page 31. Added the CyberSource ACH Service for processing checks. For more information, see the values that you can receive on page 59 and in the Business Center Users Guide. Updated the sections on the request token. For more information, see Request Token on page 32 (checkout pages) and Request Token on page 54 (reply pages). Added the list of ports that you can use when specifying a URL for the Receipt Response URL on page 17, and Decline Response URL on page 19, and Merchant POST URL on page 21. Updated the code samples for the checkout pages that you can download (Creating Checkout Pages on page 25 and Creating Receipt Pages on page 51). Removed the appendices on scripting languages. You can now download the sample scripts from links in the chapters on creating web pages (Creating Checkout Pages on page 25 and Creating Receipt Pages on page 51. Added a section on the different signatures available for standard transactions and customer profiles. For more information, see Signature Function on page 31. Added ColdFusion and ASP.NET (C# and Visual Basic) to the types of scripting languages that you can use to create Web pages: Creating Web Pages with ColdFusion on page 69 and Creating Web Pages with ASP.NET on page 73. Redesigned the guide as follows:
July 2008
June 2008
May 2008
April 2008
March 2008
Combined the introduction to the Silent Order POST and the Payer Authentication services into one chapter: Introduction on page 1. Combined the chapters on creating and customizing the order form: Creating and Customizing Checkout Pages on page 25. Moved the sections on scripting languages to the appendices (one for each language): Creating Web Pages With PHP on page 51, Creating Web Pages With ASP on page 55, Creating Web Pages With Perl on page 59, Creating Web Pages With JSP on page 65, Creating Web Pages with ColdFusion on page 69, and Creating Web Pages with ASP.NET on page 73.
Removed the section on deprecated signatures. Changed how orderPage_transactionType is used: Because the type of transaction is included in the signature, this field is no longer required. For more information, see orderPage_transactionType on page 37 (checkout page) and orderPage_transactionType on page 60 (receipt page).
viii
CyberSource Corporation
Chapter 1
Introduction
This guide describes how to use the Silent Order POST, a customized implementation of the Hosted Order Page. With this method, you do not use CyberSources Hosted Order Page. Instead, you use the feature as an HTTP POST API. To use the Silent Order POST, you must be able to create Web pages that will gather customer and order information for the services that you want to use into requests, and you must be able to process the reply information to fulfill the customers order. You must meet these requirements:
Your Web site has shopping-cart software. You have programming skills in ASP, PHP, Perl, JSP, ColdFusion version 7 or higher, or ASP.NET. Your ISP supports these languages and SSL security.
With the Silent Order POST, you can use Simple Order API fields without having to install a client application. However, if you would like more information about the Simple Order API, which uses a client, see the Credit Card Services Users Guide or the Electronic Check Services Users Guide. This chapter provides an introduction to the Silent Order POST and to Payer Authentication services. With Payer Authentication services, you can quickly and easily add support for Verified by Visa and MasterCard SecureCode to your Web store without running additional software on your own server. For more information, see Introduction to Payer Authentication Services on page 6.
Processing an Order
The figure below shows how the components of the Silent Order POST function: your order is processed by CyberSource, which sends the appropriate reply to your customer and sends email notifications to you and to your customer if you chose to do so. This figure shows what occurs when a customer places an order on your Web site. This sample order describes a credit card authorization.
When your customer clicks the Buy button, these events occur: 1 2 3 Your secure order form appears in the customers browser. The customer completes and submits the form. CyberSource processes the authorization by verifying that the information is complete and valid and by processing any other optional services, such as credit card capture. CyberSource sends you the order information and notifies you and your customer by email if you have configured the Business Center settings accordingly. CyberSource directs the customers browser to your receipt or decline page. Optionally the customer receives email notification of the successful transaction if you configured this option. A script on your Web site receives and converts the HTTP POST reply data. You store the order information in your database. You ship the order. After you ship the order, you go to the Business Center to capture the authorization to have money transferred to your bank account. You receive payment within two to four days. If you do not capture the authorization, you do not receive payment.
4 5 6
CyberSource Corporation
Chapter 1 Introduction
Partial Authorization
If you are enabled for partial authorization and the balance on a customers prepaid card or debit card is less than the order amount, CYBS will return a response with a decision as Partial. The customer can choose to pay the remaining balance due with a different form of payment. The customer can use as many additional payments necessary to complete the order or they can choose to capture the partially approved amount. If the customer decides to cancel the order, you must log into The Business Center to cancel the order. Partial authorizations can be performed for prepaid cards and debit cards. For the supported processors and card types, see Prepaid Card and Debit Card. on page 29.
ccAuthReply_requestAmountAmount you requested ccAuthReply_requestCurrencyCurrency for the amount you requested ccAuthReply_amountAmount that was authorized purchaseTotals_currencyCurrency for the amount that was authorized requestIDValue you can use to link this authorization request to subsequent transactions
You can use one or more different payment methods for the rest of the order amount or you can cancel the entire order by going into the Business Center. To continue the order, set the linkToRequest to the requestID value that was returned in the reply message for the original authorization request. CyberSource links the second authorization request to the first authorization.
If the link-to-request value is valid, the second authorization is linked to the original authorization in the Business Center and in reports. If the link-to-request value is not valid, the second authorization is not linked to the original authorization in the Business Center and in reports.
Note If you requested a sale, only the last transaction is captured, the previous approved amounts will need to be captured in the Business Center. If the initial transaction is an authorization or the customer leaves in the middle of a sale, the only way to capture the authorization is through the Business Center.
orderPage_transactionType set to auth_reversal merchantID amount currency authRequestId The request ID of the Authorization to be reversed.
For detailed information, see Decision Manager Fields on page 45. Note The Merchant Defined Data fields 5 to 20 are for use with Decision Manager only. Decision Manager also obtains basic information about the geographical location of a customer by linking the IP address extracted from the customers browser to the country and the credit card. When Decision Manager is enabled, the Hosted Order Page automatically collects the IP address and displays it in the following field: customer_ipaddress. This IP address takes precedence over an IP address passed through the Hosted Order Page. The following IP address are ignored:
CyberSource Corporation
Chapter 1 Introduction
Appendices. The appendices provide information to assist you in creating Web pages and interpreting the results of the replies:
Appendix A Appendix B Sample Reply Data and Receipts Description of Return Codes Sample receipts and transaction data for several types of transactions Codes that you may see in the reply and in the Transaction Details page in the Business Center.
Additional Resources
You can obtain more information about processing orders in these documents:
Business Center Users Guide This guide describes the features of the Business Center, such as configuring your settings and searching for orders. We recommend that you read this guide before you start using the Silent Order POST. Business Center Reporting Users GuideThis guide describes the reports available in the Business Center. CyberSource Decision Manager Developers Guide This guide describes how to use Decision Manager.
In the Business Center, the online help provides detailed instructions for performing all tasks.
CyberSource Corporation
Chapter 1 Introduction
API Results Standard Transaction and Payer Authentication Searches Payer Authentication Reports Storing Payer Authentication Data
API Results
With each transaction processed with Payer Authentication, you receive specific results that you need to analyze to ensure that only safe and valid orders are placed by your customers. Result Data. When using Payer Authentication, you receive result data in all the replies that you have selected:
Merchant POST URL and email: reply fields only Merchant email receipt: same email as the customer but with specific additional merchant data
For sample result data, see Sample Reply Data and Receipts on page 69. Reply Fields. The Silent Order POST processes Payer Authentication slightly differently from the API described in the implementation guide mentioned above:
With the API implementation, the enrollment check, validation, and authorization are usually requested separately so that the results are received (and shown in that guide) in separate replies. With the Silent Order POST, the enrollment check and authentication validation services are requested for you together when you request an authorization (or sale) so that your transaction results show all services. Therefore, the sample transaction results that you see in this guide are slightly different from those in the implementation guide. In the reply data, you can see these Payer Authentication fields, depending on the card type: Card Type
Enrollment
Visa MasterCard
This table describes the fields mentioned above. For detailed information about all the fields and how to interpret the results, see the Payer Authentication Implementation Guide.
Table 1 Reply Fields
Description Transaction identifier generated by the issuing bank for Verified by Visa transactions.
Used By validation
Description Numeric electronic commerce indicator (ECI) returned only for Verified by Visa transactions. This field applies only to non U.S-issued cards. You receive this result when enrollment is checked, and the card is not enrolled. This field contains one of these values: 06: The card can be enrolled. You are protected.
Used By
enrollment
05: Successful authentication 06: Authentication attempted 07: Failed authentication (No response from the merchant because of a problem.)
validation
proofxml
05: Successful authentication 06: Authentication attempted 07: Failed authentication (No response from the merchant because of a problem.)
enrollment String (1024)
Data that includes the date and time of the enrollment check and the VEReq and VERes elements. Store the complete proof when it is returned. If you need to show proof of enrollment checking, you need to parse the string for the information required by the card association. For cards issued outside the U.S. or Canada, your bank may require this data as proof of enrollment checking for any payer authentication transaction that you re-present because of a chargeback.
For cards issued in the U.S. or Canada, Visa may require this data for specific merchant category codes. validation String (32)
CyberSource Corporation
Chapter 1 Introduction
Description Returned only for MasterCard SecureCode transactions to indicate whether the authentication data is collected at your Web site. This field contain one of these values: 0: Authentication data not collected and customer authentication was not completed.
Used By validation
xid
Transaction identifier generated by CyberSource Payer Authentication. Used to match an outgoing PAReq with an incoming PARes. enrollment CyberSource forwards the XID with the credit card authorization service only if the payment processor is Barclays. validation
older than the pre-determined number of days, card associations may require that you send them the AAV or CAVV and/or the XID. The specific requirements depend on the card type and the region. For more information, see your agreement with your card association. After your transactions are settled, you can also use this data to update the statistics of your business. CyberSource recommends that you store the Payer Authentication because you may be required to show this data as proof of enrollment checking for any payer authentication transaction that you represent because of a chargeback. Because your account provider may require that you provide all data in human-readable format, make sure that you can decode the PAReq and PARes. Visa and MasterCard have implemented the 3D Secure protocol differently throughout the world. The following paragraphs provide general information about the Visa and MasterCard implementations throughout the world. To find out the specific requirements for your business and for more information on decrypting and providing the PARes, contact your account manager.
3 4
The customer enters the password and clicks Submit. The browser displays a receipt for the order.
10
CyberSource Corporation
Chapter 1 Introduction
As with other orders, the customer receives an email receipt for the order.
The fraudulent customer keeps trying but cannot guess the real password. After several tries, a final error message says that authentication failed.
11
The fraudulent customer clicks Continue. The Web browser displays a message saying that the order failed.
12
CyberSource Corporation
Chapter 2
This chapter provides detailed instructions to configure the default settings for the Silent Order POST and downloading the security script: Choosing Your Default Settings Downloading Security Scripts
Payer Authentication
This option appears only if you are configured to use CyberSource Payer Authentication.
CyberSource Payer Authentication enables you to quickly and easily add support to your Web store for the Verified by VisaSM and MasterCard SecureCode programs without running additional
13
software on your own server. These cardholder authentication services deter unauthorized card use by fraudulent customers and allows you to receive added protection from fraudulent chargeback activity. For more information, see Introduction to Payer Authentication Services on page 6. Important This note applies to merchants who have the Essentials or Essentials Plus package. If you check the box while you are in test mode, the Go Live button is grayed out (inactive) for about five days while your configuration is being updated. Activation Option. Even if you are configured for Payer Authentication, you need to check the box to use the service. Company Display Name. You can see and use this field only if you are configured to use Payer Authentication. Enter the business name to appear on the order page. To customize this field, Order Confirmation Fields on page 46.
Business/Corporate CardsGiven by businesses to employees for business-related expenses such as travel and entertainment or for corporate supplies and services. Purchase/Procurement CardsUsed by businesses for expenses such as supplies and services. These cards are often used as replacements for purchase orders.
Level III cards, which are also known as purchasing cards are special credit cards that employees use to make purchases for their company. You provide additional detailed informationthe Level III dataabout the purchasing card order during the settlement process. The Level III data is forwarded to the company that made the purchase and allows the company to manage its purchasing activities. Each processor supports a different set of Level II and Level III fields. If you submit a Level II or Level III transaction but omit required fields, your processor could charge you penalties or increase your fees. To find out if you can or should use these fields for your processor, see Appendix C, Level II and Level III Field Requirements, on page 87.
14
CyberSource Corporation
You can choose to Hide, Read Only, Optional, or Require each field. What you select here determines what is displayed on the Order page.
If you choose to Hide a field, you can still pass in the field, but it will be hidden from the customer. If you choose to make a field Read Only, the field will display with the value you selected. The customer cannot change it. If you choose to make the field Optional, the customer can fill in the field or leave it blank. If you choose to make a field Required, the customer is required to fill in the field.
Select your choice from the Field Settings menu. Click the Reciept checkbox to have the fields display on the customer's emailed reciept and your emailed reciept.
Reply Management
You can specify which digits of the customers card number is displayed in the receipt page they receive after they make a payment. Note Your customers receive the receipt page for successful orders and for orders marked for review. You should review these declined orders as soon as possible because you may be able to
15
correct problems related to address or card verification, or you may be able to obtain a verbal authorization.
Card Number
Return BIN. Check this box to display only the cards Bank Identification Number (BIN). The BIN is the first six digits of the card number. The remaining digits are masked, for example 666666XXXXXXXXXX. Return Credit Card Number. Check this box to display only the card number. The card number is masked except for the last four digits, for example XXXXXXXXXXXX4444. Return BIN in Credit Card Number. Check this box to display both the BIN and the card number. The remaining digits are masked, for example 666666XXXXXX4444. This field is enabled when Return Credit Card Number is checked. enabled when Return Credit Card Number is checked.
Workflow
Check the Perform authorization reversal on AVS or CVN failure check box to perform an automatic authorization reversal for a transaction that fails a CVN check or an AVS check. When the Perform authorization reversal on AVS or CVN failure check box is checked, the following can occur: 1 If the automatic authorization reversal is successful:
The decision field value within the reply message is set to REJECT. See Decisions on page 52. The customer decline page displays. See Decline Page on page 18.
The decision field value within the reply message is set to REVIEW. See Decisions on page 52. Log into the Business Center to bill or reject the transaction. The customer receipt page displays. See Creating Receipt Pages on page 51.
When the Perform authorization reversal on AVS or CVN failure check box is unchecked, the following occurs:
The decision field value within the reply message is set to REVIEW. See Decisions on page 52. Log into the Business Center to bill or reject the transaction. The customer receipt page displays. See Creating Receipt Pages on page 51.
16
CyberSource Corporation
Appearance
In this section, you choose the reply pages that CyberSource sends to your customers. If you create your own receipt pages, CyberSource recommends that you enter the same URL for the success and failure pages so that all replies coming from CyberSource go to a single location on your Web site. You can later parse the reply results from that URL according to the reason code and redirect your customer to the appropriate receipt page.
Receipt Page
In this section, you enter either the URL for your custom receipt page or the text for CyberSources receipt page. Receipt Response URL. This field is required when you check the box below. If you check this box, you indicate that you want to use your own receipt page, not CyberSources receipt page. If you use your own receipt page, you do not need to enter any data in the Receipt Link Text Header and Footer fields of this section. Enter a URL for your receipt page in the format: http://www.example.com/. Make sure that your URL uses only these ports: 80, 8080, or 443. Receipt Link Text. If you plan to use CyberSources receipt page, enter text for the link to be displayed at the bottom of the receipt page, for example: Thank you for your order or Return to Example.com. Important Your customers receive this page for successful orders and for orders declined by Smart Authorization. You should review these declined orders as soon as possible because you may be able to correct problems related to address or card verification, or you may be able to obtain a verbal authorization. For complete information about Smart Authorization and reviewing orders, see the Business Center Users Guide. This text links the user to a receipt page on your Web site that lists the following contact information: name, phone number, and email address. Customers receive this contact information in the email confirmation of their order if you have configured appropriately the Notification Fields on page 20.
Header: Optional text to be displayed at the top of the receipt page. You can include HTML code, for example: <img src="http://www.example.com/logo.gif"
alt="Example.com">
Footer: Optional text to be displayed at the bottom of the receipt page. You can include HTML code, for example: <p>Thank you for your order.</p>
17
In addition, you can add specific order information to the header and/or the footer with the smart tags:
Account Number* Amount Billing City Billing Company Billing Country Billing First Name Billing Email Address Billing Last Name Billing Phone Number Billing Postal Code Billing State Billing Street 1 Billing Street 2 Comments Customer ID Logo Image Merchant-Defined Data 1-20 Order Number Shipping City Shipping Company Shipping Country Shipping First Name Shipping Last Name Shipping Postal Code Shipping State Shipping Street 1 Shipping Street 2 Subscription ID Tax Amount
* Account Number refers to the customers payment account number with only the last four digits shown.
You can add one or more elements of the order listed in the table above to the header and/or the footer of the order form. When you select an option in the list, the item will be inserted in the field where the cursor is located if the data is present in the order. If no data exists for the tag that you choose, nothing will appear.
Smart Tags
In the Smart Tags figure above, the header for the default (CyberSources) receipt page will contain the logo and the order number. The footer will contain the text Thank you! and the order number.
Decline Page
In this section, you can enter either the URL for your custom decline page or the text for CyberSources decline page.
18
CyberSource Corporation
Decline Response URL. This field is required when you check the box immediately below. Checking the box indicates that you want to use your own decline page instead of CyberSources decline page. If you use your own decline page, do not enter data in the Decline Link Text Header and Footer fields. Enter a URL for your decline page, such as http://www.example.com/. Make sure that your URL uses only these ports: 80, 8080, or 443. The figure above shows a custom decline page: the URL is for the page that the customer will see. Decline Link Text. If you plan to use CyberSources decline page, enter text for the link to be displayed at the bottom of the receipt page, for example: Questions about your order?, Try another payment type or card. Important Your customers receive this page for all rejected orders. You should review these declined orders as soon as possible because you may be able to correct some of the problems. This text links the user to a decline page on your Web site that lists the following contact information: name, phone number, and email address. Customers receive this contact information in the email confirmation of their order if you have configured appropriately the Notification Fields on page 20. In addition, you can use the same smart tags available for the receipt page. Depending on the reason for the decline, if the customer returns to the previous page, you can display an error message such as this one: To resubmit your order, return to the
previous page, and click the appropriate link.
Header: Optional text to be displayed at the top of the receipt page. You can include HTML code, for example: <img src="http://www.example.com/logo.gif"
alt="Example.com">
Footer: Optional text to be displayed at the bottom of the receipt page. You can include HTML code, for example: <p>We are sorry for the problem with your order.</p>
19
Cancel Page
If you are enabled for partial authorization, you will have the option of creating a cancel page. In the Cancel Page section, enter either the URL for your custom cancel page or the text for CyberSources cancel page.
Cancel Response URL. Enter a URL for your cancel page, such as http://www.example.com/. Make sure that your URL uses only these ports: 80, 8080, or 443. This field is required when you check the box immediately below. Checking the box indicates that you want to use your own cancel page instead of CyberSources cancel page. If you use your own cancel page, do not enter data in the Cancel Link Text field. Cancel Link Text. If you plan to use CyberSources cancel page, enter text for the link to be displayed at the bottom of the receipt page, for example: Your order has been cancelled.
Notification Fields
CyberSource can send to you and to your customer a receipt for each new transaction.
Transaction Receipts
These email receipts are formatted as memos. You cannot specify the content, but you can specify how you want the header and the footer to appear. For sample receipts, see Transaction Receipts on page 75. Customers Receipt. The customers receipt shows the payment information with only the last four digits of the credit card number. CyberSource sends a receipt only when customers make a payment. Merchants Receipt. CyberSource sends a receipt for each type of transactions, and you can specify the type of message(s) that you want to receive:
POST: string of the transaction results sent in two ways, which are optional. In both cases, the content is the same as what you receive in the API reply:
URL to a URL that you specify. POST to an email address that you specify.
Email: standard email receipt as in the example below, which contains the payment information, the return codes, and all the information relevant to the order. With this receipt, you can fulfill the order without having to search the Business Center to see the details.
20
CyberSource Corporation
Specific Settings
These fields are optional. The default email message contains only the description of the product, the cost, and the order number, but you can customize the messages by adding a header and/or a footer and your customized body if you wish. To customize this section, see Order Confirmation Fields on page 46. To use a custom email body, you need to contact Customer Support. The figure below shows the Email section of the settings page.
Merchant POST URL. Enter the URL where you want to send the transaction results from CyberSource to your business. Make sure that your URL uses only these ports: 80, 8080, or 443. Email Messages. Enter the appropriate information for the email messages that you want to use.
Table 2 Types of Email Messages
Type Merchant POST Email Customer Receipt Email Merchant Receipt Email
Description Email address for sending the transaction results from CyberSource to your business, for example: orders@example.com. Email receipt sent to the customer. You also need to complete the four fields below. Email receipt sent to your business email address. You also need to complete the four fields below.
21
Default Email Information. These four fields apply to all merchant and customer email messages.
Table 3 Email Information
Description Email address to appear on the email messages, for example: service@example.com. This fields is required if you checked any or all of the email message boxes above.
Important Because some customers will reply to the email receipt to ask questions about their orders, make sure to use a real email address and to check it regularly.
Sender's Name Email Receipt Header Name to use on the email messages, for example: Widgets Incorporated. Text to use on the email messages, for example: Widgets Incorporated. In addition, you can use for the receipt headers and footers the same smart tags available for the order page, except for the logo to the receipt, which you cannot add to a receipt. For more information, see Smart Tags on page 18. Email Receipt Footer Text to display at the bottom of the email messages, for example: If you have questions about your order, please contact service@example.com.
22
CyberSource Corporation
The download page, located under Tools & Settings > Security, contains these sections:
The top section shows the serial number of all your current active keys and gives you the option to delete one or more of them as necessary to protect your business. The bottom section shows the types of scripts that you can create.
Download a security script of a type supported by your ISP: ASP, PHP, Perl, JSP, ColdFusion, or ASP.NET. Because Perl is more difficult to use than the other languages, most hosting providers that support Perl CGI scripts also support the others. For more information, contact your ISP. If you choose the JSP script, Java version 1.4.2 must be installed on your computer. The figure below shows a sample page with many active keys.
After you submit your request for a security script, this page appears when your script is created.
23
All you need to do is to save the file either when your Web browser prompts you or when you click here. As soon as you have saved your script in a safe location, you need to upload the script in ASCII mode to the root directory of your Web server, for example:
\opt\jakarta-tomcat-4.1.24\webapps\ROOT
Important For your scripts to work properly, you must upload them in ASCII mode, not in binary mode, and you must do so immediately so that your customers orders do not fail.
24
CyberSource Corporation
Chapter 3
In this chapter, you learn to create a Web page for each product that you sell. This chapter comprises these sections: Creating Checkout Pages Gathering the Information for the Checkout Page Customizing the Silent Order POST
Perl: Although the code is shown with skipped lines and aligned text for readability, the Perl language ignores the white space. Depending on your server requirement, save the files either as .cgi or .pl. JSP: When choosing a Web server, such as Apache Tomcat, make sure that it can support JSP (Java Server Pages). You can find the software and the installation and configuration instructions at The Apache Software Foundation. For JSP, you must have Java version 1.4.2 or later installed. ASP.NET: The archive contains sample security, request, and receipt scripts for C Sharp and Visual Basic as shown in the figure below.
25
To create your ASP.NET project, complete these steps before following this chapter:
a. Extract the rest of the contents on your Web server. b. Replace the security script provided with the script that you generated in the Business
Center:
C Sharp Visual Basic Replace CSharp/HOP.cs with your generated HOP.cs. Replace VB/HOP.vb with your generated HOP.vb.
2 3 4
Use the information in the rest of this chapter to create checkout pages for your product. Upload the program to your Web server. Proceed to Testing the Silent Order POST on page 65.
Product Information
The Silent Order POST cannot process line items, only total amounts. If your site uses shoppingcart technology, you need to collect information about all the products and send the total amount of all products to CyberSource. For each of your products, you need this information:
Name sample_product_name Description Here, you enter the description of your product. Price Price of product, such as 10.00 (without the currency sign)
26
CyberSource Corporation
Production
<form action="https://orderpage.ic3.com/hop/ProcessOrder.do" method="post">
* Although the Switch card is now called Maestro (UK Domestic), you may still see references to Switch in the documentation or in the Business Center. ** Diners Club does not appear on the order form if your default currency is U.S. dollars.
27
If you are a merchant outside North America, you do not need to change how you process MasterCard or Diners Club cards. If you are a North American merchant, you must process these cards as MasterCard cards by setting the card type to MasterCard. You are responsible for indicating the correct card type to CyberSource so that a Diners Club card is processed correctly either as a Diners Club or a MasterCard card:
If you explicitly set the card type in your request, use the card number to determine the card type instead of the card type indicated by the customer. If you do not set the card type in the request, CyberSource determines the card type based on the card number.
Although setting the card type in your request is optional, it is required for Diners Club International cards (14-digit number that begins with 36) to indicate a MasterCard card.
28
CyberSource Corporation
EnRoute JAL Delta Visa Electron Dankort Laser Carte Bleue Carta Si Maestro (International) GE Money UK card
Card Verification Value (CVV2) Card Verification Value (CVV2) Card Verification Value (CVV2) Card Verification Value (CVV2) Card Verification Value (CVV2) Card Verification Value (CVV2) Card Verification Value (CVV2) Card Verification Value (CVV2) Card Verification Value (CVV2) Card Verification Value (CVV2)
Back of the card: if present, 3 digits in the signature area to the right of the credit card number Back of the card: if present, 3 digits in the signature area to the right of the credit card number Back of the card: if present, 3 digits in the signature area to the right of the credit card number Back of the card: if present, 3 digits in the signature area to the right of the credit card number Back of the card: if present, 3 digits in the signature area to the right of the credit card number Back of the card: if present, 3 digits in the signature area Back of the card: if present, 3 digits in the signature area to the right of the credit card number Back of the card: if present, 3 digits in the signature area to the right of the credit card number Back of the card: if present, 3 digits in the signature area to the right of the credit card number Back of the card: if present, 3 digits in the signature area
Prepaid Card and Debit Card. The Silent Order Post page supports prepaid cards and debit cards. The types of prepaid cards and debit cards that can be processed are described in the box.
American Express Prepaid cards The processors that support American Express prepaid cards are: American Express Direct
If there is a balance remaining on an American Express prepaid card after an authorization, the authorization reply includes the balance amount in ccAuthReply_accountBalance. If there is not enough of a balance on the prepaid card for the requested transaction, it will be declined.
29
If there is a balance remaining on a prepaid card after an authorization, the authorization reply includes these fields: ccAuthReply_accountBalanceBalance amount remaining on the prepaid card after the authorization.
ccAuthReply_accountBalanceCurrency Currency of the balance amount. ccAuthReply_accountBalanceSignSign for the balance amount.
The possible values are positive and negative. If there is not enough of a balance on the debit card or prepaid card for the requested transaction, a partial authorization is approved. See Partial Authorization on page 3. All other prepaid cards All other debit cards The requested transactions will be declined. These cards are processed like credit cards. If there is not enough of a balance on the debit card for the requested transaction, it will be declined.
30
CyberSource Corporation
Check Statement. You must add to the checkout process of your Web site a consent statement for the check authorization. Your customer must accept this statement before submitting the order: By entering my account number above and clicking Authorize, I authorize my payment to be processed as an electronic funds transfer or draft drawn from my account. If the payment is returned unpaid, I authorize you or your service provider to collect the payment and my states return item fee by electronic funds transfer(s) or draft(s) drawn from my account. Click here to view your states returned item fee. If this payment is from a corporate account, I make these authorizations as an authorized corporate representative and agree that the entity will be bound by the NACHA operating rules. For the content of the here link, see the next section. You may omit the Cancel button as long as you provide a method for the customer to choose another form of payment. Link to Returned Fees. You must add a link to the table of returned check fees. The table lists by state the amount that your customer has to pay if the check is returned. Because this table is updated regularly, we recommend that you create a link directly to it:
http://www.achex.com/html/NSF_pop.jsp
You can display the state fees table in a pop-up window, a full browser window, or directly on the checkout page.
Signature Function
The signature is required to enable CyberSource to verify that no fraudulent customer intercepts and modifies the transaction when you transmit it to CyberSource. The signature follows this syntax:
<signature>("amount", "currency", "orderPage_transactionType")
currency: Currency for the order. If this field is absent, the default currency is U.S. dollars.
orderPage_transactionType: Note that with some of the options, you request two or more
The fields mentioned are described in Customizing the Silent Order POST on page 33.
31
Request Token
The orderPage_requestToken is a unique identifier that CyberSource assigns to each request and returns to you in each reply. CyberSource uses the value of the request token to link follow-on transactions, such as the profile creation following a card authorization, to the original order. This field is an encoded string that contains no confidential information, such as account or card verification number. The string may contain up to 256 characters. Always send the value of the last token that you received for the order in follow-on service requests. For a detailed discussion of the request token, see the Request Token Planning Guide.
Custom Fields
You can use two types of custom fields:
Name-value pairs: you can assign any name that you wish. Merchant-defined fields: one to twenty fields to add other information to the order, such as an order number, additional customer information, or a special comment or request from the customer: merchantDefinedData1 through merchantDefinedData20.
The content of the fields appears in your receipt, the transaction search detail page, the exportable search results, and the Order Detail report. When using these fields, you must follow these rules: Warning Merchant-Defined Data fields are not intended to and MUST NOT be used to capture personally identifying information. Accordingly, Merchant is prohibited from capturing, obtaining, and/or transmitting any personally identifying information in or via the Merchant-Defined Data fields. Personally identifying information includes, but is not limited to, credit card number, social security number, driver's license number, state-issued identification number, passport number, and card verification numbers (CVV, CVC2, CVV2,
32
CyberSource Corporation
CID, CVN). In the event CyberSource discovers that Merchant is capturing and/or transmitting personally identifying information via the Merchant-Defined Data fields, whether or not intentionally, CyberSource WILL immediately suspend Merchant's account, which will result in a rejection of any and all transaction requests submitted by Merchant after the point of suspension.
Submit Button
With an HTML page, you can describe your product to your customer, but the customer cannot purchase your product. By adding a Buy Now button to the page, your customer can purchase your product through the Silent Order POST. When the customer clicks the button, the order page appears in the customers browser. After the customer completes and submits the form, the order information is sent to CyberSource to be processed. For the button, use text such as Buy Now!
Evaluate your business requirements to determine what fields to send in your requests. All field names listed are case sensitive. The values of all request fields must not contain new lines or carriage returns. However, they can contain embedded spaces and any other printable characters. All leading and trailing spaces will be removed during processing.
33
Description Customers browser identified from the HTTP header data. This field can contain one of these values:
true: The customers browser accepts cookies. false: The customers browser does not accept cookies.
comments
Additional general information about the order. Do not insert sensitive information in this field. This information can appear in the order confirmation e-mail that you send to your customers. Name of product. Products identifier code. Quantity of the product being purchased. Total amount of tax to be applied to the product. Per-item price of the product. This value cannot be negative. You can include a decimal point (.), but you cannot include any other special characters. In the request, the amount is truncated to the correct number of decimal places. Your CyberSource merchant ID. This field is populated automatically. Do not assign a value to this field. Reference number unique to each order; equivalent to the merchant reference number. If you do not send an order number, the Silent Order POST creates one for you. Use this number to keep track of the orders in your system and in the Business Center.
Optional
String (255)
String (30) String (6) Integer (10) Decimal (15) String (15)
merchantID orderNumber
34
CyberSource Corporation
Description Indicates how to use the result of the address verification test. Use one of these values: true: Ignore the result of the test. In this case, no transaction will be declined if the test fails (reason code 200). Depending on the type of transaction, the order is processed as follows:
authorization: The authorization proceeds normally. Because you will review the order before capturing it, you can decide at that time whether to capture it or not. sale: The authorization and the capture proceed normally.
orderPage_ignoreCVN
Indicates how to use the result of the card verification test. Use one of these values: true: Ignore the result of the test. In this case, no transaction will be declined if the test fails (reason code 230). Depending on the type of transaction, the order is processed as follows:
Optional
String (3)
authorization: The authorization proceeds normally. Because you will review the order before capturing it, you can decide at that time whether to capture it or not. sale: The authorization and the capture proceed normally.
Twenty fields where X = 120. You can display on the order form one or more fields with additional information, such as an order number, additional customer information, or a special comment or request.
Optional
String (5)
Use one of these values: true: Display to the customer the specified merchant-defined data field(s).
false: Do not display to the customer the specified merchant-defined data field(s).
35
Description Twenty fields where X = 120. If you choose to display one or more of these fields, you must specify the name of the field. Because your customers will see these names, make sure to choose them carefully, such as Telephone Account Number or Name of Publication. This field is required if orderPage_ merchantDefinedDataX_display is set to true.
Twenty fields where X = 120. The customer can edit the field(s) on the order page with additional information such as a special comment or request. Use one of these values: true: Allow the customer to edit the specified merchant-defined data field(s).
Optional
String (5)
false: Do not allow the customer to edit specified merchant-defined data field(s).
Twenty fields where X = 120 that you can require the customer to complete with additional information such as a special comment or request. Use one of these values: true: Require the specified merchant-defined data field(s).
Optional
String (5)
Important If you choose to require but not to display these fields, the customer cannot see and edit the fields. Therefore, you need to send the information in the custom fields. For more information, see Custom Fields on page 32.
orderPage_ merchantDisplayName Business name displayed on the order page. This field is available only with Payer Authentication. For more information, see Introduction to Payer Authentication Services on page 6. Request token data: use the most recent token that you received for the order. Optional String
orderPage_ requestToken
Required
String (256)
36
CyberSource Corporation
Description This field is used in conjunction with the Signature Function. Use one of these values: authorization: default
Required or Optional
sale: a sale is an authorization with an automatic capture auth_reversal: a full authorization reversal
OLD DESCRIPTION TO BE DELETED: Field that is populated automatically when the insertSignature function is called. Do not assign a value to this field taxAmount Amount of tax on the order that is displayed only for the customers reference. This amount is not added to the cost of the order. This field is required if you check the Display Tax Amount box in the Hosted Order Page settings. Optional String (15)
Description City of the billing address. Make sure to send only valid and well-formed data in this field.
37
Description Name of the customers company. Used only for TeleCheck corporate checks. Billing country for the account. Use the two-character country codes located in the Support Center. Make sure to send only valid and well-formed data in this field. Optional customers account ID, tracking number, reward number or other unique number that you assign to the customer for the purpose that you choose. Date of birth of the customer. Use format YYYY-MM-DD or YYYYMMDD. If your processor is AmeriNet, check with AmeriNet to see if you are required to provide the date of birth, and for AmeriNet corporate checks, use the value 1970-01-01. Month of birth of the customer. Date of birth of the customer. Year of birth of the customer.
billTo_customerID
Optional
String (50)
billTo_dateOfBirth
String (10)
Optional; These three fields are accepted but not used by the Silent Order POST. Optional; Required for TeleCheck Optional; Required for TeleCheck Required for checks Required Optional Optional
String (30)
State or province where the customers drivers license was issued. Use the two-character country codes located in the Support Center. Customers email address, including the domain name, for example: jdoe@example.com. Make sure to send only valid and well-formed data in this field. Customers first name as it appears on the card. Host name reported by the customers browser to your Web server identified via the http header. Customers IP address, such as 10.1.27.63, reported by your Web server via socket information. Make sure to send only valid and well-formed data. Customers last name as it appears on the card.
String (2)
billTo_lastName
Required
String (60)
38
CyberSource Corporation
Required/ Optional Optional; Required for checks Required for U.S. and Canada
billTo_postalCode
Billing postal code for the credit card. Make sure to send only valid and well-formed data in this field. This field must contain between five and nine digits. For Canada, format the postal code as follows: If the postal code has more than three characters, the first three must be <alpha><numeric><alpha>.
String (10)
billTo_state
If the postal code has seven characters, the last three must be <numeric><alpha><numeric> Required for U.S. and Canada Required String (2)
State or province of the customer. Make sure to send only valid and well formed data in this field. Use the two-character codes located in the Support Center. Street address of the customer as it appears in the account issuers records. Make sure to send only valid and well-formed data in this field. Used for additional address information, for example: Attention: Accounts Payable City of the shipping address. Company name of the shipping address. Country where to ship the product. Use the twocharacter country codes located in the Support Center. Required if any shipping address information is included. First name of the customer who receives the order. Last name of the customer who receives the order. Phone number for the shipping address. Postal code of the shipping address. Required for U.S. and Canada.
billTo_street1
String (60)
39
Description Shipping method for the product. It can contain one of these values: sameday: Courier or same-day service
shipTo_state
oneday: Next day or overnight service twoday: Two-day service threeday: Three-day service lowcost: Lowest-cost service pickup: Store pick-up other: Other shipping method none: No shipping method because product is a service or subscription
State, province, or territory of the shipping address. See the Support Center for a list of codes. Required for U.S. and Canada. First line of the shipping address. Second line of the shipping address.
Optional
String (60)
shipTo_street1 shipTo_street2
Optional Optional
Description Amount of the order that is passed in the signature. Request ID of the authorization to be reversed.
Required or Optional Required Required for authorization reversals Required for cards
card_accountNumber
Card account number. Make sure to send only valid and well-formed data for this field. Non-numeric values are ignored.
40
CyberSource Corporation
Description Type of card. CyberSource strongly recommends that you send the card type even if it is optional for your processor. Omitting the card type can cause the transaction to be processed with the wrong card type. Use one of these values: 001: Visa
card_cvNumber
002: MasterCard 003: American Express 004: Discover 005: Diners Club 006: Carte Blanche 007: JCB 014: EnRoute 021: JAL 024: Maestro (UK Domestic) 031: Delta 033: Visa Electron 034: Dankort 035: Laser 036: Carte Bleue 037: Carta Si 039: Encoded account number 040: UATP 042: Maestro (International) 043: GE Money UK card
A three- or four-digit number printed on the back or front of credit cards that ensures that your customer has physical possession of the card. For more information, see Card Verification Number on page 28. Do not send this field if you do not want to use this test. Expiration month (MM) of the credit card. For example, June is 06. The leading 0 is required. Expiration year (YYYY) of the credit card.
card_expirationMonth
Integer (2)
card_expirationYear
Integer (4)
41
Description Indicates how many times a Maestro (UK Domestic) card has been issued to the account holder. The card may or may not have an issue number. The field is required if the card has an issue number. The number can consist of one or two digits, and the first digit may be a zero. Include exactly what is printed on the card (a value of 2 is different from a value of 02). Do not include the field (even with a blank value) if the card is not a Maestro (UK Domestic) card.
Note Effective May 2011, the issue number is no longer required for Maestro (UK Domestic) transactions.
card_startMonth Starting month (MM) of the validity period for the Maestro (UK Domestic) card. The card may or may not have a start date. The field is required if the card has a start date. Do not include the field (even with a blank value) if the card is not a Maestro (UK Domestic) card. The valid values are 01 to 12, inclusive. Required for authorization only String (2)
Note Effective May 2011, the start date is no longer required for Maestro (UK Domestic) transactions.
card_startYear Year (YYYY) of the start of the Maestro (UK Domestic) card validity period. The card may or may not have a start date printed on it; the field is required if the card has a start date. Do not include the field (even with a blank value) if the card is not a Maestro (UK Domestic) card. Required for authorization only String (4)
Note Effective May 2011, the start date is no longer required for Maestro (UK Domestic) transactions.
check_accountNumber Checking account number. Required for checks Required for checks String with numbers only (17) String (1)
check_accountType
Checking account type. This field can contain one of these values: C: Checking
42
CyberSource Corporation
Data Type (Length) String with numbers only (9) String with numbers only (8) String (3)
Check number.
check_secCode
RBS WorldPay Atlanta: Code that specifies the authorization method for the transaction. Possible values: CCD: Corporate cash disbursementA charge or credit against a business checking account. You can use one-time or recurring CCD transactions to transfer funds to or from a corporate entity. A standing authorization is required for recurring transactions.
Optional
PPD: Prearranged payment and deposit entryA charge or credit against a personal checking or savings account. You can originate a PPD entry only when the payment and deposit terms between you and the customer are prearranged. A written authorization from the customer is required for onetime transactions and a written standing authorization is required for recurring transactions. TEL: Telephone-initiated entryA one-time charge against a personal checking or savings account. You can originate a TEL entry only when there is a business relationship between you and the customer or when the customer initiates a telephone call to you. For a TEL entry, you must obtain a payment authorization from the customer over the telephone. There is no recurring billing option for TEL. WEB: Internet-initiated entryA charge against a personal checking or savings account. You can originate a one-time or recurring WEB entry when the customer initiates the transaction over the Internet. For a WEB entry, you must obtain payment authorization from the customer over the Internet. Optional String (5)
currency
Currency for the order. If this field is absent, the default currency is U.S. dollars.
43
Description RBS WorldPay Atlanta: This field is used to pass in the authenticate order ID you received from the authenticate service. This field is optional. TeleCheck: reference number that you generate and that is used to track the transaction in the payment processor system. Use this number for reference with all your orders. This field is optional, but if you do not send this number, CyberSource creates one for you. The field also links a credit to the original debit request.
Optional
LinkToRequestID paymentOption Method of payment. The field can contain one of the following values: card (default) Required for checks String (6)
check
When the value is check, the contents of the credit card fields are ignored, and the fields appropriate for your check processor become required. Check payments apply only to U.S. transactions.
Description Concatenation of individual travel legs in the format ORIG-DEST1[:ORIG2-DEST...:ORIGDESTn], for example: SFO-JFK:JFK-LHR-CDG. For a complete list of the airport codes, see IATAs City Code Directory.
44
CyberSource Corporation
Description Departure date and time of the first leg of the trip in of these formats: yyy-MM-dd HH:mm z
HH = hour in 24-hour format hh = hour in 12-hour format a = am or pm (case insensitive) z = your time zone
Examples:
2010-03 11:30 PM PDT 2010-03-20 11:30pm GMT
Type of travel. For example, you can use values such as one way or round trip. Airport code (usually three digits, such as SFO for San Francisco) for the origin of the leg of the trip designated by the pound (#) sign. Do not use the colon (:) or the dash (-). For a complete list of airport codes, see IATAs City Code Directory.
Optional Optional
Description Text for the link at the bottom of the cancel page, such as Your order has been cancelled.
45
Description URL for the link at the bottom of the decline page, such as http://www.example.com/ Text for the link at the bottom of the decline page, such as Return to Example.com. When using a custom decline page, this value will dynamically override the static Decline Response URL specified in the Hosted Order Page settings. When using the default CyberSource decline page, this URL will appear at the bottom of the page for example, https://my-domain.com/return-reject.html. Senders email address to use on the customers email receipt, such as service@example.com.
orderPage_ emailFromAddress
Optional
String
Note Because some customers may reply to the email receipt to ask questions about their orders, make sure to use a real email address and to check it frequently.
orderPage_ emailFromName orderPage_ merchantDefinedDataX_ display Senders name to use on the customers email receipt, such as Customer Service. Twenty fields where X = 120. You can display on the order form one or more fields with additional information, such as an order number, additional customer information, or a special comment or request. Use one of these values: true: Display to the customer the specified merchant-defined data field(s). Optional Optional String String (5)
false: Do not display to the customer the specified merchant-defined data field(s).
Twenty fields where X = 120. If you choose to display one or more of these fields, you must specify the name of the field. Because your customers will see these names, make sure to choose them carefully, such as Telephone Account Number or Name of Publication. This field is required if orderPage_ merchantDefinedDataX_display is set to true.
Optional
String (5)
46
CyberSource Corporation
Description Twenty fields where X = 120. The customer can edit the field(s) on the order page with additional information such as a special comment or request. Use one of these values: true: Allow the customer to edit the specified merchant-defined data field(s).
false: Do not allow the customer to edit specified merchant-defined data field(s).
Twenty fields where X = 120 that you can require the customer to complete with additional information such as a special comment or request. Use one of these values: true: Require the specified merchant-defined data field(s).
Optional
String (5)
Important If you choose to require but not to display these fields, the customer cannot see and edit the fields. Therefore, you need to send the information in the custom fields. For more information, see Custom Fields on page 32.
orderPage_ merchantEmailAddress orderPage_ receiptLinkText orderPage_ receiptResponseURL Email address for sending an order receipt to your business, such as orders@example.com. Text for the link at the bottom of the receipt page, such as Return to Example.com. When using a custom receipt page, this value will dynamically override the static Receipt Response URL specified in the Hosted Order Page settings. When using the default CyberSource receipt page, this URL will appear at the bottom of the page for example, https://my-domain.com/return-receipt.html. Indicates whether to display the customers masked credit card number. Only the last four digits will be displayed. Use one of these values: true: Display the masked credit card number. Optional Optional Optional String String String
orderPage_ returnCardNumber
Optional
String (5)
47
Description Indicates whether to display the customers masked BIN and credit card number. Only the first six digits and the last four digits will be displayed. Use one of these values: true: Display the masked BIN and credit card number.
orderPage_ returnCardBIN
false: Do not display the masked BIN and credit card number.
Indicates whether to display the customers masked BIN. Only the first six digits will be displayed. Use one of these values: true: Display the masked BIN.
Optional
String (5)
Indicates whether to send an email receipt to the customer. Use one of these values: true: Send an email receipt to the customer.
Optional
String (5)
orderPage_ sendMerchantEmailPost
Indicates whether to send the transaction results to the address specified in the field orderPage_ merchantEmailPostAddress. Use one of these values: true: Send the transaction results to your business.
Address for sending the transaction results to your business, such as orders@example.com. Indicates whether to send an email receipt to the address specified in the field orderPage_merchant EmailAddress. Use one of these values: true: Send an email receipt to your business.
Optional
String
String (5)
48
CyberSource Corporation
Description Indicates whether to send the transaction results to the URL specified in the field orderPage_merchantURL PostAddress. Use one of these values: true: Send the transaction results to your business.
URL for sending the transaction results to your business, such as www.example.com.
Optional
String
Custom Fields
Custom fields are returned to you unchanged in the reply. Do not include sensitive information in these fields. For information on using these fields, see Custom Fields on page 32.
Table 9 Sending Custom Fields
Field Name
merchantDefinedData120
Optional information that you may want to add to the order. You can use one or more of these fields to add other information, such as an order number, additional customer information, or a special comment or request from the customer. The content of the field will appear in the receipt, the transaction search detail page, the exportable search results, and the Order Detail report.
49
50
CyberSource Corporation
Chapter 4
Every time a customer places an order, CyberSource sends information about both successful and failed orders to a specific URL on your Web site. You receive the reply in the form of an encoded string that you need to verify, convert, and store in your database. This chapter provides all the information necessary to write a script that parses the reply and shows the appropriate response page to the customer (success or failure): Creating Receipt Pages Parsing and Interpreting the Reply Order Result Fields
The transaction signature uses the order data to verify the authenticity of the order. Although verification is optional, CyberSource strongly recommends that before you process an order, you verify that the information is not fraudulent and that it reflects the order placed by your customer. To assist in the verification process, retain a copy of your orders and compare these copies with the confirmation of the orders. Verifying that an order is authentic does not mean that the order is approved. You receive a boolean response that you need to parse. The second function parses the reply and shows the appropriate response page to the customer (success or failure).
The pages look identical regardless of the type of scripting language that you use. Download the sample script that corresponds to your security script:
PHP Web Pages ASP Web Pages Perl Web Pages JSP Web Pages ColdFusion Web Pages ASP.NET Web Pages
2
Transaction Signature
Choose a secure (HTTPS) and appropriate URL for CyberSource to send the order information, and enter it in the Business Center settings page (Receipt Page on page 17).
51
3 4 5
Add the verify transaction signature function. Write a script to capture the order information and store it on your system. Upload the program to your Web server as you did for your Web pages.
Decisions
In the reply, you receive the decision field, which summarizes the overall result of your request. To determine your course of action, look at this field first. The decision can be one of these values:
ACCEPT: The request succeeded. REVIEW: Smart Authorization was triggered. You should review this order. ERROR: There was a system error. REJECT: One or more of the services was declined. PARTIAL: The authorization was partially approved. CANCEL: The authoriztion was reversed.
Errors are due to system issues unrelated to the content of the request itself.
52
CyberSource Corporation
Requests can be rejected by CyberSource, the payment processor, or the issuing bank. For example, CyberSource will reject a request if required data is missing or invalid. Also, the issuing bank will reject a request if the card limit has been reached and funds are not available. To determine the reason for the reject decision, use the reasonCode field. You are charged for all accepted and rejected requests but not for requests that result in errors.
Reason Codes
Two fields provide further information about the reason for the decision. reasonCode. This field gives you the overall result of the request. You can use this field to determine the reason for the decision for the order and decide if you want to take further action:
If the decision was ERROR, the reasonCode tells you the type of error. If the decision was REJECT, the reasonCode tells you the reason for the reject and whether you can take action that might result in a successful order. For a description of the reason codes, see Reason Codes on page 61.
<service>_reasonCode. This field gives you the result of the transaction type that you requested. You can use this field to debug your system.
Tracking Orders
The API provides different fields that act as identifiers for tracking orders. You need to use these fields in follow-on requests if you use the Simple Order API in addition of the Silent Order POST.
Order Number
This reference number is unique to each order. If you do not send an order number in the request, the Silent Order POST creates one for you. Use this number to keep track of the orders in your system and in the Business Center. This field contains the same information as the merchant reference number or code that is returned by the API services.
Request ID
The requestID is a unique identifier that CyberSource assigns in each request and returns to you in each reply. You receive a different requestID in each type of reply: API, email, and receipts. You use the requestID to link a follow-on request to the original request. CyberSource uses the value to locate the capture information, reducing the amount of information that you must provide in the credit request. Also, you can use the requestID to discuss a specific request with Customer Support.
Link to Request
The linkToRequest field is used to link an original authorization to any additional authorization for the same order such as with partial authorizations. This field links transactions in the Business Center and in reports.
Silent Order POST Users Guide August 2011
53
Request Token
The orderPage_requestToken is a unique identifier that CyberSource assigns to each request and returns to you in each reply. For each order, you need to create a unique request token field. This field value is an encoded string of up to 256 characters that contains no confidential information, such as account or card verification number. Store the data because you may need to later retrieve and send it in your follow-on service requests: Important Although the name of the request token field that you receive in each reply is the same regardless of the service requested, the content of the field is different. Therefore, for every order, save each request token that you receive by overwriting the existing token value with the new one. The field name is always orderPage_requestToken in the request and the reply.
REJECT
102, 202, 203, 204, 205, 207, 208, 210, 211, 220, 221, 222, 231, 232, 233, 234, 236, 240, 476 475 150, 151, 152, 250
REJECT ERROR
54
CyberSource Corporation
Description City of the billing address. Company name of the billing address. Country of the billing address. See the Support Center for a list of codes. Optional customers account ID, tracking number, reward number or other unique number that you assign to the customer for the purpose that you choose. Email address of the customer who pays for the order. First name of the customer who pays for the order. Whether cookies are enabled in the customers browser. This field can contain one of these values: true
Data Type (Length) String (50) String (40) String (2) String (50)
false String (60) String (15) String (10) String (2) String (60) String (60) String (20)
Last name of the customer who pays for the order. Phone number of the customer who pays for the order. Postal code of the billing address. State, province, or territory of the billing address. For a list of codes, see the Support Center. First line of the billing address. Second line of the billing address. Card account number, with all but the last four digits hidden. For example, if the card number is 4111111111111111, you will receive the value ############1111.
55
Description Type of credit card. This field can contain one of these values: 001: Visa 002: MasterCard 003: American Express 004: Discover 005: Diners Club 007: JCB 024: Maestro (UK Domestic)
006: Carte Blanche 007: JCB 014: EnRoute 021: JAL 024: Maestro (UK Domestic) 031: Delta 033: Visa Electron 034: Dankort 035: Laser 036: Carte Bleue 037: Carta Si 039: Encoded account number 040: UATP 042: Maestro (International) 043: GE Money UK card
card_expirationMonth card_expirationYear ccAuthReply_accountBalance ccAuthReply_ accountBalanceCurrency
Expiration month (MM) of the credit card. For example, June is 06. Expiration year (YYYY) of the credit card. Remaining balance on the prepaid card. Currency of the remaining balance on the prepaid card.
56
CyberSource Corporation
Description Sign for the remaining balance on the prepaid card. Possible values: positive negative
ccAuthReply_amount ccAuthReply_authFactorCode
Total amount of the authorization. Smart Authorization factor code(s) that are returned if you use Smart Authorization. This field contain one or more codes, separated by carets (^): M^N^O^U. For a list of the possible values, see Smart Authorization Factor Codes on page 84. Authorization code. Returned only if a value if returned by the processor. Time of authorization in the format is YYYY-MMDDThh:mm:ssZ where T separates the date and the time, and the Z indicates GMT. For example, 2003-08-11T22:47:57Z equals August 11, 2003, at 10:47:57 P.M. Results of address verification. For a list of the possible values, see AVS Codes on page 81. AVS result code sent directly from the processor. Returned only if a value is returned by the processor.
ccAuthReply_avsCode ccAuthReply_avsCodeRaw
Note Do not use this field to interpret the result of AVS. Use for
debugging purposes only. ccAuthReply_cardBIN Card account number with all but the first six digits hidden. For example, if the card number is 4111111111111111, you will receive the value 411111. If orderPage_returnBINInCardNumber, orderPage_ returnCardNumber, and orderPage_returnCardBIN are set to true, you will receive the value 411111####1111. ccAuthReply_cvCode ccAuthReply_cvCodeRaw Result of processing the card verification number. For a list of the possible values, see Card Verification Codes on page 83. Card verification result code sent directly from the processor. String (1) String (10) String (20)
Note Returned only if a value is returned by the processor. Use for debugging purposes only.
ccAuthReply_ processorResponse Processors response code sent by the processor. String (10)
57
Description Numeric value corresponding to the result of the overall request. For a list of possible values, see Reason Codes on page 61. Amount you requested to be authorized. Currency for the amount requested to be authorized. This value is returned for partial authorizations. Checking account number, with all but the last four digits hidden, for example: ############2345. Optional text that you included in your request. Custom field(s) that you created with your own name-value pair names. Returns the credit card number with all but the last four digits masked. Example: XXXXXXXXXXXX4444. If returnBINInCardNumber is set to Yes, this field returns all but the BIN and last four digits masked. Example: 666666XXXXXX4444
String (15) String (5) String with numbers only (17) String (255) String (255)
decision
Summarizes the result of the overall request. The field can contain one of these values: ACCEPT: The request succeeded.
String (6)
decision_publicSignature
REVIEW: Smart Authorization was triggered. You should review this order. ERROR: A system error occurred. REJECT: One or more of the services requested was declined. CANCEL: Authorization was cancelled. PARTIAL: The authorization was partially approved. String
Validation result of the reply from the CyberSource that uses decision to verify that the order data is not fraudulent. This field can contain a string that you need to decrypt.
58
CyberSource Corporation
Description Code returned whether or not the account number or routing number was corrected. Indicates the result of the ACH verification. This field can contain one of these values: 00: Success. Account number and routing number are OK.
01: Success. Account number was corrected; routing number is OK. 02: Success. Account number is OK; routing number was corrected. 03: Success. Account number and routing number were corrected. 04: Declined. Routing number did not pass verification. 98: Unavailable. Unable to perform ACH verification. 99: Invalid. Invalid response from ACH verification.
Note This field is included only for merchant-facing receipts, emails, and POSTs (not for customer-facing receipts, emails, and POSTs).
linkToRequest Value that links the current authorization request to the original authorization request. Set this value to the request ID that was returned in the reply message from the original authorization request. This value is used for partial authorizations. merchantDefinedData120 merchantID orderAmount orderAmount_publicSignature Information that you included in your request. Your CyberSource merchant ID. Total amount of the authorization. Validation result of the reply from CyberSource that uses orderAmount to verify that the order data is not fraudulent. This field can contain a string that you need to decrypt. Currency used for the order. Validation result that uses orderCurrency to verify that the order data is not fraudulent. This field can contain a string that you need to decrypt. Reference number that you provided for the order and that you can use to reconcile your orders. String (255) String (30) Decimal (15) String String (26)
orderCurrency orderCurrency_publicSignature
orderNumber
String (50)
59
Description Validation result of the reply from CyberSource that uses orderNumber to verify that the order data is not fraudulent. This field can contain a string that you need to decrypt. Unique string that identifies the request. Serial number of the security script that you used for the request. You can compare this value with that contained in the script that you used in the request to verify that your script is not compromised. Type of transaction used in the request script. You can compare this value with that contained in the request script to verify that your script is not compromised.
orderPage_requestToken orderPage_serialNumber
orderPage_transactionType
String (60)
paymentOption
reasonCode
Method of payment. The field contains one of these values: card check
String (6)
Numeric value corresponding to the result of the overall request. For a list of possible values, see Reason Codes on page 61. Reference number that you use to reconcile your CyberSource reports with your processor reports. Unique number that identifies the payment request. City of the shipping address. Company name of the shipping address. Country of the shipping address. See the Support Center for a list of codes. First name of the customer who receives the order. Last name of the customer who receives the order. Phone number for the shipping address. Postal code of the shipping address.
Integer (5)
String (60) String (26) String (50) String (40) String (2) String (60) String (60) Sting (15) String (10)
60
CyberSource Corporation
Description Shipping method for the product. It can contain one of these values: sameday: Courier or same-day service
shipTo_state shipTo_street1 shipTo_street2 signedFields
oneday: Next day or overnight service twoday: Two-day service threeday: Three-day service lowcost: Lowest-cost service pickup: Store pick-up other: Other shipping method none: No shipping method because product is a service or subscription
State, province, or territory of the shipping address. See the Support Center for a list of codes. First line of the shipping address. Second line of the shipping address. Comma-delimited list of the field names whose values are included in the encoded transaction signature. This field is returned in the POST data (URL and email). Amount of tax on the order. Validation result that uses all fields to verify that the order data is not fraudulent. This field is returned in the POST data (URL and email).
taxAmount transactionSignature
Reason Codes
This table lists the reason codes returned by the API.
Table 12 Reason Codes
Description Successful transaction. Authorization was partially approved. Error: General system failure. Possible action: Wait a few minutes and resend the request.
61
Description Error: The request was received, but a server time-out occurred. This error does not include time-outs between the client and the server. Possible action: To avoid duplicating the order, do not resend the request until you have reviewed the order status in the Business Center.
152
Error: The request was received, but a service did not finish running in time. Possible action: To avoid duplicating the order, do not resend the request until you have reviewed the order status in the Business Center.
200
The authorization request was approved by the issuing bank but declined by CyberSource because it did not pass the Address Verification Service (AVS) check. Possible action: You can capture the authorization, but consider reviewing the order for the possibility of fraud.
201
The issuing bank has questions about the request. You cannot receive an authorization code in the API reply, but you may receive one verbally by calling the processor. Possible action: Call your processor or the issuing bank to obtain a verbal authorization code. For contact phone numbers, refer to your merchant bank information.
202
Expired card. Possible action: Request a different card or other form of payment.
203
The card was declined. No other information provided by the issuing bank. Possible action: Request a different card or other form of payment.
204
Insufficient funds in the account. Possible action: Request a different card or other form of payment.
205
The card was stolen or lost. Possible action: Review the customers information and determine if you want to request a different card from the customer.
207
The issuing bank was unavailable. Possible action: Wait a few minutes and resend the request.
208
The card is inactive or not authorized for card-not-present transactions. Possible action: Request a different card or other form of payment.
210
The credit limit for the card has been reached. Possible action: Request a different card or other form of payment.
211
The card verification number is invalid. Possible action: Request a different card or other form of payment.
62
CyberSource Corporation
Description The processor declined the request based on a general issue with the customers account. Possible action: Request a different form of payment.
221
The customer matched an entry on the processors negative file. Possible action: Review the order and contact the payment processor.
222
The customers bank account is frozen. Possible action: Review the order or request a different form of payment.
230
The authorization request was approved by the issuing bank but declined by CyberSource because it did not pass the card verification number check. Possible action: You can capture the authorization, but consider reviewing the order for the possibility of fraud.
231
The account number is invalid. Possible action: Request a different card or other form of payment.
232
The card type is not accepted by the payment processor. Possible action: Request a different card or other form of payment. Also, check with CyberSource Customer Support to make sure that your account is configured correctly.
233
The processor declined the request based on an issue with the request itself. Possible action: Request a different form of payment.
234
There is a problem with your CyberSource merchant configuration. Possible action: Do not resend the request. Contact Customer Support to correct the configuration problem.
236
A processor failure occurred. Possible action: Possible action: Wait a few minutes and resend the request.
240
The card type is invalid or does not correlate with the credit card number. Possible action: Ask your customer to verify that the card is really the type indicated in your Web store, then resend the request.
250
The request was received, but a time-out occurred with the payment processor. Possible action: To avoid duplicating the transaction, do not resend the request until you have reviewed the transaction status in the Business Center.
475
The customer is enrolled in payer authentication. Possible action: Authenticate the cardholder before continuing with the transaction.
476
The customer cannot be authenticated. Possible action: Review the customer's order.
63
Description The authorization request was approved by the issuing bank but declined by CyberSource based on your Smart Authorization settings. Possible action: Do not capture the authorization without further review. Review the ccAuthReply_ avsCode, ccAuthReply_cvCode, and ccAuthReply_authFactorCode fields to determine why CyberSource rejected the request.
64
CyberSource Corporation
Chapter 5
Before you allow customers to place orders, test the Silent Order POST to make sure that your checkout pages work correctly. Using the Test Version of the Silent Order POST Using the Debug Page
To verify that your implementation is correct, request test transactions, including authorizations, captures, and credits, with your own credit card. If you prefer to use test credit card numbers, use those provided below with any future expiration date.
Table 13 Test Credit Card Numbers
Test Account Number (remove spaces when sending to CyberSource) 4111 1111 1111 1111 5555 5555 5555 4444
American Express 3782 8224 6310 005 Discover JCB Diners Club Maestro (UK Domestic) 6011 1111 1111 1117 3566 1111 1111 1113
65
To easily tell what cards are processed successfully, use varying amounts for each type of credit card that you accept, such as $1.00 for Visa, $1.03 for MasterCard, and $1.06 for American Express. If the transaction fails, verify your implementation, including your payment processor information. Note If your test order uses an amount from $1,000$4,000, you may receive an error message that is a response configured specifically for the test system. This error does not occur when your customers place real orders. 3 When you are finished with your testing, change the action attribute back to the original content (production URL) if necessary.
<form action="https://orderpage.ic3.com/hop/ProcessOrder.do" method="post">
66
CyberSource Corporation
When you are in live mode, your customers may see this page if they enter invalid value(s) in some of the fields directly on your Web store, and you do not validate the fields before the POST action.
<form action="https://orderpage.ic3.com/hop/CheckOrderData.do" method="post">
To prevent your customers from seeing this page, you must either validate the fields before the POST, or you must not allow customers to enter information in any fields that the Silent Order POST makes available to them after the POST. In this second case, the customer sees the appropriate standard validation form. The figure below shows a sample debug page in which the signature is incorrect. The validation column shows the valid fields in green and the invalid ones in red. In the second table at the bottom of the figure, you can see the extra fields that you included in your request. These fields will be returned unchanged in the reply. To complete your test, you can correct the errors and re-send the information. Note If you see this page when all the fields are valid, most likely your systems time differs from that of CyberSource by more than 15 minutes. In this case, you see the orderPage_timestamp field with the value INVALID. CyberSource recommends that you verify and, if necessary, adjust your systems time. In the figure on the next page, the time stamp is valid.
67
68
CyberSource Corporation
Appendix A
This appendix shows samples of requests and replies. Reply Data Transaction Receipts
Reply Data
Successful Order Order to Review Failed Order When reviewing orders, these fields provide the information that you need to decide whether to accept, review, or reject an order:
The decision field provides the overall decision for the order: accept, review, or reject. The reasonCode field provides the overall reason code for the order and the recommended action associated with the code. Reason codes are described in Reason Codes on page 61.
You can receive at a URL or email address the same data that you receive in the reply.
Successful Order
This reply shows a successful card transaction. In this case, the customer receives the reply page for a successful order. These elements are highlighted:
Factor code U means that the address cannot be verified. AVS code X means that the street address and the 9-digit code match. Reason code 100 and the decision mean that the order is accepted.
transactionSignature and signedFields are used by the verify transaction signature
69
Reply Data
merchantID=example requestID=1117778322620167904543 orderPage_requestToken=q4wQLRVsPcwyXi99FER23fGxk3jRK4 billTo_firstName=John billTo_lastName=Doe billTo_street1=123 HAPPY LANE billTo_city=San Francisco billTo_state=CA billTo_country=us billTo_postalCode=94133 billTo_email=jdoe@example.com ccAuthReply_authFactorCode=U ccAuthReply_avsCode=X ccAuthReply_authorizationCode=888888 ccAuthReply_authorizedDateTime=2005-03-25T191034Z ccAuthReply_amount=10.00 ccAuthReply_reasonCode=100 reasonCode=100 decision=ACCEPT decision_publicSignature=aEFRvKdMUCwa5JguMZ8LGfwGczE= orderAmount=10.00 orderAmount_publicSignature=VpqNi+pZpwqpGztckBfunTQwLT0= orderNumber=1111777830935 orderNumber_publicSignature=piWfSvHR1gGgfteZVgjBMfGSe8U= orderPage_transactionType=authorization paymentOption=credit card_cardType=001 card_cardNumber=xxxx card_expirationMonth=11 card_expirationYear=2008 transactionSignature= APooM70Mkl15OAeOeNMsc280Tts= signedFields=merchantID,requestID,orderPage_requestToken,billTo_firstName,billTo_lastName, billTo_street1,billTo_city,billTo_state,billTo_country,billTo_postalCode,billTo_email, ccAuthReply_authFactorCode,ccAuthReply_amount,ccAuthReply_authorizationCode, ccAuthReply_authorizedDateTime,ccAuthReply_avsCode,ccAuthReply_reasonCode,reasonCode, decision,decision_publicSignature,orderAmount,orderAmount_publicSignature,orderNumber, orderNumber_publicSignature,orderPage_transactionType,paymentOption,card_cardType, card_cardNumber,card_expirationMonth,card_expirationYear
With Payer Authentication with an enrolled Visa card (subsequently validated), the reply for a successful authorization includes data similar to this:
proofXML=<AuthProof><Time>2007 Jul 26 09:04:53</Time><DSUrl>111.111.36:443/DSMsgServlet<DSUrl> <VEReqProof><Message id="xfm5_3_0.269"><VEReq><version>1.0.2</version><pan> XXXXXXXXXXXX0771</pan ><Merchant><acqBIN>123456</acqBIN><merID>8768516</merID></Merchant><Browser><accept>text/xml, application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/ *;q=0.5<accept ><userAgent>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.5) Gecko/ 20070713 Firefox/2.0.0.5</userAgent></Browser></VEReq></Message></ VEReqProof><VEResProof><Message id="xfm5_3_0.269"><VERes><version>1.0.2</ version><CH><enrolled>Y</enrolled><acctID> NDAxMjsocTAxMTAwMDc3MQ==</acctID></CH><url>https:// www.littletooth.com/verification/appl/pareq. php?vaa=a</url><protocol>ThreeDSecure</protocol></ VERes></Message></VEResProof></AuthProof>
70
CyberSource Corporation
Partial Authorization
This reply shows a partial authorization card transaction. In this case, the customer receives the reply page for a the partial authorziation order. These elements are highlighted:
ccAuthReply_requestAmount shows the amount requested. ccAuthReply_amount shows the amount approved. reasonCode 110 and the decision shows the order was partially approved. ccAuthReply_accountBalance shows the available balance on the customers debit or prepaid card. orderAmount shows the amount of the order.
71
Reply Data
billTo_lastName=Doe orderCurrency_publicSignature=EtqIcQncsXLvMVoG7mpGhCPy4WA= ccAuthReply_requestCurrency=usd billTo_email=jdoe@example.com orderPage_serialNumber=2332518968630167904065 ccAuthReply_avsCodeRaw=I1 reconciliationID=0550746988UQKRX6 orderAmount_publicSignature=u3cqan+xx0qj86bBkUQIkWBtG64= orderCurrency=usd ccAuthReply_avsCode=X orderPage_requestToken=Ahj/ 7wSRKC3ISIAnu+6AIkGDVqwbtGzlw4q0ZdKw2UUld6r3OCKKSu9V7n0ghhqAD8jdrrVadn9FPSBqRKC3ISIAnu+6AA AAagn2 card_expirationYear=2015 ccAuthReply_amount=500.00 ccAuthReply_processorResponse=100 card_accountNumber=############1117 reasonCode=110 decision_publicSignature=wGS2IxakegqKgvE37HNZu2X4R9c= checkout=<<<Check Out>>> ccAuthReply_authorizedDateTime=2010-05-06T201240Z billTo_firstName=John orderAmount=7012.00 signedFields=billTo_lastName,orderCurrency_publicSignature,ccAuthReply_requestCurrency,bil lTo_email,orderPage_serialNumber,ccAuthReply_avsCodeRaw,reconciliationID,orderAmount_publi cSignature,orderCurrency,ccAuthReply_avsCode,orderPage_requestToken,card_expirationYear,cc AuthReply_amount,ccAuthReply_processorResponse,card_accountNumber,reasonCode,decision_publ icSignature,checkout,ccAuthReply_authorizedDateTime,billTo_firstName,orderAmount,billTo_st reet2,requestID,orderNumber_publicSignature,card_cardType,ccAuthReply_requestAmount,billTo _street1,decision,transactionType,billTo_phoneNumber,paymentOption,billTo_city,orderPage_t ransactionType,ccAuthReply_accountBalanceCurrency,billTo_state,ccAuthReply_reasonCode,ccAu thReply_accountBalance,ccAuthReply_authorizationCode,merchantID,billTo_company,card_expira tionMonth,billTo_postalCode,hopURL,billTo_country,orderNumber billTo_street2=Happy Lane requestID=2731767606130167904064 orderNumber_publicSignature=GNGoVl+3jSmb2IYR329zavpzwWI= card_cardType=004 ccAuthReply_requestAmount=7012.00 billTo_street1=360 Capital of Circles decision=PARTIAL transactionType=authorization billTo_phoneNumber=5122418884 Continued...
72
CyberSource Corporation
paymentOption=card transactionSignature=J8y0Kfc4bO5fHCl+MhIGWyQFdZQ= billTo_city=San Francisco orderPage_transactionType=authorization ccAuthReply_accountBalanceCurrency=usd billTo_state=Ca ccAuthReply_reasonCode=110 ccAuthReply_accountBalance=100.00 ccAuthReply_authorizationCode=888888 merchantID=sample merchant billTo_company=CyberSource Corp. card_expirationMonth=12 billTo_postalCode=12345 hopURL=http://example.com billTo_country=us orderNumber=12345678910
Order to Review
CyberSource directs the customer to the receipt page for accepted orders for all successful orders and for orders declined by Smart Authorization. In the search results page and in the reply, these orders are marked Review. By default, replies that contain these reason codes are marked for review:
200: The authorization request was approved by the issuing bank but declined by CyberSource because it did not pass the Address Verification Service (AVS) check. 230: The credit card was accepted by the bank but refused by CyberSource because it did not pass the card verification number check. The card verification result is N. 520: The authorization request was approved by the issuing bank but declined by CyberSource based on your Smart Authorization settings.
However, if you customized your implementation to choose the page that your customers receive, the reason code(s) that trigger a review for your orders may differ from those that are described above.
Request
In this example, CyberSource receives this transaction information from the your Web site:
Merchant ID Example
73
Reply Data
Customers billing information first name last name street address 1 city state country postal code email address Shipping information first name last name street address 1 city state country postal code
(The rest of the order information follows.)
John Doe 123 Happy Lane San Francisco CA US 94133 jdoe@example.com Jane Doe 456 Elm Street Mountain View CA us 94066
Reply
Because the billing and shipping addresses do not match, the merchant would receive this reply from CyberSource:
merchantID=example requestID=9996668322620167904543 orderPage_requestToken=BlIBFvErZ7cymqd0hFFl77R2TNsy8Uhiz ccAuthReply_authFactorCode=J^U ccAuthReply_amount=10.00 ccAuthReply_authorizationCode=888888 ccAuthReply_authorizedDateTime=2005-03-25T191034Z ccAuthReply_avsCode=Y ccAuthReply_reasonCode=520 reasonCode=520 decision=REVIEW decision_publicSignature=aEFRvKdMUCwa5JguMZ8LGfwGczE= orderAmount=10.00 orderAmount_publicSignature=VpqNi+pZpwqpGztckBfunTQwLT0= orderNumber=1111777830935 orderNumber_publicSignature=piWfSvHR1gGgfteZVgjBMfGSe8U= orderPage_transactionType=authorization paymentOption=credit card_cardType=001 card_cardNumber=xxxx card_expirationMonth=11 card_expirationYear=2008 transactionSignature=APooM70Mkl15OAeOeNMsc280Tts= signedFields=<comma-separated list of all the data fields in the order>
Factor codes U and J mean that the billing and shipping addresses do not match.
74
CyberSource Corporation
Reason code 520 means that the order failed the Smart Authorization tests. The decision field indicates that you should review the order.
Failed Order
Most transactions that cannot be accepted are rejected, and the customer receives the reply page for a failed order. However, if you customized your implementation to choose the page that your customers receive, the reason code(s) that trigger a rejection for your orders may differ from the CyberSource defaults. The samples below show excerpts for transactions in which the credit card is either declined (203) or missing (102). Invalid field reply
decision=REJECT reasonCode=203
Transaction Receipts
The two following email receipts, customer and merchant, are formatted as memos. You do not specify the content, except for the header and the footer.
Customers Receipt
The customers receipt shows the payment information with only the last four digits of the credit
75
Transaction Receipts
card number.
From: merchant@sample.com [mailto:merchant@sample.com] Sent: Wednesday, May 25, 2005 12:42 PM To: Doe, Jane Subject: Purchase Confirmation Purchase Description Widget Payment Details Order Number: 12345 Subtotal: 30.00 Tax: 0.00 Total: 30.00 Order Details Payment Option: card Card Description: Visa ############1111 Customer ID: Bill Address: 123 Anystreet Mountain View, California 94043 If you have questions about your order, please contact service@example.com.
Merchants Receipt
Your receipt contains the payment information, the return codes, and all the information relevant to the order. This receipt shows an enrolled card transaction with Visa and Payer Authentication. Because the card is not enrolled, validation does not occur, and the enrollment check is followed by the authorization. With this receipt, you can fulfill the order without having to search the Business Center to see the details.
From: Cybersource [mailto:sample@cybersource.com] Sent: Friday, June 10, 2005 3:13 PM To: Merchant, Sample Subject: Purchase Confirmation Purchase Description Widget Payment Details
76
CyberSource Corporation
Order Number: Subtotal: Tax: Total: Return Codes Result Code: Auth Code: AVS Code: CVN Code: Transaction Details Transaction Type: Transaction Source: Payment Option: Card Description: Request Token: Customer Information Customer ID:
Bill Address: 123 Anystreet Mountain View, California 94043 Payer Authentication proofXML=<AuthProof><Time>2007 Jul 26 09:04:53</Time><DSUrl>https:111. 111.111.36:443/
DSMsgServlet</DSUrl><VEReqProof><Message id="xfm5_3_0.269"><VEReq><version>1.0.2</version><pan> XXXXXXXXXXXX0771</pan><Merchant><acqBIN>123456</acqBIN><merID>876851</merID></Merchant><Browser> <accept>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/ png,*/*;q=0.5</accept><userAgent>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5</userAgent></Browser></VEReq></Message></VEReqProof><VEResProof> <Message id="xfm5_3_0.269"><VERes><version>1.0.2</version><CH><enrolled>Y</enrolled><acctID> NDAxMjsocTAxMTAwMDc3MQ==</acctID></CH><url>https://www.littletooth.com/verification/appl/pareq. php?vaa=a</url><protocol>ThreeDSecure</protocol></VERes></Message></VEResProof></AuthProof>
eci=06 Merchant Defined Data Field 1: Ref No.: 12345 Field 2: Brand: Mackie Field 3: Express shipping If you have questions about your order, please contact service@example.com.
77
Transaction Receipts
For Support, contact: service@example.com Order Details Payment Type: card Card Description: Discover ############1117 Available Card Balance: 100.00 Approved Amount: 500.00 Balance: 7012.00 Billing Address: 123 Happy Lane Test City, Ca 12345
78
CyberSource Corporation
79
Transaction Receipts
80
CyberSource Corporation
Appendix B
This appendix describes result codes for the Address Verification Service (AVS), card verification numbers (CVN), and the factor codes returned by Smart Authorization. You can see these results in the Transaction Detail page. For more information on searching for orders, see the Business Center Users Guide. AVS Codes Card Verification Codes Smart Authorization Factor Codes
AVS Codes
When you request a credit card authorization, the customers issuing bank may use the Address Verification Service (AVS) to confirm that your customer has provided the correct billing address. If the customer provides incorrect information, the transaction might be fraudulent. AVS is requested for the following payment processors and card types:
Payment Processors Concord EFS Credit Card Types Visa, MasterCard, American Express, Discover, Diners Club
First Data Merchant Services - Nashville Visa, MasterCard, American Express, Discover First Data Merchant Services - South Paymentech - New Hampshire Visa, MasterCard, American Express, Discover, Diners Club
Visa (billing country must be U.S., Canada, or Great Britain) American Express (billing country must be U.S. or Canada) MasterCard, Discover, Diners Club (billing country must be U.S.)
Visa, MasterCard, American Express, Diners Club (billing country must be U.S.)
81
AVS Codes
Code A
Description Street address matches, but 5- and 9-digit postal codes do not match. Street address matches, but postal code not verified. Returned only for non U.S.-issued Visa cards. Street address and postal code do not match. Returned only for non U.S.-issued Visa cards. Street address and postal code match. Returned only for non U.S.-issued Visa cards. AVS data is invalid or AVS is not allowed for this card type. Card members name does not match, but postal code matches. Returned only for the American Express card type. Non-U.S. issuing bank does not support AVS. Card members name does not match. Street address and postal code match. Returned only for the American Express card type. Address not verified. Returned only for non U.S.-issued Visa cards. Card members name matches but billing address and billing postal code do not match. Returned only for the American Express card type. Card members name and billing postal code match, but billing address does not match. Returned only for the American Express card type. Street address and postal code do not match. or Card members name, street address and postal code do not match. Returned only for the American Express card type.
Partial match
No match
Match
E F
G H
No match
Partial match
Partial match
No match
Partial match
Card members name and billing address match, but billing postal code does not match. Returned only for the American Express card type. Postal code matches, but street address not verified. Returned only for non-U.S.-issued Visa cards. System unavailable.
Partial match
System unavailable
82
CyberSource Corporation
Code S T
Description U.S.-issuing bank does not support AVS. Card members name does not match, but street address matches. Returned only for the American Express card type. Address information unavailable. Returned if non-U.S. AVS is not available or if the AVS in a U.S. bank is not functioning properly. Card members name, billing address, and billing postal code match. Returned only for the American Express card type. Street address does not match, but 9-digit postal code matches. Exact match. Street address and 9-digit postal code match. Exact match. Street address and 5-digit postal code match. Street address does not match, but 5-digit postal code matches. CyberSource AVS code. AVS is not supported for this processor or card type. CyberSource AVS code. The processor returned an unrecognized value for the AVS response.
System unavailable
Partial match
W X Y Z 1
Invalid
Code D
83
Code I M N P S U X 1 2 3
Description The CVN failed the processor's data validation check. The CVN matched. The CVN did not match. The CVN was not processed by the processor for an unspecified reason. The CVN is on the card but was not included in the request. Card verification is not supported by the issuing bank. Card verification is not supported by the card association. Card verification is not supported for this processor or card type. An unrecognized result code was returned by the processor for the card verification response. No result code was returned by the processor.
Code J M N O U
Description Billing and shipping address do not match. Cost of the order exceeds the maximum transaction amount. Nonsensical input in the customer name or address fields. Obscenities in the order form. Unverifiable billing or shipping address.
84
CyberSource Corporation
Code X
Description Order does not comply with the USA PATRIOT Act.
85
86
CyberSource Corporation
Appendix C
This appendix lists the required Level II and Level III fields for the following processors: TSYS FDC Nashville Global GPN RBS WorldPay Atlanta FDC Compass Chase Paymentech FDMS Nashville FDMS South
TSYS
Order-Level Fields
Table 17 Order-Level Field Requirements for TSYS
invoiceHeader_purchaser Code Customer ID reference number that identifies the customer for a Level II transaction.
Cards: Visa
Not supported
87
TSYS
invoiceHeader_purchaser OrderDate
Level III (O) Cards: Visa Level III (R) Cards: Visa Not supported
International description code of the overall orders goods or services. Contact your acquirer for a list of codes. Text description of the item.
Level II (Required for purchase/procurement cards; optional otherwise. Do not use all zeros or nines.) Cards: Visa
MasterCard
Level III (Required for purchase/procurement cards; optional otherwise. Do not use all zeros or nines.) Cards: Visa
MasterCard
Level III (O) Cards: Visa Level III (O) Cards: MasterCard
otherTax_alternateTax Amount
otherTax_alternateTax ID
Not supported
88
CyberSource Corporation
otherTax_alternateTax Indicator
Indicates if an alternate tax amount is included in the order total. Possible values: Y: Alternate tax is included
otherTax_localTaxAmount
N: Alternate tax not included (Default) Level III (O) Cards: Visa
otherTax_localTax Indicator Indicates if the order includes local tax. This field is not included in the request when you select the following: 0: Local Tax Not Included
MasterCard
If you do not provide a value, CyberSource sets this field as follows: 0 if you set Local Tax = 0 or do not provide a Local Tax
otherTax_nationalTax Indicator Indicates if a national tax is included in the order total. Possible values: 0: National tax not included
MasterCard
MasterCard
If you do not provide a value, CyberSource sets this field to 1 if you provide a National Tax Amount greater than 0.
89
TSYS
otherTax_vatTaxAmount
Level III (O) Cards: Visa Level III (O) Cards: Visa Level III (O) Cards: Visa Level III (O) Cards: Visa
otherTax_vatTaxRate
Rate of VAT or other tax for the order. Example: 0.0400 (=4%) Valid range: 0.0001 to 0.9999 (0.01% to 99.99%)
purchaseTotals_discount Amount
Total discount applied to the order. For example: a $20 discount off the order total.
purchaseTotals_duty Amount
Total charges for any import or export duties included in the order.
purchaseTotals_freight Amount Total freight or shipping and handling charges for the order.
MasterCard
shipFrom_postalCode Postal code for the address from which the goods are shipped, which is used to determine nexus. The default is the postal code associated with your CyberSource account. The postal code must consist of 5 to 9 digits. If the billing country is the U.S., the 9-digit postal code must follow this format:
MasterCard
[5 digits][dash][4 digits]
Example: 12345-6789
MasterCard (Recommended for best rate. Do not use all zeros or nines.)
If the billing country is Canada, the 6-digit postal code must follow this format:
[alpha][numeric][alpha][space] [numeric][alpha][numeric]
Example: A1B 2C4
90
CyberSource Corporation
Item-Level Fields
Note Start the line item fields numbering at 0. For example, item_0_alternateTaxAmount.
Table 18 Item-Level Field Requirements for TSYS
Description Specifies how many line items the merchant is sending in. Without this field set, the line item fields are ignored. Amount of alternate tax for the item. Merchants tax ID number to use for the alternate tax amount. Provide this field if you include Alternate Tax Amount in the request. You may send this field without sending Alternate Tax Amount.
item_#_alternateTaxAmount item_#_alternateTaxID
item_#_alternateTaxRate
MasterCard: Tax rate for a type of tax collected. Visa: VAT or other tax rate. MasterCard: Flag that defines tax categories for domestic processing in certain locations. Visa: VAT or other tax type. Flag that indicates the type of tax collected. Unit cost of the item purchased.
Not supported
item_#_alternateTaxTypeApplie d
Not supported
item_#_alternateTaxType item_#_unitPrice
Visa MasterCard
item_#_commodityCode International description code used to classify the item. Contact your acquirer for a list of codes.
MasterCard
91
TSYS
item_#_discountAmount
item_#_discountIndicator Flag that indicates if the amount is discounted. Possible values: Y: Amount is discounted
MasterCard
If you do not provide a value but you set Discount Amount to a value greater than zero, CyberSource sets this field to Y. item_#_discountRate Rate the item is discounted. Example: 5.25 (=5.25%) Level III (O) Cards: MasterCard Level III (R) Cards: MasterCard
item_#_grossNetIndicator
Flag that indicates if the tax amount is included in the Line Item Total. Possible values: Y: Item amount includes tax amount
N: Item amount does not include tax amount Not supported Not supported Not supported
Sales tax applied to the item. Product's identifier code. Amount of national tax or value added tax for countries where more than one tax is applied Product code for the item. In the United States, this may be a UPC code, part number, or product number. If you do not provide this value, CyberSource uses default.
item_#_productCode
MasterCard (Recommended for best rate. Do not use all zeros or spaces.)
item_#_productName
92
CyberSource Corporation
item_#_quantity
Number of units of the item purchased. Must be a whole number. If you do not provide this value, CyberSource uses 1.
item_#_taxAmount
MasterCard
MasterCard
MasterCard (R)
item_#_totalAmount
Total purchase amount for the item. Normally calculated as the unit price x quantity.
item_#_unitOfMeasure
93
item_#_vatRate
Not supported
Description Customer ID reference number that identifies the customer for a Level II transaction. Date the order was processed. Format: YYMMDD. Merchants government-assigned tax identification number. Customer ID reference number that identifies the customer for a Level II transaction. Identification number assigned to the purchasing company by the tax authorities.
invoiceHeader_purchaserOrderDate
Not supported
Not supported
Not supported
invoiceHeader_purchaserVAT RegistrationNumber
Level II (Required for non-U.S. Visa transactions; otherwise, not used) Cards: Visa
International description code of the overall orders goods or services. Text description of the item.
Not supported
94
CyberSource Corporation
Description Customers purchase order number. A value must be provided in this field or in the merchantReferenceCode field. CyberSource recommends that you do not populate the field with all zeros or nines.
MasterCard
Level II (Required for non-U.S. Visa transactions; otherwise, not used) Cards: Visa
otherTax_alternateTaxAmount
Total amount of alternate tax for the order. Maximum amount is 99999.99 Amount of all taxes, excluding the local tax (Tax Amount) and national tax (National Tax) included in the total tax.
Level II (Required for non-U.S. transactions; otherwise, not used) Cards: Visa
Note Do not confuse this order-level field with the alternate Tax Amount offer-level field.
Level III (Optional for non-U.S. transactions; otherwise, not used) Cards: Visa
MasterCard
95
Description Indicates if the alternate tax amount (Alternate Tax Amount) is included in the request. Possible values: 0: Alternate tax amount is not included in the request.
Used By (Required/ Optional) Level II (Required for non-U.S. MasterCard transactions; otherwise, not used) Cards: MasterCard Level III (Optional for non-U.S. MasterCard transactions; otherwise, not used) Cards: MasterCard
Sales tax for the order. Indicates if the order includes local tax. This field is not included in the request when you select the following: 0: Local Tax Not Included
If you do not provide a value, CyberSource sets this field as follows: 0 if you set Local Tax = 0 or do not provide a Local Tax
Indicates if a national tax is included in the order total. Possible values: 0: National tax not included
Not supported
If you do not provide a value, CyberSource sets this field to 1 if you provide a National Tax Amount greater than 0.
96
CyberSource Corporation
Description Total charges for any import or export duties included in the order. This value cannot be negative.
Level III (O) Cards: Visa purchaseTotals_freightAmount Total freight or shipping and handling charges for the order. Level III (O) Cards: Visa
purchaseTotals_discount Amount Total discount applied to the order. For example: a $20 discount off the order total. This value cannot be negative.
MasterCard
MasterCard (O)
Level III (O) Cards: Visa shipFrom_postalCode Postal code for the address from which the goods are shipped, which is used to determine nexus. The default is the postal code associated with your CyberSource account. The postal code must consist of 5 to 9 digits. If the billing country is the U.S., the 9-digit postal code must follow this format: [5 digits][dash][4 digits] Example: 12345-6789 If the billing country is Canada, the 6-digit postal code must follow this format: Level II (O) Cards: Visa
MasterCard
MasterCard
97
Used By (Required/ Optional) Level II (Optional for non-U.S. transactions; otherwise, not used)
otherTax_vatTaxRate Vat tax rate for freight or shipping.
Level II (Optional for non-U.S. transactions; otherwise, not used) Cards: Visa
98
CyberSource Corporation
Item-Level Fields
Note Start the line item fields numbering at 0. For example, item_0_alternateTaxAmount.
Table 20 Item-Level Field Requirements for FDC Nashville Global
Description Specifies how many line items the merchant is sending in. Without this field set, the line item fields are ignored. MasterCard: Tax amount collected for a special type of tax. Visa: VAT or other tax amount.
item_#_alternateTaxAmount
Note Do not confuse this offer-level field with the Alternate Tax Amount order-level field.
item_#_alternateTaxID Merchants tax ID number to use for the alternate tax amount.
MasterCard
item_#_alternateTaxRate
MasterCard: Tax rate for a type of tax collected. Visa: VAT or other tax rate.
item_#_alternateTaxTypeApplied MasterCard: Flag that defines tax categories for domestic processing in certain locations. Visa: VAT or other tax type.
MasterCard
item_#_alternateTaxType Flag that indicates the type of tax collected for Alternate Tax Amount.
MasterCard
MasterCard
99
item_#_commodityCode International description code used to classify the item. Contact your acquirer or FDC Nashville Global for a list of codes.
MasterCard
MasterCard (O)
item_#_discountIndicator Flag that indicates if the amount is discounted. Possible values: Y: Amount is discounted
MasterCard
Not supported
If you do not provide a value but you set Discount Amount to a value greater than zero, CyberSource sets this field to Y. item_#_discountRate Rate the item is discounted. Example: 5.25 (=5.25%) item_#_grossNetIndicator Amount of national tax or value added tax for countries where more than one tax is applied. Sales tax applied to the item. Not supported Not supported
item_#_localTax
MasterCard
100
CyberSource Corporation
item_#_nationalTax
Amount of national tax or value added tax for countries where more than one tax is applied. Provide this field if national_tax differs from tax_amount. If this field is not provided, the CyberSource server assumes that national_tax is equal to tax_amount. Product code for the item. In the United States, this may be a UPC code, part number, or product number.
Level II (Required for non-U.S. Visa transactions; otherwise, not used) Cards: Visa Level III Cards: Visa (R)
item_#_productCode
item_#_productName item_#_quantity
Name of product. Number of units of the item purchased. Must be a whole number. If you do not provide this value, CyberSource uses 1.
101
Description Total tax to apply to the product. This value cannot be negative. The tax_amount field is additive. For example, if you include the following offer lines: offer0=amount:10.00 quantity:1 tax_amount:0.80 offer1=amount:20.00 quantity:1 tax_amount:1.60 the total amount authorized will be for $32.40, not $30.00 with $2.40 of tax included. The tax_amount and the amount must be in the same currency. If you want to include tax_amount and also request the ics_tax service, see the Tax Calculation Implementation Guide.
Note This value is the sales tax. For Visa transactions, this value must be between 0.1% and 22% of the total sale.
item_#_unitOfMeasure Unit of measure, or unit of measure code, for the item. Level III Cards: Visa (R)
102
CyberSource Corporation
GPN
Order-Level Fields
Table 21 Order-Level Field Requirements for GPN
invoiceHeader_purchaserCode Customer ID reference number that identifies the customer for a Level II transaction. Date the order was processed. Format: YYMMDD.
MasterCard
Not supported
invoiceHeader_purchaser OrderDate
MasterCard
invoiceHeader_summary CommodityCode International description code of the overall orders goods or services.
MasterCard
MasterCard
MasterCard
103
GPN
Description Indicates if an order is taxable. Possible values: False: The order is taxable.
If the taxable amount is 0, the tax indicator is required. invoiceHeader_userPO Customers purchase order number. Level II (O) Cards: Visa
MasterCard
invoiceHeader_vatInvoice ReferenceNumber otherTax_alternateTaxAmount VAT invoice number associated with the transaction. Total amount of alternate tax for the order. Maximum amount is 99999.99 Amount of all taxes, excluding the local tax (Tax Amount) and national tax (National Tax) included in the total tax.
MasterCard
Not supported
Note Do not confuse this order-level field with the alternate Tax Amount offer-level field.
otherTax_alternateTax ID Merchant's tax ID number to use for the alternate tax amount. otherTax_alternateTax Indicator Indicates if an alternate tax amount is included in the order total. Possible values: Y: Alternate tax is included Not supported Not supported
otherTax_localTaxAmount
104
CyberSource Corporation
Description Indicates if the order includes local tax. This field is not included in the request when you select the following: 0: Local Tax Not Included
If you do not provide a value, CyberSource sets this field as follows: 0 if you set Local Tax = 0 or do not provide a Local Tax
otherTax_nationalTaxAmount
1 if you set Local Tax > 0 Level III (O) Cards: Visa Not supported
otherTax_nationalTax Indicator
Indicates if a national tax is included in the order total. Possible values: 0: National tax not included
If you do not provide a value, CyberSource sets this field to 1 if you provide a National Tax Amount greater than 0. otherTax_vatTaxAmount Tax amount applied to freight/shipping costs. Level III (O)
otherTax_vatTaxRate Tax rate applied to freight / shipping costs. Example: 0.040 (=4%)
Cards: Visa
Level III (O) Cards: Visa Level III (O) Cards: Visa
purchaseTotals_discount Amount
Total discount applied to the order. For example: a $20 discount off the order total. Maximum amount is 99999.99.
MasterCard
105
GPN
Description Total charges for any import or export duties included in the order. Maximum amount is 99,999.99.
purchaseTotals_freightAmount Total freight or shipping and handling charges for the order. Maximum amount is 99,999.99.
MasterCard
shipFrom_postalCode Postal code for the address from which the goods are shipped, which is used to determine nexus. The default is the postal code associated with your CyberSource account. The postal code must consist of 5 to 9 digits. If the billing country is the U.S., the 9-digit postal code must follow this format: [5 digits][dash][4 digits] Example: 12345-6789 If the billing country is Canada, the 6-digit postal code must follow this format:
MasterCard
MasterCard
106
CyberSource Corporation
Item-Level Fields
Note Start the line item fields numbering at 0. For example, item_0_alternateTaxAmount.
Table 22 Item-Level Field Requirements for GPN
Description Specifies how many line items the merchant is sending in. Without this field set, the line item fields are ignored. Amount of alternate tax for the item. Merchant's tax ID number to use for the alternate tax amount. Tax rate applied to the item.
item_#_alternateTaxAmount item_#_alternateTaxID
item_#_alternateTaxRate
item_#_alternateTaxTypeApplie d MasterCard: Flag that defines tax categories for domestic processing in certain locations. Visa: VAT or other tax type Flag that indicates the type of tax collected Unit cost of the item purchased. Maximum amount is 99,999.99.
Not supported
item_#_alternateTaxType item_#_unitPrice
MasterCard
item_#_commodityCode International description code used to classify the item. Contact your acquirer or GPN for a list of codes.
MasterCard
MasterCard
107
GPN
item_#_discountIndicator Flag that indicates if the amount is discounted. Possible values: N (Default)
Not supported
item_#_discountRate
item_#_grossNetIndicator
Flag that indicates if the tax amount is included in the Line Item Total. Possible values: N (Default)
Sales tax applied to the item. Product's identifier code. Amount of national tax or value added tax for countries where more than one tax is applied. Product code for the item. In the United States, this may be a UPC code, part number, or product number. If you do not provide this value, CyberSource uses default.
item_#_productCode
item_#_productName item_#_quantity
Product name for the item. Number of units of the item purchased. Must be a whole number. If you do not provide this value, CyberSource uses 1.
108
CyberSource Corporation
Description Total tax to apply to the product. This value cannot be negative. The Tax Amount field is additive. For example, if you include the following offer lines:
offer0=amount:10.00^quantity:1^tax_amount:0.80 offer1=amount:20.00^quantity:1^tax_amount:1.60
the total amount authorized will be for $32.40, not $30.00 with $2.40 of tax included. The Tax Amount and the Unit Price must be in the same currency. Maximum amount is 99,999.99.
MasterCard
MasterCard
Note For Level II, this value is the sales tax. For Visa Level II transactions, this value must be zero or must be between 0.1% and 22% of the total sale.
item_#_taxRate item_#_taxTypeApplied item_#_totalAmount item_#_unitOfMeasure Tax rate applied to the item. Type of tax being applied to the item Total purchase amount for the item Unit of measure for the item. Not supported Not supported Not supported Level III (O) Cards: Visa
MasterCard
Not supported
Description
109
invoiceHeader_merchantVAT RegistrationNumber
Level III (O) Cards: Visa Level III (R) Cards: Visa
invoiceHeader_purchaser OrderDate
invoiceHeader_purchaserCode
Customer ID reference number that identifies the customer for a Level II transaction. Customers government-assigned tax identification number.
Not supported
invoiceHeader_purchaserVAT RegistrationNumber
Level III (O) Cards: Visa Level III (O) Cards: Visa Level II (O) Cards: Visa
invoiceHeader_summary CommodityCode
International description code of the overall orders goods or services. Contact your acquirer for a list of codes. Indicates if an order is taxable. Possible values: False: The order is taxable.
invoiceHeader_taxable
MasterCard
MasterCard
110
CyberSource Corporation
invoiceHeader_userPO
Level II (Required for purchase/procurement cards; optional otherwise. Do not use all zeros or nines.) Cards: Visa
MasterCard
Level III (Required for purchase/procurement cards; optional otherwise. Do not use all zeros or nines.) Cards: Visa
MasterCard
otherTax_alternateTaxAmount
Total amount of alternate tax for the order. Maximum amount is 99999.99 Amount of all taxes, excluding the local tax (Tax Amount) and national tax (National Tax) included in the total tax.
Note Do not confuse this order-level field with the alternate Tax Amount offer-level field.
otherTax_alternateTaxIndicator Indicates if the alternate tax amount is included in the request. Possible values: 0: Alternate tax amount is not included in the request. Level III (O) Cards: MasterCard
otherTax_alternateTax ID otherTax_localTaxAmount
Merchant's tax ID number to use for the alternate tax amount. Sales tax for the order.
Not supported
111
otherTax_localTax Indicator
Indicates if the order includes local tax. This field is not included in the request when you select the following: 0: Local Tax Not Included
Not supported
If you do not provide a value, CyberSource sets this field as follows: 0 if you set Local Tax = 0 or do not provide a Local Tax
Indicates if a national tax is included in the order total. Possible values: 0: National tax not included
Not supported
If you do not provide a value, CyberSource sets this field to 1 if you provide a National Tax Amount greater than 0. otherTax_vatTaxAmount Total amount of VAT or other tax included in the order. Amount cannot be greater than 999999.99. Level III (O) Cards: Visa Level III (O) Cards: Visa Level III (O) Cards: Visa Level III (O) Cards: Visa
otherTax_vatTaxRate
Rate of VAT or other tax for the order. Example: 0.0400 (=4%) Valid range: 0.0001 to 0.9999 (0.01% to 99.99%)
purchaseTotals_discount Amount
Total discount applied to the order. For example: a $20 discount off the order total. Discount amount cannot be greater than 999999.99. Total charges for any import or export duties included in the order.
purchaseTotals_dutyAmount
MasterCard
112
CyberSource Corporation
purchaseTotals_freightAmount
shipFrom_postalCode Postal code for the address from which the goods are shipped, which is used to determine nexus. The default is the postal code associated with your CyberSource account. The postal code must consist of 5 to 9 digits. If the billing country is the U.S., the 9-digit postal code must follow this format:
MasterCard
MasterCard (Recommended)
[5 digits][dash][4 digits]
Example: 12345-6789
If the billing country is Canada, the 6-digit postal code must follow this format:
[alpha][numeric][alpha][space] [numeric][alpha][numeric]
Example: A1B 2C4
113
Item-Level Fields
Note Start the line item fields numbering at 0. For example, item_0_alternateTaxAmount.
Table 24 Item-Level Field Requirements for RBS WorldPay Atlanta
Description Specifies how many line items the merchant is sending in. Without this field set, the line item fields are ignored. Amount of alternate tax for the item. Merchants tax ID number to use for the alternate tax amount. Provide this field if you include Alternate Tax Amount in the request. You may send this field without sending Alternate Tax Amount.
item_#_alternateTaxAmount item_#_alternateTaxID
Cards: MasterCard
item_#_alternateTaxRate
MasterCard: Tax rate for a type of tax collected. Visa: VAT or other tax rate MasterCard: Flag that defines tax categories for domestic processing in certain locations. Visa: VAT or other tax type. Flag that indicates the type of tax collected Unit cost of the item purchased. International description code used to classify the item. Contact your acquirer for a list of codes.
Not supported
item_#_alternateTaxTypeApplie d
Not supported
Not supported Not supported Level III (R) Cards: Visa Level III (O) Cards: Visa
item_#_discountAmount
item_#_discountIndicator Flag that indicates if the amount is discounted. Possible values: N (Default)
MasterCard
Not supported
Y (if checked)
114
CyberSource Corporation
Description Rate the item is discounted. Example: 5.25 (=5.25%) Maximum amount is 99.99.
Cards: MasterCard
item_#_grossNetIndicator
Flag that indicates if the tax amount is included in the Line Item Total. Possible values: Y: Item amount includes tax amount
item_#_localTax
item_#_productSKU item_#_nationalTax
Product's identifier code Amount of national sales tax or value-added tax for the order. Product code for the item. In the United States, this may be a UPC code, part number, or product number. If you do not provide this value, CyberSource uses default.
item_#_productCode
MasterCard (R)
item_#_quantity
MasterCard
115
Description Total tax to apply to the product. This value cannot be negative. If no tax is present, you can send in a value of 0. The Tax Amount field is additive. For example, if you include the following offer lines:
offer0=amount:10.00^quantity:1^tax_amount:0.80 offer1=amount:20.00^quantity:1^tax_amount:1.60
the total amount authorized will be for $32.40, not $30.00 with $2.40 of tax included. The Tax Amount and the Unit Price must be in the same currency.
MasterCard
item_#_taxRate
Tax rate applied to the item. Valid range is 0.0001 to 0.9999 (0.01% to 99.99%). The value can also be zero.
MasterCard (O)
116
CyberSource Corporation
Description Type of tax being applied to the item. Possible values: 0000: Unknown tax type
item_#_totalAmount
0001: Federal/National sales tax 0002: State sales tax 0003: City sales tax 0004: Local sales tax 0005: Municipal sales tax 0006: Other tax 0010: Value added tax 0011: Goods and services tax 0012: Provincial sales tax 0013: Harmonized sales tax 0014: Quebec sales tax (QST) 0020: Room tax 0021: Occupancy tax 0022: Energy tax
Blank: Tax not supported on line item. Total purchase amount for the item. Normally calculated as the unit price x quantity. Level III (R) Cards: Visa
MasterCard (R)
Not supported
117
FDC Compass
FDC Compass
Order-Level Fields
Table 25 Order-Level Field Requirements for FDC Compass
CyberSource Field Name invoiceHeader_merchant VATRegistrationNumber invoiceHeader_purchaser Code invoiceHeader_purchaser OrderDate invoiceHeader_purchaser VAT RegistrationNumber invoiceHeader_summary CommodityCode
Description Merchants government-assigned tax identification number. Customer ID reference number that identifies the customer for a Level II transaction. Date the order was processed. Format: YYMMDD.
Not supported
Not supported
Not supported
International description code of the overall orders goods or services. Contact your acquirer for a list of codes. Text description of the item.
Not supported
Not supported
Level II (Required for purchase/procurement cards; optional otherwise. Do not use all zeros or nines.) Cards: Visa
MasterCard
Level III (Required for purchase/procurement cards; optional otherwise. Do not use all zeros or nines.) Cards: Visa
MasterCard
118
CyberSource Corporation
VAT invoice number associated with the transaction. Total amount of alternate tax for the order.
Not supported
otherTax_alternateTax ID Merchant's tax ID number to use for the alternate tax amount. Required if you use Alternate Tax Amount to any value, including zero. You may send this field without sending Alternate Tax Amount. otherTax_alternateTax Indicator Indicates if an alternate tax amount is included in the order total. Possible values: Y: Alternate tax is included
Cards: MasterCard
Sales tax for the order. Indicates if the order includes local tax. This field is not included in the request when you select the following: 0: Local Tax Not Included
If you do not provide a value, CyberSource sets this field as follows: 0 if you set Local Tax = 0 or do not provide a Local Tax
119
FDC Compass
otherTax_nationalTax Indicator
Indicates if a national tax is included in the order total. Possible values: 0: National tax not included
Not supported
If you do not provide a value, CyberSource sets this field to 1 if you provide a National Tax Amount greater than 0. otherTax_vatTaxAmount Total amount of VAT or other tax included in the order. Level III (O) Cards: Visa Level III (O) Cards: Visa Level III (O) Cards: Visa Level III (O) Cards: Visa
otherTax_vatTaxRate
Rate of VAT or other tax for the order. Example: 0.0400 (=4%) Valid range: 0.0001 to 0.9999 (0.01% to 99.99%)
purchaseTotals_discount Amount
Total discount applied to the order. For example: a $20 discount off the order total.
purchaseTotals_duty Amount
Total charges for any import or export duties included in the order.
purchaseTotals_freight Amount Total freight or shipping and handling charges for the order.
MasterCard
MasterCard
120
CyberSource Corporation
shipFrom_postalCode
Postal code for the address from which the goods are shipped, which is used to determine nexus. The default is the postal code associated with your CyberSource account. The postal code must consist of 5 to 9 digits. If the billing country is the U.S., the 9-digit postal code must follow this format:
[5 digits][dash][4 digits]
Example: 12345-6789
MasterCard (Required for best rate. Do not use all zeros or nines.)
If the billing country is Canada, the 6-digit postal code must follow this format:
[alpha][numeric][alpha][space] [numeric][alpha][numeric]
Example: A1B 2C4 Transaction Advice Addendum 1-4 Four Transaction Advice Addendum fields. These fields are used to display descriptive information about a transaction on the consumers American Express card statement. If you are sending any TAA fields, start with invoiceHeader_amexDataTAA1, then ...TAA2, and so on. Skipping a TAA field causes subsequent TAA fields to be ignored. Contact CyberSource Customer Support if you plan to use these fields so that your account can be configured appropriately. Transaction Advice Addendum 1 is required for Level II transactions for American Express cards, but the other TAA fields are optional. Level II (see description) Cards: American Express
Item-Level Fields
Note Start the line item fields numbering at 0. For example, item_0_alternateTaxAmount.
Table 26 Item-Level Field Requirements for FDC Compass
Description
121
FDC Compass
lineItemCount
Specifies how many line items the merchant is sending in. Without this field set, the line item fields are ignored.
Required
Important This field is required even if you set the fields to Hide and pass them as hidden fields.
item_#_alternateTaxAmount item_#_alternateTaxID Amount of alternate tax for the item. Merchants tax ID number to use for the alternate tax amount. Provide this field if you include Alternate Tax Amount in the request. You may send this field without sending Alternate Tax Amount. item_#_alternateTaxRate MasterCard: Tax rate for a type of tax collected. Visa: VAT or other tax rate. MasterCard: Flag that defines tax categories for domestic processing in certain locations. Visa: VAT or other tax type. Flag that indicates the type of tax collected. Unit cost of the item purchased. Not supported Not supported Not supported
item_#_alternateTaxTypeApplie d
Not supported
item_#_alternateTaxType item_#_unitPrice
Visa MasterCard
item_#_commodityCode International description code used to classify the item. Contact your acquirer for a list of codes.
MasterCard
Level III (R) Cards: Visa Level III (O) Cards: Visa
item_#_discountAmount
MasterCard
122
CyberSource Corporation
item_#_discountIndicator
Flag that indicates if the amount is discounted. Possible values: Y: Amount is discounted
If you do not provide a value but you set Discount Amount to a value greater than zero, CyberSource sets this field to Y. item_#_discountRate Rate the item is discounted. Example: 5.25 (=5.25%) item_#_grossNetIndicator Flag that indicates if the tax amount is included in the Line Item Total. Possible values: Y: Item amount includes tax amount Level III (R) Cards: MasterCard Not supported
N: Item amount does not include tax amount Not supported Not supported Not supported
Sales tax applied to the item. Product's identifier code. Amount of national tax or value added tax for countries where more than one tax is applied Product code for the item. In the United States, this may be a UPC code, part number, or product number. If you do not provide this value, CyberSource uses default.
item_#_productCode
MasterCard (Recommended for best rate. Do not use all zeros or spaces.)
item_#_productName
123
FDC Compass
item_#_quantity
Number of units of the item purchased. Must be a whole number. If you do not provide this value, CyberSource uses 1.
item_#_taxAmount
MasterCard
MasterCard
item_#_totalAmount
Total purchase amount for the item. Normally calculated as the unit price x quantity.
124
CyberSource Corporation
item_#_unitOfMeasure
item_#_vatRate
Not supported
Chase Paymentech
Order-Level Fields
Table 27 Order-Level Field Requirements for Chase Paymentech
CyberSource Field Name invoiceHeader_merchant VATRegistrationNumber invoiceHeader_purchaser Code invoiceHeader_purchaser OrderDate invoiceHeader_purchaser VAT RegistrationNumber invoiceHeader_summary CommodityCode
Description Merchants government-assigned tax identification number. Customer ID reference number that identifies the customer for a Level II transaction. Date the order was processed. Format: YYMMDD.
Not supported
Not supported
Not supported
International description code of the overall orders goods or services. Contact your acquirer for a list of codes. Text description of the item.
Not supported
invoiceHeader_supplierO rderReference
Not supported
125
Chase Paymentech
invoiceHeader_userPO
Level II (Required for purchase/procurement cards; optional otherwise. Do not use all zeros or nines.)
Level III (Required for purchase/procurement cards; optional otherwise. Do not use all zeros or nines.) Cards: Visa
invoiceHeader_vatInvoice ReferenceNumber otherTax_alternateTax Amount VAT invoice number associated with the transaction. Total amount of alternate tax for the order.
MasterCard
Not supported
otherTax_alternateTax ID
Merchant's tax ID number to use for the alternate tax amount. Required if you use Alternate Tax Amount to any value, including zero. You may send this field without sending Alternate Tax Amount.
otherTax_alternateTax Indicator
Indicates if an alternate tax amount is included in the order total. Possible values: Y: Alternate tax is included
Not supported
otherTax_localTaxAmount
126
CyberSource Corporation
otherTax_localTax Indicator
Indicates if the order includes local tax. This field is not included in the request when you select the following: 0: Local Tax Not Included
Not supported
If you do not provide a value, CyberSource sets this field as follows: 0 if you set Local Tax = 0 or do not provide a Local Tax
Indicates if a national tax is included in the order total. Possible values: 0: National tax not included
Not supported
If you do not provide a value, CyberSource sets this field to 1 if you provide a National Tax Amount greater than 0. otherTax_vatTaxAmount Total amount of VAT or other tax included in the order. Level III (O) Cards: Visa Level III (O) Cards: Visa Level III (Required for Level III interchange) Cards: Visa
otherTax_vatTaxRate
Rate of VAT or other tax for the order. Example: 0.0400 (=4%) Valid range: 0.0001 to 0.9999 (0.01% to 99.99%)
purchaseTotals_discount Amount
Total discount applied to the order. For example: a $20 discount off the order total.
127
Chase Paymentech
purchaseTotals_duty Amount
Total charges for any import or export duties included in the order.
purchaseTotals_freight Amount Total freight or shipping and handling charges for the order.
shipFrom_postalCode Postal code for the address from which the goods are shipped, which is used to determine nexus. The default is the postal code associated with your CyberSource account. The postal code must consist of 5 to 9 digits. If the billing country is the U.S., the 9-digit postal code must follow this format:
MasterCard
[5 digits][dash][4 digits]
Example: 12345-6789
MasterCard (Required for best rate. Do not use all zeros or nines.)
If the billing country is Canada, the 6-digit postal code must follow this format:
[alpha][numeric][alpha][space] [numeric][alpha][numeric]
Example: A1B 2C4 Transaction Advice Addendum 1-4 Four Transaction Advice Addendum fields. These fields are used to display descriptive information about a transaction on the consumers American Express card statement. If you are sending any TAA fields, start with invoiceHeader_amexDataTAA1, then ...TAA2, and so on. Skipping a TAA field causes subsequent TAA fields to be ignored. Contact CyberSource Customer Support if you plan to use these fields so that your account can be configured appropriately. Transaction Advice Addendum 1 is required for Level II transactions for American Express cards, but the other TAA fields are optional. Level II (see description) Cards: American Express
128
CyberSource Corporation
Item-Level Fields
Note Start the line item fields numbering at 0. For example, item_0_alternateTaxAmount.
Table 28 Item-Level Field Requirements for Chase Paymentech
Description Specifies how many line items the merchant is sending in. Without this field set, the line item fields are ignored.
Important This field is required even if you set the fields to Hide and pass them as hidden fields.
item_#_alternateTaxAmount item_#_alternateTaxID Amount of alternate tax for the item. Merchants tax ID number to use for the alternate tax amount. Provide this field if you include Alternate Tax Amount in the request. You may send this field without sending Alternate Tax Amount. item_#_alternateTaxRate MasterCard: Tax rate for a type of tax collected. Visa: VAT or other tax rate. MasterCard: Flag that defines tax categories for domestic processing in certain locations. Visa: VAT or other tax type. Flag that indicates the type of tax collected. Unit cost of the item purchased. Not supported Not supported Not supported
item_#_alternateTaxTypeApplie d
Not supported
item_#_alternateTaxType item_#_unitPrice
MasterCard
129
Chase Paymentech
item_#_commodityCode
International description code used to classify the item. Contact your acquirer for a list of codes.
item_#_discountAmount
item_#_discountIndicator Flag that indicates if the amount is discounted. Possible values: Y: Amount is discounted
MasterCard
If you do not provide a value but you set Discount Amount to a value greater than zero, CyberSource sets this field to Y. item_#_discountRate Rate the item is discounted. Example: 5.25 (=5.25%) item_#_grossNetIndicator Flag that indicates if the tax amount is included in the Line Item Total. Possible values: Y: Item amount includes tax amount Level III (R) Cards: MasterCard Not supported
N: Item amount does not include tax amount Not supported Not supported Not supported
Sales tax applied to the item. Product's identifier code. Amount of national tax or value added tax for countries where more than one tax is applied Product code for the item. In the United States, this may be a UPC code, part number, or product number. If you do not provide this value, CyberSource uses default.
item_#_productCode
130
CyberSource Corporation
item_#_productName
item_#_quantity
Number of units of the item purchased. Must be a whole number. If you do not provide this value, CyberSource uses 1.
item_#_taxAmount
MasterCard
MasterCard
131
Chase Paymentech
item_#_taxTypeApplied
Type of tax being applied to the item. Possible values: 0000: Unknown tax type
item_#_totalAmount
0001: Federal/National sales tax 0002: State sales tax 0003: City sales tax 0004: Local sales tax 0005: Municipal sales tax 0006: Other tax 0010: Value added tax 0011: Goods and services tax 0012: Provincial sales tax 0013: Harmonized sales tax 0014: Quebec sales tax (QST) 0020: Room tax 0021: Occupancy tax 0022: Energy tax
Blank: Tax not supported on line item. Total purchase amount for the item. Normally calculated as the unit price x quantity. Level III (R) Cards: Visa
item_#_unitOfMeasure
item_#_vatRate
Not supported
132
CyberSource Corporation
FDMS Nashville
Order-Level Fields
Table 29 Order-Level Field Requirements for Chase Paymentech
CyberSource Field Name invoiceHeader_merchant VATRegistrationNumber invoiceHeader_purchaser Code invoiceHeader_purchaser OrderDate invoiceHeader_purchaser VAT RegistrationNumber invoiceHeader_summary CommodityCode
Description Merchants government-assigned tax identification number. Customer ID reference number that identifies the customer for a Level II transaction. Date the order was processed. Format: YYMMDD.
Not supported
Not supported
Not supported
International description code of the overall orders goods or services. Contact your acquirer for a list of codes. Text description of the item.
Not supported
Not supported
Customers purchase order number. VAT invoice number associated with the transaction. Total amount of alternate tax for the order.
MasterCard
Not supported
Merchant's tax ID number to use for the alternate tax amount. Required if you use Alternate Tax Amount to any value, including zero. You may send this field without sending Alternate Tax Amount.
Not supported
133
FDMS Nashville
otherTax_alternateTax Indicator
Indicates if an alternate tax amount is included in the order total. Possible values: Y: Alternate tax is included
Not supported
Sales tax for the order. Indicates if the order includes local tax. This field is not included in the request when you select the following: 0: Local Tax Not Included
If you do not provide a value, CyberSource sets this field as follows: 0 if you set Local Tax = 0 or do not provide a Local Tax
Indicates if a national tax is included in the order total. Possible values: 0: National tax not included
Not supported
If you do not provide a value, CyberSource sets this field to 1 if you provide a National Tax Amount greater than 0. otherTax_vatTaxAmount Total amount of VAT or other tax included in the order. Rate of VAT or other tax for the order. Example: 0.0400 (=4%) Valid range: 0.0001 to 0.9999 (0.01% to 99.99%) Not supported
otherTax_vatTaxRate
Not supported
134
CyberSource Corporation
Total discount applied to the order. For example: a $20 discount off the order total. Total charges for any import or export duties included in the order. Total freight or shipping and handling charges for the order. Postal code for the address from which the goods are shipped, which is used to determine nexus. The default is the postal code associated with your CyberSource account. The postal code must consist of 5 to 9 digits. If the billing country is the U.S., the 9-digit postal code must follow this format:
Not supported
Not supported
Not supported
Not supported
[5 digits][dash][4 digits]
Example: 12345-6789
If the billing country is Canada, the 6-digit postal code must follow this format:
[alpha][numeric][alpha][space] [numeric][alpha][numeric]
Example: A1B 2C4 Transaction Advice Addendum 1-4 Four Transaction Advice Addendum fields. These fields are used to display descriptive information about a transaction on the consumers American Express card statement. If you are sending any TAA fields, start with invoiceHeader_amexDataTAA1, then ...TAA2, and so on. Skipping a TAA field causes subsequent TAA fields to be ignored. Contact CyberSource Customer Support if you plan to use these fields so that your account can be configured appropriately. Transaction Advice Addendum 1 is required for Level II transactions for American Express cards, but the other TAA fields are optional. Not supported
135
FDMS Nashville
Item-Level Fields
Note Start the line item fields numbering at 0. For example, item_0_alternateTaxAmount.
Table 30 Item-Level Field Requirements for FDMS Nashville
Description Specifies how many line items the merchant is sending in. Without this field set, the line item fields are ignored.
Important This field is required even if you set the fields to Hide and pass them as hidden fields.
item_#_alternateTaxAmount item_#_alternateTaxID Amount of alternate tax for the item. Merchants tax ID number to use for the alternate tax amount. Provide this field if you include Alternate Tax Amount in the request. You may send this field without sending Alternate Tax Amount. item_#_alternateTaxRate MasterCard: Tax rate for a type of tax collected. Visa: VAT or other tax rate. MasterCard: Flag that defines tax categories for domestic processing in certain locations. Visa: VAT or other tax type. Flag that indicates the type of tax collected. Unit cost of the item purchased. Not supported Not supported Not supported
item_#_alternateTaxTypeApplie d
Not supported
item_#_alternateTaxType item_#_unitPrice
item_#_commodityCode International description code used to classify the item. Contact your acquirer for a list of codes. Discount applied to the item.
MasterCard
Not supported
item_#_discountAmount
Not supported
136
CyberSource Corporation
item_#_discountIndicator
Flag that indicates if the amount is discounted. Possible values: Y: Amount is discounted
Not supported
If you do not provide a value but you set Discount Amount to a value greater than zero, CyberSource sets this field to Y. item_#_discountRate Rate the item is discounted. Example: 5.25 (=5.25%) item_#_grossNetIndicator Flag that indicates if the tax amount is included in the Line Item Total. Possible values: Y: Item amount includes tax amount Not supported Not supported
N: Item amount does not include tax amount Not supported Not supported Not supported
Sales tax applied to the item. Product's identifier code. Amount of national tax or value added tax for countries where more than one tax is applied Product code for the item. In the United States, this may be a UPC code, part number, or product number. If you do not provide this value, CyberSource uses default. Text description of the item. Number of units of the item purchased. Must be a whole number. If you do not provide this value, CyberSource uses 1. Total tax to apply to the product.
item_#_productCode
Not supported
item_#_productName item_#_quantity
item_#_taxAmount
item_#_taxRate item_#_taxTypeApplied item_#_totalAmount Tax rate applied to the item. Type of tax being applied to the item. Total purchase amount for the item. Normally calculated as the unit price x quantity.
MasterCard
137
FDMS South
item_#_unitOfMeasure
Unit of measure, or unit of measure code, for the item. Rate used to calculate VAT
Not supported
item_#_vatRate
Not supported
FDMS South
Order-Level Fields
Table 31 Order-Level Field Requirements for FDMS South
Description Merchants government-assigned tax identification number. Customer ID reference number that identifies the customer for a Level II transaction.
International description code of the overall orders goods or services. Contact your acquirer for a list of codes. Text description of the item.
MasterCard
138
CyberSource Corporation
invoiceHeader_userPO
invoiceHeader_vatInvoice ReferenceNumber otherTax_alternateTax Amount otherTax_alternateTax ID otherTax_alternateTax Indicator VAT invoice number associated with the transaction. Total amount of alternate tax for the order.
Not supported
Not supported
Merchant's tax ID number to use for the alternate tax amount. Indicates if an alternate tax amount is included in the order total. Possible values: Y: Alternate tax is included
Not supported
Not supported
Sales tax for the order. Indicates if the order includes local tax. This field is not included in the request when you select the following: 0: Local Tax Not Included
If you do not provide a value, CyberSource sets this field as follows: 0 if you set Local Tax = 0 or do not provide a Local Tax
139
FDMS South
Not supported
Indicates if a national tax is included in the order total. Possible values: 0: National tax not included
Not supported
If you do not provide a value, CyberSource sets this field to 1 if you provide a National Tax Amount greater than 0. otherTax_vatTaxAmount Total amount of VAT or other tax included in the order. Rate of VAT or other tax for the order. Example: 0.0400 (=4%) Valid range: 0.0001 to 0.9999 (0.01% to 99.99%) purchaseTotals_discount Amount purchaseTotals_duty Amount Total discount applied to the order. For example: a $20 discount off the order total. Total charges for any import or export duties included in the order. Not supported Not supported
otherTax_vatTaxRate
Not supported
Total freight or shipping and handling charges for the order. Postal code for the address from which the goods are shipped, which is used to determine nexus. The default is the postal code associated with your CyberSource account. The postal code must consist of 5 to 9 digits. If the billing country is the U.S., the 9-digit postal code must follow this format:
Level II Cards: MasterCard (Recommended for best rate. Do not use all zeros or nines.)
[5 digits][dash][4 digits]
Example: 12345-6789
If the billing country is Canada, the 6-digit postal code must follow this format:
[alpha][numeric][alpha][space] [numeric][alpha][numeric]
Example: A1B 2C4
140
CyberSource Corporation
Four Transaction Advice Addendum fields. These fields are used to display descriptive information about a transaction on the consumers American Express card statement. If you are sending any TAA fields, start with invoiceHeader_amexDataTAA1, then ...TAA2, and so on. Skipping a TAA field causes subsequent TAA fields to be ignored. Contact CyberSource Customer Support if you plan to use these fields so that your account can be configured appropriately. Transaction Advice Addendum 1 is required for Level II transactions for American Express cards, but the other TAA fields are optional.
Not supported
Item-Level Fields
Note Start the line item fields numbering at 0. For example, item_0_alternateTaxAmount.
Table 32 Item-Level Field Requirements for FDMS South
Description Specifies how many line items the merchant is sending in. Without this field set, the line item fields are ignored.
Important This field is required even if you set the fields to Hide and pass them as hidden fields.
item_#_alternateTaxAmount item_#_alternateTaxID Amount of alternate tax for the item. Merchants tax ID number to use for the alternate tax amount. Provide this field if you include Alternate Tax Amount in the request. You may send this field without sending Alternate Tax Amount. item_#_alternateTaxRate MasterCard: Tax rate for a type of tax collected. Visa: VAT or other tax rate. Not supported Not supported Not supported
141
FDMS South
item_#_alternateTaxTypeApplie d
MasterCard: Flag that defines tax categories for domestic processing in certain locations. Visa: VAT or other tax type. Flag that indicates the type of tax collected. Unit cost of the item purchased.
Not supported
item_#_alternateTaxType item_#_unitPrice
item_#_commodityCode International description code used to classify the item. Contact your acquirer for a list of codes. Discount applied to the item. Flag that indicates if the amount is discounted. Possible values: Y: Amount is discounted
Visa MasterCard
Not supported
item_#_discountAmount item_#_discountIndicator
If you do not provide a value but you set Discount Amount to a value greater than zero, CyberSource sets this field to Y. item_#_discountRate Rate the item is discounted. Example: 5.25 (=5.25%) item_#_grossNetIndicator Flag that indicates if the tax amount is included in the Line Item Total. Possible values: Y: Item amount includes tax amount Not supported Not supported
N: Item amount does not include tax amount Not supported Not supported Level II Cards: Visa
Sales tax applied to the item. Product's identifier code. Amount of national tax or value added tax for countries where more than one tax is applied
item_#_productCode Product code for the item. In the United States, this may be a UPC code, part number, or product number. If you do not provide this value, CyberSource uses default.
MasterCard
Not supported
142
CyberSource Corporation
item_#_productName item_#_quantity
Text description of the item. Number of units of the item purchased. Must be a whole number. If you do not provide this value, CyberSource uses 1. Total tax to apply to the product.
item_#_taxAmount
item_#_taxRate item_#_taxTypeApplied item_#_totalAmount Tax rate applied to the item. Type of tax being applied to the item. Total purchase amount for the item. Normally calculated as the unit price x quantity. Unit of measure, or unit of measure code, for the item. Rate used to calculate VAT
MasterCard
item_#_unitOfMeasure
Not supported
item_#_vatRate
MasterCard
143
FDMS South
144
CyberSource Corporation
Index
Index
Decisions 52 Decline page 18, 19 ports allowed 19, 20 Diners Club-MasterCard alliance 28
E A
ACCEPT decision 52 action attribute 65
Address Verification Service (AVS) 81 AmeriNet, date of birth for checks 38 Apache Web server 25 ASCII mode uploading script 24 Authenticity of order, verifying ASP.NET 51 Authorization 2 AVS 81
Email receipts 20, 75 ERROR decision 52 Errors 52 Example failed order 75 order to review 73 successful order 69
F
Factor codes 84 Failed order, example 75 Fields, customizing customer information 37 order information 33, 50 payment information 40
B
Barclays, MasterCard SecureCode 9 Billing address 37 Binary mode, uploading script 24
I
Issue number (Maestro (UK Domestic)) 27
C
CANCEL decision 52
L
Line items 26
Cancel Page 20 Capturing authorizations 2 Card verification number (CVN) 28, 83 Chargeback protection with Payer Authentication 9 Checkout pages, creating 25 Checks Silent Order POST requirements 30 state return fees 31 Credit card numbers, test 65 Credit cards supported 27 Currency 44 Custom fields 50 Customer information fields 37 CVN 28, 83
M
Maestro (UK Domestic) 27 MasterCard SecureCode 1, 6, 13 MasterCard-Diners Club alliance 28 Merchant reference number 53 Merchant-defined fields 50
O
Order information fields 33 receiving 51 Order number 53 Order tracking 53
D
decision field 52, 58
145
P
PARTIAL decision 52 Payer Authentication 6, 13 finding data in Business Center 9 reports 9 result fields 7 storing and retrieving data 9 Payment information 40 Payment method field 45, 60 Ports allowed decline page 19, 20 POST data 21 receipt page 17 POST data, ports allowed 21 Processing checks 1 publicSignature fields 58
Smart Authorization 84 Smart tags 18 Soft decline, example 73 Start date (Maestro (UK Domestic)) 27 Successful order, example 69
T
Tax amount, customizing 37 Testing Silent Order POST 65 Tracking number 53
U
URL for Silent Order POST 27 URLs for receipt pages, configuring 17
R
Reason codes 53, 61 Receipt page 17 ports allowed 17 Receipt page, redirecting customer 17, 52, 54 Receipts configuring 46 customer & merchant 20 Reference number for tracking orders 53 REJECT decision 52 Reply information to the receipt page, mapping 54 Request ID 53 Request token 54 request field 36 REVIEW decision 52
V
Validating orders ASP.NET 51 Verified by Visa 1, 6, 13
S
Security script 22 Settings page, URLs for receipt pages 17 Settling transactions, time limit 9 Shipping address 37 Shopping cart 26 Signature 22 Signature, authenticating orders ASP.NET 51 Silent Order POST configuring 13 testing 65
146
CyberSource Corporation