Web Services Integration Guide V5.28 May 2011

Web%20Services%20Integration%20Guide%20V5.28%20-%20May%202011

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 118

DownloadWeb Services Integration Guide V5.28 - May 2011
Open PDF In BrowserView PDF
Web Service Guide
Integration Guide
Author: ML
Circulation: Public
Date: 31/03/2011

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
2

Public

Version
5.28

Revision History
Ver.

Name

Date

V5.28

ML

May 2011

V5.27

ML

Feb 2011

V5.26

ML

Feb 2011

Comments
- Payer Authentication matrix updated
- ‘Resultdatetime’ string formatting corrected
- On-Hold/Release functionality documented
- Manual format updated
- Mandatory ‘accountpasscode’ field added
to transaction request message

Element Usage
Throughout the document, element usage is described using either ‘C’ (Conditional), ‘O’
(Optional) or ‘M’ (Mandatory). Where these are used, follow the below guidance:
Conditional – element required dependent upon another
Optional – element does not have to be present
Mandatory – element must be present and be populated with a value

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
3

Public

Version
5.28

Content
Revision History ............................................................................................................................ 2
Element Usage ............................................................................................................................. 2
1. Introduction ............................................................................................................................... 7
2. ICP XML V4 .............................................................................................................................. 8
2.1.

Process Overview ......................................................................................................... 8

2.2.

Procurement Cards (VGIS) ........................................................................................... 9

3. Integration ............................................................................................................................... 10
3.1.

Integration Process ..................................................................................................... 11

3.2.

Commidea Timeouts ................................................................................................... 11

3.3.

Integration Testing....................................................................................................... 12

3.4.

Testing URLs............................................................................................................... 13

3.5.

Integration Methods..................................................................................................... 13

3.5.1. SOAP ......................................................................................................................... 13
3.5.2. Web Service Proxy .................................................................................................... 13
3.5.3. Web Service Discovery Language ............................................................................. 14
3.5.4. Web Referencing ....................................................................................................... 14
3.6.

PayPal Sandbox and Testing ...................................................................................... 15

3.7.

Grant PayPal API Permissions.................................................................................... 16

3.8.

Live URLs .................................................................................................................... 17

3.9.

Web Service XSDs ...................................................................................................... 17

3.10.

Merchant Advice to Cardholders ................................................................................. 17

3.11.

Customer Specific Hash .............................................................................................. 18

3.12.

On-Hold and Release Functionality............................................................................. 18

4. Message Formats ................................................................................................................... 19
4.1.

Message ...................................................................................................................... 19

4.2.

ClientHeader ............................................................................................................... 19

4.3.

Processing DB Field .................................................................................................... 20

4.4.

Error Response ........................................................................................................... 20

5. Transactions ........................................................................................................................... 21
5.1.

Transaction Process.................................................................................................... 21

5.2.

Transaction Message Types ....................................................................................... 21

5.2.1. Transaction Request .................................................................................................. 21
5.2.2. ICC Data .................................................................................................................... 25
© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
4

Public

Version
5.28

5.2.3. PayerAuth AuxiliaryData ............................................................................................ 27
5.2.4. Confirmation Request ................................................................................................ 28
5.2.5. Rejection Request ..................................................................................................... 29
5.2.6. Transaction Response ............................................................................................... 30
5.3.

Transaction Results..................................................................................................... 31

6. PayerAuth ............................................................................................................................... 33
6.1.

PayerAuth Process...................................................................................................... 33

6.1.1. PayerAuth Expiry ....................................................................................................... 36
6.1.2. Canadian Corporate Purchase Cards ........................................................................ 36
6.1.3. Process Transaction .................................................................................................. 36
6.1.4. Payer Authentication with Token ............................................................................... 36
6.1.5. Chargeback Information ............................................................................................ 36
6.1.6. Cardholder Authentication Implementation Guidelines .............................................. 37
6.2.

PayerAuth Message Types ......................................................................................... 38

6.2.1. PayerAuth EnrollmentCheck Request ....................................................................... 38
6.2.2. PayerAuth EnrollmentCheck Response .................................................................... 40
6.2.3. PayerAuth AuthenticationCheck Request .................................................................. 41
6.2.4. PayerAuth AuthenticationCheck Response ............................................................... 41
7. Payer Authentication Decisions .............................................................................................. 43
7.1.

Non Supporting Card Schemes................................................................................... 44

8. On-Hold & Release Functionality ............................................................................................ 45
8.1.

Release Request ......................................................................................................... 45

8.1.1. Request Example ...................................................................................................... 45
8.1.

Release Response ...................................................................................................... 46

8.1.1. Response Example.................................................................................................... 46
9. PayPal..................................................................................................................................... 47
9.1.

PayPal Express Checkout Process ............................................................................. 47

9.2.

PayPal Message Types............................................................................................... 48

9.2.1. SetExpressCheckout Request ................................................................................... 48
9.2.2. SetExpressCheckout Response ................................................................................ 54
9.2.3. GetExpressCheckoutDetails Request ....................................................................... 55
9.2.4. GetExpressCheckoutDetails Response ..................................................................... 56
9.2.5. DoExpressCheckoutPayment Request ..................................................................... 58
9.2.6. PayPal ExpressItem .................................................................................................. 61
© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
5

Public

Version
5.28

9.2.7. DoExpressCheckoutPayment Response ................................................................... 63
9.2.8. DoAuthorization Request ........................................................................................... 66
9.2.9. DoAuthorization Response ........................................................................................ 67
9.2.10. DoCapture Request ................................................................................................. 68
9.2.11. DoCapture Response .............................................................................................. 70
9.2.12. DoVoid Request....................................................................................................... 73
9.2.13. DoVoid Response .................................................................................................... 74
9.2.14. RefundTransaction Request .................................................................................... 74
9.2.15. RefundTransaction Response ................................................................................. 76
9.2.16. DoReauthorization Request ..................................................................................... 77
9.2.17. DoReauthorization Response .................................................................................. 78
10. Stored Value Solutions (SVS) ............................................................................................... 79
10.1.

SVS Functionality ........................................................................................................ 79

10.2.

SVS Message Types ................................................................................................... 79

10.2.1. SVS Request ........................................................................................................... 79
10.2.2. SVS Response ........................................................................................................ 80
10.3.

Part Payments ............................................................................................................. 81

11. Token Gateway ..................................................................................................................... 82
11.1.

Token Registration Process ........................................................................................ 82

11.2.

Token Message Types ................................................................................................ 83

11.2.1. Registration Request (TKI) ...................................................................................... 83
11.2.2. Token Registration Response (TKI) ........................................................................ 84
11.2.3. Registration Request (TKI2) .................................................................................... 85
11.2.4. Token Registration Response (TKI2) – Success ..................................................... 86
11.2.5. Token Registration Response (TKI2) – Failure ....................................................... 86
12. Ukash Message Types ......................................................................................................... 87
12.1.

Ukash GetSettleAmount Request ............................................................................... 87

12.2.

Ukash PartSpendVoucher Request ............................................................................ 88

12.3.

Ukash FullValueVoucher Request .............................................................................. 89

12.4.

Ukash PartSpendAccount Request ............................................................................. 90

12.5.

Ukash FullSpendAccount Request.............................................................................. 91

12.6.

TransactionEnquiry Request ....................................................................................... 92

12.7.

Ukash Response ......................................................................................................... 93

12.8.

Ukash Return Code List .............................................................................................. 94
© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

12.9.

Document name
Web Service Guide
Date
May 2011
Page number
6

Public

Version
5.28

Ukash Transaction Type List ....................................................................................... 94

12.10.

Ukash Error Code List ............................................................................................. 95

12.11.

Ukash Product Codes ............................................................................................. 96

13. Troubleshooting .................................................................................................................... 99
13.1.

Deserialization Errors .................................................................................................. 99

13.2.

Contact Information ................................................................................................... 100

APPENDIX A – Website Testing Script .................................................................................... 101
APPENDIX B – Currency Code ISO 4217 ................................................................................ 103
APPENDIX C – Country Codes ISO 3166 ................................................................................ 107
APPENDIX D – Performing a LUHN Check .............................................................................. 111
APPENDIX E – Commidea Error Codes ................................................................................... 112

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
7

Public

Version
5.28

1. Introduction
This document is or use when integrating to the Commidea Web Service solution – XML V4.
Contained within are descriptions and examples of the record structures required, as well as a
step-by-step guide to how the process works.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
8

Public

Version
5.28

2. ICP XML V4
The latest version of the Web Services solution provides merchants with a more resilient design
and faster service using Commidea’s next generation ICP system architecture.
It also contains support for the following:
•

Payer Authentication
this module allows MasterCard and Visa payments to be verified by entering a
password, should the card be enrolled in this service with the issuer

•

Token Gateway
this functionality provides the ability to register a customer’s payment details with the
Token Gateway which will return a token as a reference. None of the sensitive card
details therefore need to be stored by the merchant, and can be reused in future by
providing the token ID

•

Ukash
this module will allow customers to pay for items using either a Ukash Voucher or Ukash
Account. Ukash account and vouchers enable people to pre-pay for items. The Voucher
itself contains a 19 digit code which is entered when paying for goods online. Should
there be any remaining amount from the voucher after the purchase; another code is
generated for the remaining amount.

Each of the transaction types available are listed in sections throughout the manual. For each,
the process will be explained, and then the message types themselves listed. This will provide
an understanding of how each works, and then all the messaging information required to
incorporate the functionality.

2.1. Process Overview
Commidea have a Web Service with a single function ‘processmessage’ which has an input
parameter of ‘message’ and an output parameter of ‘message’. This is defined by the WSDL
which is located at:
https://testweb.commidea.com/commideagateway/commideagateway.asmx?WSDL
A ‘message’ has the following fields:
ClientHeader
SystemGUID)

which is a complex type (having multiple fields, e.g. SystemID,

MsgType

which is a string and informing the solution how to read the MsgData

MsgData

which is a string containing the data which makes up the message

When the processmessage function is called, a message with the clientheader, msgtype and
msgdata supplied will be passed to the Web Service. Commidea, in turn, will process this
message and respond accordingly.
© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
9

Public

Version
5.28

The XSDs define the structure of the MsgData. Before a transactionrequest is sent in, the
MsgType must be set and the MsgData populated according to the XML structure of a
transactionrequest. Commidea then attempt to process the request and respond with a
corresponding message.
This does not necessarily mean a message containing a transactionresponse because if the
XML sent in is of an unreadable format or does not conform to the XSD then Commidea can
return a message containing an error detailing what has occurred. The MsgType is set to
‘ERROR’ and the MsgData contains the XML structure of an error, for which there are XSDs
available.

2.2. Procurement Cards (VGIS)
For integrators looking to process procurement cards (also known as to as ‘VGIS’) then please
ensure that the Commidea Procurement Card Specification documentation in used in
conjunction with the Web Services Guide.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
10

Public

Version
5.28

3. Integration
To enable merchants to integrate to their systems, Commidea has a fully functional test system
in place for each version.
The process for new integrations is to develop to the test server and once the integrator is
satisfied that the solution is fully functional, contact is made with the Implementations
Department to arrange for integration testing. It is recommended that some testing is performed
on the integration before booking a testing slot. To help with this there is a list of checks that will
be performed included within the manual (please see Appendix A). Within this list there are
tests performed on the ability to respond accordingly to declines and voice referrals – to help
with this there are some default values which stimulate certain behaviour:
Value
.00
.02
.05
.07
.08

Expected Outcome
Accepted, 789DE
Voice referred
Declined
Communications Down
Refund Offline

The correct address / CSC input to get a full match is: 10, ME156LH with CSC 000
Below are the different input combinations and the expected output:
CSC Value

555
000
111

CVCRESULT
0 – Not Provided
1 – Not Checked
2 – Matched
4 – Not Matched

Address Line 1 Value

55
10
11
12

AD1AVSRESULT
0 – Not Provided
1 – Not Checked
2 – Matched
4 – Not Matched
8 – Partial Match

Post Code Value

ME555LH or 555
ME156LH or 156
ME111LH or 111
ME122LH or 122

PCAVSRESULT
0 – Not Provided
1 – Not Checked
2 – Matched
4 – Not Matched
8 – Partial Match

The test system is also configured to return a dummy authorisation code for every transaction;
so do not be concerned by the fact that every transaction returns the same code. This will be
‘789DE’.
To
obtain
a
test
account,
please
contact
the
Implementations
Team
at implementations@commidea.com, specifying which system solution is being integrated to.
They may then ask for more information before issuing a test account, dependant on which
features of XML V4 are to be utilised.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
11

Public

Version
5.28

3.1. Integration Process
Before any testing can commence please ensure that a request for an XML test script is sent to
the implementations Department. After receiving this, the ‘Introduction’ and ‘Live Details’ tabs
must be completed and returned via email. As soon as this has been received the integration
will be added to a testing queue. This process is in place for websites only and it is
recommended that the test scripts are delivered to Commidea, at the absolute least, 2 weeks
prior to any planned go live date. If there is a go live date to met, Implementations must be
informed of this as soon as possible. Once the tests have been completed the script will be
returned along with comments on any changes that Commidea require. After these changes
have been made, and comments added to the script, please return it to Implementations to
request re-testing. This process will continue until sign off is achieved.
Should you have any questions regarding the integration process, general technical queries or
assistance then the Implementations team are available and will be happy to help.

3.2. Commidea Timeouts
Transaction Authorisation Database Timeout – 45 seconds
This is the period for which ICP will wait for a transaction result until returning an authorisation
error as the transaction result.
Commidea Web Service Timeout – 60 seconds
This is the period after which ICP will timeout should it not be able to post the result back to the
merchant.
Commidea Payer Authentication Database Timeout – 30 seconds
This is the period of time that ICP will wait until it receives a response back from the Payer
Authentication application. It will return a Commidea timeout response in this instance.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
12

Public

Version
5.28

3.3. Integration Testing
As aforementioned, vigorous testing is performed by Commidea before any solution can be
used in a live environment. To help developers ensure the application or website is ready for
this testing; below are a list of recommendations to adhere to:
•

•

•
•
•
•
•

•

Confirmation messages should be sent in every scenario except:
o After receiving a negative error code response
o Declined transactions
o When processing pre authorisation transactions, as these are automatically
confirmed
A timeout period should be in place to ensure that, if no confirmation response is
received after a predefined period of time, the confirmation message is resent. A new
transaction should not be raised in this scenario, as this can result in duplicate orders.
Should there be any issues with recurring responses not being returned please contact
Implementations during testing, or the Helpdesk once the solution is being used in a live
environment
Build timeout periods into the solution to ensure that should there be any connection
errors that these are captured and counteracted suitably
Perform validation on fields locally before posting the record to the ICP server. For
example, only allow numeric values to be entered into the relevant fields
Perform card checks locally using LUHN validation (see Appendix D)
When reporting a voice referral to the user, do not inform them that the transaction has
been “declined”, as this is not the case. Inform the users something similar to: “… your
payment attempt was unsuccessful, please use an alternative card”
Before having a Commidea Engineer perform Integration Testing, ensure the solution is
as close to the final product which will be set live as possible. For example; all on screen
messages displayed to the user will need to be checked, so the solution must be
complete and in full working order before being tested
Referred, Declined and ‘Comms Down’ responses should all be catered for. These can
be simulated using the test system. Please see the Website Testing Script for more
information.

When the solution being built is a website, the following should be considered during
development:
•
•
•
•
•

Only include logos for card schemes that can be accepted by the site
Disable use of the ‘Back’ button / ensure data from previous pages is cleared and
therefore cannot be fraudulently retrieved by returning to the page
Remove the ability for duplicate orders to be raised through the system by disabling the
order button after the order has been submitted
As mentioned in the general list of recommendations, integration of the website should
be the last step of development before it is set live. In this case, it should be an exact
replica of the live site, or as close a representation as possible
Disabling the ability to copy and paste from within the web form for added security

When developing a system for use in a call centre environment (not a customer facing website
front end) it will be necessary for the system to display the merchant number, terminal ID and

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
13

Public

Version
5.28

voice referral telephone number in the case of a voice referral response. For a table of tests to
run through before releasing the solution to Commidea for testing, please see Appendix A.

3.4. Testing URLs
Please find below the test URLs required to gain access to the XML payment service:
https://testweb.commidea.com/commideagateway/commideagateway.asmx

3.5. Integration Methods
Before describing the records that are required it would make sense to discuss the available
methods to invoke the Commidea Web Service. To make the solution as pliable as possible
there are the following options:
3.5.1. SOAP
This is a standard for exchanging XML-based messages, and forms a foundation layer of the
web services stack, which provides a basic messaging framework that more abstract layers can
be built on.
To enable merchants to integrate using this method there are a set of XSDs available which can
be obtained from implementations@commidea.com.
Alternatively the descriptions are available at the following URL:
https://testweb.commidea.com/commideagateway/commideagateway.asmx?op=ProcessMsg

3.5.2. Web Service Proxy
A Web Service Proxy can be created from within Microsoft Visual Studio .Net by adding a web
reference to the URL of the web service, or by a tool called Web Service Description Language
Tool (wsdl.exe). The proxy class that is generated from the WSDL that describes the web
services has the same method signatures as the web service and hides the implementation
details so that calling the web service is transparent. This can then be used to create a new
instance of the web service object as though it is a local object instead of a remote one.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
14

Public

Version
5.28

3.5.3. Web Service Discovery Language
To access the WSDL descriptions, please visit the following
URLs:
https://testweb.commidea.com/commideagateway/commideagate
way.asmx?WSDL

3.5.4. Web Referencing
XML V4 has been made simple to integrate into with the ability to
add a web reference with Microsoft Visual Studio 2005. Following
are the instructions for how to do this:

i.

Right click in the project to add the reference to, and then select “Add Web Reference”:

ii.

The address of the web service is then requested. Insert this into the “URL:” text box and
press “Go”. The service should then be found, and “Add Reference” clicked to import it
into the project.

Now that the reference has been added enabling consumption of the web service, via the use of
a proxy class.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
15

Public

Version
5.28

3.6. PayPal Sandbox and Testing
When integrating to PayPal, a simulation environment is provided called the ‘PayPal Sandbox’
which is accessed by logging in to Developer Central. All test accounts, email addresses,
funding sources (bank accounts, credit cards, balances, etc), etc are fictitious. Transactions are
simulated and no real money moves. Emails sent to test accounts are simulated by appearing
on Developer Central’s ‘Email’ tab. Follow the steps below to sign up for Developer Central and
create test accounts. The process is to create a test merchant account and a test buyer account
to make purchases. Additional information about Developer Central and the PayPal Sandbox is
online in the Sandbox User Guide.
1. Create
a
Developer
Central
login
and
password
by
signing
up
at https://developer.paypal.com. It is necessary to supply a valid (real) email address
when signing up. All documentation which may be required from PayPal is available via
a link on this page.
2. Create a test merchant account and a test customer account. PayPal request that
integrators do not use real financial account information when creating test accounts.
a. Login to Developer Central
b. Go to the ‘Sandbox’ tab and click the ‘Create Account’ link. This will launch
window which explains, using simulation, the PayPal account creation flow.
•

Test customer account: It is sufficient to create a PayPal personal test account. Be sure
to confirm the email address for the account as part of the setup. Look on Developer
Central’s ‘Email’ tab for the simulated account activation email which is required to
complete the email address confirmation. Also add a credit card to the test customer
account as a funding source so the account can make purchases – the account creation
flow will pre-populate a fictitious card number for use.

•

Test merchant account: It is necessary to add and confirm a bank account and also
confirm the email address to be able to get API credentials for doing API calls with the
test merchant account. Go to the test merchant account’s Profile tab/API Access link to
get API credentials.

Be sure to login first to Developer Central when testing redirection the customer to PayPal. To
connect to the Sandbox use the following endpoint with API calls:
NVP API:

https://api.sandbox.paypal.com/nvp/

SOAP API:

https://api.sandbox.paypal.com/2.0/

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
16

Public

Version
5.28

3.7. Grant PayPal API Permissions
Permissions will need to be granted to Commidea to make API calls on a merchant’s behalf.
Step by step instructions are detailed below.
1. Log into the PayPal account and select Profile from the options under My Account.

2. Select the tab under Account Information on the far left hand side of the page called
API Access.
3. Select the option Grant API Permission in the left hand box.
4. Enter paypal.admin_api1.commidea.com in the required field; tick all of the boxes and
Click Submit.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
17

Public

Version
5.28

5. A page requesting permission will appear. Click Give Permission.
6. A page detailing your account settings will appear. Click Log Out at the top of the page.

3.8. Live URLs
Once integration testing has been passed, the URLs being posted to by the solution will need to
be updated. These will be supplied after integration testing has been completed and signed off.
The other change necessary would be to the merchant account specific information; the live
account information to be used by the merchant will be required. This will entail updating the
Merchant Header and Account ID.

3.9. Web Service XSDs
To aid integration, Implementations have a set of XSDs available to provide some form of
example code to allow developers to get started.
To acquire these XSDs please email implementations@commidea.com and with a subject title
of ‘XML V4 – XSD Request’.

3.10.

Merchant Advice to Cardholders

Commidea recommends merchants provide information to their customers regarding the
measures taken on the website to secure and protect cardholder data.
When the cardholder processes a payment on the merchant website an SSL certificate must be
employed by the merchant to shield sensitive information. A statement similar to the below to
© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
18

Public

Version
5.28

detail this to the customer may help provide peace of mind when using the website to purchase
goods:
“We use SSL (Secure Socket Layer) technology to encrypt and protect information which you
submit through our site or checkout.
‘Verified by Visa’ and ‘Mastercard SecureCode’ are schemes that have been introduced by card
issuers to help fight against online fraud. [Merchant Name] is committed to combat fraud and is
now participating in these schemes along with a growing number of participating retailers.”

3.11.

Customer Specific Hash

Some merchants require the ability to return a customer specific hashed version of the card
number via the solution when processing payments. The XML Gateway supports this
functionality via the  field within the transaction response message.
The field will be populated with the hash when the functionality is enabled on the merchant
system.
For more information on this functionality, speak to the Commidea Account Manager.

3.12.

On-Hold and Release Functionality

To cater for merchants who require the ability to review transactions prior to settlement,
Commidea can enable the On-Hold & Release functionality on a per merchant account basis.
When enabled, each transaction processed by any of Commidea’s solutions will be flagged as
‘On-Hold’ and will not be sent for settlement until the transaction is updated or “released”.
Releasing a transaction is achieved by sending a Release Request via the Web Service
gateway, transactions will be released by merchants once the transaction in question has been
reviewed and the merchant is satisfied that it can be released and therefore submitted for
settlement but Commidea. This message format for the release request is documented within
this guide.
To provide the information required by the Web Service when sending a Release Request
message for an On-Hold transaction (as discussed above), the integration version for the
transaction response message provided by Ocius Sentinel will need to be set to ‘Version 6’.
This will ensure the Server Identity/AuthID and Transaction ID are sent in fields 35 and 36.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
19

Phone
08444 828 200

Public

Version
5.28

4. Message Formats
All the XML data that is submitted to a Commidea Web Service must be formatted correctly;
otherwise it will be rejected, and must be enclosed in the correct root element depending on the
Web Service being called.
If passing data that contains any XML mark-up characters (e.g. ampersand ‘&’ or less than /
greater than symbols ‘< >’) then it is recommended that the ‘CDATAWrapping’ flag within the
Client Header is enabled. This informs the XML parser that it is not to be interpreted as markup. Here is an example, where using a reference of “Chip&PIN”:
Chip&PIN]]>
Without the use of CDATA wrapping this reference would not be valid because “&” is an illegal
character within XML elements.
Detailed below are the formats which all messages will be wrapped in.

4.1. Message
All requests and responses will be wrapped in a message type, as defined below:
Section/Fields

Type/Format

Mandatory
/ Optional

Description


MsgType
MsgData
ClientHeader


String
String
ClientHeader

M
M
M

Type of message
Data
ClientHeader information

4.2. ClientHeader
The clientheader is used to validate requests and direct them to the correct server:
Section/Fields

Type/Format

Mandatory
/ Optional

Description


SystemID
SystemGUID
Passcode
ProcessingDB

Decimal
String
String
String

M
M
M
M (for Confirmation Request
and Rejection Request)

SendAttempt

Integer

M

Allocated ID
Allocated GUID
Allocated Passcode
This indicates the database to use
for processing a particular request.
If left blank the default database will
be used.
N.B. Should only be left blank for
the initial transaction request.
(See 4.2.1)
If greater than 0 this indicates that
this is a resend attempt and
duplicate checking should be
performed. Max value of 5 before
an automatic declined response is
returned. Commidea will hold
unconfirmed transactions up to 10

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
20

Phone
08444 828 200

CDATAWrapping

Boolean

Public

Version
5.28

days based on acquirer
authorisation expiries
If true then response messages will
be CDATA wrapped. If false then
they will not be wrapped. If this
boolean is not passed then by
default wrapping will be disabled.
We highly recommend that this is
enabled

O



4.3. Processing DB Field
To further explain the use of this field within the ClientHeader, this field does not need to be
populated during the initial request, unless advised otherwise. However, when sending a
Confirmation or Rejection Request this field must be populated with the same ProcessingDB as
returned in the Transaction Response. This will ensure that the Confirmation or Rejection is
sent to the same database which is awaiting the final decision on the transaction.
The Processing DB tag needs to be set for:
•
•
•

Authentication Request (for Payer Authentication)
Transaction Confirmation
Transaction Rejection

Essentially, any transactions that receive a Processing DB value within the response need to
include this same value within any subsequent requests.

4.4. Error Response
The error response will be returned in the event of a processing error:
Section/Fields

Code
MsgTxt


Type/Format

Description

Integer
String

Code indicating error type
Description of error

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
21

Phone
08444 828 200

Public

Version
5.28

5. Transactions
5.1. Transaction Process
To process a transaction using XML V4 the following procedure is used:

Merchant System

Commidea Server

Order and cardholder
data captured
Transaction Request sent to
Commidea, along with any
ICC, Auxiliary or PayerAuth
Commidea seeks
authorisation on behalf of
Transaction Response
generated and returned to

Merchant stores response
and returns

Merchant informs customer of
result and completes/cancels

Commidea stores transaction
ready for end of day

5.2. Transaction Message Types
5.2.1. Transaction Request
The transaction request type contains all the required information to authorise the requested
transaction type.
The Message Type for the transaction request is TXN and the namespace is TXN.
Section/Fields

Type/Format

Mandatory
/ Optional

Description


merchantreference

String

O

accountid

Decimal

M

accountpasscode
txntype

String
String

M
M

Merchant can add a reference to cross
reference responses relating to the same
transaction
Account reference number, supplied by
Commidea
Account passcode, supplied by Commidea
01 – Purchase
02 – Refund

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

transactioncurrencycode

String

M

terminalcountrycode

String

M

apacsterminalcapabilities

String

M

Document name
Web Service Guide
Date
May 2011
Page number
22

Public

Version
5.28

04 – Cash Advance
05 – Purchase with cash back (PWCB)
06 – Continuous Authority
This is the three digit currency code
(numeric).
In accordance with the numeric values
defined in ISO 3166 (see Appendix C)
This is the functionality supported by the
terminal in the format of that defined by the
APACS standard. These are:
3291 – Only Swiped and Contact ICC
unattended
4290 – Mail Order/Telephone Order
4298 – CNP/ECommerce (if flagged for payer
authorisation with acquirer; no CNP
transactions are allowed with the exception of
refunds)
6290 - Keyed and Swiped Customer Present
7296 – Contact (ICC) Keyed and Swiped
B291 – Swiped, Contact ICC and Contactless
unattended
C296 – Contactless and keyed transactions (a
contactless auxiliary record should be
presented for all transactions passed under
this terminal type)
F296 – Keyed, Swiped, Contact and
Contactless EMV transactions (a
contactless auxiliary record should be
present for all transactions passed under
this terminal type)

capturemethod

Integer

processingidentifier

Integer

M

M

Integrators should check with
Implementations to confirm that they
have the correct capabilities.
This indicates how the card details were
obtained. Acceptable values are:
1 – Keyed Cardholder Present
2 – Keyed Cardholder Not Present Mail
Order
3 – Swiped
4 – ICC Fallback to Swipe
5 – ICC Fallback to Signature
6 – ICC PIN Only
7 – ICC PIN and Signature
8 – ICC – No CVM
9 – Contactless EMV
10 – Contactless Mag Stripe
11 – Keyed Cardholder Not Present
Telephone Order
12 – Keyed Cardholder Not Present ECommerce Order
This indicates the type of processing that
needs to be undertaken. Current available
values are as follows:
1 – Auth and Charge
2 – Auth Only
3 – Charge Only
All refund transactions should use the
‘Charge Only’ option.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

tokenid
pan

Decimal
String

Document name
Web Service Guide
Date
May 2011
Page number
23

Public

Version
5.28

O
C

Token Identifier for token transaction
Card number (Conditionally required, not
needed if providing a Token ID)
track2
String
C
Entire Track2 contents
(including start and end sentinels and LRC)
(Conditionally required, not needed if
providing a Token ID)
Track2 is only to be used for Cardholder
Present transaction only.
csc
String
O
Amex Card – 3 or 4 digits (front of card) All
Other Cards – 3 or 4 digits (rear security
strip)
avshouse
String
O
Field checked by Address Verification
System (AVS) add on module, ignored if
module not enabled. AVS configuration can
make this field mandatory. Numerics from
house name\number
avspostcode
Integer
O
Field checked by Address Verification
System (AVS) add on module, ignored if
module not enabled. AVS configuration can
make this field mandatory. Numerics from
postcode only
issuenumber
String
O
1 or 2 digit card issue number. Only
required by some Switch, Solo and Laser
cards, and only required when card is
keyed
expirydate
String
C
Card expiry month and year (YYMM)
(Only required when card is keyed, can be
calculated from Track2)
(Conditionally required, not needed if
providing a Token ID)
startdate
String
O
Card start date month and year (MMYY)
Only required for Diners Club International,
some Switch, some Solo and some Laser
cards. Not required if Track2 data supplied
Please note the format difference between the expiry and start dates are intentional
txnvalue
Decimal
M
Total value of transaction including tax.
Applies to: Purchase, Refund, Cheque
Guarantee, Cash Advance, and Purchase
with Cash Back.
With PWCB, field should only contain the
values of the goods or services provided.
Decimal point recommended but optional,
e.g.:

cashback

Decimal

O

gratuity

Decimal

O

authcode
transactiondatetime

String
String

O
O

iccdata
vgisid

iccdata
String

O
O

1.23 = £1.23
123 = £123
000001.23 = £1.23
Only positive values. Values will be
truncated to the correct number of decimal
places required for the transaction currency
(set by the merchant account being used)
Total Cash Back value for PWCB
transactions. Values will be truncated
(without rounding) to the number of decimal
places required for the transaction
currency. Positive values only.
Additional value to add to total (e.g. service
tip)
Only supplied for Offline transactions
Date and time the transaction was started,
based on GMT (dd/mm/yyyy hh:mm:ss).
Contains ICC data
VGIS XML data (Reserved for future use)

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

employeeid

Decimal

O

payerauthauxiliarydata

String

C

vgistransaction

Boolean

C

Document name
Web Service Guide
Date
May 2011
Page number
24

Public

Version
5.28

Field used to add information on the
employee processing the transaction
Payer Authentication auxiliary data.
This field is conditional upon the
capture method/transaction type. If
Payer Authentication is performed this
data must be supplied, even for nonsupporting card schemes. Capture
methods such as ICC will not require
Payer Auth auxiliary data to be supplied
Denotes if the transaction is a procurement
card/VGIS transaction.
Ensure the Procurement Guide
Specification is utilised alongside the
Web Services Guide for full VGIS data
requirements



© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
25

Phone
08444 828 200

Public

Version
5.28

5.2.2. ICC Data
When processing an ICC transaction, this message type is used to supply the extra information
required.
Section/Fields

Type/Format

Mandatory
/ Optional

Description


emvterminalcapabilities

String

M

emvterminaltype

String

M

The terminal capabilities as
defined in the EMV specifications.
Terminal type/Currency indicator
S = Sterling
E = Euro
0 = Unspecified terminal
capabilities –
S
1 = ICC reader only – S
2 = Magnetic stripe only – S
3 = ICC/Magnetic stripe – S
4 = No card reader – S
5 = Unspecified terminal
capabilities –

reasononlinecode

String

M

arqc

String

M

apppansequenceno

String

M

aip

String

M

atc

String

M

unpredictableno
tvr

String
String

M
M

E
6 = ICC reader only – E
7 = Magnetic stripe only – E
8 = ICC/Magnetic stripe – E
9 = No card reader – E
In the provisional European
Standard (prENV 1750) the Online reason codes are four digits
in the form 15XX for PoS type of
environment. As all PoS codes
begin 15 there is no need to send
this fixed value and therefore only
the XX as defined in the ENV
1750 need be transmitted.
Reason On-line will be used by
the acquirer to determine if standin authorisation would be an
appropriate action for this
transaction. I.e. was it the ICC or
the CAD which required an online authorisation.
Cryptogram generated by card at
end of offline and online declined
transactions. Can be used to
validate the risk management
activities for a given transaction
(passed by ICC Terminal)
Identifies and differentiates cards
with some PAN (ICC Card passes
this information)
Application Interchange Profile
(passed by ICC terminal)
Value of the last online
transaction (passed by ICC
terminal)
(passed by ICC terminal)
Terminal Verification Results.
Record of outcome of various
application functions performed

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
26

Phone
08444 828 200

cryptotxntype

String

M

iad

String

M

aid

String

M

terminalapplicationversionnumber

String

M

cardapplicationversionnumber

String

M

cvmr

String

M

cryptoinfodata

String

M

Public

Version
5.28

by Cardholder System (passed by
ICC terminal)
Indicates transaction type used to
application usage control. One of
the following passed by ICC
terminal:
00 – Purchase
09 – Purchase with Cash Back
20 – Refund
Present if provided by ICC in
GENERATE AC command
response (passed by ICC
terminal)
Data label that identifies an
application on card or terminal.
E.g. AID for VSDC is 1010, Visa
Electron is 2010, and Plus is
8010. Card and Terminals use
AIDs to determine which
applications are mutually
supported; both card and terminal
must support the same AID to
initiate a transaction. Both cards
and terminals may support
multiple AIDs (passed by ICC
terminal)
A version number allocated by the
payment scheme used to ensure
compatibility between the IC and
the terminal. (extracted from the
IC Terminal Tag 9F 09)
Version number assigned by the
payment system for the
application on the IC card
(extracted from the IC Card Tag
9F 08)
Identifies a method of verification
of the cardholder supported by
the application e.g. Chip and Pin
but in a numeric code (extracted
from the IC Card)
Please see EMVECO Application
Specification Book 3 Page 16 for
breakdown (passed by ICC
terminal)



© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
27

Public

Version
5.28

5.2.3. PayerAuth AuxiliaryData
After performing the PayerAuth process to check if the card has been enrolled and then
authenticated; this message type is used to attach the PayerAuth results to the transaction.
This data must be supplied whenever Payer Authentication is processed, even if a nonsupporting card scheme is presented. For the data to supply in this instance please see
section 7.4.3 or consult Implementations for further guidance.
Section/Fields

Type/Format

Mandatory
/ Optional

Description


authenticationstatus

String

M

authenticationcavv

String

M

authenticationeci

String

M

atsdata
transactionid

String
String

M
M

Indicates if the transaction authenticated or
not:
Y – Customer was successfully authenticated
N – Customer failed authentication, and the
transaction declined
A – Attempts processing. APACS message
will show verified enrollment but cardholder
not participating
U – Enrollment could not be completed, due
to technical or other problem
Contains 28-byte Base-64 encoded
Cardholder Authentication Verification Value
(CAVV)
2 digit Electronic Commerce Indicator (ECI)
value
Data to populate authorisation message
TransactionID should be populated with the
PayerAuthRequestID provided in the
PayerAuth EnrollmentCheck Response



© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
28

Phone
08444 828 200

Public

Version
5.28

5.2.4. Confirmation Request
This message type is used to confirm the transaction.
The Message Type for the confirmation request is CNF and the namespace is TXN.
Section/Fields

Type/Format

Mandatory
/ Optional

Description


transactionid

Decimal

M

offlineauthcode
gratuity

String
Decimal

O
O

transactioncertificate
arc
applicatonusagecontrol
tvr
cid
tsi
iad


String
String
String
String
String
String
String

M for ICC
M for ICC
M for ICC
M for ICC
M for ICC
M for ICC
M for ICC

TransactionID from ProcessTransaction
request
AuthCode if transaction was authorised offline
Additional value to add to total (e.g. service
tip)
Transaction certificate from 2nd generate
Auth response code
Application usage control
Terminal verification results
Cryptogram information data
Transaction status information
Issuer Application Data

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
29

Public

Version
5.28

5.2.5. Rejection Request
This message type is used to reject the transaction.
The Message Type for the transaction request is RJT and the namespace is TXN.
Section/Fields

Type/Format

Mandatory /
Optional

Description


transactionid

Decimal

M

tokenid
capturemethod

Decimal
Integer

O
M

pan

String

C

track2

String

C

csc

String

O

avshouse

String

O

avspostcode

Integer

O

TransactionID from ProcessTransaction
request
Token identifier for token transaction
This indicates how the card details were
obtained. Acceptable values are:
Keyed Customer Present = 1
Keyed Customer Not Present Mail Order = 2
Swiped = 3
ICC Fallback to Swipe = 4
ICC Fallback to Signature = 5
ICC PIN Only = 6
ICC PIN and Signature = 7
ICC – No CVM = 8
Contactless EMV = 9
Contactless Mag Stripe = 10
Keyed Customer Not Present Telephone
Order = 11
Keyed Customer Not Present E-Commerce
= 12
Card number (when card keyed).
Conditional as not required if TokenID
provided.
Entire Track2 contents
(including start and end sentinels and LRC).
Conditional as not required if TokenID
provided.
Amex Card – 3 or 4 digits (front of card) All
Other Cards – 3 or 4 digits (rear security
strip)
Field checked by Address Verification
System (AVS) add on module, ignored if
module not enabled. AVS configuration can
make this field mandatory. Numerics from
house name\number
Field checked by Address Verification
System (AVS) add on module, ignored if
module not enabled. AVS configuration can
make this field mandatory. Numerics from
postcode only



© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
30

Public

Version
5.28

5.2.6. Transaction Response
This message type which will contain the response from the transaction.
The Message Type for the transaction response is TRM (for initial transactions result message)
and FTR (for the final transaction result message) and the namespace is TXN.
Section/Fields

merchantreference

Type/Format

Description

String

transactionid
resultdatetimestring

Decimal
String

processingdb
errormsg
merchantnumber
tid
schemename

String
String
String
String
String

Merchant can add a reference to cross reference responses relating
to the same transaction
Transaction ID (unique only to the processing database utilised)
Extended date and time string
( YYYY-MM-DDTHH:MM:SS.sss)
This indicates the database used to processing the request.
Error message
Unique merchant number
Terminal ID
Card scheme name

messagenumber

String

authcode

String

authmessage

String

vrtel

String

txnresult

String

1 – Amex
2 – Visa
3 – MasterCard
4 – Maestro
5 – Diners
6 – Visa Debit
7 – JCB
8 – BT Test Host
9 – Time
10 – Solo
11 – Electron
21 – Visa CPC
23 – AllStar CPC
24 – EDC/Maestro
25 – Laser
26 – LTF
27 – CAF
28 – Creation
29 – Clydesdale
31 – BHS Gold
32 – Mothercare Card
33 – Burton Menswear
35 – BA AirPlus
36 – Amex CPC
999 – Invalid Card Range
Transaction message number (equivalent of EFTSN from previous
versions of the Web Service)
Authorisation code return by bank. Blank if the transaction declined, if
transaction value is below the floor limit or if the transaction is a refund
Authorisation message
e.g. ‘RETAIN CARD’
Telephone number to be called by the operator to seek manual
authorisation. Only supplied for referred transactions
Transaction result:
ERROR
REFERRAL
COMMSDOWN
DECLINED
REJECTED
CHARGED

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
31

Public

Version
5.28

APPROVED
AUTHORISED
AUTHONLY

pcavsresult

Integer

For further information on the transaction results please see section
5.3.
Postcode AVS result:
0 – Not provided*
1 – Not checked
2 – Matched
4 – Not matched
8 – Partial Match

ad1avsresult

Integer

*Default result when no details are provided
Address line 1 AVS result:
0 – Not provided*
1 – Not checked
2 – Matched
4 – Not matched
8 – Partial Match

cvcresult

Integer

*Default result when no details are provided
CVC result:
0 – Not provided*
1 – Not checked
2 – Matched
4 – Not matched

arc

String

iadarc
iadoad
isd
authorisingentity

String
String
String
Integer

vgisreference

String

customerspecifichash

String

*Default result when no details are provided
Acquirer response code.
Should integrators wish to utilise this information to provide further
insight into the transaction result, please contact your acquirer for
further information, as this differs per acquirer.
Authorisation response cryptogram
Optional additional data
Issuer script data
This indicates who actually performed the authorisation processing.
Valid values are as follows:
Not Provided = 0
Merchant = 1
Acquirer = 2
Card Scheme = 4
Issuer = 8
VGIS Reference assigned to the transaction. Only returned when
vgistransaction is passed within the transaction request as ‘true’.
Ensure the Procurement Guide Specification is utilised alongside
the Web Services Guide for full VGIS data requirements
Hashed version of the card number, specific to the configuration of the
merchant in question.
Feature must be enabled before the field will be returned



5.3. Transaction Results
In order to provide more information surrounding the various transaction result statues which
are returned within a transaction response; the below definitions have been detailed:
© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
32

Public

Version
5.28

ERROR – There has been an error with the payment due to malformed XML, bad content or
something fundamental has been incorrect in the request.
REFERRAL – This is a voice referral message for when the bank have requested the
cardholder call their acquirer for some validation or checking reason. This is generally not
supported in an E-commerce environment.
COMMSDOWN – The communications channel to the acquirer is down on Commidea’s side
and as such no authorisation could be sought. A call with the helpdesk should be logged in this
situation.
DECLINED – The transaction has been declined. Further information can be obtained from the
 field.
REJECTED – This result is returned when a payment is rejected after an initial authorisation
due to such reasons as a not matched CV2 or AVS response. Essentially this result means the
merchant has decided not to charge the transaction after an authorisation has been successful.
CHARGED – This result will be received after a charge request has been completed in order to
settle the funds, following an authorisation-only (‘Auth-Only) request. This result will be returned
after the initial response of APPROVED is received from the charge request, with CHARGED
being returned after the confirmation of the charge.
APPROVED – This is the first transaction result received when a charge request is sent to
settle an authorisation only request. ‘CHARGED’ is received once the confirmation is sent as
the second part of this process.
AUTHORISED – This denotes the successful authorisation of a standard auth and charge
transaction (one which is not linked to an initial authorisation only transaction) and the
confirmation (or rejection – see REJECTED) is required.
AUTHONLY – This indicates that the card has been the subject of an authorisation only
transaction (see CHARGED). This is usually performed prior to a charge request being sent to
settle the funds.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
33

Phone
08444 828 200

Public

Version
5.28

6. PayerAuth
6.1. PayerAuth Process
Payer Authentication checking, this adds support for Verified by Visa and MasterCard
SecureCode without running additional software. These cardholder authentication services
deter unauthorised card use. Additionally participating merchants receive added protection from
fraudulent chargeback activity. Those who do not use these services may be liable for higher
merchant fees; it is recommended to check this with the acquirer in question. Here is an
overview of the entire process:
Merchant System

Commidea
Server

Directory
Server

Order and cardholder data
captured

Enrollment Check Request sent
to Commidea
Commidea sends check onto
Visa / MasterCard Directory
Server to check for enrollment
Enrollment Check returns ‘N’
No

Call Authentication Check, populating only
the PayerAuthID and enrolled properties of
the AuthenticationCheckRequest

Enrollment Check returns result,
PAReq message, and ACS URL

Directory Server contacts
issuing bank to find out if
the card is enrolled

Directory Server informs
Commidea if the card is
enrolled or not
Yes

Use ACS URL to send the PAReq to
issuing bank. Include TermURL for
Bank to post PARes to afterwards

Customer directed to ACS
page to enter their password
Issuing bank records
authentication result from
information customer provides
(including password)

Extract the PARes message and
request the Commidea
Authentication Check to validate

Result posted back to TermUrl in
the form of a PARes message

Merchant decides whether to
proceed and process the
transaction

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
34

Public

Version
5.28

The process for this is as follows: as with standard transaction processing, the cardholder
details and order information is captured, but this is then passed to the Commidea Enrollment
Check. This discovers if the cardholder is enrolled by sending it onto the VISA or MasterCard
Directory Server, this then contacts the issuer to check. If the cardholder is enrolled, they are
redirected to the cardholder’s web site by the host system (the URL is provided in the
enrollment response) and they then enter their password. A string result is returned for
validation, and used when calling the Commidea Authentication Check service to ensure this is
valid. A response will be received; detailing the validity and the transaction can then be
continued or aborted. This decision is up to the merchant and will take into account the outcome
of the validity check.
To ensure that the process is clear, here are the steps required in their entirety:
i.
ii.
iii.
iv.

The cardholder creates an order on the system, and clicks the ‘Buy’ button, which sends
a post of the final buy page
Create and send an Enrollment Check request, populating it with all the details from the
webpage order
This is sent onto the Directory Server, which contacts the issuing bank and finds out if
the card is enrolled or not
The Check Enrollment response is sent and if the card is enrolled contains:
a. Y
b. The PaReq message required to send to the issuing bank
c. Access Control Server (ACS) URL

If the card is not enrolled, proceed to step x.
v.

vi.

vii.

Send the PaReq message to the bank to request authentication. To do this, create a
web page that only has hidden content, including a form that meets the following
requirements:
- The forms action is the ACS URL, which displays the issuing bank’s dialog
requesting the authentication password from the cardholder
- The form includes the required hidden field PaReq, the value of which was returned
to the merchant in the Enrollment Check response. It is necessary to remove any
White Space within this PaReq field otherwise this will cause errors when it is
returned to the bank.
- The form includes the required field TermUrl, the value of which is the location where
the merchant wants the bank to post the payment authentication response (PaRes)
message.
- The form must include the hidden field MD (merchant data); however, including a
value in this field is optional. The value has no meaning to the bank, but is
guaranteed to be returned without change. This allows the merchant to tag the
redirect with a reference which will be returned during the redirect.
- This page typically include JavaScript that automatically posts the form when the
page loads (onload script)
Open this page in the cardholder’s web browser. Due to popup-blocking software, it is
recommended opening this in the main browser window. The cardholder’s web browser
displays the issuing bank’s authentication dialog, and enters their secret password for
the credit card.
The issuing bank records the result of the authentication dialog with the cardholder and
sends it to the merchant, along with the transaction details, in a digitally signed PaRes
© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

viii.
ix.
x.

Document name
Web Service Guide
Date
May 2011
Page number
35

Public

Version
5.28

message. The result is posted to the TermUrl on the web site, and the form posted by
the issuing bank includes the PaRes.
Extract the PaRes message from the form data and request the Commidea
Authentication Check to validate the contents of the PaRes message.
Depending upon the result of the Authentication Check; the merchant can now decide
whether or not to proceed.
If the Enrollment Check indicated that the card was not enrolled, then call the
Authentication Check populating only the PayerAuthRequestID and setting
Nwithin the AuthenticationCheckRequest.

If the card was enrolled and the merchant has now received the PaRes then populate
PayerAuthRequestID, set the request to Y and include the PaRes
message in the AuthenticationCheckRequest.
xi.
xii.

Populate a Transaction Request with all the relevant details
Invoke the Process Transaction method, passing the Transaction Request and wait for
the Transaction Response to be returned
xiii.
When the response is received, check the AuthResult to see if there was an error. If not
then it is possible to complete the transaction with a Process Confirm; again populating
the required information.
The only scenario in which a transaction should not be processed after performing Enrollment
and Authentication checks would be when the following results are received:
Y
N
This represents the card being enrolled, but when the cardholder has attempted to authenticate
using their password, this has not been matched correctly.
In the situation where these checks are unsuccessful, i.e. a response of
U or U is returned; it is
recommended that the check is resent. Due to the fact that there has been a technical problem
when checking Enrollment, charge back liability has not been shifted away from the merchant at
this stage, as potentially the failure could have occurred before the information reached the
Directory Server. However, the final decision on this is down to the merchant. If there is
relatively low risk involved, due to a low transaction amount for example, the transaction could
be continued and processed regardless.
When the card is not enrolled for Payer Authentication; the following responses will be amongst
those produced:
N
N

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
36

Public

Version
5.28

It is important to remember that this does not mean it is not safe to proceed with the transaction;
just that the cardholder has not been enrolled in the service. Due to an enrollment check being
performed by the merchant, the liability is shifted to the issuer.
6.1.1. PayerAuth Expiry
One possible area which could create confusion is how long the Payer Authentication check
lasts for once it has been approved, and if it can be reused.
Once the Payer Authentication check has been performed it is valid for 90days with VISA, and
with MasterCard it does not expire.
One example would be that this allows use of the ID for an authorisation only transaction. If the
authorisation code provided for the authorisation expires before charging the card; a full
authorisation and charge transaction can be performed, using the PayerAuthRequestID that
was provided initially.
6.1.2. Canadian Corporate Purchase Cards
Some Canadian Corporate Purchase Cards have been excluded from the Enrollment Check,
and can result in a response of ‘U’ for the  field.
Unfortunately we are unable to confirm which bin ranges have been excluded and cannot
therefore provide a specific response in this scenario.
6.1.3. Process Transaction
Once the enrollment and authentication checks have been performed, the transaction can be
process by including a PayerAuth Auxiliary data record along with a Transaction Request
record. Please see sections 5.2.1 and 5.2.3 for more information.
6.1.4. Payer Authentication with Token
When performing Payer Authentication in conjunction with an integration which utilises the
Token Gateway, the process is to supply the TokenID with all the Payer Authentication checking
records instead of supplying full card details.
Please note that each time stored card details are used to process a transaction, the Payer
Authentication process must be completed.
6.1.5. Chargeback Information
Should chargeback information be required then this can be obtained from the Merchant
Helpdesk.

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
37

Public

Version
5.28

6.1.6. Cardholder Authentication Implementation Guidelines
In order to provide some guidelines for how to go about implementing the cardholder
authentication process, the following information has been collated from MasterCard and Visa:
1. Consumer Message on Payment Page
In order to make the consumer aware of the merchant’s participation with MasterCard
SecureCode and Verified by Visa, it is recommended that a message is displayed on the
payment page, similar to: “Your card may be eligible for or enrolled in MasterCard
SecureCode or Verified by Visa. When you click ‘Pay’ below you may be prompted for
further information before your order can be completed.”
2. Creation of Cardholder Authentication Window
The process with this window is that it is initially created by the merchant; however, that
the actual content of the window is controlled by the cardholder’s issuing financial
institution. Initially it was possible to implement this using either a pop-up window or an
inline window, but only the inline window implementation is now supported.
Merchants utilising the pop-up window approach are expected to convert to an inline
window implementation and inline window implementations are required for all new
merchant implementations. By presenting a full-page view, it makes the SecureCode
authentication process appear to be a seamless part of the merchant checkout process.
Many merchants use frames to customise their deployments.
In a frame implementation, only part of the full window is redirected to the issuer’s
access control server. This allows the merchant to display a branded header, as well as
explanation text that can assist cardholders who are new to the cardholder
authentication experience. Here are some key points for merchants implementing this
approach:
•
•
•
•

•

The use of active HTML links in the branded header frame is not allowed. Below
the header frame, however, it is recommended to include a link that directs the
cardholder back to the checkout page in case of technical difficulties.
The explanation text should be clear and concise. The text should not assume
that the cardholder is already enrolled and should not provide instructions that
might conflict with the cardholder’s issuer instructions.
The use of newer frame technologies such as iFrames and floating .Net frames is
not recommended as some cardholders set their browsers to block such
elements.
The merchant should make sure that the authentication window frame is fully
visible and is not located too low in the page due to long text or large upper
frame. A minimum space of 400x400 pixels is required for the Access Control
Server (ACS) frame. It must not be necessary to scroll to see the authentication
page.
Merchants must ensure that the ‘back’ button functionality works and cardholders
who click on it are routed back to the checkout page.

Inline authentication windows can also be used without frames. This will show the
cardholder that they are no longer at the merchant and are now communicating with
their issuing bank whilst also allowing them to check the SSL lock to ensure connection

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
38

Phone
08444 828 200

Public

Version
5.28

with the Issuer ACS. As a result, the ‘Without frames’ approach may be preferred by
some cardholders.
3. TERMURL Field
This field is provided by the merchant to the issuer during the payer authentication
request process. It provides the issuer with the merchant URL where the payer
authentication response message is to be sent. The use of mixed HTTP and HTTPS
frames typically results in a security box being presented to the cardholder. Depending
upon how the cardholder responds to this dialog, the current and all future attempts to
transmit the PAReq message may fail. As a result, merchants using inline authentication
windows with frames must populate the TERMURL field with a HTTPS address.

6.2. PayerAuth Message Types
6.2.1. PayerAuth EnrollmentCheck Request
The EnrollmentCheck request is raised to check if the card is enrolled with MasterCard
SecureCode or Verified By Visa.
The Message Type for the payer authentication enrollment check is PAI and the namespace is
PAYERAUTH.
Section/Fields

Type/Format

Mandatory/
Optional/Conditional

Description


merchantreference

String

O

mkaccountid

Decimal

M

mkacquirerid

Decimal

M

Merchant can add a reference
to cross reference responses
relating to the same
transaction
Account reference number,
supplied by Commidea
Acquirer reference number
1 – Barclaycard Business
(BMS) [Sterling only]
2 – NatWest Streamline
3 – HMS (HSBC)
4 – Lloyds TSB Cardnet
5 – Elavon (GiroBank)
6 – Bank Of Scotland
7 – American Express
8 – Clydesdale Bank
9 – Barclaycard Business
(BMS) MultiCurrency
10 – Bank of Ireland
11 – Northern Bank
12 – Yorkshire Bank
13 – GE Capital
14 – Ulster Bank
15 – Int'l Barclaycard
Business (BMS) [Sterling]
16 – Int'l Lloyds TSB Cardnet
17 – Int'l HMS (HSBC)
18 – Int'l NatWest
19 – Int'l Barclaycard
Business (BMS) Multi
20 – Diners
21 – Creation

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
39

Phone
08444 828 200

merchantname

String
Varchar(25)

M

merchantcountrycode

String
Varchar(50)

M

merchanturl

String
Varchar(255)

M

visamerchantbankid

String
Varchar(50)

C
(Only for Visa checks)

visamerchantnumber

String
Varchar(50)

C
(Only for Visa checks)

visamerchantpassword

String
Varchar(50)

C
(Only for Visa checks)

mcmmerchantbankid

String
Varchar(50)

C
(Only for MasterCard
/Maestro checks)

mcmmerchantnumber

String
Varchar(50)

C
(Only for MasterCard
/Maestro checks)

mcmmerchantpassword

String
Varchar(50)

tokenid

Decimal

C
(Only for MasterCard
/Maestro checks)
C

cardnumber

String
Varchar(50)

C

Public

Version
5.28

23 – JCB
24 – AIB
The MerchantName must
match the name shown online
to the cardholder at the
merchant’s site and the name
submitted by the merchant’s
acquirer in the settlement
transaction
This field contains a three
digit number assigned by the
signing member or processor
to identify the merchant’s
location country. Based on
ISO Country Codes – 3166.
(See Appendix C)
This field contains the fully
qualified URL of the merchant
site
This field contains a six digit
assigned Bank Identification
Number issued by the
merchant’s member bank or
processor. The acquirer Bank
Identification Number (BIN)
identifies the member bank
that signed the merchant
using the Point of Sale
application
This field contains a unique
ID number which is assigned
by the signing merchant’s
acquirer, bank or processor.
This field is used to identify
the merchant within the
VisaNet system
The alphanumeric merchant
password is provided by the
acquirer
This field contains a six digit
assigned Bank Identification
Number issued by the
merchant’s member bank or
processor. The acquirer Bank
Identification Number (BIN)
identifies the member bank
that signed the merchant
using the Point of Sale
application
This field contains a unique
ID number which is assigned
by the signing merchant’s
acquirer, bank or processor.
This field is used to identify
the merchant within the
SecureCode system
The alphanumeric merchant
password is provided by the
acquirer
Token identifier for token
transaction. If none to be
passed, ‘0’ to be used.
Card PAN

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
40

Phone
08444 828 200

cardexpyear

String
Char(2)

C

cardexpmonth

String
Char(2)

C

currencycode

String
Char(3)

M

currencyexponent

String
Char(1

M

browseracceptheader

String
Varchar(255)

O

browseruseragentheader

String
Varchar(255)

O

transactionamount

String
Varchar(50)

M

transactiondisplayamount

String
Varchar(50)

M

transactiondescription

String
Varchar(50)

O

Public

Version
5.28

Card expiry date year YY e.g.
08
(not passed if token id
supplied)
Card expiry date month MM
(not passed if token id
supplied)
This field contains a three
digit number assigned by the
signing member or processor
to identify the merchant's
authorisation currency. Based
on ISO Country Code – 3166
(See Appendix C)
No of decimal places in
currency field ie. GBP will be
2
This field contains the exact
content of the HTTP accept
header as sent to the
merchant from the
cardholder's user agent. This
field is required only if the
cardholder's user agent
supplied a value.
This field contains the exact
content of the HTTP useragent header as sent to the
merchant from the
cardholder's user agent. This
field is only required if the
cardholder's user agent
supplied a value.
Amount to be authorised with
implied decimal point ie.
£10.00 is represented as
1000 and 0.10 is represented
as 10.
The transaction amount is to
be presented with all
currency-specific punctuation,
as this will be the number
displayed to the customer.
E.g. 10.00
This field contains a
description of the goods or
services being purchased,
determined by the merchant.



6.2.2. PayerAuth EnrollmentCheck Response
The response from the check will be contained within the EnrollmentCheck response.
The Message Type for the payer authentication enrollment check response is PAER and the
namespace is PAYERAUTH.
Section/Fields

merchantreference

Type/Format

Description

String
Varchar(50)

Merchant can add a reference to cross
reference responses relating to the

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
41

Phone
08444 828 200

processingdb

String

payerauthrequestid
enrolled

Decimal
String
Char(1)
String
Varchar(4096)
String
Varchar(1000)

acsurl
pareq

errorcode
errordescription

Public

Version
5.28

same transaction
This indicates the database to use for
processing a particular request. If left
blank the default database will be
used.
Unique Identifier
Indicates if card is enrolled in the 3D
secure program.
Fully qualified URL of an Access
Control Server.
This field will contain the entire XML
response packet from the Directory
Server.
Error code defining the error
Description of the error

Integer
String
Varchar(1000)



6.2.3. PayerAuth AuthenticationCheck Request
After the enrollment check has been performed, authentication can be sought using this
message type.
The Message Type for the payer authentication check request is PAI and the namespace is
PAYERAUTH.
Section/Fields

Type/Format

Mandatory/
Optional/
Conditional

Description


merchantreference

String

O

payerauthrequestid

Decimal

M

pares

String

C

enrolled

String

M

Merchant can add a
reference to cross reference
responses relating to the
same transaction
Unique Identifier returned
during
EnrollmentCheckResponse.
Compressed and encoded
Payer Authentication
Response message, returned
in response from Visa /
Mastercard
(Only included if received)
Indicates if the card was
enrolled – Y/N



6.2.4. PayerAuth AuthenticationCheck Response
The authentication check response will contain the result of the authentication check.
The Message Type for the payer authentication response is PAAR and the namespace is
PAYERAUTH.
Section/Fields

merchantreference

Type/Format

Description

String

Merchant can add a reference to cross reference
responses relating to the same transaction

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Phone
08444 828 200

payerauthrequestid
authenticationstatus

Decimal
String

authenticationcertificate

String

authenticationcavv

String

authenticationeci

String

authenticationtime

String

atsdata
errorcode
errordescription
processingdb

String
Integer
String
String

Document name
Web Service Guide
Date
May 2011
Page number
42

Public

Version
5.28

PayerAuth transaction identifier
This property indicates whether the transaction
has been authenticated or not.
• Y – The customer was successfully
authenticated. All data needed for clearing
is included.
• N – The customer failed authentication
• A – Attempted processing. The APACS
message will show verified enrolment but
cardholder is not participating at this time.
• U – Authentication could not be performed
due to technical or other problems.
The certificate that signed the Payer
Authentication Response (PARes) message.
This property contains a 28-byte Base-64
encoded Cardholder Authentication Verification
Value (CAVV).
Two digit Electronic Commerce Indicator (ECI)
value.
The date and time in which the Payer
Authentication Response (PARes) message was
signed by the Access Control Server (ACS). The
value is expressed in GMT and uses the format
"YYYYMMDD HH:MM:SS".
Additional transaction security data
Error code defining the error
Description of the error
This indicates the database used for processing a
particular request



© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
43

Phone
08444 828 200

Public

Version
5.28

7. Payer Authentication Decisions
In order to decide upon which situations to accept or decline transaction, the below table is included and covers both Visa VbV
Transactions and MasterCard SecureCode Transactions. This matrix provides a description of the Authentication Results and Merchant
to Acquirer values presented during each scenario.
Case
Number
1
2
3
4
5
6
7

Card Type
Visa 3D
Visa 3D
Visa 3D
Mcard 3D
Mcard 3D
Mcard 3D
None 3D

MPI Authentication
VERes PARes CAVV/AVV
Y
Y
Yes
Y
A
Yes
N
None
None
Y
Y
Yes
Y
A
Yes
N
None
None
None
None
None

8
9
10
11

Visa 3D
Visa 3D
Mcard 3D
Mcard 3D

U
Y
U
Y

None
U
None
U

12
13

Visa 3D
Mcard 3D

Y
Y

N
N

APACS Authorisation
CAVV/AVV Trans ID
Yes
Yes
Yes
Yes
None
None
Yes
Yes
Yes
Yes
None
None
None
None

ATSD
D0C100
D0C200
D0C200
D09100
D09200
D09200
808000

Streamline Settlement
Trans source Liability Shift
12
Yes
13
Yes
13
Yes
12
Yes
13
Yes
13
Yes
14
No

ECI
05
06
None
02
01
None
None

ECI
05
06
None
02
01
None
None

None
None
None
None

None
None
None
None

None
None
None
None

None
None
None
None

None
None
None
None

D0C400
D0C400
D09400
D09400

14/13
14/13
13
13

No
No
Yes
Yes

None
None

None
None

None
None

None
None

None
None

None
None

None
None

None
None

RAG Status

Key to VERes & PARes Codes:
Y (VERes)
N (VERes)
U (VERes)
Y (PARes)

Perform a PARes
Issuer/BIN not participating
Authentication process did not complete correctly
Cardholder enrolled and authenticated

A (PARes)
N (PARes)
U (PARes)

Cardholder not enrolled
Cardholder enrolled, transaction not authenticated
Authentication process did not complete correctly

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

Author
ML

Document name
Web Service Guide
Date
May 2011
Page number
44

Phone
08444 828 200

Public

Version
5.28

Key to RAG Status:
Indicates a BAU (business as usual) transaction
Indicates a system failure at some point
Indicates attempted fraud or cardholder error
VbV
EMV Terminal Type

30 (Visa ECI 5) =
31 (Visa ECI 6) =
32 (Visa ECI 7) =

Merchant & Cardholder are registered
Merchant is registered, but Cardholder isn't.
Standard E-Commerce message

APACS 70-2
Section B.4.2 (page 85)

Electronic Commerce Data Record Sub-type 01

APACS 70-3
Section A.4 (page 93)
Customer Instruction

G = Merchant & Cardholder registered
H = Merchant is registered, but Cardholder isn't.
J = Standard E-Commerce message

Tests 5a & 5b
Tests 6a & 6b

Please put a line through the scenario not being used
Please put a line through the scenario not being used

EMV Terminal Type

30 (M'Card PDS 2) =
31 (M'Card PDS 1) =
32 (M'Card PDS 0) =

Secure
Code
Merchant & Cardholder are registered
Merchant is registered, but Cardholder isn't.
Standard E-Commerce message

APACS 70-2
Section B.4.2 (page 85)

Electronic Commerce Data Record Sub-type 01

APACS 70-3
Section A.4 (page 93)
Customer Instruction

G = Merchant & Cardholder registered
H = Merchant is registered, but Cardholder isn't.
J = Standard E-Commerce message

Tests 12a & 12b
Tests 13a & 13b

Please put a line through the scenario not being used
Please put a line through the scenario not being used

7.1. Non Supporting Card Schemes
Payer Auth is not performed on non supporting schemes i.e.- Creation, AMEX, JCB, Diners.
However, Additional Transaction Security Data is required to show that SSL encryption was
used for the transaction.
SCHEME
Non supporting schemes i.e.- Creation, AMEX, JCB, Diners, Solo

VERES
N/A

PARES
N/A

© 2011 COMMIDEA LTD
All rights reserved. Copying and/or redistribution of this information in whole
or in part without the express permission of Point International prohibited.

ATSD
D08000

ECI
07

8. On-Hold & Release Functionality
As discussed earlier within this guide, the on-hold and release functionality can be enabled on a
merchant account. Once enabled, each and every transaction will require a release message to
be sent to the Commidea servers via the Web Service before the transaction is submitted for
settlement to the acquirer.
These message formats are detailed below:

8.1. Release Request
The Message Type for the payer authentication enrollment
RELEASEONHOLDREQUEST and the namespace is ONHOLD.

check

response

is

Section/Fields

authdb

Type/Format

Description

String

mktransactionid


Decimal

The authorisation database within the Commidea infrastructure which
processed the transaction during authorisation
Transaction ID (unique only to the processing database utilised)

8.1.1. Request Example






30002411
096d5d0f-f9dc-430a-8d9c-e102393409c4
17075320
0

RELEASEONHOLDREQUEST


TEST_AUTHDB2
1969925
]]>





Author
ML

Phone
08444 828 200

Document name
Web Service Guide
Date
May 2011
Page number
46

Public

Version
5.28

8.1. Release Response
The Message Type for the payer authentication enrollment
RELEASEONHOLDRESPONSE and the namespace is ONHOLD.

check

response

Section/Fields

result

Type/Format

Description

String

Result of the release request. Result types are:

mktransactionid
authdb

Decimal
String

RELEASED
Transaction ID (unique only to the processing database utilised)
The authorisation database within the Commidea infrastructure
which processed the transaction during authorization

is



8.1.1. Response Example

3000
2411096d5d0f-f9dc-430a-8d9ce102393409c4TEST_AUTHDB20falseRELE
ASEONHOLDRESPONSE<releaseonholdresponse
xmlns="ONHOLD"><result>RELEASED</result><mktransactionid>1969925</mktrans
actionid><authdb>TEST_AUTHDB2</authdb></releaseonholdresponse>

© 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 47 Public Version 5.28 9. PayPal 9.1. PayPal Express Checkout Process To provide an overview of the PayPal process, please see the flow chart shown below: 1 2 3 4 5 7 6 The steps can be summarised into the following process: 1. From the Merchant website the customer will have the option to Checkout with PayPal. If this option is chosen a ‘SetExpressCheckout Request’ is created and sent. This will contain the URL to which the customer’s browser is returned after choosing to pay with PayPal. 2. PayPal returns a token, a string value used to track the customer throughout the checkout process. 3. The website directs the customer to the PayPal site, where they log in, select a funding source and confirm contact and shipping information. 4. The customer clicks the ‘Continue’ button and PayPal directs them to the ReturnURL specified in the SetExpressCheckout Request, along with the token identifying the customer appended to the URL. 5. The ‘GetExpressCheckoutDetails’ call is made to obtain the customer details from PayPal, via ICP. The token sent from PayPal must be included to identify the customer and allow PayPal to return the required information. 6. When the customer completes payment the ‘DoExpressCheckoutPayment’ request is made, to which PayPal responds with the transaction result. 7. The transaction result is displayed to the customer. © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 48 Phone 08444 828 200 Public Version 5.28 From the point of view of the customer, they experience a three-click process: 1. Click to select to pay via PayPal 2. Click to confirm login details 3. Click to confirm the payment details Should more information be required then a walkthrough document which describes in detail how to integrate to PayPay Express Checkout (including button placement, button usage, and button/logo image integration) can all be found within PayPal’s supporting documentation store. Once the integration has been designed from a front-end perspective, the message types and record sets which follow should be utilised. The integration can be tested with the PayPal test accounts created using the instructions from section 3.5 & 3.6 of this manual. 9.2. PayPal Message Types The Message Type for PayPal requests is PPI and the namespace is PAYPAL. 9.2.1. SetExpressCheckout Request Section/Fields Type/Format Optional / Required Description merchantreference String O user String R pwd version String String R R signature String R subject String O returnurl String R cancelurl String R Merchant can add a reference to cross reference responses relating to the same transaction Merchant PayPal API username Merchant PayPal API password Version number of the NVP API service Merchant PayPal signature string Email address of a PayPal account that has granted permission to make this call. Set this parameter only if calling an API on a different user’s behalf URL to which the customer’s browser is returned after choosing to pay with PayPal. NOTE: PayPal recommends that the value be the final review page on which the customer confirms the order and payment or billing agreement. Character length and limitations: no limit. URL to which the customer is returned if he does not approve the use of PayPal to pay. NOTE: PayPal recommends © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 49 Phone 08444 828 200 amt Decimal R currencycode String O maxamt Decimal O paymentaction String O Public Version 5.28 that the value be the original page on which the customer chose to pay with PayPal or establish a billing agreement. Character length and limitations: no limit The total cost of the transaction to the customer. If shipping cost and tax charges are known, include them in this value; if not, this value should be the current sub-total of the order. If the transaction includes one or more one-time purchases, this field must be equal to the sum of the purchases. If the transaction does not include a one-time purchase, this field can be set to 0. Limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). A three-character currency code for one of the currencies listed in PayPalThe expected maximum total amount of the complete order, including shipping cost and tax charges. If the transaction does not include a one-time purchase, this field is ignored. Limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). How to obtain payment: • ‘Sale’ indicates that this is a final sale for which payment is being requested. • ‘Authorization’ indicates that this payment is a basic authorisation subject to settlement with PayPal Authorisation & Capture. • ‘Order’ indicates that this payment is an order authorisation subject to settlement with PayPal Authorisation & Capture. If the transaction does not include a one-time purchase, © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 50 Phone 08444 828 200 email String desc O O custom String O invnum String O reqconfirmshipping Integer O Public Version 5.28 this field is ignored. NOTE: This value cannot be set to Sale in SetExpressCheckout request and then changed to Authorisation or Order on the final API DoExpressCheckoutPayment request. If the value is set to Authorisation or Order in SetExpressCheckout, the value may be set to Sale or the same value (either Authorisation or Order) in DoExpressCheckoutPayment. Character length and limit: Up to 13 single-byte alphabetic characters Default value: Sale Email address of the buyer as entered during checkout. PayPal uses this value to prefill the PayPal membership sign-up portion of the PayPal login page. Character length and limit: 127 single-byte alphanumeric characters Description of items the customer is purchasing. Character length and limitations: 127 single-byte alphanumeric characters A free-form field for use, such as a tracking number or other value for PayPal to return on GetExpressCheckoutDetails response and DoExpressCheckoutPayment response. A unique invoice or tracking number. PayPal returns this value on DoExpressCheckoutPayment response. If the transaction does not include a one-time purchase, this field is ignored. Character length and limitations: 127 single-byte alphanumeric characters The value 1 indicates that the customer’s shipping address is required on file with PayPal to be a confirmed address. NOTE: Setting this field overrides the setting specified in the Merchant Account Profile. Character length and limitations: One single-byte numeric character. © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 51 Phone 08444 828 200 noshipping Integer O addoverride Integer O token String O localecode String O pagestyle String O Public Version 5.28 Allowable values: 0, 1 Default: 0 The value 1 indicates that on the PayPal pages, no shipping address fields should be displayed whatsoever. Character length and limitations: One single-byte numeric character. Allowable values: 0, 1 Default: 0 The value 1 indicates that the PayPal pages should display the shipping address set in this SetExpressCheckout request, not the shipping address on file with PayPal for this customer. Displaying the PayPal street address on file does not allow the customer to edit that address. Character length and limitations: One single-byte numeric character. Allowable values: 0, 1 Default: 0 A timestamped token by which to identify to PayPal that the merchant is processing this payment with Express Checkout. NOTE: The token expires after three hours. If the token is set in the SetExpressCheckout request, the value of the token in the response is identical to the value in the request. Character length and limitations: 20 single-byte characters Locale of pages displayed by PayPal during Express Checkout. Character length and limitations: Any two-character country code. The following two-character country codes are supported by PayPal: • AU • DE • FR • IT • GB • ES • US Any other value will default to US. This value corresponds to the HTML variable page_style for customising payment pages. The value is the same as the © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 52 Phone 08444 828 200 hdrimg String O hdrbordercolor String O hdrbackcolor String O payflowcolor String O channeltype String O solutiontype String O Public Version 5.28 Page Style Name chosen when adding or editing the page style from the Profile subtab of the My Account tab of the merchant PayPal account. Character length and limitations: 30 single-byte alphabetic characters. URL for the image to appear at the top left of the payment page. The image has a maximum size of 750 pixels wide by 90 pixels high. PayPal recommends providing an image that is stored on a secure (https) server. If an image is not specified, the business name is displayed. Character length and limit: 127 single-byte alphanumeric characters Sets the border color around the header of the payment page. The border is a 2-pixel perimeter around the header space, which is 750 pixels wide by 90 pixels high. By default, the color is black. Character length and limitations: Six character HTML hexadecimal color code in ASCII Sets the background color for the header of the payment page. By default, the color is white. Character length and limitation: Six character HTML hexadecimal color code in ASCII Sets the background color for the payment page. By default, the color is white. Character length and limitation: Six character HTML hexadecimal color code in ASCII Type of channel: • Merchant: non-auction seller • eBayItem: eBay auction If the transaction does not include a one-time purchase, this field is ignored. Type of checkout flow: • Sole: Express Checkout for auctions • Mark: normal Express Checkout If the transaction does not include a one-time purchase, © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 53 Phone 08444 828 200 Public Version 5.28 this field is ignored. A value of 1 indicates that the customer billing address should be returned in subsequent API calls. If the value is 0, the billing address is not returned. billingtype String See Type of billing agreement. description For recurring payments, this field is required and must be set to RecurringPayments. billingagreementdescription String O Description of goods or services associated with the billing agreement. PayPal recommends that providing a brief summary of the terms & conditions of the billing agreement. billingagreementcustom String O Custom annotation field for use. NOTE: This field is ignored for recurring payments. paymenttype String O Specifies type of PayPal payment required for the billing agreement, which is one of the following values. • ‘Any’ • ‘InstantOnly’ NOTE: This field is ignored for recurring payments. Passing the shipping information is optional, however the optional/required settings here refer to if the merchant decides that this information is to be provided. If not providing shipping information, none of the below fields are included. shiptoname String R Person’s name associated with this shipping address. Character length and limitations: 32 single-byte characters shiptostreet String R First street address. Character length and limitations: 100 single-byte characters shiptocity String R Name of city. Character length and limitations: 40 single-byte characters shiptostate String O State or province. Character length and limitations: 40 single-byte characters Required for US addresses only. shiptocountrycode String R Country code. Character limit: Two single-byte characters. shiptozip String R U.S. Zip code or other countryspecific postal code. Character length and limitations: 20 single-byte characters shiptostreet2 String O Second street address. Character length and limitations: 100 single-byte characters phonenum String O Phone number. Character length and limit: 20 single-byte characters reqbillingaddress Integer O © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 54 Public Version 5.28 9.2.2. SetExpressCheckout Response Section/Fields merchantreference Type/Format Description String paypalrequestid token Decimal String errorcode String shortmessage String longmessage String serveritycode String Merchant can add a reference to cross reference responses relating to the same transaction Unique PayPal request identifier A timestamped token by which to identify to PayPal that the merchant is processing this payment with Express Checkout. NOTE: The token expires after three hours. If the token is set in the SetExpressCheckout request, the value of the token in the response is identical to the value in the request. Character length and limitations: 20 single-byte characters Error identifier (Please see Appendix E for a full list of errors) General message (Please see Appendix E for a full list of errors) Detailed message (Please see Appendix E for a full list of errors) Severity of the error (Please see Appendix E for a full list of errors) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 55 Phone 08444 828 200 Public Version 5.28 9.2.3. GetExpressCheckoutDetails Request Section/Fields Type/Format Optional / Required Description merchantreference String O user String R pwd String R version String R signature String R subject String O token String R Merchant can add a reference to cross reference responses relating to the same transaction Merchant PayPal API username Merchant PayPal API password Version number of the NVP API service Merchant PayPal signature string Email address of a PayPal account that has granted the merchant permission to make this call. Set this parameter only if calling an API on a different user’s behalf A timestamped token, the value of which was returned by SetExpressCheckout response. Character length and limitations: 20 single-byte characters Allowable values: An unexpired token © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 56 Public Version 5.28 9.2.4. GetExpressCheckoutDetails Response Section/Fields merchantreference Type/Format Description String paypalrequestid token Decimal String email String payerid String payerstatus String salutation String firstname String middlename String lastname String suffix String countrycode String business shiptoname String String shiptostreet String shiptostreet2 String shiptocity String Merchant can add a reference to cross reference responses relating to the same transaction Unique PayPal request identifier The timestamped token value that was returned by SetExpressCheckout response and passed on GetExpressCheckoutDetails request. Character length and limitations: 20 single-byte characters Email address of payer. Character length and limitations: 127 single-byte characters Unique PayPal customer account identification number. Character length and limitations:13 single-byte alphanumeric characters. Status of payer. Valid values are: • Verified • Unverified Character length and limitations: 10 single-byte alphabetic characters. Possible values: verified, unverified Payer’s salutation. Character length and limitations: 20 single-byte characters Payer’s first name. Character length and limitations: 25 single-byte characters Payer’s middle name. Character length and limitations: 25 single-byte characters Payer’s last name. Character length and limitations: 25 single-byte characters Payer’s suffix. Character length and limitations: 12 single-byte characters Payer’s country of residence in the form of ISO standard 3166 two-character country codes. Character length and limitations: Two single-byte characters Payer’s business name. Person’s name associated with this address. Character length and limitations: 32 single-byte characters First street address. Character length and limitations: 100 single-byte characters Second street address. Character length and limitations: 100 single-byte characters Name of city. Character length and limitations: 40 single-byte characters © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 shiptostate String shiptocountrycode String shiptozip String addressstatus String custom String invnum String phonenum String billingaddressacceptedstatus String errorcode String shortmessage String longmessage String serveritycode String Document name Web Service Guide Date May 2011 Page number 57 Public Version 5.28 State or province Character length and limitations: 40 single-byte characters Country code. Character limit: Two single-byte characters. U.S. Zip code or other country-specific postal code. Character length and limitations: 20 single-byte characters Status of street address on file with PayPal A free-form field for own use, as set in the Custom element of SetExpressCheckout request. Character length and limitations: 256 single-byte alphanumeric characters An invoice or tracking number, as set in the element of the same name in SetExpressCheckout request . Character length and limitations: 127 single-byte alphanumeric characters Payer’s contact telephone number. NOTE: PayPal returns a contact telephone number only if the Merchant account profile settings require that the buyer enter one. Character length and limitations: Field mask is XXX-XXX-XXXX (for US numbers) or +XXX XXXXXXXX (for international numbers) Whether or not the customer accepted the billing agreement. This value always returns ‘Yes’. Error identifier (Please see Appendix E for a full list of errors) General message (Please see Appendix E for a full list of errors) Detailed message (Please see Appendix E for a full list of errors) Severity of the error (Please see Appendix E for a full list of errors) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 58 Phone 08444 828 200 Public Version 5.28 9.2.5. DoExpressCheckoutPayment Request Section/Fields Type/Format Optional / Required Description merchantreference String O user String R pwd String R version String R signature String R subject String O token String R paymentaction String R Merchant can add a reference to cross reference responses relating to the same transaction Merchant PayPal API username Merchant PayPal API password Version number of the NVP API service Merchant PayPal signature string Email address of a PayPal account that has granted permission to make this call. Set this parameter only if calling an API on a different user’s behalf The timestamped token value that was returned by SetExpressCheckout response and passed on GetExpressCheckoutDetails request. Character length and limitations: 20 single-byte characters How to obtain payment: • ‘Sale’ indicates that this is a final sale for which payment is being requested. • ‘Authorization’ indicates that this payment is a basic authorisation subject to settlement with PayPal Authorisation & Capture. • ‘Order’ indicates that this payment is an order authorisation subject to settlement with PayPal Authorisation & Capture. If the transaction does not include a one-time purchase, this field is ignored. NOTE: This value cannot be set to Sale in SetExpressCheckout request and then change this value to Authorisation or Order on the final API DoExpressCheckoutPayment request. If the value is set to Authorisation or Order in © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 59 Phone 08444 828 200 payerid String R amt Decimal R desc String O custom String O invnum String O notifyurl String O itemamt Decimal O Public Version 5.28 SetExpressCheckout, the value may be set to Sale or the same value (either Authorisation or Order) in DoExpressCheckoutPayment. Character length and limit: Up to 13 single-byte alphabetic characters Default value: Sale Allowable Values: • Authorization • Order • Sale Default: The transaction resulting from DoExpressCheckoutPayment request will be a final sale.. Unique PayPal customer account identification number as returned by GetExpressCheckoutDetails response. Character length and limitations: 13 single-byte alphanumeric characters. Total of order, including shipping, handling, and tax. NOTE: Limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). Description of items the customer is purchasing. Character length and limitations: 127 single-byte alphanumeric characters A free-form field for use. Character length and limitations: 256 single-byte alphanumeric characters An invoice or tracking number. Character length and limitations: 127 single-byte alphanumeric characters The merchant’s URL for receiving Instant Payment Notification (IPN) about this transaction. NOTE: If not specified in the request, the notification URL from the Merchant Profile is used, if one exists. Character length and limitations: 2,048 single-byte alphanumeric characters Sum of cost of all items in this order. © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 60 Phone 08444 828 200 shippingamt Decimal O handlingamt Decimal O taxamt Decimal O currencycode String O Public Version 5.28 Limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). Total shipping costs for this order. NOTE: Character length and limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Regardless of currency, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). Equivalent to nine characters maximum for USD. Total handling costs for this order. NOTE: Character length and limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Regardless of currency, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). Equivalent to nine characters maximum for USD. Sum of tax for all items in this order. NOTE: Character length and limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Regardless of currency, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). Equivalent to nine characters maximum for USD. A three-character currency code for one of the currencies listed in PayPalSupported Transactional Currencies. paypalexpressitems paypalexpressitems O Passing the shipping information is optional, however the optional/required settings here refer to if the merchant decides that this information is to be provided. If not providing shipping information, none of the below fields are included shiptoname String R Person’s name associated with this address. Character length and limitations: 32 single-byte characters shiptostreet String R First street address. Character length and © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 61 Phone 08444 828 200 shiptocity String R shiptostate String O shiptocountrycode String R shiptozip String R shiptostreet2 String O shiptophonenumber String O Public Version 5.28 limitations: 100 single-byte characters Name of city. Character length and limitations: 40 single-byte characters State or province. Character length and limitations: 40 single-byte characters Required for US addresses only. Country code. Character limit: Two singlebyte characters U.S. ZIP code or other country-specific postal code. Character length and limitations: 20 single-byte characters Second street address. Character length and limitations: 100 single-byte characters Phone number. Character length and limit: 20 single-byte characters 9.2.6. PayPal ExpressItem Section/Fields name Type/Format Optional / Required Description String O number String O qty Integer O taxamt Decimal O amt Decimal O Item name. Character length and limitations: 127 single-byte characters Item number. Character length and limitations: 127 single-byte characters Item quantity. Character length and limitations: Any positive integer Item sales tax. Limitations: Must not exceed $10,000 USD in any currency. No currency symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). Cost of item Limitations: Value can be positive, negative or zero and must not exceed $10,000 USD in any currency. No currency © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 62 Phone 08444 828 200 ebayitemnumber String O ebayitemauctiontxnid String O ebayitemorderid String O Public Version 5.28 symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). Auction item number Character length: 765 single-byte characters Auction transaction identification number Character length: 255 single-byte characters Auction order identification number Character length: 64 single-byte characters © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 63 Public Version 5.28 9.2.7. DoExpressCheckoutPayment Response Section/Fields merchantreference Type/Format Description String paypalrequestid token Decimal String transactionid String transactiontype String paymenttype String ordertime String amt Decimal currencycode String feeamount Decimal Merchant can add a reference to cross reference responses relating to the same transaction Unique PayPal request identifier The timestamped token value that was returned by SetExpressCheckout response and passed on GetExpressCheckoutDetails request. Character length and limitations:20 single-byte characters Unique transaction ID of the payment. NOTE: If the PaymentAction of the request was Authorisation or Order, this value is the merchant’s AuthorizationID for use with the Authorization & Capture APIs. Character length and limitations:19 single-byte characters Possible values: Transaction specific The type of transaction Character length and limitations:15 single-byte characters Possible values: • Cart • Express-checkout Indicates whether the payment is instant or delayed. Character length and limitations: Seven single-byte characters Possible values: • None • eCheck • Instant Time/date stamp of payment Possible values: Transaction specific The final amount charged, including any shipping and taxes from the Merchant Profile. Character length and limitations: Does not exceed $10,000 USD in any currency. No currency symbol. Regardless of currency, decimal separator is a period (.), and the optional thousands separator is a comma (,). Equivalent to nine characters maximum for USD. Possible Values: Transaction specific A three-character currency code for one of the currencies listed in PayPaySupported Transactional Currencies. PayPal fee amount charged for the transaction. Character length and limitations: Does not exceed $10,000 USD in any currency. No currency symbol. Regardless of © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 settleamount Decimal taxamount Decimal exchangerate Decimal paymentstatus String pendingreason String Document name Web Service Guide Date May 2011 Page number 64 Public Version 5.28 currency, decimal separator is a period (.), and the optional thousands separator is a comma (,). Equivalent to nine characters maximum for USD. Possible values: Transaction specific Amount deposited in the merchant’s PayPal account after a currency conversion. Possible values: Transaction specific Tax charged on the transaction. Character length and limitations: Does not exceed $10,000 USD in any currency. No currency symbol. Regardless of currency, decimal separator is a period (.), and the optional thousands separator is a comma (,). Equivalent to nine characters maximum for USD. Possible values: Transaction specific Exchange rate if a currency conversion occurred. Relevant only if billing in their non-primary currency. If the customer chooses to pay with a currency other than the nonprimary currency, the conversion occurs in the customer’s account. Character length and limitations: a decimal that does not exceed 17 characters, including decimal point Possible values: Transaction specific Status of the payment: • Completed: The payment has been completed, and the funds have been added successfully to the merchant’s account balance. • Pending: The payment is pending. See the PendingReason element for more information. The reason the payment is pending: • None: No pending reason • Address: The payment is pending because the customer did not include a confirmed shipping address and the Payment Receiving Preferences is set such that the merchants wants to manually accept or deny each of these payments. To change these preference, go to the Preferences section of the Profile. • eCheck: The payment is pending because it was made by an eCheck that has not yet cleared. • Intl: The payment is pending because the merchant holds a non-U.S. account and does not have a withdrawal mechanism. This payment must be manually accepted or denied from the Account Overview. © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 65 • reasoncode String redirectrequired String errorcode String shortmessage String longmessage String serveritycode String Public Version 5.28 Multi-currency: There is no balance in the currency sent, and the Payment Receiving Preferences are not set to automatically convert and accept this payment. This payment must be manually accepted or denied. • Verify: The payment is pending because the merchant is not yet verified. It is necessary to verify the merchant account before accepting this payment. • Other: The payment is pending for a reason other than those listed above. For more information, contact PayPal customer service. The reason for a reversal if TransactionType is reversal: • None: No reason code • Chargeback: A reversal has occurred on this transaction due to a chargeback by the customer. • Guarantee: A reversal has occurred on this transaction due to the customer triggering a money-back guarantee. • Buyer-complaint: A reversal has occurred on this transaction due to a complaint about the transaction from the customer. • Refund: A reversal has occurred on this transaction because the customer has been given a refund. • Other: A reversal has occurred on this transaction due to a reason not listed above. Flag to indicate whether to redirect the customer to back to PayPal after completing the transaction. NOTE: Use this field only if using giropay or bank transfer payment methods in Germany. Error identifier (Please see Appendix E for a full list of errors) General message (Please see Appendix E for a full list of errors) Detailed message (Please see Appendix E for a full list of errors) Severity of the error (Please see Appendix E for a full list of errors) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 66 Phone 08444 828 200 Public Version 5.28 9.2.8. DoAuthorization Request Section/Fields Type/Format Optional / Required Description merchantreference String O user String R pwd String R version String R signature String R subject String O transactionid String R amt Decimal R transactionentity String O currencycode String O Merchant can add a reference to cross reference responses relating to the same transaction Merchant PayPal API username Merchant PayPal API password Version number of the NVP API service Merchant PayPal signature string Email address of a PayPal account that has granted permission to make this call. Set this parameter only if calling an API on a different user’s behalf The value of the order’s transaction identification number returned by PayPal. Character length and limits: 19 single-byte characters maximum Amount to authorize. Limitations: Value is a positive number which cannot exceed $10,000 USD in any currency. No currency symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). Type of transaction to authorize. The only allowable value is Order, which means that the transaction represents a customer order that can be fulfilled over 29 days. A three-character currency code for one of the currencies listed in PayPay-Supported Transactional Currencies. © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 67 Public Version 5.28 9.2.9. DoAuthorization Response Section/Fields merchantreference Type/Format Description String paypalrequestid transactionid Decimal String Amt currencycode Decimal String errorcode String shortmessage String longmessage String serveritycode String Merchant can add a reference to cross reference responses relating to the same transaction Unique PayPal request identifier An authorisation identification number. Character length and limits: 19 singlebyte characters The amount specified in the request. A three-character currency code for one of the currencies listed in PayPal Supported Transactional Currencies. Error identifier (Please see Appendix E for a full list of errors) General message (Please see Appendix E for a full list of errors) Detailed message (Please see Appendix E for a full list of errors) Severity of the error (Please see Appendix E for a full list of errors) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 68 Phone 08444 828 200 Public Version 5.28 9.2.10. DoCapture Request Section/Fields Type/Format Optional / Required Description merchantreference String O user pwd version String String String R R R signature subject String String R O authorizationid String R amt Decimal R currencycode String O completetype String R invnum String O Merchant can add a reference to cross reference responses relating to the same transaction Merchant PayPal API username Merchant PayPal API password Version number of the NVP API service Merchant PayPal signature string Email address of a PayPal account that has granted permission to make this call. Set this parameter only if calling an API on a different user’s behalf The authorisation identification number of the payment to capture. This is the transaction id returned from DoExpressCheckoutPayment or DoDirectPayment. Character length and limits: 19 single-byte characters maximum. Amount to capture. Limitations: Value is a positive number which cannot exceed $10,000 USD in any currency. No currency symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). A three-character currency code for one of the currencies listed in PayPay-Supported Transactional Currencies. The value Complete indicates that this the last capture intended to be made. The value NotComplete indicates an intention to make additional captures. NOTE: If Complete, any remaining amount of the original authorised transaction is automatically voided and all remaining open authorisations are voided. Character length and limits: 12 single-byte alphanumeric characters An invoice number or other identification number that is displayed to the merchant and customer in his transaction history. NOTE: This value on DoCapture will overwrite a value previously set on DoAuthorization. NOTE: The value is recorded © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 69 Phone 08444 828 200 note String O softdescriptor String O Public Version 5.28 only if the authorisation being captured is an order authorisation, not a basic authorisation. Character length and limits: 127 single-byte alphanumeric characters An informational note about this settlement that is displayed to the payer in email and in his transaction history. Character length and limits: 255 single-byte characters The soft descriptor is a per transaction description of the payment that is passed to the consumer’s credit card statement. If a value for the soft descriptor field is provided, the full descriptor displayed on the customer’s statement has the following format: <1 space> The soft descriptor can contain only the following characters: • Alphanumeric characters • - (dash) • * (asterisk) • . (period) • (space) If using any other characters (such as “,”), an error code is returned. The soft descriptor does not include the phone number, which can be toggled between the merchant’s customer service number and PayPal’s customer service number. The maximum length of the total soft descriptor is 22 characters. Of this, either 4 or 8 characters are used by the PayPal prefix shown in the data format. Thus, the maximum length of the soft descriptor passed in the API request is: 22 - len() len( + 1) For example, assume the following conditions: • The PayPal prefix toggle is set to PAYPAL * in PayPal’s admin tools • The merchant descriptor set in the Payment © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 70 • • Public Version 5.28 Receiving Preferences is set to EBAY. The soft descriptor is passed in as JanesFlowerGifts LLC The resulting descriptor string on the credit card would be: PAYPAL *EBAY JanesFlow 9.2.11. DoCapture Response Section/Fields merchantreference Type/Format Description String paypalrequestid authorizationid Decimal String transactionid String parenttransactionid String receipttid String transactiontype String paymenttype String ordertime String currencycode String Merchant can add a reference to cross reference responses relating to the same transaction Unique PayPal request identifier The authorisation identification number specified in the request. Character length and limits: 19 single-byte characters maximum Unique transaction ID of the payment. Character length and limitations: 17 singlebyte characters Parent or related transaction identification number. This field is populated for the following transaction types: • Reversal. Capture of an authorised transaction. • Reversal. Reauthorisation of a transaction. • Capture of an order. The value of ParentTransactionID is the original OrderID. • Authorisation of an order. The value of ParentTransactionID is the original OrderID. • Capture of an order authorisation. • Void of an order. The value of ParentTransactionID is the original OrderID. Character length and limits: 16 digits in xxxx-xxxx-xxxx-xxxx format Receipt identification number Character length and limits: 16 digits in xxxx-xxxx-xxxx-xxxx format The type of transaction • Cart • Express-checkout Character length and limitations: 15 singlebyte characters Indicates whether the payment is instant or delayed. Character length and limitations: Seven single-byte characters Time/date stamp of payment. For example: 2006-08-15T17:23:15Z. A three-character currency code for one of © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 amt Decimal feeamt Decimal settleamt Decimal taxamt exchangerate Decimal Decimal paymentstatus String errorcode String Document name Web Service Guide Date May 2011 Page number 71 Public Version 5.28 the currencies listed in PayPal Supported Transactional Currencies The final amount charged, including any shipping and taxes from the Merchant Profile. PayPal fee amount charged for the transaction Amount deposited in the merchant’s PayPal account if there is a currency conversion. Tax charged on the transaction, if any Exchange rate if a currency conversion occurred. Relevant only if billing in the customer’s non-primary currency. If the customer chooses to pay with a currency other than the non-primary currency, the conversion occurs in the customer’s account. Character length and limitations: a decimal multiplier Status of the payment. The status of the payment: • None: No status • Canceled-Reversal: This means a reversal has been canceled. For example, if a dispute was won with the customer, and the funds for the transaction that was reversed have been returned to the merchant. • Completed: The payment has been completed, and the funds have been added successfully to the merchant’s account balance. • Denied: The payment was denied. This happens only if the payment was previously pending because of possible reasons described for the PendingReason element. • Expired: the authorisation period for this payment has been reached. • Failed: The payment has failed. This happens only if the payment was made from the customer’s bank account. • Pending: The payment is pending. See the PendingReason field for more information. • Refunded: The payment was refunded. • Reversed: A payment was reversed due to a chargeback or other type of reversal. The funds have been removed from the merchant’s account balance and returned to the buyer. The reason for the reversal is specified in the ReasonCode element. • Processed: A payment has been accepted. • Voided: An authorisation for this transaction has been voided. Error identifier (Please see Appendix E for © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 shortmessage String longmessage String serveritycode String Document name Web Service Guide Date May 2011 Page number 72 Public Version 5.28 a full list of errors) General message (Please see Appendix E for a full list of errors) Detailed message (Please see Appendix E for a full list of errors) Severity of the error (Please see Appendix E for a full list of errors) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 73 Phone 08444 828 200 Public Version 5.28 9.2.12. DoVoid Request Section/Fields merchantreference Type/Format Optional / Required Description String O user String R pwd String R version String R signature String R subject String O authorizationid String R note String O Merchant can add a reference to cross reference responses relating to the same transaction Merchant PayPal API username Merchant PayPal API password Version number of the NVP API service Merchant PayPal signature string Email address of a PayPal account that has granted permission to make this call. Set this parameter only if calling an API on a different user’s behalf The value of the original authorisation identification number returned by a PayPal product. IMPORTANT: If voiding a transaction that has been reauthorised, use the ID from the original authorisation, and not the reauthorisation. Character length and limits: 19 single-byte characters An informational note about this void that is displayed to the payer in email and in his transaction history. Character length and limits: 255 single-byte characters © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 74 Phone 08444 828 200 Public Version 5.28 9.2.13. DoVoid Response Section/Fields merchantreference Type/Format Description String paypalrequestid authorizationid Decimal String errorcode String shortmessage String longmessage String serveritycode String Merchant can add a reference to cross reference responses relating to the same transaction Unique PayPal request identifier The authorisation identification number specified in the request. Character length and limits: 19 singlebyte characters Error identifier (Please see Appendix E for a full list of errors) General message (Please see Appendix E for a full list of errors) Detailed message (Please see Appendix E for a full list of errors) Severity of the error (Please see Appendix E for a full list of errors) 9.2.14. RefundTransaction Request Section/Fields merchantreference Type/Format Optional / Required Description String O user String R pwd String R version String R signature String R subject String O transactionid String R refundtype String R amt Decimal O currencycode String O Merchant can add a reference to cross reference responses relating to the same transaction Merchant PayPal API username Merchant PayPal API password Version number of the NVP API service Merchant PayPal signature string Email address of a PayPal account that has granted permission to make this call. Set this parameter only if calling an API on a different user’s behalf Unique identifier of a transaction Character length and limitations: 17 single-byte alphanumeric characters Type of refund being made: • Other • Full • Partial Refund amount. Amount is required if RefundType is Partial. NOTE: If RefundType is Full, do not set Amount. A three-character currency code for one of the currencies listed in PayPal Supported Transactional © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 75 Phone 08444 828 200 note String O Public Version 5.28 Currencies Custom memo about the refund. Character length and limitations: 255 single-byte alphanumeric characters © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 76 Public Version 5.28 9.2.15. RefundTransaction Response Section/Fields merchantreference Type/Format Description String paypalrequestid currencycode Decimal String refundtransactionid String netrefundamt Decimal feerefundamt Decimal grossrefundamt Decimal errorcode String shortmessage String longmessage String serveritycode String Merchant can add a reference to cross reference responses relating to the same transaction Unique PayPal request identifier A three-character currency code for one of the currencies listed in PayPal Supported Transactional Currencies Unique transaction ID of the refund. Character length and limitations:17 single-byte characters Amount subtracted from PayPal balance of original recipient of payment to make this refund Transaction fee refunded to original recipient of payment Amount of money refunded to original payer Error identifier (Please see Appendix E for a full list of errors) General message (Please see Appendix E for a full list of errors) Detailed message (Please see Appendix E for a full list of errors) Severity of the error (Please see Appendix E for a full list of errors) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 77 Phone 08444 828 200 Public Version 5.28 9.2.16. DoReauthorization Request Section/Fields Type/Format Optional / Required Description merchantreference String O user String R pwd String R version String R signature String R subject String O authorizationid String R amt Decimal R currencycode String O Merchant can add a reference to cross reference responses relating to the same transaction Merchant PayPal API username Merchant PayPal API password Version number of the NVP API service Merchant PayPal signature string Email address of a PayPal account that has granted permission to make this call. Set this parameter only if calling an API on a different user’s behalf The value of a previously authorised transaction identification number returned by PayPal. Character length and limits: 19 single-byte characters maximum Amount to reauthorise. Limitations: Value is a positive number which cannot exceed $10,000 USD in any currency. No currency symbol. Must have two decimal places, decimal separator must be a period (.), and the optional thousands separator must be a comma (,). A three-character currency code for one of the currencies listed in PayPaySupported Transactional Currencies. © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 78 Public Version 5.28 9.2.17. DoReauthorization Response Section/Fields merchantreference Type/Format Description String paypalrequestid authorizationid Decimal String errorcode String shortmessage String longmessage String serveritycode String Merchant can add a reference to cross reference responses relating to the same transaction Unique PayPal request identifier A new authorisation identification number. Character length and limits:19 single-byte characters Error identifier (Please see Appendix E for a full list of errors) General message (Please see Appendix E for a full list of errors) Detailed message (Please see Appendix E for a full list of errors) Severity of the error (Please see Appendix E for a full list of errors) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 79 Phone 08444 828 200 Public Version 5.28 10. Stored Value Solutions (SVS) 10.1. SVS Functionality Stored Value Solutions provide prepaid services to merchants. Commidea support SVS’ branded prepaid cards which are used to: • • • • • Reward and incentivise employees, customers, and partners Improve foot traffic to your locations Increase brand awareness Facilitate new promotional and co-branding opportunities Allow easy gift card acceptance across multiple point-of-sale systems Prepaid cards are accepted the same way as any standard electronic funds transfer card through Commidea’s XML Gateway. 10.2. SVS Message Types 10.2.1. SVS Request The Stored Value Solutions (SVS) Request type contains all the information required to process a transaction using an SVS card. Section/Fields messagetype Type/ Format Length Integer Optional / Required M Description No 0 *1 2 *3 4 5 6 *7 *8 9 *10 *11 *12 13 stan String 6 O Message Type Balance Enquiry Pre-Authorization Message Redemption Message Tip Message Cancellation Merchandise Return Message Card Recharge Message Pre-Authorisation Completion Message Card Activation Message Issue Gift Card Issue Virtual Gift Card Message Reversal Message Network Message Cash Back Message * Reserved for future use, not currently available Systems trace audit number. Example: 123456. For the original transaction this should be left blank and will be generated automatically. The © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 80 Phone 08444 828 200 offlineauthcode cardnumber track1 track2 transactionamount transactioncurrency String String String String Decimal String 10 19 6 3 O O O O O O transactiondate transactiontime invoicenumber String String String 8 6 8 O O O merchantname merchantnumber storenumber divisionnumber routingid String String String String String 50 6 10 5 19 O M O M M Public Version 5.28 original STAN must be passed in with reversals Offline Authorisation Code SVS card number Track 1 Track 2 Transaction amount, e.g. 9.99 Currency Code (ISO 4217) for transaction (e.g. 826 = Pound Sterling) Transaction date: YYYYMMDD – e.g. 20110110 Transaction time: HHMMSS - e.g. 175732 Client assigned value which may be used to represent an order number or reference for the transaction, e.g. INV01 Merchant name SVS Merchant number Store number Division number Routing ID 10.2.2. SVS Response The SVS Response type contains all the result information from an SVS request. Section/Fields Type/ Format id responsecode Decimal String Length 2 Description The request ID Code Return Description 01 Approval 02 Inactive Card 03 Invalid Card Number 04 Invalid Transaction Code 05 Insufficient Funds 06 No Previous Authorisations 07 Invalid Message 08 No Card Found 09 Insufficient Funds due to Outstanding preauthorisation. 10 Denial – No previous authorisation 11 No Authorization number 12 Invalid Authorization number 13 Maximum single recharge exceeded 14 Maximum working balance exceeded 15 Host Unavailable 16 Invalid Card Status 17 Unknown dealer/Store Code - Special edit 18 Maximum number of recharges exceeded 19 Invalid card verification value 20 Invalid PIN number / PIN Locked 21 Card already issued 22 Card not issued 23 Card already used 24 Manual Transaction not allowed 25 Mag Stripe read not valid 26 Transaction type unknown 27 Invalid tender type 28 Invalid customer type 29 n/a 30 Max number of redemption exceeded 31 Invalid currency code © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 81 Phone 08444 828 200 Public Version 5.28 32 responsemessage stan transactionamount balanceamount conversionrate cardcurrencycode 10.3. String String Decimal Decimal Decimal String 6 6 6 8 3 Invalid server id (restaurant only – server ID code is invalid) 33 Frozen card or Unknown 34 Invalid amount (transaction amount does not match the pre-valued card dollar amount) 99 Route does not exist for the routingID supplied Description e.g. “Approved” Systems trace audit number. Example: 123456. Transaction amount supplied within request: E.g. 9.99 Balance amount remaining on the SVS card Conversion rate. E.g. 1.000000 826 (Numeric translation of GBP) Part Payments Commidea supports SVS’ “Part Payment” functionality on both Terminal and XML solutions. However, please note that this functionality will require additional logic to be put in place within the merchant’s integration. Should an SVS transaction be initiated using an SVS card which does not contain enough funds to pay off the entire balance, a separate transaction will be required to clear the remaining balance. In order to monitor for such an occurrence within the XML solution, the integration should take note of the ‘TransactionAmount’ within the ‘ProcessMsgResponse’. This value should be compared to the original ‘TransactionAmount’ from the ‘SVSRequestMessage’, with the difference equating to the remaining balance in a scenario where there are insufficient funds on the SVS card to pay the balance off in full. When a balance remains as per the above, the merchant’s system should return the customer to a checkout page which details the remaining amount to be paid and provides the option to input additional payment details, which could be either a different SVS card number or a credit/debit card number for a standard EFT transaction. Commidea Best Practice: it is recommended that a balance enquiry is processed after the transaction amount has been finalised. This will ensure that the SVS card provided by the cardholder has sufficient funds before processing the transaction. In a scenario where the card does not contain sufficient funds, the merchant can make the cardholder aware of this prior to processing the transaction, and inform the cardholder that a further payment will be required. © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 82 Phone 08444 828 200 Public Version 5.28 11. Token Gateway 11.1. Token Registration Process To register a token a request should be created containing all the information required, which will include the card number, expiry date as well as boolean values to control the transaction types allowed for the token. A response will then be returned containing a TokenID. This should be stored, and can be provided in a transaction request (see section 5.2.1) to request for the stored details to be sourced and utilised to provide payment details for the transaction. There are two versions of the Token Registration process: • TKI card scheme name not returned from token registration, legacy message type • TKI2 message type added which returns a different response depending upon success or failure of the registration process, including returning the card scheme name of the registered details should the process be successful Both message formats are detailed below. An overview of the registration process is shown in the below diagram: Merchant System Commidea Server Order and cardholder data captured Token Registration request sent to Commidea, including token expiration date Commidea securely stores sensitive data and assigns a token on behalf of merchant Token Registration response returned to merchant, including token ID Merchant stores token ID © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 83 Phone 08444 828 200 11.2. Public Version 5.28 Token Message Types 11.2.1. Registration Request (TKI) The Token Registration Request type contains all the information required to register a token. The Message Type is TKI and the namespace is TOKEN. Section/Fields Type/Format Mandatory/ Optional/ Conditional merchantreference String O Description Merchant can add a reference to cross reference responses relating to the same transaction pan String M Card number expirydate String M Card expiry month and year (YYMM) (Only required when card is keyed, can be calculated from Track2) startdate String C Card start date month and year (MMYY) Only required for Diners Club International, some Maestro, some Solo and some Laser cards. Not required if Track2 data supplied Please note the format difference between the expiry and start dates are intentional issuenumber String C 1 or 2 digit card issue number as shown on the front of the card. Only required by some Switch, Solo and Laser cards. Required only when card is keyed purchase Boolean M Allow purchase txn type refund Boolean M Allow refund txn type cashback Boolean M Allow cashback txn type tokenexpirationdate String M Last date on which the token can be utilised. Format of date to be: DDMMCCYY © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 84 Public Version 5.28 11.2.2. Token Registration Response (TKI) The Token Registration Response type contains all the result information from a token registration request. The Message Type is TOKENRESPONSE and the namespace is TOKEN. Section/Fields tokenid merchantreference Type/Format Description Decimal String errorcode Integer errormsg String Unique identifier for registered PAN Merchant can add a reference to cross reference responses relating to the same transaction This is an error code indicating what type of error occurred, if any, while processing the transaction. See Appendix E for error codes This is a text field used to give as short text description of the error code © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 85 Phone 08444 828 200 Public Version 5.28 11.2.3. Registration Request (TKI2) The Token Registration Request type contains all the information required to register a token, and ensures that the card scheme name is returned within the response message. The Message Type is TKI2 and the namespace is TOKEN. Section/Fields Type/Format Mandatory/ Optional/ Conditional merchantreference String O Description Merchant can add a reference to cross reference responses relating to the same transaction pan String M Card number expirydate String M Card expiry month and year (YYMM) (Only required when card is keyed, can be calculated from Track2) startdate String C Card start date month and year (MMYY) Only required for Diners Club International, some Maestro, some Solo and some Laser cards. Not required if Track2 data supplied Please note the format difference between the expiry and start dates are intentional issuenumber String C 1 or 2 digit card issue number as shown on the front of the card. Only required by some Switch, Solo and Laser cards. Required only when card is keyed purchase Boolean M Allow purchase txn type refund Boolean M Allow refund txn type cashback Boolean M Allow cashback txn type tokenexpirationdate String M Last date on which the token can be utilised. Format of date to be: DDMMCCYY © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 86 Public Version 5.28 11.2.4. Token Registration Response (TKI2) – Success When the TKI2 token registration request is successful, the following message is returned. The Message Type is TOKENRESPONSE and the namespace is TOKEN. Section/Fields tokenid merchantreference Type/Format Description Decimal String cardschemename String Unique identifier for registered PAN Merchant can add a reference to cross reference responses relating to the same transaction Returns the card scheme name for the card registered within the request 11.2.5. Token Registration Response (TKI2) – Failure Should the TKI2 token registration request fail, the following message is returned. The Message Type is TOKENRESPONSE and the namespace is TOKEN. Section/Fields merchantreference Type/Format Description String errorcode Integer errormsg String Merchant can add a reference to cross reference responses relating to the same transaction This is an error code indicating what type of error occurred, if any, while processing the transaction. See Appendix E for error codes This is a text field used to give as short text description of the error code © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 87 Public Version 5.28 12. Ukash Message Types The Message Type for Ukash requests is UKASH and the namespace is UKASH. 12.1. Ukash GetSettleAmount Request Section/Fields merchantreference Type/Format Description String Varchar(50) requesttype String Varchar(50) String Char(20) Merchant can add a reference to cross reference responses relating to the same transaction The request type; ukashgetsettleamount This is a login name that will be supplied to the merchant by Ukash to send with each transaction sent to the Ukash gateway This is the password for the Ukash login name, which will be supplied to the merchant by Ukash This is a unique reference to the transaction, which must be supplied by the merchant. It must be unique across the merchant’s ukashLogin. E.g. for gaming clients, the format of the transactionId must be casinoId_TransNo Ukash will supply a brand id to the merchant for each of the brands he wishes to differentiate between. The appropriate brand id must then be sent through on each transaction request This is the number printed on the voucher or card, the number will be 19 digits for vouchers and 16 digits for cards. This is the value of the voucher presented in 2 decimal points This is the currency in which the product/service is being sold. It is the merchant base currency for the transaction. It must be given in the character ISO standard. Refer to Appendix B to verify 7-9 digits of voucher number ukashlogin ukashpassword String Char(20) transactionid String Char(20) brandid String Char(20) vouchernumber String Char(19)/ Char(16) vouchervalue decimal basecurr String Char(3) vouchercurrproductcode String Char(3) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 12.2. Document name Web Service Guide Date May 2011 Page number 88 Public Version 5.28 Ukash PartSpendVoucher Request Section/Fields merchantreference Type/Format Description String Varchar(50) requesttype String Varchar(50) String Char(20) Merchant can add a reference to cross reference responses relating to the same transaction The request type; ukashpartspendvoucher This is a login name that will be supplied to the merchant by Ukash to send with each transaction sent to the Ukash gateway This is the password for the Ukash login name, which will be supplied to the merchant by Ukash This is a unique reference to the transaction, which must be supplied by the merchant. It must be unique across the merchant’s ukashLogin. E.g. for gaming clients, the format of the transactionId must be casinoId_TransNo Ukash will supply a brand id to the merchant for each of the brands he wishes to differentiate between. The appropriate brand id must then be sent through on each transaction request This is the number printed on the voucher or card, the number will be 19 digits for vouchers and 16 digits for cards. This is the value of the voucher presented in 2 decimal points This is the value, which the merchant wishes to charge from the voucher or account. It is presented in 2 decimal points in the merchant base currency. This is the currency in which the product/service is being sold. It is the merchant base currency for the transaction. It must be given in the character ISO standard. Refer to Appendix B to verify This is the Merchant’s time stamp of the transaction. Format “yyyy-mm-dd hh:mm:ss” This indicates what the transaction is being used for. See Section 7.9 for redemption Types. The numeric identifier must be supplied 7-9 digits of voucher number ukashlogin ukashpassword String Char(20) transactionid String Char(20) brandid String Char(20) vouchernumber String Char(19)/ Char(16) vouchervalue decimal ticketvalue Decimal basecurr String Char(3) merchdatetime String Char(19) redemptiontype String Char(1)/Char(2) vouchercurrproductcode String Char(3) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 12.3. Document name Web Service Guide Date May 2011 Page number 89 Public Version 5.28 Ukash FullValueVoucher Request Section/Fields merchantreference Type/Format Description String Varchar(50) requesttype String Varchar(50) String Char(20) Merchant can add a reference to cross reference responses relating to the same transaction The request type; ukashfullvaluevoucher This is a login name that will be supplied to the merchant by Ukash to send with each transaction sent to the Ukash gateway This is the password for the Ukash login name, which will be supplied to the merchant by Ukash This is a unique reference to the transaction, which must be supplied by the merchant. It must be unique across the merchant’s ukashLogin. E.g. for gaming clients, the format of the transactionId must be casinoId_TransNo Ukash will supply a brand id to the merchant for each of the brands he wishes to differentiate between. The appropriate brand id must then be sent through on each transaction request This is the number printed on the voucher or card, the number will be 19 digits for vouchers and 16 digits for cards. This is the value of the voucher presented in 2 decimal points This is the currency in which the product/service is being sold. It is the merchant base currency for the transaction. It must be given in the character ISO standard. Refer to Appendix B to verify This is the Merchant’s time stamp of the transaction. Format “yyyy-mm-dd hh:mm:ss” This indicates what the transaction is being used for. See Section 7.9 for redemption Types. The numeric identifier must be supplied 7-9 digits of voucher number ukashlogin ukashpassword String Char(20) transactionid String Char(20) brandid String Char(20) vouchernumber String Char(19)/ Char(16) vouchervalue decimal basecurr String Char(3) merchdatetime String Char(19) redemptiontype vouchercurrproductcode String Char(3) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 12.4. Document name Web Service Guide Date May 2011 Page number 90 Public Version 5.28 Ukash PartSpendAccount Request Section/Fields merchantreference Type/Format Description String Varchar(50) requesttype String Varchar(50) String Char(20) Merchant can add a reference to cross reference responses relating to the same transaction The request type; ukashpartspendaccount This is a login name that will be supplied to the merchant by Ukash to send with each transaction sent to the Ukash gateway This is the password for the Ukash login name, which will be supplied to the merchant by Ukash This is a unique reference to the transaction, which must be supplied by the merchant. It must be unique across the merchant’s ukashLogin. E.g. for gaming clients, the format of the transactionId must be casinoId_TransNo Ukash will supply a brand id to the merchant for each of the brands he wishes to differentiate between. The appropriate brand id must then be sent through on each transaction request This is the number printed on the voucher or card, the number will be 19 digits for vouchers and 16 digits for cards. This is the Pin number printed on the Ukash Card. 4 digit value, field is required for all card based transactions This is the value of the voucher presented in 2 decimal points This is the value, which the merchant wishes to charge from the voucher or account. It is presented in 2 decimal points in the merchant base currency. This is the currency in which the product/service is being sold. It is the merchant base currency for the transaction. It must be given in the character ISO standard. Refer to Appendix B to verify This is the Merchant’s time stamp of the transaction. Format “yyyy-mm-dd hh:mm:ss” This indicates what the transaction is being used for. See Section 7.9 for redemption Types. The numeric identifier must be supplied 7-9 digits of voucher number ukashlogin ukashpassword String Char(20) transactionid String Char(20) brandid String Char(20) vouchernumber String Char(19)/ Char(16) ukashpin String Char(4) vouchervalue decimal ticketvalue Decimal basecurr String Char(3) merchdatetime String Char(19) redemptiontype vouchercurrproductcode String Char(3) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 12.5. Document name Web Service Guide Date May 2011 Page number 91 Public Version 5.28 Ukash FullSpendAccount Request Section/Fields merchantreference Type/Format Description String Varchar(50) requesttype String Varchar(50) String Char(20) Merchant can add a reference to cross reference responses relating to the same transaction The request type; ukashfullspendaccount This is a login name that will be supplied to the merchant by Ukash to send with each transaction sent to the Ukash gateway This is the password for the Ukash login name, which will be supplied to the merchant by Ukash This is a unique reference to the transaction, which must be supplied by the merchant. It must be unique across the merchant’s ukashLogin. E.g. for gaming clients, the format of the transactionId must be casinoId_TransNo Ukash will supply a brand id to the merchant for each of the brands he wishes to differentiate between. The appropriate brand id must then be sent through on each transaction request This is the number printed on the voucher or card, the number will be 19 digits for vouchers and 16 digits for cards. This is the Pin number printed on the Ukash Card. 4 digit value, field is required for all card based transactions This is the value of the voucher presented in 2 decimal points This is the currency in which the product/service is being sold. It is the merchant base currency for the transaction. It must be given in the character ISO standard. Refer to Appendix B to verify This is the Merchant’s time stamp of the transaction. Format “yyyy-mm-dd hh:mm:ss” This indicates what the transaction is being used for. See Section 7.9 for redemption Types. The numeric identifier must be supplied 7-9 digits of voucher number ukashlogin ukashpassword String Char(20) transactionid String Char(20) brandid String Char(20) vouchernumber String Char(19)/ Char(16) ukashpin String Char(4) vouchervalue decimal basecurr String Char(3) mercdatetime String Char(19) redemptiontype vouchercurrproductcode String Char(3) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 12.6. Document name Web Service Guide Date May 2011 Page number 92 Public Version 5.28 TransactionEnquiry Request Used to check if there is an issue with the Ukash server, and there is a requirement to check with Ukash if the transaction was successful or not. Section/Fields merchantreference Type/Format Description String Varchar(50) requesttype String Varchar(50) String Char(20) Merchant can add a reference to cross reference responses relating to the same transaction The request type; ukashtransactionenquiry This is a login name that will be supplied to the merchant by Ukash to send with each transaction sent to the Ukash gateway This is the password for the Ukash login name, which will be supplied to the merchant by Ukash This is a unique reference to the transaction, which must be supplied by the merchant. It must be unique across the merchant’s ukashLogin. E.g. for gaming clients, the format of the transactionId must be casinoId_TransNo Ukash will supply a brand id to the merchant for each of the brands he wishes to differentiate between. The appropriate brand id must then be sent through on each transaction request This is the number printed on the voucher or card, the number will be 19 digits for vouchers and 16 digits for cards. This is the Pin number printed on the Ukash Card. 4 digit value, field is required for all card based transactions This is the value of the voucher presented in 2 decimal points This is the currency in which the product/service is being sold. It is the merchant base currency for the transaction. It must be given in the character ISO standard. Refer to Appendix B to verify This is the Merchant’s time stamp of the transaction. Format “yyyy-mm-dd hh:mm:ss” This indicates what the transaction is being used for. See Section 7.9 for redemption Types. The numeric identifier must be supplied 7-9 digits of voucher number ukashlogin ukashpassword String Char(20) transactionid String Char(20) brandid String Char(20) vouchernumber String Char(19)/ Char(16) ukashpin String Char(4) vouchervalue decimal basecurr String Char(3) merchdatetime String Char(19) redemptiontype vouchercurrproductcode String Char(3) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 12.7. Document name Web Service Guide Date May 2011 Page number 93 Public Version 5.28 Ukash Response The Message Type for the Ukash response is UKASH and the namespace is TRM. Section/Fields requesttype amountreference Type/Format Description String Varchar(50) String Char(255) The request type mktransactionID txcode Decimal Integer txdescription String Char(255) transactionid settleamount String Char(20) Decimal accountbalance Decimal accountcurrency String Char(3) changeissuevouchernumber String Char(19) changeissuevouchercurr String Char(3) changeissueamount Decimal changeissueexpirydate String Char(10) String Char(19) issuedvouchernumber issuedvouchercurr String Char(3) issuedamount Decimal issuedexpirydate String Char(10) ukashtransactionid String Char(50) Boolean currencyconversion Merchants using the GetSettleAmount method need only fill in this tag. All other merchants should send a blank string in this tag. Unique transaction ID This is a transaction status/return code. It determines whether the voucher was successfully redeemed or not. A “0” means that the voucher was successfully redeemed. Any other code will reflect an unsuccessful redemption due to an invalid voucher or an error. See Section 7.8 for possible return codes This is a text field used to give a short text description of the transaction status/return code The transactionId is returned as reference to link the request and response XML This is the value of the transaction in the base currency The account balance in the currency of the account. Applicable to account based transactions only. This is the currency the card account. It will be given in the character ISO standard. For ticket price redemption, this is the voucher number for the change. For full value redemption, this will be blank This is the currency of the change issue voucher. It will be given in the character ISO standard. Refer to Appendix B This is the value of the change presented in 2 decimal places. For full value redemption, this will be blank This is the expiry date for the change issue voucher in the format yyyy-mm-dd For issued vouchers this is the new voucher number. This tag will only be returned for IssueVoucher transactions. The currency of the issued voucher. It will be given in the character ISO standard. Refer to Appendix B. This tag will only be returned for IssueVoucher transactions. This is the value of the issued voucher presented in 2 decimal places. This tag will only be returned for IssueVoucher transactions. This is the expiry date for the issued voucher in the format yyyy-mm-dd. This tag will only be returned for IssueVoucher transactions. This is a unique reference to the transaction This flag indicates whether currency © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 errcode Integer errdescription String Char(255) Document name Web Service Guide Date May 2011 Page number 94 Public Version 5.28 conversion took place. For full value redemption, currency conversion may occur to determine the settleAmount in the base currency. For ticket price redemption, currency conversion may occur to determine the ticket price in the currency of the voucher This is an error code indicating what type of error occurred, if any, while processing the transaction. See Section 7.10 for possible error codes This is a text field used to give a short text description of the error code 12.8. Ukash Return Code List Type of Message Transaction Status 12.9. Code 1 2 3 Message Code 0 1 99 Message Description Accepted Declined Failed Comments Redemption successful Redemption unsuccessful An error occurred during the processing of the transaction hence the system could not successfully complete the redemption of the voucher. Ukash Transaction Type List 4 8 20 Description Cash Withdrawal Account Deposit Product/Service Purchase Issue Voucher Void Transaction Account Add 21 Account Subtract 22 Transaction Enquiry Comments Normal Redemption transactions. Voucher or account will be debited with the currency and amount. Issues Voucher based on the currency and value Voids a Transaction made in the last 60 seconds. Add amount to Ukash account. Used only for Top up and Top Down Cards. Subtracts amount from Ukash account. Used only for Top up and Top Down Cards. Returns the state of a transaction that was executed in the last 48 hours. © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 12.10. Document name Web Service Guide Date May 2011 Page number 95 Public Version 5.28 Ukash Error Code List Type of Error Incoming XML Error Data Validation Error Card Validation Error Error Code 100 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 300 301 Invalid incoming XML Non numeric Voucher Value Base Currency not 3 characters in length Non numeric Ticket Value Invalid BrandId Invalid MerchDateTime Invalid transactionId: greater than 20 characters Invalid Redemption Type Negative Ticket Value not allowed No decimal place given in Ticket Value No decimal place given in Voucher Value Negative Voucher Value not allowed Invalid or unsupported voucher product code AmountReference with TicketValue not allowed No ukashNumber supplied No transactionId supplied No brandId supplied Ticket Value cannot be greater than Voucher Value without Currency Conversion Base Currency and Voucher currency do not match. Brand not configured to Issue Vouchers Invalid Voucher Number Multiple Transactions found Unknown transaction status No transaction found. The transaction cannot proceed with a user supplied PIN, and none was supplied, The supplied PIN had the incorrect format, e.g. was not 4 numeric characters PIN supplied with a transaction is incorrect (I.e. does not match the required pin recorded on file) PIN supplied with a transaction is incorrect and has resulted in the failure count reaching the maximum The Account has been blocked as a result of a validation/verification check failure Invalid Login and/or Password Invalid Login and/or BrandID 400 Required Currency Conversion not supported 500 501 800 Error In Currency Conversion Converted Settle Amount greater than Voucher Value Max duration between getSettleAmount and Redemption exceeded. Invalid amountReference Submitted Technical Error. Please contact Ukash Merchant Support Ukash Server Error. Please contact Commidea Merchant Helpdesk 217 218 219 221 222 223 250 251 252 253 254 Login and Password Login, Password and BrandID Currency Conversion Not Supported Currency Conversion Error General Error Technical Error Error Description 801 900 999 © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 96 Phone 08444 828 200 12.11. Public Version 5.28 Ukash Product Codes Region Country State Currency General Issues (020-200) United Kingdom Europe United Kingdom Europe United Kingdom Europe GBP EUR 011 211 411 611 811 Europe Poland Poland PLN 151 351 551 751 951 Europe Austria Austria EUR 021 221 421 621 821 001 Cash Back Issues (201-400) 201 Gambling Restricted (401-600) 401 Reserved (601-800) 601 Reserved (801-999) 801 Europe Belgium Belgium EUR 022 222 422 622 822 Europe Finland Finland EUR 023 223 423 623 823 Europe France France EUR 024 224 424 624 824 Europe Germany Germany EUR 025 225 425 625 825 Europe Greece Greece EUR 026 226 426 626 826 Europe Ireland Ireland EUR 027 227 427 627 827 Europe Italy Italy EUR 028 228 428 628 828 Europe Luxembourg Luxembourg EUR 029 229 429 629 829 Europe Netherlands Netherlands EUR 030 230 430 630 830 Europe Portugal Portugal EUR 031 231 431 631 831 811 Europe Spain Spain EUR 011 211 411 611 Europe Switzerland Switzerland CHF 033 233 433 633 833 Europe Denmark Denmark DKK 034 234 434 634 834 Europe Sweden Sweden SEK 035 235 435 635 835 Europe Czech Republic CZK 036 236 436 636 836 Europe Norway Czech Republic Norway NOK 037 237 437 637 837 Europe Romania Romania RON 038 238 438 638 838 Europe Hungary Hungary HUF 039 239 439 639 839 Europe Bulgaria Bulgaria BGL 040 240 440 640 840 Europe Estonia Estonia EEK 041 241 441 641 841 North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America USA USA USD 99 299 499 699 899 USA Alabama USD 100 300 500 700 900 USA Alaska USD 101 301 501 701 901 USA Arizona USD 102 302 502 702 902 USA Arkansas USD 103 303 503 703 903 USA California USD 104 304 504 704 904 USA Colorado USD 105 305 505 705 905 USA Connecticut USD 106 306 506 706 906 USA Delaware USD 107 307 507 707 907 USA Florida USD 108 308 508 708 908 USA Georgia USD 109 309 509 709 909 USA Hawaii USD 110 310 510 710 910 USA Idaho USD 111 311 511 711 911 USA Illinois USD 112 312 512 712 912 USA Indiana USD 113 313 513 713 913 © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 97 Phone 08444 828 200 North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America North America Public Version 5.28 USA Iowa USD 114 314 514 714 914 USA Kansas USD 115 315 515 715 915 USA Kentucky USD 116 316 516 716 916 USA Louisiana USD 117 317 517 717 917 USA Maine USD 118 318 518 718 918 USA Maryland USD 119 319 519 719 919 USA USD 120 320 520 720 920 USA Massachuset ts Michigan USD 121 321 521 721 921 USA Minnesota USD 122 322 522 722 922 USA Mississippi USD 123 323 523 723 923 USA Missouri USD 124 324 524 724 924 USA Montana USD 125 325 525 725 925 USA Nebraska USD 126 326 526 726 926 USA Nevada USD 127 327 527 727 927 USA USD 128 328 528 728 928 USA New Hampshire New Jersey USD 129 329 529 729 929 USA New Mexico USD 130 330 530 730 930 USA New York USD 131 331 531 731 931 USA USD 132 332 532 732 932 USA North Carolina North Dakota USD 133 333 533 733 933 USA Ohio USD 134 334 534 734 934 USA Oklahoma USD 135 335 535 735 935 USA Oregon USD 136 336 536 736 936 USA Pennsylvania USD 137 337 537 737 937 USA Rhode Island USD 138 338 538 738 938 USA USD 139 339 539 739 939 USD 140 340 540 740 940 USA South Carolina South Dakota Tennessee USD 141 341 541 741 941 USA Texas USD 142 342 542 742 942 USA Utah USD 143 343 543 743 943 USA Vermont USD 144 344 544 744 944 USA Virginia USD 145 345 545 745 945 USA Washington USD 146 346 546 746 946 USA West Virginia USD 147 347 547 747 947 USA Wisconsin USD 148 348 548 748 948 USA Wyoming USD 149 349 549 749 949 USA © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 98 Phone 08444 828 200 South America North America Africa Public Version 5.28 Argentina Argentina ARS 152 352 552 752 952 Canada Canada CAD 153 353 553 753 953 South Africa South Africa ZAR 150 350 550 750 950 © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 99 Public Version 5.28 13. Troubleshooting This section has been included in the manual to provide integrators with information to help resolve any issues. 13.1. Deserialization Errors When the elements which make up the XML document are populated with the necessary data, if the ‘Type’ of each is not adhered to then deserialization errors can occur. Essentially, the information provided does not meet the format requirements and, when the XML document has been programmatically checked, it could not be parsed correctly. An example of this would be: If the ‘Track2’ element were to be populated with data that does not match the predefined type, (in this case, the track2 data should consist of a numeric value), then a deserialization error will be produced. The error will detail which element(s) contained the mismatch, which enables the problem to be resolved by checking what information was passed and comparing this to the required type. 1) The XML document ‘TRecord’ contains PAN information that doesn’t satisfy the type requirements: .... CardNumber .... 2) A deserialization error is returned within the ‘InternalError’ tag, detailing which field caused the issue (in this case ‘PAN’): [16277] TransactionProcessor.DeserializeXml: Bad Format in TRecord_Pan © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 13.2. Document name Web Service Guide Date May 2011 Page number 100 Public Version 5.28 Contact Information Should there be a need to contact Commidea for help, please use the below contact details: In a Test Environment: Implementations implementations@commidea.com 08444 828 273 In a Live Environment: Merchant Helpdesk helpdesk@commidea.com 08444 828 222 © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 101 Public Version 5.28 APPENDIX A – Website Testing Script To aid developers before Commidea integration testing is performed; please follow the table below to ensure that all recommendations and requirements have been met: Test/Scenario Perform a normal transaction Description/Reasoning Ensure solution processes transactions correctly Test Result PASS / FAIL Check the modifiers used to mark the transaction are correct, e.g. ‘Purchase’ (1) and ‘Keyed Customer Not Present E-Commerce’ (12). These may differ for different scenarios. A transaction can be marked with more than one modifier PASS / FAIL Ensure voice referral transactions are rejected with a of 2 (rejected) for websites PASS / FAIL Check referral message does not say the transaction has been “declined”. Use “unsuccessful, as the scenario is different from that of declines PASS / FAIL Process a declined transaction (value ends in 5p) Ensure solution reacts correctly to declined transactions, including supplying an appropriate a message PASS / FAIL Process a transaction where the response is comms down (value ends in 7p) A situation may arise whereby a response of ‘Comms Down’ maybe returned by the service. This must be catered for by the integration. PASS / FAIL Check for SSL certificate Must be installed on the site to ensure credit card information is handled securely PASS / FAIL Navigating between payment forms disabled Secure information from website pages should be cleared once the page is left, or returning using the ‘Back’ button should be disabled PASS / FAIL Process a transactions with various issue numbers The issue number field should allowing processing of cards with issue numbers ranging from 1-99, including 01. Ensure leading 0’s are not removed after submission PASS / FAIL Process a transaction using a card number with 13 digits This is the least amount of digits a card number can consist of (13) PASS / FAIL Process a transaction with a Maestro card This is the greatest amount of digits a card number can consist of (19) PASS / FAIL Process a transaction with 20 alpha characters as a card number The card number field should validate locally and reject any attempts to enter more than 19 characters. Entry of alpha characters in this field should be disabled PASS / FAIL Process a transaction using invalid start date, expiry date and issue number All fields should be validated locally, ensure that invalid start date, expiry date and issue number entry is disabled (formatting the field accordingly) PASS / FAIL In the event of a transaction confirmation response not being received, resend the confirmation Confirmation should be resent rather than creating a new transaction if no confirmation response is received. This avoids duplicating orders PASS / FAIL Process a transaction using a CV2 value of ‘000’ (if applicable) This test will check leading 0’s are not being removed from the record before it is sent to Commidea. On the test system, ‘000’ is the only CV2 value accepted PASS / FAIL Process a transaction using an AMEX This will ensure that the CV2 field allows entry of up to 4 PASS / FAIL Perform a voice referral transaction (value ends in 2p) © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 102 Public Version 5.28 card (if applicable) digits, which is a requirement for processing AMEX cards. Please note that AMEX cards do now support 3 digit CSC values Process a transaction using AVS information (if applicable) Test scenarios whereby different AVS data is used. Here are three tests to perform with the relevant test data listed: i) ‘Matched’ – 10;ME156LH ii) ‘Partial Match’ – 11;ME156LH iii) ‘Not Matched’ – 11;ME167LH (or any other address) PASS / FAIL PASS / FAIL © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. PASS / FAIL Author ML Document name Web Service Guide Date May 2011 Page number 103 Phone 08444 828 200 Public Version 5.28 APPENDIX B – Currency Code ISO 4217 Currency Afghani Algerian dinar Argentine peso Armenian dram Aruban guilder Australian dollar Code AFN DZD ARS AMD AWG AUD Num 971 012 032 051 533 036 Azerbaijanian manat Bahamian dollar Bahraini dinar Baht Balboa Bangladeshi taka Barbados dollar Belarusian ruble Belize dollar Bermudian dollar (customarily known as Bermuda dollar) Bolivian Mvdol (funds code) Boliviano Brazilian real Brunei dollar Bulgarian lev Burundian franc Canadian dollar Cape Verde escudo Cayman Islands dollar Cedi CFA Franc BCEAO AZN BSD BHD THB PAB BDT BBD BYR BZD BMD 944 044 048 764 590 050 052 974 084 060 BOV BOB BRL BND BGN BIF CAD CVE KYD GHS XOF 984 068 986 096 975 108 124 132 136 936 952 CFA franc BEAC XAF 950 CFP franc Chilean peso Chinese Yuan Code reserved for testing purposes Colombian peso Comoro franc Convertible marks Cordoba oro Costa Rican colon Croatian kuna Cuban convertible peso Cuban peso Czech Koruna Dalasi Danish krone Denar Djibouti franc Dobra Dominican peso East Caribbean dollar XPF CLP CNY XTS 953 152 156 963 COP KMF BAM NIO CRC HRK CUC CUP CZK GMD DKK MKD DJF STD DOP XCD 170 174 977 558 188 191 931 192 203 270 208 807 262 678 214 951 Egyptian pound Ethiopian birr Euro EGP ETB EUR 818 230 978 Locations using this currency Afghanistan Algeria Argentina Armenia Aruba Australia, Australian Antarctic Territory, Christmas Island, Cocos (Keeling) Islands, Heard and McDonald Islands, Kiribati, Nauru, Norfolk Island, Tuvalu Azerbaijan Bahamas Bahrain Thailand Panama Bangladesh Barbados Belarus Belize Bermuda Bolivia Bolivia Brazil Brunei, Singapore Bulgaria Burundi Canada Cape Verde Cayman Islands Ghana Benin, Burkina Faso, Côte d'Ivoire, Guinea-Bissau, Mali, Niger, Senegal, Togo Cameroon, Central African Republic, Congo, Chad, Equatorial Guinea, Gabon French Polynesia, New Caledonia, Wallis and Futuna Chile China (Mainland) Colombia Comoros Bosnia and Herzegovina Nicaragua Costa Rica Croatia Cuba Cuba Czech Republic Gambia Denmark, Faroe Islands, Greenland Macedonia Djibouti São Tomé and Príncipe Dominican Republic Anguilla, Antigua and Barbuda, Dominica, Grenada, Montserrat, Saint Kitts and Nevis, Saint Lucia, Saint Vincent and the Grenadines Egypt Ethiopia Austria, Belgium, Cyprus, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, Malta, Netherlands, © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 104 Public Version 5.28 Portugal, Slovakia, Slovenia, Spain, Andorra, Kosovo, Monaco, Montenegro, San Marino, Vatican European Composite Unit (EURCO) (bond market unit) European Monetary Unit (E.M.U.-6) (bond market unit) European Unit of Account 17 (E.U.A.-17) (bond market unit) European Unit of Account 9 (E.U.A.-9) (bond market unit) Falkland Islands pound Fiji dollar Forint Franc Congolais Gibraltar pound Gold (one troy ounce) Guarani Guinea franc Guyana dollar Haiti gourde Hong Kong dollar Hryvnia Iceland krona Indian rupee Iranian rial Iraqi dinar Israeli new sheqel Jamaican dollar Japanese yen Jordanian dinar Kenyan shilling Kina Kip Kroon Kuwaiti dinar Kwacha Kwacha Kwanza Kyat Lari Latvian lats Lebanese pound Lek Lempira Leone Lesotho loti Liberian dollar Libyan dinar Lilangeni Lithuanian litas Malagasy ariary Malaysian ringgit Manat Mauritius rupee Metical Mexican peso Mexican Unidad de Inversion (UDI) (funds code) Moldovan leu Moroccan dirham Naira Nakfa Namibian dollar Nepalese rupee XBA 955 XBB 956 XBD 958 XBC 957 FKP FJD HUF CDF GIP XAU PYG GNF GYD HTG HKD UAH ISK INR IRR IQD ILS JMD JPY JOD KES PGK LAK EEK KWD MWK ZMK AOA MMK GEL LVL LBP ALL HNL SLL LSL LRD LYD SZL LTL MGA MYR TMT MUR MZN MXN MXV 238 242 348 976 292 959 600 324 328 332 344 980 352 356 364 368 376 388 392 400 404 598 418 233 414 454 894 973 104 981 428 422 008 340 694 426 430 434 748 440 969 458 934 480 943 484 979 Paraguay Guinea Guyana Haiti Hong Kong Special Administrative Region Ukraine Iceland Bhutan, India Iran Iraq Israel Jamaica Japan Jordan Kenya Papua New Guinea Laos Estonia Kuwait Malawi Zambia Angola Myanmar Georgia Latvia Lebanon Albania Honduras Sierra Leone Lesotho Liberia Libya Swaziland Lithuania Madagascar Malaysia Turkmenistan Mauritius Mozambique Mexico Mexico MDL MAD NGN ERN NAD NPR 498 504 566 232 516 524 Moldova Morocco, Western Sahara Nigeria Eritrea Namibia Nepal Falkland Islands Fiji Hungary Democratic Republic of Congo Gibraltar © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 105 Phone 08444 828 200 Netherlands Antillean guilder New Taiwan dollar ANG TWD 532 901 New Zealand dollar Ngultrum No currency North Korean won Norwegian krone Nuevo sol Ouguiya Pa'anga Pakistan rupee Palladium (one troy ounce) Pataca Peso Uruguayo Philippine peso Platinum (one troy ounce) Pound sterling NZD BTN XXX KPW NOK PEN MRO TOP PKR XPD MOP UYU PHP XPT GBP 554 064 999 408 578 604 478 776 586 964 446 858 608 962 826 Pula Qatari rial Quetzal Rial Omani Riel Romanian new leu Rufiyaa Rupiah Russian rouble Rwanda franc Saint Helena pound Samoan tala Saudi riyal Serbian dinar Seychelles rupee Silver (one troy ounce) Singapore dollar Solomon Islands dollar Som Somali shilling Somoni South African rand South Korean won Special Drawing Rights Sri Lanka rupee Sudanese pound Surinam dollar Swedish krona/kronor Swiss franc Syrian pound Tanzanian shilling Tenge Trinidad and Tobago dollar Tugrik Tunisian dinar Turkish lira Uganda shilling UIC franc (special settlement currency) Unidad de Fomento (funds code) Unidad de Valor Real United Arab Emirates dirham BWP QAR GTQ OMR KHR RON MVR IDR RUB RWF SHP WST SAR RSD SCR XAG SGD SBD KGS SOS TJS ZAR KRW XDR LKR SDG SRD SEK CHF SYP TZS KZT TTD MNT TND TRY UGX XFU 072 634 320 512 116 946 462 360 643 646 654 882 682 941 690 961 702 090 417 706 972 710 410 960 144 938 968 752 756 760 834 398 780 496 788 949 800 Nil Singapore, Brunei Solomon Islands Kyrgyzstan Somalia Tajikistan South Africa South Korea International Monetary Fund Sri Lanka Sudan Suriname Sweden Switzerland, Liechtenstein Syria Tanzania Kazakhstan Trinidad and Tobago Mongolia Tunisia Turkey, Northern Cyprus Uganda International Union of Railways CLF 990 Chile COU AED 970 784 Colombia United Arab Emirates Public Version 5.28 Netherlands Antilles Taiwan and other islands that are under the effective control of the Republic of China (ROC) Cook Islands, New Zealand, Niue, Pitcairn, Tokelau Bhutan North Korea Norway, Bouvet Island, Queen Maud Land, Peter I Island Peru Mauritania Tonga Pakistan Macau Special Administrative Region Uruguay Philippines United Kingdom, Crown Dependencies (the Isle of Man and the Channel Islands), certain British Overseas Territories (South Georgia and the South Sandwich Islands, British Antarctic Territory and British Indian Ocean Territory) Botswana Qatar Guatemala Oman Cambodia Romania Maldives Indonesia Russia, Abkhazia, South Ossetia Rwanda Saint Helena Samoa Saudi Arabia Serbia Seychelles © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Document name Web Service Guide Date May 2011 Page number 106 Phone 08444 828 200 United States dollar (next day) (funds code) United States dollar (same day) [who?] (funds code) (one source claims it is no longer used, but it is still on the ISO 4217-MA list) US dollar Uzbekistan som Vatu Venezuelan bolívar fuerte Vietnamese đồng WIR euro (complementary currency) WIR franc (complementary currency) Yemeni rial Zimbabwe dollar Złoty Public Version 5.28 USN 997 United States USS 998 United States USD 840 UZS VUV VEF VND CHE 860 548 937 704 947 American Samoa, British Indian Ocean Territory, Ecuador, El Salvador, Guam, Haiti, Marshall Islands, Micronesia, Northern Mariana Islands, Palau, Panama, Puerto Rico, Timor-Leste, Turks and Caicos Islands, United States, Virgin Islands, Bermuda (as well as Bermudian Dollar) Uzbekistan Vanuatu Venezuela Vietnam Switzerland CHW 948 Switzerland YER ZWL PLN 886 932 985 Yemen Zimbabwe Poland © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 107 Public Version 5.28 APPENDIX C – Country Codes ISO 3166 Official country names used by the ISO 3166/MA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of the Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Numeric 004 248 008 012 016 020 024 660 010 028 032 051 533 036 040 031 044 048 050 052 112 056 084 204 060 064 068 070 072 074 076 086 096 100 854 108 116 120 124 132 136 140 148 152 156 162 166 170 174 178 180 184 188 384 191 192 196 203 208 262 Alpha-3 AFG ALA ALB DZA ASM AND AGO AIA ATA ATG ARG ARM ABW AUS AUT AZE BHS BHR BGD BRB BLR BEL BLZ BEN BMU BTN BOL BIH BWA BVT BRA IOT BRN BGR BFA BDI KHM CMR CAN CPV CYM CAF TCD CHL CHN CXR CCK COL COM COG COD COK CRI CIV HRV CUB CYP CZE DNK DJI © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Alpha-2 AF AX AL DZ AS AD AO AI AQ AG AR AM AW AU AT AZ BS BH BD BB BY BE BZ BJ BM BT BO BA BW BV BR IO BN BG BF BI KH CM CA CV KY CF TD CL CN CX CC CO KM CG CD CK CR CI HR CU CY CZ DK DJ Author ML Document name Web Service Guide Date May 2011 Page number 108 Phone 08444 828 200 Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia 212 214 218 818 222 226 232 233 231 238 234 242 246 250 254 258 260 266 270 268 276 288 292 300 304 308 312 316 320 831 324 624 328 332 334 336 340 344 348 352 356 360 364 368 372 833 376 380 388 392 832 400 398 404 296 408 410 414 417 418 428 422 426 430 DMA DOM ECU EGY SLV GNQ ERI EST ETH FLK FRO FJI FIN FRA GUF PYF ATF GAB GMB GEO DEU GHA GIB GRC GRL GRD GLP GUM GTM GGY GIN GNB GUY HTI HMD VAT HND HKG HUN ISL IND IDN IRN IRQ IRL IMN ISR ITA JAM JPN JEY JOR KAZ KEN KIR PRK KOR KWT KGZ LAO LVA LBN LSO LBR © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Public Version 5.28 DM DO EC EG SV GQ ER EE ET FK FO FJ FI FR GF PF TF GA GM GE DE GH GI GR GL GD GP GU GT GG GN GW GY HT HM VA HN HK HU IS IN ID IR IQ IE IM IL IT JM JP JE JO KZ KE KI KP KR KW KG LA LV LB LS LR Author ML Document name Web Service Guide Date May 2011 Page number 109 Phone 08444 828 200 Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, the former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory, Occupied Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines 434 438 440 442 446 807 450 454 458 462 466 470 584 474 478 480 175 484 583 498 492 496 499 500 504 508 104 516 520 524 528 530 540 554 558 562 566 570 574 580 578 512 586 585 275 591 598 600 604 608 612 616 620 630 634 638 642 643 646 654 659 662 666 670 LBY LIE LTU LUX MAC MKD MDG MWI MYS MDV MLI MLT MHL MTQ MRT MUS MYT MEX FSM MDA MCO MNG MNE MSR MAR MOZ MMR NAM NRU NPL NLD ANT NCL NZL NIC NER NGA NIU NFK MNP NOR OMN PAK PLW PSE PAN PNG PRY PER PHL PCN POL PRT PRI QAT REU ROU RUS RWA SHN KNA LCA SPM VCT © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Public Version 5.28 LY LI LT LU MO MK MG MW MY MV ML MT MH MQ MR MU YT MX FM MD MC MN ME MS MA MZ MM NA NR NP NL AN NC NZ NI NE NG NU NF MP NO OM PK PW PS PA PG PY PE PH PN PL PT PR QA RE RO RU RW SH KN LC PM VC Author ML Document name Web Service Guide Date May 2011 Page number 110 Phone 08444 828 200 Samoa San Marino São Tomé and Príncipe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe 882 674 678 682 686 688 690 694 702 703 705 090 706 710 239 724 144 736 740 744 748 752 756 760 158 762 834 764 626 768 772 776 780 788 792 795 796 798 800 804 784 826 840 581 858 860 548 862 704 092 850 876 732 887 894 716 WSM SMR STP SAU SEN SRB SYC SLE SGP SVK SVN SLB SOM ZAF SGS ESP LKA SDN SUR SJM SWZ SWE CHE SYR TWN TJK TZA THA TLS TGO TKL TON TTO TUN TUR TKM TCA TUV UGA UKR ARE GBR USA UMI URY UZB VUT VEN VNM VGB VIR WLF ESH YEM ZMB ZWE © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. WS SM ST SA SN RS SC SL SG SK SI SB SO ZA GS ES LK SD SR SJ SZ SE CH SY TW TJ TZ TH TL TG TK TO TT TN TR TM TC TV UG UA AE GB US UM UY UZ VU VE VN VG VI WF EH YE ZM ZW Public Version 5.28 Author ML Document name Web Service Guide Date May 2011 Page number 111 Phone 08444 828 200 Public Version 5.28 APPENDIX D – Performing a LUHN Check The following steps are involved in this calculation: Step 1 order). Double the value of alternate digits beginning with the first right hand digit (low Step 2 Add the individual digit comprising the products obtained in Step 1 to each of the unaffected digits in the original number. Step 3 Subtract the total obtained in Step 2 from the next higher number ending in 0 (this is the equivalent of calculating the “ten complement” of the low order digit (unit digit) of the total). If the total obtained in Step 2 is a number ending in zero (30, 40, etc.), the check digit is 0. Example: Account Number without check digit 4929 123 123 12 Step 1 4 9 2 X2 4 18 9 1 X2 2 18 2 3 X2 1 4 1 2 X2 3 2 3 1 X2 2 6 2 X2 1 4 Step 2 4+1+8+2+1+8+1+4+3+2+2+6+1+4= 47 Step 3 50 – 47 = 3 Therefore check digit is 3 and complete card number is 4929 123 123 123 © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 112 Public Version 5.28 APPENDIX E – Commidea Error Codes Error Code 0001 0002 General Description Additional Technical Description (if required) Unspecified error Invalid transaction type 0003 Invalid card / invalid Track2 0004 Card scheme not recognised 0005 Card scheme not accepted 0006 Invalid card number (lcd) 0007 Invalid card number length 0008 Invalid card number (pcd) 0009 Expired card 0010 Card not yet valid 0011 Invalid card service code The Track2 service code is invalid. 0012 0013 File or XML missing or wrong format File permanently locked 0014 Out of memory 0015 Account number does not exist A required file or XML is missing or has wrong format. A file required by the EFT library was still locked after EFT FIO TRIES attempts. The library has failed to allocate sufficient heap. The requested account number does not exist. 0016 Value exceeds ceiling limit Purchase value exceeds card scheme ceiling limit 0017 Cashback exceeds ceiling limit 0018 Transaction currency is invalid 0019 Lay aways are not allowed 0020 Lay away already stored 0021 EFT system not configured 0022 0023 Internal error, buffer too small Unknown comms device type 0024 Configuration file is invalid 0025 No valid accounts 0026 Invalid channel Cashback value exceeds card scheme ceiling limit The transaction currency code is invalid or incorrect for the given site. Attempt to lay away invalid / lay aways are not allowed Attempt to lay away a transaction where there is already a transaction laid away on that card The EFT system has not been configured A buffer is too small Invalid / unknown communications device type Configuration file is invalid / bad format There are no valid accounts specified in the TillInfo.cfg Invalid channel An example of this could be a Refund being passed when the site are not set up to do so. A trace of what was passed will be in the system log. General card error. Track2 must either be ;PAN=YYMMsss……?x or just the PAN. The card Issuer Identification Number (IIN) has not been located in the IIN table. The IIN is typically the first 4 to 6 digits of the card number. The card has been identified, but the card scheme is not accepted at the given site. The LUHN check digit is incorrect (the card has been mis-keyed or mis-swiped). The length of the PAN is incorrect for the given card scheme. The pen-ultimate check digit is invalid. Recommended Action Contact Commidea Use alternative method for transaction type. Re-enter card number or re-swipe card Prompt for alternate method of payment Reject Transaction Re-enter card number or re-swipe card Re-enter card number or re-swipe card Re-enter card number or re-swipe card Prompt for alternate method of payment Prompt for alternate method of payment Prompt for alternate method of payment Contact Commidea Contact Commidea Contact Commidea Check the account number configuration of the system, ensuring it matches that configured within WinTI Prompt for alternative method of payment. Arrange to increase ceiling limits Revise transaction cash-back value Prompt for alternate method of payment Check communications configuration Check system configuration Check system configuration Check> · 2 transactions aren’t being passed down the same channel. · 2 tills aren’t using the same channel number. © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 113 Public Version 5.28 · WinTI EFTChans within the registry has enough available channels set (Socket mode only). 0027 System error (Track2 check module has not been loaded) 0028 0029 System error –module not loaded General transaction error Transaction store unavailable 0030 Unspecified error Unspecified error 0031 0032 0033 Transaction cancelled EFT library is unavailable The error message is made up of a combination of text (1 to 6) with the applicable field name inserted, as applicable. For example: Net value out of tolerance, is 123.45, should be 123.00 +/- 1 0034 Unspecified error:2 Library not open Possible text for error: () should be X to Y characters in length. out of range, should be X to Y. out of tolerance, is X, should be X +/- Z. Line discount not available for Cendant cards. Line count (X) doesn’t match header -> CPC lines (Y). Separate post and packing only on Amex cards. Where = part number, part description, commodity code, unit of measure, quantity, net value, VAT amount, gross value, PAN, PO number, customer number, customer name, customer VAT no, destination zip, destination country code, order date, original invoice number, cost centre, invoice net amount, invoice VAT amount, post and packing VAT, invoice gross or transaction total. Invalid CPC data Modifier field invalid/missing 0035 0036 0037 Invalid card / invalid Track 1 Invalid card / invalid Track 3 Invalid / missing expiry date 0038 Invalid / missing issue number 0039 Invalid / missing start date 0040 Purchase/refund value bad or missing Cash-back value bad or missing Auth code value bad or missing Cheque account number value bad or missing Invalid cheque sort code 0041 0042 0043 0044 0045 0046 0047 Invalid / missing cheque number Invalid / missing cheque type Invalid EFT serial number 0048 Unexpected CPC data Transaction store unavailable As the modifier is passed within the T record the host software is likely to be the cause of this Track 1 is invalid Track 3 is invalid The expiry date is either invalid or missing. If key entered, the format should be MMYY The issue number is either invalid (value or length) or missing The start date is either invalid or missing. If key entered, the format should be MMYY. The transaction value is either invalid or missing The cash-back value is either invalid or missing The authorisation code is either invalid or missing The cheque account number is either invalid or missing The cheque sort code is either invalid or missing Re-enter transaction Check Live Store. Check hard disk space. Check system log for indication of error. Channel available for next transaction Re-swipe card Re-swipe card Re-enter expiry date or re-swipe card Re-enter issue number or re-swipe card Re-enter start date or re-swipe card Re-enter transaction Re-enter transaction Re-enter cheque account number Re-enter sort code Re-enter cheque number The EFT serial number is either invalid or missing in the .Cnf file Purchasing card invoice data has been presented for a non- Re-enter cheque type Re create *.cnf Re-enter transaction without invoice data or prompt for a valid Purchasing © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 0049 Transaction already confirmed or rejected 0050 Copy protection failure 0051 Post confirm reversal not allowed for PWCB or Cash Advance (reserved for future use) 0052 0053 Transaction data supplied in post conf rev not consistent with store (reserved for future use) Transaction already void 0054 Card on hot list 0055 Attempt to confirm a declined transaction 0056 0057 0058 EFT_ERR_BAD_CV2 EFT_ERR_BAD_AVS Invalid Merchant Details 0059 Invalid Mobile Number Format 0060 0065 Invalid/missing bank account number Token does not exist or invalid token for this merchant system Unexpected / Invalid Authorisation Response Invalid voucher target type 0066 Invalid Refund Pin 0067 Report Not Supported 0068 0069 0070 Report Failed Gratuity value exceeded Invalid Capture Not Supported Cashback not allowed by card 0062 0064 0071 0072 0073 Cash advance not allowed by card Max refund value exceeded 0074 Bill Already Complete 0075 No ETU accounts 0076 Card is online only Document name Web Service Guide Date May 2011 Page number 114 Purchasing Card (where invoice data is not valid/required) Attempt to confirm or reject a transaction, which has already been confirmed or rejected Could be a permission problem on the PC Attempt to perform a post confirm reversal on a PWCB or Cash Advance has been dis-allowed (as post confirm reversals are not supported when cash is involved) The details supplied in the post confirm reversal message is not consistent with the data stored for the transaction to be reversed Attempt to perform a post transaction reversal has failed because the transaction has already been voided/reversed The card number is on the locally stored host list (received from the acquirer and/or entered by the customer). The card must be rejected The format of the confirmation message is invalid (confirming a declining transaction). The confirmation message should contain a command value of 2 (reverse/reject) and not a value of 1 (confirm). CV2 is invalid AVS is invalid Merchant Details passed in XML Gateway are Invalid. The Mobile Number format passed is incorrect The bank account number within the supplied T-Record is incorrect. The Token ID supplied is incorrect or invalid for the merchant system Unexpected / Invalid Authorisation Response from M-Voucher Host The Target Voucher Type is invalid (M-Voucher) The refund pin entered is invalid The Report ID supplied is either invalid or does not correspond to a report that is supported Integrated report failed Check Gratuity Value Check Ocius settings Card does not allow cashback Card does not allow cash advance Refund transaction value is greater than the maximum refund value set on the account The bill being cancelled is already completed and therefore cannot be cancelled. Attempt to process ETU transaction without ETU accounts being present on terminal Attempt to process an online only card whilst offline Public Version 5.28 Card Reverse transaction manually (as cash is involved) Prompt for alternate method of payment Check CV2 and re-enter Check AVS and re-enter Check both the GUID and Passcode information that being passed to the XML Gateway Please check and re-enter the mobile number supplied. Check the bank number being passed and re-enter as necessary. Check the Token ID is correct and for use with the current merchant system Please contact Commidea Support Please contact Commidea Support Please enter the correct refund pin if continues to fail, please contact Commidea Support Check the Report ID that is being passed Contact Commidea Check Gratuity Value Capture Method Not Set correctly Use a different card or proceed without cashback Use a different card Reduce transaction value N\A Contact Commidea Check network or use another card © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 115 0077 Cancel Failed - In Payment on xxx.xxx.xxx.xxx 0078 0079 Login failed Confirmation Status Unknown 0080 Bill Reference Already Exists 0081 Print Report Failed 0082 0083 0084 Network Error Invalid Record PED User already logged in 0085 PED User not logged in Attempt to cancel a lodged Bill failed, usually locked on a specific terminal User ID or PIN is incorrect An invalid confirmation response has been received or the confirmation message to be sent was not saved Attempt to lodge a Bill into I-Link that already exists The request report failed to generate or print Error in Network Invalid Record A Login command has been received, but a user is already logged in The terminal needs to be logged in 0086 Submission of offline transactions failed The submission of the offline stored transactions have failed. 0087 Problem in network 0088 Voice Referral Timeout 0089 0090 Invalid Account ID Service Not Allowed There has been a problem in the network. The voice referral transaction has taken too long. Invalid Account ID Service code not supported 0091 Card Not Accepted Card type not accepted 0092 Unknown Card Unknown card type 0093 Not In IIN Range Unknown card type 0094 Application Blocked 0095 Card Blocked The terminal cannot accept this card type The card has been blocked. 0096 0097 Card Error Authorisation Error 0098 Unknown Client Unknown Transaction Source Unknown Message 0099 Transaction/Bill Cancelled 0100 Pin Bypass Failed 0101 Invalid Terminal Country Code' 0102 0103 User has no permissions on specified account Invalid Currency Code' Check account permissions in WebCom. The Currency Code passed is invalid. 0104 Invalid EMV Terminal Type' 0105 Unknown Message Type 0106 General Enqueue Error The EMV Terminal Type passed is invalid The message type received by server side is not recognised General Commidea Enqueueing There is a problem with the Card The authorisation process has been interrupted or is not responding. When using transaction processing, if no POS Routing has been configured for the IP Address or File Name where the transaction originates from, ILink does not know where to send the transaction. It therefore rejects it with this message. When a transaction has been cancelled by the user, the system or an ICC card, this error message will be sent. ICC Card does not allow Pin Bypass. The Terminal Country Code passed is invalid Public Version 5.28 Leave for configured amount of time before retrying cancel routine. Check login details and try again Clear the original Bill, or re-send this one using an alternative reference. Check printer settings, network connection and try again. Check network. The record received is invalid. Log the terminal off first, or simply pass a transaction. Send a login command to the terminal, or manually login using the on-screen prompts, then re-send the transaction. The transactions will still be stored on the terminal. Re-try, and if still having problems contact The Merchant Helpdesk. Re-try or cancel. Use another card, or cancel the transaction Use another card, or cancel the transaction Use another card, or cancel the transaction Use another card, or cancel the transaction Use another card, or cancel the transaction Use another card, or cancel the transaction. Re-try or use another card. Check ILink & WinTI are running – or when using ICP, contact Commidea Merchant Helpdesk. Configure POS routing for that Point Of Sale. Use another card. Please check the ISO Country Codes table and make sure the code being passed is correct. Please contact Commidea Support Please check the ISO Currency Codes table and make sure the code being passed is correct. Please check the EMV Terminal Type that is being passed is valid. Please contact Commidea Support Please contact Commidea Support © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Error The transaction confirmation has errored. 0107 Transaction Confirmation Error 0108 Payer Auth Error The Payer Auth has encountered an error. 0109 Ukash Auth Error The Ukash transaction has encountered an error. 0110 Encryption Failure 0111 0112 Unable to build Auxillary Data Record Transaction rejection error An error has occurred in the data encryption. The auxillary data record failed to build correctly The attempt to reject the transaction has errored 0113 Unknown Terminal 0114 0115 Invalid Download Type Terminal Registration Failed 0116 Terminal has been deactivated 0117 Comms down 0118 M-Voucher Service Unavailable 0119 Barclays Bonus Service Unavailable 0120 Token Server Error 0121 0124 Purchase transaction type not allowed on token Refund transaction type not allowed on token Cashback transaction type not allowed on token Token expired 0125 Invalid TokenID 0126 Token has no Txn Type Permissions Invalid Token expiration date 0122 0123 0127 Document name Web Service Guide Date May 2011 Page number 116 The terminal\PTID is not recognised The download type is invalid The attempt to register the terminal has failed The terminal has been marked as deactivated. Acquirer has been blocked in the database as acquirer is not processing any authorisations (comms down) This is when the terminal is in offline mode at the start of a transaction, and cannot connect to the hosted server to allow MVoucher Error response when Comms failure between server application and XLS Host experienced. The Token Server has encountered an error The token provided does not allow purchase transactions The token provided does not allow refund transactions The token provided does not allow cashback transactions The token provided has passed its expiry date The token provided is invalid The Token Registration has no transaction permissions The token expiration date provided is invalid The processing database that is passed in the client header is either missing or invalid. 0128 ProcessingDB Missing or Invalid 0129 Invalid Original Barclays Gift Transaction ID Invalid Barclays Gift Configuration The Original Gift Transaction ID provided is invalid Your Barclays Gift Configuration is invalid 0132 Barclays Gift Service Unavailable Merchant Reference Required 0133 Account On File Not Allowed The Barclays Gift Service is temporarily unavailable Your current configuration requires a Merchant Reference to be passed. Terminal is operating in offline mode 0130 0131 Public Version 5.28 Please retry the confirmation and if continues to fail please contact Commidea Support Please check the error message response and contact Commidea support. Please check the error message response and Contact Commidea Support. Please contact Commidea Support Please contact Commidea Support Please retry the rejection and if continues to fail please contact Commidea support Please contact Commidea Support Please contact Commidea Support Please retry the registration if it continues to fail, please contact Commidea Support Please contact Commidea Support Please contact Commidea Support Please contact Commidea Support Please contact Commidea Support Please contact Commidea Support Please supply another token that allows purchase transactions Please supply another token that allows refund transactions Please supply another token that allows cashback transactions Please register a new token Please supply another token or contact Commidea Support Please resubmit the token request with transaction permissions enabled Please resubmit the token request with a valid token expiration date Please check that the message you are sending has the processing database set in the client header and that it is valid (as per the transaction\payer auth request) Please check the Original Transaction ID and try again. Please check the configuration and download to the terminal. If the problem continues please contact support. Please contact Commidea Support Please re-submit the transaction with the Merchant Reference populated. Please check that the terminal is online Please check the configuration of the account © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 Document name Web Service Guide Date May 2011 Page number 117 Account does not allow Account On file CNP transactions EFT transaction capture method does not support registration of details for Account On File processing The card scheme doesn't allow processing of keyed card numbers A timeout has occurred whilst waiting for the card and Transactions has been cancelled The card presented does not support cash advance and needs to be represented as a purchase txn. Check Gratuity Value The application has timed out waiting for a Barclays Gift response 0134 Card not allowed to be keyed 0135 Timeout Waiting for Card 0137 Present Cash Advance Transaction As Purchase 0138 0139 Gratuity Value Incorrect Transaction Timeout 0140 Schedule Payment registration failed. The scheduled payment registration has failed. 0141 Ocius migration failed 0150 Invalid PayPoint Configuration 0151 No PayPoint Accounts 0152 PayPoint Service Unavailable 0153 PayPoint Download Required The Ocius migration failed on the database because the migration has not been setup / enabled The PayPoint configuration that you have setup is invalid. There are no PayPoint accounts available. The PayPoint service is currently unavailable A PayPoint download is required 0154 PayPoint Account Extraction Failed PayPoint account file extraction has failed. 0155 PayPoint Transaction Type Not Allowed Invalid PayPoint TopUp Type The PayPoint transaction type provide is not allowed The PayPoint TopUp type provided is invalid The PayPoint Service Provider provided is invalid The PayPoint Scheme provided is invalid The PayPoint Scheme Option provided is invalid The PayPoint Amount provided is invalid The PinPad is currently unavailable 0156 0157 0158 0159 Invalid PayPoint Service Provider Invalid PayPoint Scheme 0160 Invalid PayPoint Scheme Option Invalid PayPoint Amount 0161 No PinPad Available 0189 Invalid refund password 0999 Token Server Error 1000 1001 Generic Error Merchant Supplied Bad Data 1002 1003 Bad Source URL Attempting to use a TokenID and a PAN at the same time Curl Error Couldn't Extract Error Code from Response Failed to Retrieve System Config Unusual Data Supplied (Possible Attack) 1004 1005 1006 1007 An invalid refund password has been supplied during the transaction, and was rejected by the database Start date or issue data supplied is incorrect or missing Generic Capture Error The information supplied in the post is incorrect The source URL is unrecognised A TokenID and PAN were received for the same transaction Communication Error The error code returned could not be extracted PayPage has failed to retrieve your System Configuration The data that has been supplied is suspicious Public Version 5.28 Check the transaction details that you have passed. Use another card, or cancel the transaction Reprocess Transaction. Reprocess Transaction as a purchase Check Gratuity Value Please check whether the gift request has gone through and if necessary please try again. Please attempt to re-register the scheduled payment or contact Commidea Support Contact Commidea to arrange for migration Please contact Commidea Support Please contact Commidea Support Please retry the payment or contact Commidea support Please perform a configuration file update to your terminal Please retry the download if it continues to fail please contact Commidea Support Please check the Transaction Type supplied and correct Please check the TopUp Type supplied and correct Please check the Service Provider supplied and correct Please check the Scheme supplied and correct Please check the Scheme Option supplied and correct Please check the Amount supplied and correct Please check the PinPad is available for use, please contact Commidea Support if the problem persists. Please contact Commidea Support Please check you are passing the appropriate required fields Please contact Commidea Support Please check the data that you are sending and retry. Please contact Commidea Support Please check the data that is being passed Please contact Commidea Support Please contact Commidea Support Please contact Commidea Support Please check the data that you are sending and contact Commidea support © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited. Author ML Phone 08444 828 200 1008 1009 1010 Failed to Retrieve Session Data Failed to Create New Session 1012 Bad SessionID received from end user Bad PIN received from end user Session Finished 1013 Failed to extract PA Data 1014 Session Expired 1011 Document name Web Service Guide Date May 2011 Page number 118 PayPage has failed to retrieve your session data PayPage has failed to create a new session The sessionID provided by the front end is incorrect. The PIN provided by the front end is incorrect. The session that you are trying to use has already finished. An error has occurred trying to decrypt\extract the Payer Auth data The session that you are trying to use has expired. Public Version 5.28 Please retry the payment or contact Commidea support Please retry the payment or contact Commidea support Please check the data that you are sending and retry. Please check the data that you are sending and retry. Please retry the payment or contact Commidea support Please retry the payment or contact Commidea support Please retry the payment or contact Commidea support © 2011 COMMIDEA LTD All rights reserved. Copying and/or redistribution of this information in whole or in part without the express permission of Point International prohibited.

Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : Yes
Tagged PDF                      : Yes
XMP Toolkit                     : Adobe XMP Core 4.0-c321 44.398116, Tue Aug 04 2009 14:24:39
Producer                        : Acrobat Distiller 8.2.6 (Windows)
Company                         : PresentationSupport
Source Modified                 : D:20110531082540
Create Date                     : 2011:05:31 09:26:51+01:00
Creator Tool                    : Acrobat PDFMaker 8.1 for Word
Modify Date                     : 2011:05:31 09:31:47+01:00
Metadata Date                   : 2011:05:31 09:31:47+01:00
Document ID                     : uuid:917e09f8-cea9-422e-b820-ce8a6d3ceb03
Instance ID                     : uuid:fd485994-c812-4ebc-9a40-e825a0943c90
Subject                         : 6
Format                          : application/pdf
Creator                         : michael.lovelock
Title                           : 
Page Count                      : 118
Page Layout                     : OneColumn
Author                          : michael.lovelock
EXIF Metadata provided by EXIF.tools

Navigation menu