VeriSign Payment Services - pacbuilder.com · VeriSign Payment Services Payflow Pro Developer’s...
Transcript of VeriSign Payment Services - pacbuilder.com · VeriSign Payment Services Payflow Pro Developer’s...
VeriSign Payment Services
Payflow Pro Developer’s GuideCustomer Support: 1.888.883.9770
[email protected], Inc. 00000013/Rev. 7
VeriSign Payment Services Payflow Pro Developer’s Guide
ii VeriSign, Inc. 00000013/Rev. 7
DISCLAIMER AND LIMITATION OF LIABILITY
VeriSign, Inc. has made efforts to ensure the accuracy and completeness of the information in this document. However,VeriSign, Inc. makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein.VeriSign, Inc. assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.
Further, VeriSign, Inc. assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. VeriSign Inc. reserves the right to make changes to any information herein without further notice.
TRADEMARKS
VeriSign, the VeriSign logo, VeriSign Intelligence and Control Services, VeriSign Trust Network, Payflow, Payflow Pro, Payflow Link, XMLPay, and other trademarks, service marks, and logos are registered or unregistered trademarks of VeriSign and its subsidiaries in the United States and in foreign countries. Other trademarks and service marks in this document are the property of their respective owners.
This document may describe features and/or functionality that are not present in your software or your service agreement. Contact your account representative to learn more about what is available with this VeriSign product.
VeriSign Payment Services Payflow Pro Developer’s Guide
VeriSign, Inc. 00000013/Rev. 7
Copyright © 1998 - 2004 VeriSign, Inc. All rights reserved.Printed in the United States of America.
Publication date: June 2004
Contents
Contents
Summary of Revisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
About Payflow Pro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1How Payflow Pro Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Payflow Pro Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Pre-integrated Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Supported Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Supported Credit Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Supported Payment Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Payflow Recurring Billing Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
VeriSign Payment Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Processor Contact Information: Transaction Settlement . . . . . . . . . . . . . 6
About this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8About Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2. Installing and Configuring the Payflow Pro SDK . . . . . . . . . . 11
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Preparing the Payflow Pro Client Application . . . . . . . . . . . . . . . . . . . . . . . 11
3. Performing Credit Card Transactions . . . . . . . . . . . . . . . . . . . . . 13
About Credit Card Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Obtaining an Internet Merchant Account . . . . . . . . . . . . . . . . . . . . . . . . 14Planning Your Payflow Pro Integration . . . . . . . . . . . . . . . . . . . . . . . . . . 15E-commerce Indicator (ECI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Credit Card Transaction Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Command Syntax Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Parameters Used in Credit Card Transactions . . . . . . . . . . . . . . . . . . . . . . 19Viewing Processor-specific Transaction Results: Verbosity . . . . . . . . . . . . 23
Supported Verbosity Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Changing the Verbosity Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Values Required by All Transaction Types . . . . . . . . . . . . . . . . . . . . . . . . . 25
VeriSign, Inc. 00000013/Rev. 7 iii
VeriSign Payment Services Payflow Pro Developer’s Guide
Performing Sale Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Additional Required Parameters for Sale Transactions . . . . . . . . . . . . . 25Example Sale Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Performing Credit Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Additional Required Parameters for Credit Transactions . . . . . . . . . . . . 26Fields Copied From the Original Transaction into the Credit Transaction 27
Performing Void Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Additional Required Parameters for Void Transactions . . . . . . . . . . . . . 28Fields Copied From the Original Transaction into the Void Transaction . 28
Performing Voice Authorization Transactions . . . . . . . . . . . . . . . . . . . . . . . 29Additional Required Parameters for Voice Authorization Transactions . . 29Example Voice Authorization Transaction . . . . . . . . . . . . . . . . . . . . . . . 30
Performing Inquiry Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Using the PNREF to Perform Inquiry Transactions . . . . . . . . . . . . . . . . . 30Using the CUSTREF to Perform Inquiry Transactions . . . . . . . . . . . . . . 30
Performing Authorization/Delayed Capture Transactions . . . . . . . . . . . . . . 31Additional Required Parameters for Authorization Transactions . . . . . . . 31Additional Required Parameters for Delayed Capture Transactions . . . . 31Fields Copied From the Authorization Transaction into the
Delayed Capture Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Performing Purchasing Card Transactions . . . . . . . . . . . . . . . . . . . . . . . . . 34Performing Reference Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Transaction Types that can be Used as the Original Transaction . . . . . . 35Fields Copied From Reference Transactions . . . . . . . . . . . . . . . . . . . . . 35Example Reference Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Using Address Verification Service (AVS) . . . . . . . . . . . . . . . . . . . . . . . . . 37Processors Supporting AVS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Example AVS Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Example AVS Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Card Security Code (CSC) Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Processors and Credit Cards Supporting CSC . . . . . . . . . . . . . . . . . . . . 40CSC Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Example CVV2 Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Example CVV2MATCH Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Performing Card-Present (Swipe) Transactions . . . . . . . . . . . . . . . . . . . . . 42Supported Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Card-present Transaction Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Example Card-present Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Logging Transaction Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
iv VeriSign, Inc. 00000013/Rev. 7
Contents
4. Responses to SDK Credit Card Transaction Requests . . . . 45
Contents of a Response to a Credit Card Transaction Request . . . . . . . . . 45PNREF Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
PNREF Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47RESULT Codes and RESPMSG Values . . . . . . . . . . . . . . . . . . . . . . . . . . 47
RESULT Values for Transaction Declines or Errors . . . . . . . . . . . . . . . . 48RESULT Values for Communications Errors . . . . . . . . . . . . . . . . . . . . . 53
5. Testing Payflow Pro Credit Card Transactions . . . . . . . . . . . . 55
Testing Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Differences Between Responses Returned by Live (Production)
Servers and Test Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Credit Card Numbers Used for Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Testing Result Codes Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
VeriSign Result Codes Returned Based on Transaction Amount . . . . . 57Alternative Methods for Generating Specific Result Codes . . . . . . . . . . 58
Testing Address Verification Service (AVS) . . . . . . . . . . . . . . . . . . . . . . . . 60Testing Card Security Code (CVV2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Testing TeleCheck Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
6. Activating Your Payflow Account . . . . . . . . . . . . . . . . . . . . . . . . . 63
A. Processors Requiring Additional Transaction Parameters 65
American Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Additional Credit Card Parameters, American Express . . . . . . . . . . . . . 66Commercial Card Parameters, American Express . . . . . . . . . . . . . . . . . 67
First Data Merchant Services (FDMS) Nashville . . . . . . . . . . . . . . . . . . . . 68Additional Credit Card Parameters, FDMS Nashville . . . . . . . . . . . . . . . 68Commercial Card Parameters, FDMS Nashville . . . . . . . . . . . . . . . . . . 70
First Data Merchant Services (FDMS) South . . . . . . . . . . . . . . . . . . . . . . . 71Additional Credit Card Parameters, FDMS South . . . . . . . . . . . . . . . . . 71Purchase Card Parameters, FDMS South . . . . . . . . . . . . . . . . . . . . . . . 71Purchase Card Line Item Parameters, FDMS South . . . . . . . . . . . . . . . 74Purchase Card Level 2 and 3 Example . . . . . . . . . . . . . . . . . . . . . . . . . 75Line Item Parameter Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Nova . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Additional Credit Card Parameters, Nova . . . . . . . . . . . . . . . . . . . . . . . . 76
VeriSign, Inc. 00000013/Rev. 7 v
VeriSign Payment Services Payflow Pro Developer’s Guide
Commercial Card Parameters, Nova . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Paymentech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Additional Credit Card Parameters, Paymentech . . . . . . . . . . . . . . . . . . 78Vital . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Additional Credit Card Parameters, Vital . . . . . . . . . . . . . . . . . . . . . . . . 80
B. Performing TeleCheck Electronic Check Transactions . . . . 81
TeleCheck Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81TeleCheck Transaction Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Command Syntax Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83TeleCheck Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Required Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Testing TeleCheck Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Test Transaction Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Example Test Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Preparing for TeleCheck Production Transactions . . . . . . . . . . . . . . . . . . . 88Logging Transaction Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
C. Responses to TeleCheck Transaction Requests . . . . . . . . . . 89
HOSTCODE Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
D. Purchasing Card Level 2 and Level 3 Support . . . . . . . . . . . . 93
About Purchasing Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94About Program Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Accepted BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Performing American Express Purchasing Card Transactions Through the
American Express Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Supported Transaction Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Avoiding Downgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Submitting Successful Level 3 Transactions . . . . . . . . . . . . . . . . . . . . . . 96Edit Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Accepted BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97American Express Level 2 Transaction Data . . . . . . . . . . . . . . . . . . . . . 98Example American Express Level 2 Transaction . . . . . . . . . . . . . . . . . . 98American Express Level 3 Transaction Data . . . . . . . . . . . . . . . . . . . . . 99Example American Express Level 3 SDK Transaction . . . . . . . . . . . . . 101Example American Express Level 3 XMLPay Transaction . . . . . . . . . . 101
Performing Global Payments - Central Purchasing Card Transactions . . 106
vi VeriSign, Inc. 00000013/Rev. 7
Contents
Global Payments - Central Level 2 Parameters . . . . . . . . . . . . . . . . . . 106Example Global Payments - Central Level 2 Visa or MasterCard
Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Performing Global Payments - East Purchasing Card Transactions . . . . 107
Global Payments - East Level 2 Parameters . . . . . . . . . . . . . . . . . . . . 107Example Global Payments - East Level 2 Visa or MasterCard
Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Performing Nova Purchasing Card Transactions . . . . . . . . . . . . . . . . . . . 108
Nova Level 2 Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Example Nova Level 2 Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Performing Paymentech Level 2 Purchasing Card Transactions . . . . . . . 109Paymentech Level 2 Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Example Paymentech Level 2 Transactions . . . . . . . . . . . . . . . . . . . . . 109
Performing Vital Level 2 Purchasing Card Transactions . . . . . . . . . . . . . 110Vital Level 2 Transaction Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Example Vital Level 2 Visa Transaction . . . . . . . . . . . . . . . . . . . . . . . . 110
E. Additional Reporting Parameters . . . . . . . . . . . . . . . . . . . . . . . . 111
F. XMLPay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
About XMLPay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115XMLPay 2.0 Core Specification Document . . . . . . . . . . . . . . . . . . . . . . . . 115
G. ISO Country Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
H. Codes Used by FDMS South Only: Country Codes, Units of Measure, and Currency Codes . . . . . . . . . . . . . . . . . . 123
MasterCard Country Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Visa Country Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Units of Measure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134FDMS South Currency Codes and Decimal Positions . . . . . . . . . . . . . . . 139
I. Ensuring Safe Storage and Use of Passwords . . . . . . . . . . . . 141
Overview of the Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Fraud Prevention Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142Overview of the Example Password Encryption Program . . . . . . . . . . . . 142
Included Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
VeriSign, Inc. 00000013/Rev. 7 vii
VeriSign Payment Services Payflow Pro Developer’s Guide
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Encrypting the Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Submitting Transactions Using the Encrypted Password . . . . . . . . . . . . . 144Code Listings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
encrypt.pl Code Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144PFProEncrypt.java Code Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145securetest.pl Code Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149PFProSecure.java Code Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
J. Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
viii VeriSign, Inc. 00000013/Rev. 7
e
Summary of Revisions
Document 00000013/Rev. 7The following changes were made to this document since the last revision:
Recurring indicator supported by additional processors.
American Express and Nova processors now support the RECURRING indicator. See “Additional Credit Card Parameters, American Express” on page 66 and “Additional Credit Card Parameters, Vital” on page 80.
Recurring indicator usage
For processors that use the RECURRING indicator (American Express, FDMS Nashville, Nova, Paymentech, and Vital): If the RECURRING indicator was set to Y for the original transaction, then the setting is ignored when forming Credit, Force, and Void transactions.
See “Additional Credit Card Parameters, American Express” on page 66, “Additional Credit Card Parameters, FDMS Nashville” on page 68, “Additional Credit Card Parameters, American Express” on page 66, “Additional Credit Card Parameters, Paymentech” on page 78, and “Additional Credit Card Parameters, Vital” on page 80.
PNREF value The first character in the PNREF (Transaction ID) value can now be any alphabetic character. It is no longer restricted to V.
See “PNREF Value” on page 47.
Nova: Card-present (swipe) transaction support
VeriSign is now certified to submit card-present (swipe) transactions for the Nova processor.
See “Performing Card-Present (Swipe) Transactions” on page 42. All processors supporting swipe are listed in the section.
Purchasing card support
Purchasing Card Level 2 is now supported for Global Payments - Central and Nova. See “Performing Global Payments - Central Purchasing Card Transactions” on page 106 and “Performing Nova Purchasing Card Transactions” on page 108.
First Data Merchant Services South (FDMS): New parameter
The optional ORDERDATETIME parameter enables you to store thtime of a transaction with accuracy in seconds. ORDERDATETIMEsupersedes ORDERDATE and overwrites any value sent by ORDERDATE. See “Additional Credit Card Parameters, FDMS South” on page 71.
VeriSign, Inc. 00000013/Rev. 7 ix
Document 00000013/Rev. 6The following changes were made to this document since the last revision:
Document 00000013/Rev. 5
The following changes have been made to this document since the previous revi-sion:
VERBOSITY parameter
You can now control the amount of information returned for transactions. See “Viewing Processor-specific Transaction Results: Verbosity” on page 23.
Inquiry transaction enhancements
Inquiry transactions based on a CUSTREF value now return data on the most recent non-Inquiry transaction rather than the first transaction. Inquiry transactions support the new VERBOSITY parameter.
See “Performing Inquiry Transactions” on page 30.
Result Code 126 described more fully
New Payflow accounts include a “test drive” of the Fraud Protection Services at no charge.
This means that you might encounter Result 126 for transactions that triggered the test Fraud Protection filters. Result 126 is a notice to you, not an error.
Result 126 is intended to give you an idea of the kind of transaction that is considered suspicious so you can evaluate whether you can benefit from using the Fraud Protection Services.
See “RESULT Codes and RESPMSG Values” on page 47 for further clarification.
Purchasing Card support
Payflow Pro supports Purchasing Card transactions. See Appendix D, “Purchasing Card Level 2 and Level 3 Support.”
Card-present transactions
Payflow Pro supports card-present transactions (face-to-face or swipe purchases). See “Performing Card-Present (Swipe) Transactions” on page 42.
Processors supporting CSC
“Processors and Credit Cards Supporting CSC” on page 40 has been updated to reflect additional processors supporting Card Security Code validation.
Reference transactions
The section entitled “Performing Reference Transactions” on page 34 has been expanded and clarified.
VeriSign, Inc. 00000013/Rev. 7 x
Document 00000013/Rev. 4
The following change has been made to this document since the previous revision:
Document 00000013/Rev. 3
The following changes have been made to this document since the previous revi-sion:
Values copied into dependent transactions
The values that are copied from an Authorization transaction into the associated Delayed Capture transaction are listed on page 32.
The values that are copied from the original transaction into an associated Credit transaction are listed on page 27.
The values that are copied from the original transaction into the associated Void transaction are listed on page 28.
CUSTREF parameter
Added CUSTREF, a merchant-defined identifier for reporting and auditing purposes. For example, you can set CUSTREF to the invoice number. You can use the CUSTREF value to identify the original transaction when performing Inquiries.
CUSTREF is listed in “Parameters Used in Credit Card Transactions” beginning on page 19 and has been added to “Performing Inquiry Transactions” on page 30.
Processors added
Wells Fargo Bank, First Data Client Services, and Global Payments Central processors support Payflow. See “Processor Contact Information: Transaction Settlement” on page 6.
ACH Transactions
Information on Automated Clearing House (ACH) transactions has been removed from this document. For information on performing ACH transactions, contact your VeriSign Sales Representative at [email protected] or visit http://www.verisign.com/products/payflow/ach/findoutmore.html
Referenced Transactions
The list of fields copied from the referenced transaction to the new transaction has been enlarged. See “Fields Copied From Reference Transactions” on page 35.
VeriSign, Inc. 00000013/Rev. 7 xi
VeriSign Payment Services Payflow Pro Developer’s Guide
xii VeriSign, Inc. 00000013/Rev. 7
1. Introduction
VeriSign Payflow Pro is a high performance TCP/IP-based Internet payment solution. Payflow Pro is pre-integrated with leading e-commerce solutions and is also available as a downloadable software development kit (SDK).
About Payflow ProThe Payflow Pro client resides on your computer system and is available on all major Web server platforms in a variety of formats to support integration requirements. It is available as a C library (.dll/.so), binary executable, Java library, COM object, Java Native Interface, and Perl Module Interface.
Payflow Pro is multi-threaded and allows multiple concurrent transactions from a single client. It can be integrated as a Web-based or a non-Web-based application. It does not require the HTTP protocol to run, which allows for greater flexibility in configuration and reduced processing overhead for higher performance.
How Payflow Pro WorksPayflow Pro uses a client/server architecture to transfer transaction data from you to the processing networks, and then returns the authorization results to you.
VeriSign, Inc. 00000013/Rev. 7 1
VeriSign Payment Services Payflow Pro Developer’s Guide
Payflow Pro can process real-time credit card transactions and other transaction types to most of the financial processing centers in the United States.
1 The Payflow Pro client encrypts each transaction request using the latest Secure Sockets Layer (SSL) encryption and establishes a secure link with the VeriSign Payflow server over the Internet.
2 The VeriSign Payflow server, a multi-threaded processing environment, receives the request and transmits it (over a secure private network) to the appropriate financial processing network for real-time payment authorization.
3 The response (approved/declined, and so on) is received from the financial network and is returned in the same session to the Payflow Pro client.
4 The Payflow Pro client completes each transaction session by transparently sending a transaction receipt to the VeriSign server before disconnecting the session.
The entire process is a real-time synchronous transaction. Once connected, the transaction is immediately processed and the answer returned in about three seconds. Payflow Pro does not affect or define the time periods of authorizations, nor does it influence the approval or denial of a transaction by the issuer.
When integrating with Payflow Pro, you need only be concerned with passing all the required data for transaction authorization. For transactions that you want to be settled (close batch), the operation is handled by VeriSign.
Figure 1-1 Payflow Pro transaction flow
Merchant
Custom Web Applications
Shopping Carts
Bill Presentment Solutions
Internet EnabledLegacy Systems
Payflow Prosoftware
development kit
VeriSign Payflowpayment gateway
TCP/IP SSL
Merchant VeriSign
Internet
2 VeriSign, Inc. 00000013/Rev. 7
Chapter 1 Introduction
Payflow Pro AdvantagesConfigurable to any e-commerce application. Payflow Pro is ideal for enterprise merchants who require complete customizability for a controlled buyer experience.
Easy to install and implement. Downloadable from VeriSign’s Web site, Payflow Pro can be easily integrated into a customized e-commerce solution in a matter of hours.
Integration versatility. Payflow Pro can be integrated as an application library or can be run using CGI scripts.
Pre-integrated SolutionsPayflow Pro is integrated with the majority of third-party shopping carts and e-commerce applications.
For a list of shopping carts compatible with Payflow Pro, see http://www.verisign.com/products/payflow/partners/cartPartners.html.
Some VeriSign integrations are included with the third-party solution. For a list of e-commerce applications compatible with Payflow Pro, see http://www.verisign.com/products/payflow/partners/devPartners.html.
The following VeriSign integrations are available from VeriSign Manager’s Download page (https://manager.verisign.com):
– BEA Weblogic
– IBM Websphere Payment Manager
– Macromedia Cold Fusion
– Microsoft Commerce Server 2000 and 2002
– Miva
– Oracle iPayment
VeriSign, Inc. 00000013/Rev. 7 3
VeriSign Payment Services Payflow Pro Developer’s Guide
Supported ProcessorsPayflow Pro supports the following processors:
American ExpressFirst Data Merchant Services (FDMS) NashvilleFirst Data Merchant Services (FDMS) SouthGlobal Payments Central (MAPP)Global Payments East (NDCE)Nova Paymentech TeleCheckVital
Supported Credit CardsPayflow Pro supports multiple credit card types, including:
American Express/OptimaDiners ClubDiscover/NovusJCBMasterCardVisa
Supported Payment TypesPayflow Pro supports multiple payment types in a single installation, including:
Credit cardsElectronic check (TeleCheck)Delayed shipment billingPurchasing cards (also referred to as commercial cards, corporate cards, procurement cards, or business cards) Level II and Level IIIAutomated Clearing House (ACH). For information on performing ACH transactions, contact your VeriSign Sales Representative at [email protected] or visit http://www.verisign.com/products/payflow/ach/findoutmore.html
4 VeriSign, Inc. 00000013/Rev. 7
Chapter 1 Introduction
Payflow Recurring Billing ServiceVeriSign’s Payflow Recurring Billing Service is a scheduled payment solution that enables you to automatically bill your customers at regular intervals—for example, a monthly fee of $42 for 36 months with an initial fee of $129.
You enroll separately for the Payflow Recurring Billing Service. Using Payflow Pro to define and manage recurring transactions is fully described in VeriSign Payment Services Recurring Billing Guide.
Customer SupportFor problems with transaction processing or your connection to VeriSign, contact:
VeriSign Payment ServicesOnline Information: http://www.verisign.com/products/payment.html
http://www.verisign.com/support/payflow/pro/index.htmlE-mail: [email protected]
Mail: VeriSign Payment ServicesAttn: Customer Support487 E. Middlefield Rd.Mountain View, CA 94043
Phone: 1.888.883.9770result code
VeriSign, Inc. 00000013/Rev. 7 5
VeriSign Payment Services Payflow Pro Developer’s Guide
Processor Contact Information: Transaction SettlementFor questions regarding transaction settlement, contact your processor:
American Express19640 N. 31st AvenuePhoenix, AX 85027(800) 297-5555
First Data Merchant Services (FDMS) Nashville First Data Corporation2525 Perimeter Place DriveSuite 123Nashville, TN 37214(800) 647-3722
First Data Merchant Services (FDMS) SouthFirst Data CorporationBusiness Payment Services Group4000 Coral Ridge DriveCoral Springs, FL 33065(800) 326-2217
Global Payments East (NDCE)Global Payments Inc.Four Corporate SquareAtlanta, Georgia 30329-2010800-622-2318 Main corporate number: 404-235-4400
Global Payments Central (MAPP)Global Payments Inc.2045 Westport Center Dr.St. Louis, MO 63146(314) [email protected]
Nova Information Systems, Inc.Knoxville Operations Center7300 Chapman HighwayKnoxville, TN 37920-6609(800) 725-1243
6 VeriSign, Inc. 00000013/Rev. 7
Chapter 1 Introduction
Paymentech, Inc.4 Northeastern Blvd.Salem, NH 03079(800) 782-1266
TeleCheck Merchant ServicesP.O. Box 4513Houston, TX 77210-4513(800) 366-1054 (Merchant Services)
VitalVisanet Processing Services8320 South Hardy RoadTempe, AZ 85284(800) 847-2772 (Merchant Help Desk)
Wells Fargo BankMerchant Card Services 1200 Montego Way Walnut Creek, California 94598
About this DocumentThis document is organized as follows:
Chapter 2, “Installing and Configuring the Payflow Pro SDK,” shows a typical Payflow Pro installation procedure for NT and UNIX.
Chapter 3, “Performing Credit Card Transactions,” discusses credit card transaction syntax and parameters and describes how to perform transactions.
Chapter 4, “Responses to SDK Credit Card Transaction Requests,” describes the responses to credit card transaction requests.
Chapter 5, “Testing Payflow Pro Credit Card Transactions,” describes how to test your Payflow Pro integration for credit card transactions.
Chapter 6, “Activating Your Payflow Account,” specifies the steps you follow when you are ready to go live with Payflow Pro.
Appendix A, “Processors Requiring Additional Transaction Parameters,” lists processors and their processor-specific parameters.
VeriSign, Inc. 00000013/Rev. 7 7
VeriSign Payment Services Payflow Pro Developer’s Guide
Appendix B, “Performing TeleCheck Electronic Check Transactions,” discusses TeleCheck transaction syntax and parameters and describes how to perform transactions. In addition, this chapter describes testing your TeleCheck integration.
Appendix C, “Responses to TeleCheck Transaction Requests,” describes the responses to TeleCheck transaction requests.
Appendix E, “Additional Reporting Parameters,” details the parameters that can be passed to VeriSign for reporting purposes.
Appendix F, “XMLPay,” briefly describes XMLPay and tells where you may obtain a copy of VeriSign Payment Services XMLPay 2.0 Core Specification.
Appendix G, “ISO Country Codes,” lists Country Codes, Units of Measure, and Currency Codes.
Appendix J, “Frequently Asked Questions,” contains answers to the most commonly asked questions about Payflow Pro.
Related DocumentsFor descriptions of all VeriSign Payment Services products and definitions of terms used in the transaction processing field, see VeriSign Payment Services Introduction.
VeriSign Manager User’s Guide describes the use of VeriSign Manager—the Web-based administration tool that you use to process transactions manually, issue credits, and generate reports.
About SecurityIt is your responsibility to protect your passwords and other confidential data and to implement security safeguards on your Web site and in your organization, or to ensure that your hosting company or internal Web operations team is implementing them on your behalf. You or your ISP/shopping cart provider should be able to adhere to security requirements as protective as those described at: http://www.verisign.com/support/payflow/security.html
8 VeriSign, Inc. 00000013/Rev. 7
Chapter 1 Introduction
IMPORTANT! To enable you to test Payflow Pro, VeriSign provides sample transaction scripts that you customize with your VeriSign account information and password. Because the password is initially stored in the text of the program, it is vulnerable.
Do not use VeriSign's test scripts in your production environment. To minimize fraud, machine passwords should always be encrypted. You must write a program that encrypts and decrypts your Payflow Pro account password.
Appendix I, “Ensuring Safe Storage and Use of Passwords,” describes an example method for encrypting your Payflow Pro password and enabling your application to access and decrypt the password when submitting Payflow Pro transactions.
VeriSign, Inc. 00000013/Rev. 7 9
VeriSign Payment Services Payflow Pro Developer’s Guide
10 VeriSign, Inc. 00000013/Rev. 7
2. Installing and Configuring the Payflow Pro SDK
Before You BeginIf you plan to configure and customize Payflow Pro SDK yourself
You should be familiar with Web development tools and procedures. If you are not, consider letting one of VeriSign's Web development partners help you. You can find a VeriSign Web development partner at http://www.verisign.com/products/payflow/partners/solution.html
If you do not have Web development expertise and you do not want to hire someone to help you
Consider using one of the shopping carts that integrate Payflow Pro. You can find more information at http://www.verisign.com/products/payflow/partners/carts.html
Preparing the Payflow Pro Client ApplicationPayflow Pro is available on all major Web server platforms in a variety of formats to support your integration requirements. It is available as a C library (.dll/.so), binary executable, Java library, COM object, Java Native Interface, and Perl Module Interface.
Step 1 Download the Payflow Pro SDK
From the Download section of the VeriSign Manager https://manager.verisign.com, download the Payflow Pro SDK to your hard drive.
VeriSign, Inc. 00000013/Rev. 7 11
VeriSign Payment Services Payflow Pro Developer’s Guide
Step 2 Extract the files to a local directory
Step 3 Configure your firewall
Enable inbound traffic for SSL (port 443).
Step 4 Set the certificate path
To enable the client to authenticate the VeriSign Payment Services server, you must set the path to include the certs directory (included with the SDK that you downloaded).
For specific information on setting the certificate path, see the Readme file and example applications in the SDK.
Step 5 Read the Readme file
The readme.txt file includes integration information and samples that illustrate how to use the client in your development environment.
12 VeriSign, Inc. 00000013/Rev. 7
3. Performing Credit Card Transactions
This chapter describes the process of performing credit card transactions.
Responses to transaction requests are described in Chapter 4, “Responses to SDK Credit Card Transaction Requests.”
Using Payflow Pro to define and manage recurring transactions is fully described in Recurring Billing Service Guide.
Note For information on TeleCheck transactions, skip this chapter and see Appendix B, “Performing TeleCheck Electronic Check Transactions.”
In This ChapterAbout Credit Card Processing on page 14.Credit Card Transaction Format on page 17.Parameters Used in Credit Card Transactions on page 19.Values Required by All Transaction Types on page 25.Performing Sale Transactions on page 25.Performing Credit Transactions on page 26.Performing Void Transactions on page 28.Performing Voice Authorization Transactions on page 29.Performing Inquiry Transactions on page 30.Performing Authorization/Delayed Capture Transactions on page 31.Performing Purchasing Card Transactions on page 34.Performing Reference Transactions on page 34.Using Address Verification Service (AVS) on page 37.Card Security Code (CSC) Validation on page 39.Performing Card-Present (Swipe) Transactions on page 42.Logging Transaction Information on page 43.
VeriSign, Inc. 00000013/Rev. 7 13
VeriSign Payment Services Payflow Pro Developer’s Guide
About Credit Card ProcessingCredit card processing occurs in two steps — a real-time authorization and a capture (settlement) of the funds that were authorized. As discussed below, you perform these two steps either as a single transaction or as two transactions, depending on your business model.
For an authorization, VeriSign sends the transaction information to a credit card processor who routes the transaction through the financial networks to the cardholder’s issuing bank. The issuing bank checks whether the card is valid, evaluates whether sufficient credit exists, checks values such as Address Verification Service and Card Security Codes (discussed below), and returns a response: Approval, Decline, Referral, or others.
You receive the response a few seconds after you submit the transaction to VeriSign. If the authorization is approved, the bank temporarily reserves credit for the amount of the transaction to prepare to capture (fulfill) the transaction. The hold on funds typically lasts for about a week.
Note You cannot remove a hold on funds through the processing networks—you must contact the issuing bank to lift a hold early.
Capturing a transaction (also known as settling a transaction) actually transfers the funds to your bank. At least once a day, VeriSign gathers all transactions that are flagged to be settled and sends them in a batch file to the processor. The processor then charges the issuing bank and transfers the funds to your bank. It typically takes a few days before the money is actually available in your account, depending on your bank.
Obtaining an Internet Merchant AccountTo accept credit cards over the Internet, you need a special account called an Internet Merchant Account. Your account provider or acquiring bank works with a VeriSign-supported credit card processor, such as First Data, Vital, or Paymentech. To use Payflow Pro to accept live credit cards, you must provide certain details about your account to VeriSign during the “Go Live” part of the enrollment process.
14 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Note An Internet Merchant Account is separate from a merchant account used for in-person retail transactions due to the different risk profile for card-not-present (e-commerce) transactions.
VeriSign has partnered with several Internet Merchant Account providers to make applying easy. Seehttp://www.VeriSign.com/products/payflow/merchant.html
Planning Your Payflow Pro IntegrationIn designing your Payflow Pro integration, you should evaluate the following:
Whether to use a one-step or two-step transaction process. One-step: Submit a Sale transaction, which performs the authorization and (if successful) then flags the transaction for settlement. Two-step: Perform an Authorization-only transaction and then later perform a Delayed Capture transaction. The Delayed Capture transaction can be for the same amount as the original transaction or for a lower amount. (In the case of a split shipment, you can perform a Delayed Capture transaction for the initial shipment and a reference transaction for the final payment. These transaction types are described in this chapter.)
According to card association rules, most physical goods merchants should use a two-step process, since settlement should occur when the goods are fulfilled or shipped. A two-step process is also useful if you want to evaluate information in the response, such as whether the issuer verifies the billing address, and so on. Electronic goods merchants, who fulfill the order immediately, can use the one-step process. Check with your Internet Merchant Account provider for suggestions on the best method for you.
Whether or how to use risk management tools such as Address Verification Service (AVS) and card security code (CSC).
For AVS, if the data is submitted with the initial transaction, the issuer checks the street address and/or the ZIP (postal) code against the billing address on file for the consumer. AVS is described on page 37.
CSC refers to a 3- or 4-digit number that appears on the back of credit cards. (CSC is known by other names, such as CVV2 and CID, depending on the type
VeriSign, Inc. 00000013/Rev. 7 15
VeriSign Payment Services Payflow Pro Developer’s Guide
of card.) If CSC data is submitted, the issuer can notify you whether the number matches the number assigned to the card. CSC is described on page 39.
It may also be possible to implement additional safeguards yourself or to use a fraud service from VeriSign. You might want to discuss risk management with your Internet Merchant Account provider.
Store information in your local database or use VeriSign Manager reports to manage the data. You may want to store shipping information in your system, or you may prefer to send the information to VeriSign with the transaction and report on it later.
Note VeriSign recommends that you do not store credit card numbers. If you must store numbers, encrypt and store them behind properly configured firewalls. You should also consider whether and how to use the merchant-defined fields COMMENT1 and COMMENT2 to help tie VeriSign reports to your orders/customers or to report on other information about the transaction.
If or how you want to integrate with other systems, such as order fulfillment, customer service, and so on. You may wish to connect these systems directly to Payflow Pro for capturing funds, issuing refunds/credits, and so on. Alternatively, you may prefer to perform these steps manually using VeriSign Manager. Either way, VeriSign recommends that you monitor transaction activity using VeriSign Manager.
You may want to discuss, with your Internet Merchant Acquirer, practices that help you to obtain the most advantageous rates.
E-commerce Indicator (ECI)Some processors support a software flag called E-commerce Indicator (ECI) that indicates that the associated transaction is an Internet transaction. Payflow Pro complies with ECI basic requirements for all supported processors.
If you use VeriSign’s Buyer Authentication Service, then the ECI values reflects the Authentication status. See Fraud Protection Services Guide.
16 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Credit Card Transaction Format
Note The examples in this chapter use the syntax of the pfpro executable client. Other Payflow Pro clients differ in where and how the parameter values are set, but the meaning and uses are the same.
Use the following syntax when calling the Payflow Pro client (pfpro) to process a transaction. Table 3-1 describes the arguments to the command.
pfpro <HostAddress> <HostPort> “<ParmList>” <TimeOut> <ProxyAddress> <ProxyPort> <ProxyLogon> <ProxyPassword>
For example:
pfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”30
Table 3-1 Arguments to the pfpro executable client
Argument Required Description
HOSTADDRESS Yes VeriSign’s host name.For live transactions, use payflow.verisign.com For testing purposes use test-payflow.verisign.com
HOSTPORT Yes Use port 443
PARMLIST Yes The ParmList is the list of parameters that specify the payment information for the transaction. The quotation marks “ ” at the beginning and end are required. In the example, the ParmList is:“TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”
The content of the ParmList varies by the type of transaction being processed. For example, a Void transaction requires a different set of parameters than does a Sale transaction.
“Parameters Used in Credit Card Transactions” on page 19 defines the parameters used to create credit card transactions. “Values Required by All Transaction Types” on page 25 lists the parameters required by each transaction type.
VeriSign, Inc. 00000013/Rev. 7 17
VeriSign Payment Services Payflow Pro Developer’s Guide
Command Syntax GuidelinesFollow these guidelines:
The command must be a single string with no line breaks.
Spaces are allowed in values
Enclose the ParmList in quotation marks (“”).
Quotation marks (“”) are not allowed within the body of the ParmList.
Separate all name/value pairs in the ParmList using an ampersand (&).
Calling pfpro without the required parameters results in an error message.
Using Special Characters in ValuesBecause the ampersand (&) and equal sign (=) characters have special meanings in the ParmList, name/value pairs like NAME=Ruff & Johnson, and COMMENT1=Level=5 are not valid.
To use special characters in the value of a name/value pair, use a length tag. The length tag specifies the exact number of characters and spaces that appear in the value. The following name/value pairs are valid:
NAME[14]=Ruff & Johnson
COMMENT1[7]=Level=5
Note Quotation marks (“”) are not allowed even if you use a length tag.
TIMEOUT Yes Time-out period for the transaction. The minimum recommended time-out value is 30 seconds. The VeriSign client begins tracking from the time that it sends the transaction request to the VeriSign server.
PROXYADDRESS No Proxy server address. Use the PROXY parameters for servers behind a firewall. Your network administrator can provide the values.
PROXYPORT No Proxy server port
PROXYLOGON No Proxy server logon ID
PROXYPASSWORD No Proxy server logon password
Table 3-1 Arguments to the pfpro executable client (Continued)
Argument Required Description
18 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Parameters Used in Credit Card TransactionsAll credit card processors accept the parameters listed in Table 3-2 (required and optional parameters are noted). “Values Required by All Transaction Types” on page 25 lists the parameters required for each transaction type.
Note Some processors require yet additional parameters. See Appendix A, “Processors Requiring Additional Transaction Parameters,” for details on your processor’s requirements.Appendix E, “Additional Reporting Parameters,” provides a list of parameters that you can pass for reporting purposes.
Table 3-2 Credit-card transaction parameters
Parameter Description Required Type Max. Length
ACCT The credit card or purchase card number may not contain spaces, non-numeric characters, or dashes. For example, ACCT=5555555555554444
Yes1 Numeric 19
AMT Amount (US Dollars) U.S. based currency.
Specify the exact amount to the cent using a decimal point—use 34.00, not 34. Do not include comma separators—use 1199.95 not 1,199.95.
Your processor and/or Internet merchant account provider may stipulate a maximum amount.
Yes1 NumericUSD only
10
AUTHCODE AUTHCODE is returned only for approved Voice Authorization transactions. AUTHCODE is the approval code obtained over the phone from the processing network.
No, except for Voice Authorizations.
Numeric 6
COMMENT1 Merchant-defined value for reporting and auditing purposes.
No Alpha- numeric
128
COMMENT2 Merchant-defined value for reporting and auditing purposes.
No Alpha- numeric
128
VeriSign, Inc. 00000013/Rev. 7 19
VeriSign Payment Services Payflow Pro Developer’s Guide
CUSTREF Merchant-defined identifier for reporting and auditing purposes. For example, you can set CUSTREF to the invoice number.
You can use CUSTREF when performing Inquiry transactions. To ensure that you can always access the correct transaction when performing an Inquiry, you must provide a unique CUSTREF when submitting any transaction, including retries.
See STARTTIME and ENDTIME.
No Alpha- numeric
12
CVV2 A 3- or 4-digit code that is printed (not imprinted) on the back of a credit card. Used as partial assurance that the card is in the buyer’s possession.
See “Card Security Code (CSC) Validation” on page 39.
No Alpha- numeric
4
ENDTIME Optional for Inquiry transactions when using CUSTREF to specify the transaction.
ENDTIME specifies the end of the time period during which the transaction specified by the CUSTREF occurred. See STARTTIME.
ENDTIME must be less than 30 days after STARTTIME. An inquiry cannot be performed across a date range greater than 30 days.
If you set ENDTIME, and not STARTTIME, then STARTTIME is defaulted to 30 days before ENDTIME.
If neither STARTTIME nor ENDTIME is specified, then the system searches the last 30 days.
Format: yyyymmddhhmmss
No Numeric 14
EXPDATE Expiration date of the credit card in mmyy format.
For example, 0308 represents March 2008.
Yes1 Numeric 4
NAME or FIRSTNAME
Account holder's name. This single field holds all of the person’s name information.
No, but recom-mended
Alpha-numeric upper-case
30
Table 3-2 Credit-card transaction parameters (Continued)
Parameter Description Required Type Max. Length
20 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
ORIGID The ID of the original transaction that is being referenced. This ID is returned by the PNREF parameter and appears as the Transaction ID in VeriSign Manager reports.
Case-sensitive.
Yes1 Alpha- numeric
12
PARTNER The authorized VeriSign Reseller that registered you for the Payflow Pro service provided you with a Partner ID. If you registered yourself, use VeriSign.
Case-sensitive.
Yes Alpha- numeric
12
PWD Case-sensitive 6- to 32-character password that you defined while registering for the account.
Yes Alpha- numeric
32
STARTTIME Optional for Inquiry transactions when using CUSTREF to specify the transaction.
STARTTIME specifies the beginning of the time period during which the transaction specified by the CUSTREF occurred. See ENDTIME.
If you set STARTTIME, and not ENDTIME, then ENDTIME is defaulted to 30 days after STARTTIME.
If neither STARTTIME nor ENDTIME is specified, then the system searches the last 30 days.
Format: yyyymmddhhmmss
No Numeric 14
STREET The cardholder’s street address (number and street name).
The STREET address is verified by the AVS service (described in page 37.)
No Alpha- numeric
30
Table 3-2 Credit-card transaction parameters (Continued)
Parameter Description Required Type Max. Length
VeriSign, Inc. 00000013/Rev. 7 21
VeriSign Payment Services Payflow Pro Developer’s Guide
SWIPE Used to pass the Track 1 or Track 2 data (the card’s magnetic stripe information) for card-present transactions. Include either Track 1 or Track 2 data—not both. If Track 1 is physically damaged, the POS application can send Track 2 data instead.
The track data includes the disallowed = (equal sign) character. To enable you to use the data, the SWIPE parameter must include a length tag specifying the number of characters in the track data. For this reason, in addition to passing the track data, the POS application must count the characters in the track data and pass that number. Length tags are described in “Using Special Characters in Values” on page 18.
Required only for card- present transac-tions.
Alpha- numeric
TENDER The tender type (method of payment). Use only the value C for credit card transactions.
Yes Alpha 1
TRXTYPE The kind of transaction, for example, Sale or Credit. Described in “Values Required by All Transaction Types” on page 25.
Yes Alpha 1
USER Your login name. The examples in this document use USER=SuperMerchant.
This value is case-sensitive. You created the login name while registering for your Payflow account.
Currently, USER takes the same value as VENDOR. In a future release, each account will allow multiple users. The USER parameter will then specify the particular user.
Yes Alpha- numeric
64
VENDOR Your login name. The examples in this document use VENDOR=SuperMerchant.
This value is case-sensitive. You created the login name while registering for your Payflow account.
Yes Alpha- numeric
64
VERBOSITY LOW or MEDIUM.
LOW is the default setting—normalized values.
MEDIUM returns the processor’s raw response values.
See “Viewing Processor-specific Transaction Results: Verbosity” on page 23.
No Alpha
Table 3-2 Credit-card transaction parameters (Continued)
Parameter Description Required Type Max. Length
22 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Viewing Processor-specific Transaction Results: VerbosityTransaction results (especially values for declines and error conditions) returned by each VeriSign-supported processor vary in detail level and in format. To simplify the process of integrating Payflow Pro, VeriSign normalizes the transaction result values, that is, limits them to a standardized set of values.
You can view the processor’s raw response values by setting the Payflow Pro Verbosity parameter to MEDIUM (the default setting—normalized values—is LOW).
Supported Verbosity SettingsThe following Verbosity settings are supported for VeriSign-supported processors. Contact your processor or bank for definitions of the returned values. Processor contact information appears in the “Introduction” chapter of Payflow Pro Developer’s Guide.
Note If you use Nashville, TeleCheck, or Paymentech, then you must use a client version newer than 2.09 to take advantage of the MEDIUM Verbosity setting.
LOW: This is the default setting for VeriSign accounts. The following values (described in Payflow Pro Developer’s Guide) are returned: {RESULT, PNREF, RESPMSG, AUTHCODE, AVSADDR, AVSZIP, CVV2MATCH, IAVS, CARDSECURE}
MEDIUM: All of the values returned for a LOW setting, plus the following values:
ZIP Account holder’s 5- to 9-digit ZIP (postal) code. Do not use spaces, dashes, or non-numeric characters.
The ZIP code is verified by the AVS service (described in page 37.)
No Alpha 9
1. Some transaction types do not require this parameter. See “Values Required by All Transaction Types” on page 25.
Table 3-2 Credit-card transaction parameters (Continued)
Parameter Description Required Type Max. Length
VeriSign, Inc. 00000013/Rev. 7 23
VeriSign Payment Services Payflow Pro Developer’s Guide
Note For information on interpreting the responses returned by the processor for the MEDIUM Verbosity setting, contact your processor directly. Processor contact information appears in “Supported Processors” on page 4.
Changing the Verbosity SettingSetting the default Verbosity level for all transactions
Contact VeriSign Customer Service to set your account’s Verbosity setting to LOW or MEDIUM for all transaction requests.
Field Name Type Length Description
HOSTCODE char 7 Response code returned by the processor. This value is not normalized by VeriSign.
RESPTEXT char 17 Text corresponding to the response code returned by the processor. This text is not normalized by VeriSign.
PROCAVS char 2 AVS (Address Verification Service) response from the processor
PROCCVV2 char 1 CVV2 (buyer authentication) response from the processor
PROCCARDSECURE char 1 VPAS/SPA response from the processor
ADDLMSGS char Up to 1048 characters.
Typically 50 characters.
Additional error message that indicates that the merchant used a feature that is disabled
DATE_TO_SETTLE Value available only before settlement has started.
BATCHID Value available only after settlement has assigned a Batch ID.
SETTLE_DATE Value available only after settlement has completed.
24 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Setting the Verbosity level on a per-transaction basis
To specify a setting for Verbosity that differs from your account’s current setting, include the VERBOSITY=<value> name/value pair in the transaction request, where <value> is LOW or MEDIUM.
Values Required by All Transaction TypesAll transaction APIs require values for the TRXTYPE, TENDER, PARTNER, VENDOR, USER, and PWD parameters. Each transaction API has additional parameter requirements, as listed here. Transaction responses are described in Chapter 4, “Responses to SDK Credit Card Transaction Requests.”
Performing Sale Transactions The Sale API (TRXTYPE=S) charges the specified amount against the account, and marks the transaction for immediate fund transfer during the next settlement period. VeriSign submits each merchant’s transactions for settlement on a daily basis.
Additional Required Parameters for Sale TransactionsThe set: [ACCT, EXPDATE, and AMT]
or
Set ORIGID to the PNREF (Transaction ID in VeriSign Manager reports) value returned for the original transaction. When you use ORIGID, the Sale transaction uses the transaction referred to by the ORIGID as a reference transaction. See “Performing Reference Transactions” on page 34.
Example Sale Transaction pfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”30
VeriSign, Inc. 00000013/Rev. 7 25
VeriSign Payment Services Payflow Pro Developer’s Guide
Performing Credit TransactionsThe Credit API (TRXTYPE=C) returns the specified amount to the account holder. It is not necessary to provide the credit card number (ACCT) if you have the Transaction ID (PNREF) that was returned for the original transaction. If you issue a credit using the PNREF and not specifying an amount, the amount of the original transaction is used.
IMPORTANT! For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric (Example: V53A17230645). For Live servers, all of the first four characters are alpha characters, for example: VPNE12564395.
Additional Required Parameters for Credit TransactionsSet ORIGID to the PNREF (Transaction ID) value returned for the original transaction.
or
The set: [ACCT, EXPDATE, and AMT]
IMPORTANT! Because the default security setting for Payflow Pro accounts requires API calls to use the ORIGID parameter, this is the preferred method for performing credit transactions. Using the ACCT, EXPDATE, or AMT parameters for such accounts leads to Result code 117 (failed the security check). For information on setting the security settings, see the chapter on configuring account security in VeriSign Manager User’s Guide.
26 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Fields Copied From the Original Transaction into the Credit Transaction
The following fields are copied from the original transaction into the Credit transaction (if they exist in the original transaction). If you provide a new value for any of these parameters when submitting the Credit transaction, then the new value is used (except Account number, Expiration date, or Swipe data).
Note For processors that use the RECURRING parameter: If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming the Credit transaction.
Example Credit Transaction
pfpro test-payflow.verisign.com 443 “TRXTYPE=C&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ORIGID=VPNE12564395”30
or
pfpro test-payflow.verisign.com 443 “TRXTYPE=C&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”30
Account number Amount City Comment1
Comment2 Company Name Country Cust_Code
CustIP DL Num DOB Duty amount
EMail Expiration date First name Freight amount
Invoice number Last name Middle Name Purchase order number
Ship To City Ship To Country Ship To First Name Ship To Last Name
Ship To Middle Name
Ship To State Ship To Street Ship To ZIP
SS Num State Street Suffix
Swipe data Tax amount Tax exempt Telephone
Title ZIP
VeriSign, Inc. 00000013/Rev. 7 27
VeriSign Payment Services Payflow Pro Developer’s Guide
Performing Void Transactions The Void API (TRXTYPE=V) prevents a transaction from being settled, but does not release the authorization (hold on funds) on the cardholder’s account. Follow these guidelines:
You can void Delayed Capture, Sale, Credit, Authorization, and Voice Authorization transactions. You cannot void a Void transaction.
The Void must occur prior to settlement.
Additional Required Parameters for Void TransactionsSet ORIGID to the PNREF (Transaction ID in VeriSign Manager reports) value returned for the original transaction.
Fields Copied From the Original Transaction into the Void Transaction
The following fields are copied from the original transaction into the Void transaction (if they exist in the original transaction). If you provide a new value for any of these parameters when submitting the Void transaction, then the new value is used (except Account number, Expiration date, or Swipe data).
Note For processors that use the RECURRING parameter: If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming the Void transaction.
Account number Amount City Comment1
Comment2 Company Name Country Cust_Code
CustIP DL Num DOB Duty amount
EMail Expiration date First name Freight amount
Invoice number Last name Middle Name Purchase order number
Ship To City Ship To Country Ship To First Name Ship To Last Name
Ship To Middle Name
Ship To State Ship To Street Ship To ZIP
28 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Example Void Transaction pfpro test-payflow.verisign.com 443 “TRXTYPE=V&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ORIGID=VPNE12564395”30
Performing Voice Authorization Transactions Some transactions cannot be authorized over the Internet (for example, high dollar amounts)—processing networks generate Referral (Result Code 13) transactions. In these situations, you contact the customer service department of your merchant bank and provide the payment information as requested. If the transaction is approved, the bank provides you with a voice authorization code (AUTHCODE) for the transaction. You include this AUTHCODE as part of a Voice Authorization (TRXTYPE=F) transaction.
IMPORTANT! For Test servers, the AUTHCODE contains alpha-numeric characters (for example, 123PNI). For Live servers, the AUTHCODE contains only numeric digits (for example, 123456).
Once a Voice Authorization transaction has been approved, it is treated like a Sale or a Delayed Capture transaction and is settled with no further action on your part.
Like Sale or Delayed Capture transactions, approved Voice Authorization transactions can be voided.
Additional Required Parameters for Voice Authorization Transactions
AUTHCODE
ACCT
EXPDATE
AMT
SS Num State Street Suffix
Swipe data Tax amount Tax exempt Telephone
Title ZIP
VeriSign, Inc. 00000013/Rev. 7 29
VeriSign Payment Services Payflow Pro Developer’s Guide
Example Voice Authorization Transaction pfpro test-payflow.verisign.com 443 “TRXTYPE=F&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&AUTHCODE=AB34RT56&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”30
Performing Inquiry Transactions An Inquiry transaction (TRXTYPE=I) returns the result and status of a transaction. You perform inquiries using a reference to the original transaction—either the PNREF value returned for the original transaction or the CUSTREF value that you specified for the original transaction.
Inquiries based on a CUSTREF value return data on the most recent non-Inquiry transaction rather than the first transaction.
While the amount of information returned in an Inquiry transaction depends upon the VERBOSITY setting, Inquiry responses mimic the verbosity level of the original transaction as much as possible.
Using the PNREF to Perform Inquiry TransactionsSet ORIGID to the PNREF (Transaction ID in VeriSign Manager reports) value returned for the original transaction.
Example Inquiry Transaction Using the ORIGID Parameter set to the PNREF Value
pfpro test-payflow.verisign.com 443 “TRXTYPE=I&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ORIGID=VPNE12564395”30
Using the CUSTREF to Perform Inquiry TransactionsSpecify the CUSTREF value and, optionally, the STARTTIME and ENDTIME parameters.
30 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Example Inquiry Transaction Using the CUSTREFpfpro test-payflow.verisign.com 443 “TRXTYPE=I&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&CUSTREF=Inv00012345”30
Performing Authorization/Delayed Capture TransactionsVisa/MasterCard regulations prohibit merchants from capturing credit card transaction funds until product has shipped to the buyer. Because of this rule, most processing networks implement a two-stage transaction solution. VeriSign refers to this as delayed capture processing. This process consists of an authorization (TRXTYPE=A) transaction followed (when the merchant is ready to collect funds) by a Delayed Capture (TRXTYPE=D) transaction.
An Authorization transaction does not transfer funds, rather it places a hold on the cardholder’s open-to-buy limit, lowering the cardholder’s limit by the amount of the transaction. A delayed capture transaction then captures the original authorization amount. The transaction is scheduled for settlement during the next settlement period.
IMPORTANT! Only one Delayed Capture transaction is allowed per Authorization transaction.
Additional Required Parameters for Authorization TransactionsThe set: [ACCT, EXPDATE, and AMT]
or
Perform a reference transaction by specifying the ORIGID of an existing transaction. See “Performing Reference Transactions” on page 34.
Additional Required Parameters for Delayed Capture TransactionsSet ORIGID to the PNREF (Transaction ID in VeriSign Manager reports) value returned for the original transaction. If the amount of the capture differs from the amount of the authorization, then you must specify a value for AMT.
VeriSign, Inc. 00000013/Rev. 7 31
VeriSign Payment Services Payflow Pro Developer’s Guide
Fields Copied From the Authorization Transaction into the Delayed Capture Transaction
The following fields are copied from the Authorization transaction into the Delayed Capture transaction (if they exist in the original transaction). If you provide a new value for any of these parameters when submitting the Delayed Capture transaction, then the new value is used (except Account number, Expiration date, or Swipe data).
Step 1 Perform the Authorization transaction
The Authorization transaction uses the same parameters as Sale transactions, except that the transaction type is A.
The return data for an Authorization transaction is the same as for a Sale transaction. To capture the authorized funds, perform a Delayed Capture transaction that includes the value returned for PNREF, as described in Step 2 on page 33.
IMPORTANT! For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric (Example: V53A17230645). For Live servers, all of the first four characters are alpha characters (letters), for example: VPNE12564395.
Account number Amount City Comment1
Comment2 Company Name Country Cust_Code
CustIP DL Num DOB Duty amount
EMail Expiration date First name Freight amount
Invoice number Last name Middle Name Purchase order number
Ship To City Ship To Country Ship To First Name Ship To Last Name
Ship To Middle Name
Ship To State Ship To Street Ship To ZIP
SS Num State Street Suffix
Swipe data Tax amount Tax exempt Telephone
Title ZIP
32 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Example Authorization TransactionIssue Authorization-only Transaction
pfpro test-payflow.verisign.com 443 “TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&COMMENT1=Second purchase&COMMENT2=Low risk customer&INVNUM=1234567890&STREET=5199 MAPLE&ZIP=94588”30
Example Authorization ResponseRESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N
Step 2 Perform the Delayed Capture transaction
Set ORIGID to the PNREF value from the original authorization transaction. (There is no need to retransmit the credit card or billing address information—it is stored at VeriSign.)
If the capture succeeds, the amount of the sale is transferred to the merchant’s account during the daily settlement process. If the capture does not succeed, the hold on the cardholder’s open-to-buy is still in effect.
Example Delayed Capture Transactionpfpro test-payflow.verisign.com 443 “TRXTYPE=D&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ORIGID=VXYZ00887892”30
Example Delayed Capture ResponseRESULT=0&PNREF=VXYZ00895642&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N
Delayed Capture Transaction: Capturing Transactions for Lower Amounts
You can perform a delayed capture transaction for an amount lower than the original authorization amount (useful, for example, when you make a partial shipment).
Delayed Capture Transaction: Capturing Transactions for Higher Amounts
You can perform a delayed capture transaction for an amount higher than the original authorization amount, however, you are charged for an extra transaction.
VeriSign, Inc. 00000013/Rev. 7 33
VeriSign Payment Services Payflow Pro Developer’s Guide
In addition, the cardholder’s open-to-buy is reduced by the sum of the original authorization-only amount and the final delayed capture amount.
Delayed Capture Transaction: Error Handling and RetransmittalIf an error occurs while processing a delayed capture transaction, it is safe to retry the capture with values that allow the VeriSign server to successfully process it. Conversely, if a capture for a previous authorization succeeds, subsequent attempts to capture it again will return an error.
Performing Purchasing Card TransactionsA purchasing card (also referred to as a commercial card, corporate card, procurement card or business card) is a credit card that is issued at the request of an employer. It is usually reserved for business-related charges. The card issuer provides specialized reporting for this card type so the employer can monitor the use of the card. There is no method for determining whether a card is a purchase card or a commercial card based on the card number.
To obtain the best bank interchange rates for commercial cards, you must pass specific additional transaction information. See Appendix D, “Purchasing Card Level 2 and Level 3 Support.”
Commercial card support and parameters vary from processor to processor. See the entry for your processor in Appendix A, “Processors Requiring Additional Transaction Parameters” for additional information.
Performing Reference Transactions
CAUTION As a security measure, reference transactions are disallowed by default. Only your account administrator can enable reference transactions for your account. If you attempt to perform a reference transaction in an account for which reference transactions are disallowed, result code 117 is returned. See VeriSign Manager Guide for instructions on setting this and other VeriSign Manager security features.
Sale and Authorization transactions can make use of a reference transaction as a source of transaction data. VeriSign looks up the reference transaction and copies its transaction data into the new Sale or Authorization transaction.
34 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
IMPORTANT! When VeriSign looks up the reference transaction, neither the transaction being referenced nor any other transaction in the database is changed in any way. That is, a reference transaction is a read-only operation—only the new transaction is populated with data and acted upon. No linkage is maintained between the reference transaction and the new transaction.
Reference transactions are not screened by Fraud Protection Services filters.
You can also initiate reference transactions from VeriSign Manager. See VeriSign Manager User’s Guide for details.
Transaction Types that can be Used as the Original TransactionYou can reference the following transaction types to supply data for new Sale or Authorization transactions:Authorization (To capture the funds for an approved Authorization transaction, be sure to perform a Delayed Capture transaction—not a Reference transaction.)
CreditDelayed CaptureSaleVoice Authorization (The Voice Authorization code is not copied to the new transaction)
Void
Fields Copied From Reference TransactionsThe following fields are copied from the referenced transaction into the new Sale or Authorization transaction (if they exist in the original transaction). If you provide a value for any of these parameters when submitting the new transaction, then the new value is used.
VeriSign, Inc. 00000013/Rev. 7 35
VeriSign Payment Services Payflow Pro Developer’s Guide
Fields Copied From Original Transactions
Example Reference TransactionIn this example, you authorize an amount of $100 for a shipment and charge $66 for the first partial shipment using a normal delayed capture transaction. You charge the $34 for the final part of the shipment using a reference transaction to draw credit card and shipping address information from the initial authorization transaction.
Step 1 Submit the Initial transaction (authorization in this example)
You use an authorization transaction for the full amount of the purchase of $100:
pfpro test-payflow.verisign.com 443 "TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ACCT=5555555555554444&EXPDATE=0308&AMT=100.00&INVNUM=1234567890&STREET=5199 MAPLE&ZIP=94588"30
RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N
Step 2 Capture the authorized funds for a partial shipment of $66
When you deliver the first $66 worth of product, you use a normal delayed capture transaction to collect the $66.
pfpro test-payflow.verisign.com 443 "TRXTYPE=D&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ORIGID=VXYZ01234567&AMT=66.00"30
RESULT=0&PNREF=VXYZ01234568&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N
Account Type Street
Account Number City
Expiration Date State
First Name ZIP
Middle Name Country
Last Name Swipe Data
36 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Step 3 Submit a new sales transaction of $34 for the rest of the shipment
Once you have shipped the remainder of the product, you can collect the remaining $34 in a sale transaction that uses the initial authorization as a reference transaction. (This is a sale transaction because only one delayed capture transaction is allowed per authorization.)
pfpro test-payflow.verisign.com 443 "TRXTYPE=S&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ORIGID=VXYZ01234567&AMT=34.00"30
RESULT=0&PNREF=VXYZ01234569&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N
Note In the case that your business model uses the authorization/delayed capture cycle for all transactions, you could have chosen to use an authorization/delayed capture to collect the $34 in this example. You would generate the authorization for the $34 using the initial authorization as a reference transaction.
Using Address Verification Service (AVS)To qualify for the lowest bank rate, you must pass Address Verification Service (AVS) information—street address and ZIP (postal) code.
AVS compares the submitted street address and ZIP code with the values on file at the cardholder’s bank. The response includes values for AVSADDR and AVSZIP: Y, N, or X for the match status of the customer’s street address and ZIP code. Y = match, N = no match, X = cardholder’s bank does not support AVS. The AVS result is for advice only. Banks do not decline transactions based on the AVS result—the merchant makes the decision to approve or decline a transaction. AVS is supported by most US banks and some international banks.
Note AVS checks only for a street number match, not a street name match, so 123 Main Street returns the same response as 123 Elm Street.
The International AVS response (IAVS) indicates whether AVS response is international (Y), USA (N), or cannot be determined (X). Client version 3.06 or later is required.
VeriSign, Inc. 00000013/Rev. 7 37
VeriSign Payment Services Payflow Pro Developer’s Guide
Processors Supporting AVS
Tip See your processor’s information in Appendix A, “Processors Requiring Additional Transaction Parameters,” for information on their handling of AVS.
Example AVS Request This example request include the AVS request parameters STREET and ZIP:
pfpro test-payflow.verisign.com 443 “TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&STREET=5199 Maple&ZIP=98765”30
Table 3-3 Processors supporting AVS
Cards → American Express Discover MasterCard Visa
American Express — — —
FDMS South
FDMS Nashville
Global Payments Central (MAPP)
Global Payments East
Norwest — — — —
Nova
Paymentech
Vital
Wells Fargo Bank
38 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
Example AVS Response In this example, the address value matches the value in the bank’s records, but the ZIP code does not. The IAVS response is X.
RESULT=0&PNREF=VXW412345678&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N&IAVS=X
Card Security Code (CSC) ValidationThe card security code (CSC) is a 3- or 4-digit number (not part of the credit card number) that is printed on the credit card. Because the CSC appears only on the card and not on receipts or statements, the CSC provides some assurance that the physical card is in the possession of the buyer.
Tip This fraud prevention tool has various names, depending on the payment network. Visa calls it CVV2, MasterCard calls it CVC2, and American Express and Discover call it CID. To ensure that your customers see a consistent name, VeriSign recommends use of the term Card Security Code (CSC) on all end-user materials.
On most cards, the CSC is printed on the back of the card (usually in the signature field). All or part of the card number appears before the CSC (567 in the example). For American Express, the 4-digit number (1122 in the example) is printed on the front of the card, above and to the right of the embossed account number. Be sure to explain this to your customers.
VeriSign, Inc. 00000013/Rev. 7 39
VeriSign Payment Services Payflow Pro Developer’s Guide
Processors and Credit Cards Supporting CSCThe CSC validation service is not available for all processors or for all credit cards.
Even though your processor may be certified for CSC, they may not be certified for all card types (for example, American Express (CID), or Discover). The list will change as VeriSign continues to enhance its service offering. See http://www.verisign.com/support/payflow/cardSecurityCode.html for the latest information.
Special Cases: American Express and DiscoverAmerican ExpressTo enable the account to accept the CSC code, you must send an e-mail request to [email protected]. Once American Express has approved the request and has activated CSC for the you, you can begin passing CSC data and receiving the appropriate responses (Y, N, or X). If you attempt to send CSC data without having requested setup, American Express does not send a response.
Table 3-4 Processors and credit cards supporting CSC
Credit Cards → American Express
Discover MasterCard Visa
American Express — — —
FDMS South
FDMS Nashville — —
Global Payments Central (MAPP)
—
Global Payments East
Norwest — — — —
Nova —
Paymentech
Vital
40 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
DiscoverDiscover does not currently support CSC. If a merchant attempts to send CSC data, Discover does not send a response.
CSC ResultsIf you submit the CVV2 parameter, the cardholder’s bank returns a Yes/No response in the CVV2MATCH response value as follows:
CSC results vary depending on your processor, as described in this table:
Table 3-5 CVV2MATCH response values
CVV2MATCH Value Description
Y The submitted value matches the data on file for the card.
N The submitted value does not match the data on file for the card.
X The cardholder’s bank does not support this service.
Table 3-6 CSC results
Processor Results
American Express CSC mismatches cause a non-approved result (RESULT = 114).
No CVV2MATCH value is returned.
VitalNovaGlobal Payments – EastGlobal Payments – Central
CSC mismatches may cause a non-approved result (RESULT = 112 or 114) in some cases. In other cases, the transaction may be approved despite the CSC mismatch.
The match or mismatch information is indicated in the CVV2MATCH value.
FDMS NashvilleFDMS SouthPaymentech
Transactions that have CSC mismatches can come back as an approved transaction (RESULT = 0).
The match or mismatch information is indicated in the CVV2MATCH value.
As with AVS, if the authorization was successful, you must make a decision based on the CVV2MATCH value whether or not to proceed with the order.
VeriSign, Inc. 00000013/Rev. 7 41
VeriSign Payment Services Payflow Pro Developer’s Guide
Example CVV2 RequestThis example request includes the CVV2 parameter:
pfpro test-payflow.verisign.com 443 “TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&CVV2=567”30
Example CVV2MATCH ResponseIn this example result, the CSC value matches the value in the bank’s records.
RESULT=0&PNREF=VXW412345678&RESPMSG=APPROVED&AUTHCODE=123456&CVV2MATCH=Y
Performing Card-Present (Swipe) TransactionsPayflow Pro supports card-present transactions (face-to-face purchases). Follow these guidelines to take advantage of the lower card-present transaction rate:
Contact your merchant account provider to ensure that they support card-present transactions.
Contact VeriSign to set up a separate Payflow Pro account for card-present transactions.
Supported ProcessorsVeriSign is certified to submit card-present transactions for the following processors:
First Data Merchant Services (FDMS) Nashville
First Data Merchant Services (FDMS) South
Global Payments - Central (MAPP)
Nova
Paymentech
Vital
Card-present Transaction SyntaxUse the SWIPE parameter to pass the Track 1 or Track 2 data (the card’s magnetic stripe information). Include either Track 1 or Track 2 data—not both (up to 80
42 VeriSign, Inc. 00000013/Rev. 7
Chapter 3 Performing Credit Card Transactions
alpha-numeric characters). If Track 1 is physically damaged, the POS application can send Track 2 data instead.
The track data includes the disallowed = (equal sign) character. To enable you to use the data, the SWIPE parameter must include a length tag specifying the number of characters in the track data. For this reason, in addition to passing the track data, the POS application must count the characters in the track data and pass that number. Length tags are described in “Using Special Characters in Values” on page 18. The length tag in the following example is [40].
Do not include the ACCT or EXPDATE parameters in card-present transactions.
Example Card-present TransactionTRXTYPE=S&TENDER=C&PARTNER=VeriSign&USER=SuperMerchant&PWD=SuperMerchant&SWIPE[40]=;4912000033330026=05121011000012345678?&AMT=21.00
Logging Transaction InformationVeriSign maintains a record of all transactions executed on your account. This record is not the official bank statement. The credit card transaction summary that you receive from your acquiring bank is the official record.Use VeriSign Manager at https://manager.verisign.com to view this record and use the information to help reconcile your accounting records.
VeriSign strongly recommends that you log all transaction results on your own system and that you do not store credit card information.
At a minimum, log the following data:
PNREF
IMPORTANT! For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric (for example, V53A17230645). For Live servers, all of the first four characters are alpha characters (for example, VPNE12564395).
If you have any questions regarding a transaction, refer to or search on the PNREF. In VeriSign Manager reports, the PNREF value appears in the Transaction ID column.
Transaction Date
VeriSign, Inc. 00000013/Rev. 7 43
VeriSign Payment Services Payflow Pro Developer’s Guide
Transaction AmountAUTHCODE
44 VeriSign, Inc. 00000013/Rev. 7
4. Responses to SDK Credit Card Transaction Requests
This chapter describes the contents of a response to a credit card transaction request.
When a transaction finishes, VeriSign returns a response string made up of name/value pairs. For example, this is a response to a credit card Sale transaction request:
RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N&IAVS=Y&CVV2MATCH=Y
Contents of a Response to a Credit Card Transaction RequestAll transaction responses include values for RESULT, PNREF, RESPMSG. A value for AUTHCODE is included for Voice Authorization transactions. Values for AVSADDR and AVSZIP are included if you use AVS. Table 4-1 describes the values returned in a response string.
Table 4-1 Transaction response values
Field Description Type Length
PNREF VeriSign Reference ID, a unique number that identifies the transaction. PNREF is described in “PNREF Value” on page 47.
Alpha- numeric
12
RESULT The outcome of the attempted transaction. A result of 0 (zero) indicates the transaction was approved. Any other number indicates a decline or error. RESULT codes are described in “RESULT Codes and RESPMSG Values” on page 47.
Numeric Variable
VeriSign, Inc. 00000013/Rev. 7 45
VeriSign Payment Services Payflow Pro Developer’s Guide
CVV2MATCH Result of the card security code (CVV2) check. This value does not affect the outcome of the transaction.
AlphaY, N, X, or no response
1
RESPMSG The response message returned with the transaction result. Exact wording varies. Sometimes a colon appears after the initial RESPMSG followed by more detailed information. Response messages are described in “RESULT Codes and RESPMSG Values” on page 47.
Alpha- numeric
Variable
AUTHCODE Returned for Sale, Authorization, and Voice Authorization transactions. AUTHCODE is the approval code obtained over the phone from the processing network.
AUTHCODE is required when submitting a Force (F) transaction.
Alpha- numeric
6
AVSADDR AVS address responses are for advice only. This process does not affect the outcome of the authorization. See “Using Address Verification Service (AVS)” on page 37.
AlphaY, N, X, or no response
1
AVSZIP AVS ZIP code responses are for advice only. This process does not affect the outcome of the authorization. See “Using Address Verification Service (AVS)” on page 37.
AlphaY, N, X, or no response
1
IAVS International AVS address responses are for advice only. This value does not affect the outcome of the transaction.
Indicates whether AVS response is international (Y), US (N), or cannot be determined (X). Client version 3.06 or later is required.
See “Using Address Verification Service (AVS)” on page 37.
AlphaY, N, X, or no response
1
Table 4-1 Transaction response values (Continued)
Field Description Type Length
46 VeriSign, Inc. 00000013/Rev. 7
Chapter 4 Responses to SDK Credit Card Transaction Requests
PNREF ValueThe Payment Network Reference ID value (PNREF) is a unique transaction identification number issued by VeriSign that identifies the transaction for billing, reporting, and transaction data purposes. The PNREF value appears in the Transaction ID column in VeriSign Manager reports.
The PNREF value is used as the TRANSID value (original transaction ID) in delayed capture transactions (TRXTYPE=D), credits (TRXTYPE=C), inquiries (TRXTYPE=I), and voids (TRXTYPE=V).
The PNREF value is used as the TRANSID value (original transaction ID) value in reference transactions for authorization (TRXTYPE=A) and Sale (TRXTYPE=S).
PNREF FormatThe PNREF value is a 12-character alpha-numeric string. The content depends on whether the value represents a test or live transaction, as follows:
For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric, for example V53A17230645.
For Live servers, all of the first four characters are alpha characters (letters), for example: VPNE12564395.
RESULT Codes and RESPMSG ValuesRESULT is the first value returned in the VeriSign server response string. The value of the RESULT parameter indicates the overall status of the transaction attempt.
A value of 0 (zero) indicates that no errors occurred and the transaction was approved.
A value less than zero indicates that a communication error occurred. In this case, no transaction is attempted.
A value greater than zero indicates a decline or error.
The response message (RESPMSG) provides a brief description for decline or error results.
VeriSign, Inc. 00000013/Rev. 7 47
VeriSign Payment Services Payflow Pro Developer’s Guide
RESULT Values for Transaction Declines or ErrorsFor non-zero Results, the response string includes a RESPMSG name/value pair. The exact wording of the RESPMSG (shown in bold) may vary. Sometimes a colon appears after the initial RESPMSG followed by more detailed information.
Table 4-2 VeriSign transaction RESULT values and RESPMSG text
RESULT RESPMSG and Explanation
0 Approved
1 User authentication failed. Error is caused by one or more of the following:
1) Invalid User, Merchant Login, Partner, or Password entered during login. Login information is case-sensitive.
2) Invalid Processor information entered. Contact merchant bank to verify.
3) "Allowed IP Address" security feature implemented.
4) Test account submitting transactions to live VeriSign servers.
2 Invalid tender type. Your merchant bank account does not support the following credit card type that was submitted.
3 Invalid transaction type. Transaction type is not appropriate for this transaction. For example, you cannot credit an authorization-only transaction.
4 Invalid amount format
5 Invalid merchant information. Processor does not recognize your merchant account information. Contact your bank account acquirer to resolve this problem.
7 Field format error. Invalid information entered. See RESPMSG.
8 Not a transaction server
9 Too many parameters or invalid stream
10 Too many line items
11 Client time-out waiting for response
12 Declined. Check the credit card number and transaction information to make sure they were entered correctly. If this does not resolve the problem, have the customer call the credit card issuer to resolve.
13 Referral. Transaction was declined but could be approved with a verbal authorization from the bank that issued the card. Submit a manual Voice Authorization transaction and enter the verbal auth code.
48 VeriSign, Inc. 00000013/Rev. 7
Chapter 4 Responses to SDK Credit Card Transaction Requests
19 Original transaction ID not found. The transaction ID you entered for this transaction is not valid. See RESPMSG.
20 Cannot find the customer reference number
22 Invalid ABA number
23 Invalid account number. Check credit card number and re-submit.
24 Invalid expiration date. Check and re-submit.
25 Invalid Host Mapping. Not signed up for this tender type.
26 Invalid vendor account
27 Insufficient partner permissions
28 Insufficient user permissions
29 Invalid XML document. This could be caused by an unrecognized XML tag or a bad XML format that cannot be parsed by the system.
30 Duplicate transaction
31 Error in adding the recurring profile
32 Error in modifying the recurring profile
33 Error in canceling the recurring profile
34 Error in forcing the recurring profile
35 Error in reactivating the recurring profile
36 OLTP Transaction failed
37 Invalid recurring profile ID
50 Insufficient funds available in account
99 General error. See RESPMSG.
100 Transaction type not supported by host
101 Time-out value too small
102 Processor not available
103 Error reading response from host
Table 4-2 VeriSign transaction RESULT values and RESPMSG text (Continued)
RESULT RESPMSG and Explanation
VeriSign, Inc. 00000013/Rev. 7 49
VeriSign Payment Services Payflow Pro Developer’s Guide
104 Timeout waiting for processor response. Try your transaction again.
105 Credit error. Make sure you have not already credited this transaction, or that this transaction ID is for a creditable transaction. (For example, you cannot credit an authorization.)
106 Host not available
107 Duplicate suppression time-out
108 Void error. See RESPMSG. Make sure the transaction ID entered has not already been voided. If not, then look at the Transaction Detail screen for this transaction to see if it has settled. (The Batch field is set to a number greater than zero if the transaction has been settled). If the transaction has already settled, your only recourse is a reversal (credit a payment or submit a payment for a credit).
109 Time-out waiting for host response
111 Capture error. Either an attempt to capture a transaction that is not an authorization transaction type, or an attempt to capture an authorization transaction that has already been captured.
112 Failed AVS check. Address and ZIP code do not match. An authorization may still exist on the cardholder’s account.
113 Merchant sale total will exceed the sales cap with current transaction. ACH transactions only.
114 Card Security Code (CSC) Mismatch. An authorization may still exist on the cardholder’s account.
115 System busy, try again later
116 VPS Internal error. Failed to lock terminal number
117 Failed merchant rule check. One or more of the following three failures occurred:
An attempt was made to submit a transaction that failed to meet the security settings specified on the VeriSign Manager Security Settings page. If the transaction exceeded the Maximum Amount security setting, then no values are returned for AVS or CSC. See VeriSign Manager User’s Guide for information on the Security Settings page.
AVS validation failed. The AVS return value should appear in the RESPMSG.CSC validation failed. The CSC return value should appear in the RESPMSG.
Table 4-2 VeriSign transaction RESULT values and RESPMSG text (Continued)
RESULT RESPMSG and Explanation
50 VeriSign, Inc. 00000013/Rev. 7
Chapter 4 Responses to SDK Credit Card Transaction Requests
118 Invalid keywords found in string fields
122 Merchant sale total will exceed the credit cap with current transaction. ACH transactions only.
125 Fraud Protection Services Filter — Declined by filters
126 Fraud Protection Services Filter — Flagged for review by filters
Important Note: Result code 126 indicates that a transaction triggered a fraud filter. This is not an error, but a notice that the transaction is in a review status. The transaction has been authorized but requires you to review and to manually accept the transaction before it will be allowed to settle.
This result occurred due to that fact that all new Payflow accounts include a “test drive” of the Fraud Protection Services at no charge. The filters are on by default, and a suspicious transaction triggered Result code 126. You can modify these settings based on your business needs.
Result code 126 is intended to give you an idea of the kind of transaction that is considered suspicious to enable you to evaluate whether you can benefit from using the Fraud Protection Services.
For more information, see the chapter entitled “Assessing Transactions that Triggered Filters” in Fraud Protection Services Guide or User’s Guide for Payflow Link Guide With Fraud Protection Services.
127 Fraud Protection Services Filter — Not processed by filters
128 Fraud Protection Services Filter — Declined by merchant after being flagged for review by filters.
131 Version 1 Payflow Pro SDK client no longer supported. Upgrade to the most recent version of the Payflow Pro client.
1000 Generic host error. This is a generic message returned by your credit card processor. The RESPMSG will contain more information describing the error.
1001 Buyer Authentication Service unavailable
1002 Buyer Authentication Service — Transaction timeout
1003 Buyer Authentication Service — Invalid client version
1004 Buyer Authentication Service — Invalid timeout value
1011 Buyer Authentication Service unavailable
1012 Buyer Authentication Service unavailable
Table 4-2 VeriSign transaction RESULT values and RESPMSG text (Continued)
RESULT RESPMSG and Explanation
VeriSign, Inc. 00000013/Rev. 7 51
VeriSign Payment Services Payflow Pro Developer’s Guide
1013 Buyer Authentication Service unavailable
1014 Buyer Authentication Service — Merchant is not enrolled for Buyer Authentication Service (3-D Secure). To enroll, log in to VeriSign Manager, click Security, and then click the Buyer Authentication Service banner on the page.
1016 Buyer Authentication Service — 3-D Secure error response received. Instead of receiving a PARes response to a Validate Authentication transaction, an error response was received.
1017 Buyer Authentication Service — 3-D Secure error response is invalid. An error response is received and the response is not well formed for a Validate Authentication transaction.
1021 Buyer Authentication Service — Invalid card type
1022 Buyer Authentication Service — Invalid or missing currency code
1023 Buyer Authentication Service — merchant status for 3D secure is invalid
1041 Buyer Authentication Service — Validate Authentication failed: missing or invalid PARES
1042 Buyer Authentication Service — Validate Authentication failed: PARES format is invalid
1043 Buyer Authentication Service — Validate Authentication failed: Cannot find successful Verify Enrollment
1044 Buyer Authentication Service — Validate Authentication failed: Signature validation failed for PARES
1045 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid amount in PARES
1046 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid acquirer in PARES
1047 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid Merchant ID in PARES
1048 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid card number in PARES
1049 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid currency code in PARES
Table 4-2 VeriSign transaction RESULT values and RESPMSG text (Continued)
RESULT RESPMSG and Explanation
52 VeriSign, Inc. 00000013/Rev. 7
Chapter 4 Responses to SDK Credit Card Transaction Requests
RESULT Values for Communications ErrorsA value for RESULT less than zero indicates that a communication error occurred. In this case, no transaction is attempted.
A value of -1 or -2 usually indicates a configuration error. Either the VeriSign server is unavailable, or incorrect server/socket pairs have been specified. A value of -1 can also result when there are Internet connectivity errors. Refer other errors to VeriSign at [email protected].
1050 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid XID in PARES
1051 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid order date in PARES
1052 Buyer Authentication Service — Validate Authentication failed: This PARES was already validated for a previous Validate Authentication transaction
Table 4-2 VeriSign transaction RESULT values and RESPMSG text (Continued)
RESULT RESPMSG and Explanation
Table 4-3 RESULT values for communications errors
RESULT Description
-1 Failed to connect to host
-2 Failed to resolve hostname
-5 Failed to initialize SSL context
-6 Parameter list format error: & in name
-7 Parameter list format error: invalid [ ] name length clause
-8 SSL failed to connect to host
-9 SSL read failed
-10 SSL write failed
-11 Proxy authorization failed
-12 Timeout waiting for response
-13 Select failure
-14 Too many connections
VeriSign, Inc. 00000013/Rev. 7 53
VeriSign Payment Services Payflow Pro Developer’s Guide
-15 Failed to set socket options
-20 Proxy read failed
-21 Proxy write failed
-22 Failed to initialize SSL certificate
-23 Host address not specified
-24 Invalid transaction type
-25 Failed to create a socket
-26 Failed to initialize socket layer
-27 Parameter list format error: invalid [ ] name length clause
-28 Parameter list format error: name
-29 Failed to initialize SSL connection
-30 Invalid timeout value
-31 The certificate chain did not validate, no local certificate found
-32 The certificate chain did not validate, common name did not match URL
-99 Out of memory
Table 4-3 RESULT values for communications errors (Continued)
RESULT Description
54 VeriSign, Inc. 00000013/Rev. 7
5. Testing Payflow Pro Credit Card Transactions
To test your application, direct all transactions to test-payflow.verisign.com. Transactions directed to this URL are processed through VeriSign’s simulated payment network, enabling you to test the configuration and operation of your application or storefront — no money changes hands. (You must activate your account and configure your application for live transactions before accepting real orders.)
Note New Payflow accounts include a “test drive” of the Fraud Protection Services at no charge. This means that you might encounter Result 126 for transactions that triggered the test Fraud Protection filters. Result 126 is intended to give you an idea of the kind of transaction that is considered suspicious so you can evaluate whether you can benefit from using the Fraud Protection Services.
For more information, see the chapter entitled “Assessing Transactions that Triggered Filters” in Fraud Protection Services Guide or User’s Guide for Payflow Link Guide With Fraud Protection Services.
Testing GuidelinesWhile testing, use only the credit card numbers listed in this chapter. Other numbers produce an error.
Expiration Date must be a valid date in the future (use the mmyy format).
To view the credit card processor that you have selected for testing, see Account Info → Processor Info in VeriSign Manager.
VeriSign, Inc. 00000013/Rev. 7 55
VeriSign Payment Services Payflow Pro Developer’s Guide
Differences Between Responses Returned by Live (Production) Servers and Test Servers
For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric, for example V53A17230645.
For Live servers, all of the first four characters in the PNREF value are alpha characters (letters), for example: VPNE12564395.
Credit Card Numbers Used for TestingUse the following credit card numbers for testing. Any other card number produces a general failure.
Table 5-1 Test credit card numbers
American Express 378282246310005
American Express 371449635398431
Amex Corporate 378734493671000
Australian BankCard 5610591081018250
Diners Club 30569309025904
Diners Club 38520000023237
Discover 6011111111111117
Discover 6011000990139424
JCB 3530111333300000
JCB 3566002020360505
MasterCard 5555555555554444
MasterCard 5105105105105100
Visa 4111111111111111
Visa 4012888888881881
Visa 4222222222222
Note: Even though this number has a different character count than the other test numbers, it is the correct and functional number.
56 VeriSign, Inc. 00000013/Rev. 7
Chapter 5 Testing Payflow Pro Credit Card Transactions
Testing Result Codes ResponsesYou can use the amount of the transaction to generate a particular Result code. Table 5-2 lists the general guidelines for specifying amounts. Table 5-3 lists VeriSign result codes that are supported by this testing mechanism.
Note For all hosts except Global Payments Central (MAPP): Credit (C) and Force (F) transactions will always be approved regardless of dollar amount or card number.
VeriSign Result Codes Returned Based on Transaction AmountThis table lists the VeriSign Result codes that you can generate using the amount of the transaction. To generate a specific code, submit an amount of 1000 plus the code number (for example, submit an amount of 1013 for a Result code of 13).
Table 5-2 Result codes resulting from amount submitted
Amount Result (RESPMSG)
$0 – $1000 0 (Approved)
$1001 – $2000 Certain amounts in this range will return specific VeriSign result codes, and can be generated by adding $1000 to that result code. For example, for Result 13 (Referral), submit the amount 1013.
If the amount is in this range but does not correspond to a VeriSign result code supported by this testing mechanism, result 12 (Declined) is returned.
$2001+ 12 – Decline
Table 5-3 VeriSign result codes supporting the amount control
Processor Result Codes available for testing
FDMS Nashville 0, 12, 13, 104
Paymentech 0, 12, 13, 104
Vital 0, 4, 12, 13, 23, 104, 114, 1000
Nova 0, 12, 13, 104
FDMS South 0, 12, 13, 104
VeriSign, Inc. 00000013/Rev. 7 57
VeriSign Payment Services Payflow Pro Developer’s Guide
Alternative Methods for Generating Specific Result CodesThis table shows another method for obtaining VeriSign result codes. Non-zero results from processors are not returned by VeriSign’s servers, and therefore cannot be simulated using the amount. In some cases, you may get certain results using the result code plus 1000 even though this table suggests another means of obtaining the result code.
Amex 0, 12, 13, 104, 1000
Global Payments East (NDCE)
0, 4, 5, 12, 13, 23, 24, 30, 100, 104, 114, 1000
Global Payments Central (MAPP)
0, 4, 5, 8, 12, 13, 23, 24, 104, 111, 114, 1000
Table 5-3 VeriSign result codes supporting the amount control
Processor Result Codes available for testing
Table 5-4 Obtaining VeriSign result code
Result Definition How to test using Payflow Pro
0 Approved Use an AMOUNT of $1000 or less
For all hosts except Global Payments Central (MAPP), PBS, and FDRA: Credit (C) and Force (F) transactions will always be approved regardless of dollar amount or card number.
1 User authentication failed Use an invalid PWD
2 Invalid tender Use an invalid TENDER, such as G
3 Invalid transaction type Use an invalid TRXTYPE, such as G
4 Invalid amount Use an invalid AMOUNT, such as –1
5 Invalid merchant information Use an AMOUNT of 1005. Applies only to the following processors: Global Payments East and Central, and American Express).
7 Field format error Submit a Delayed Capture transaction with no ORIGID
10 Too many line items OBSOLETE.
12 Declined Use an AMOUNT of 1012 or an AMOUNT of 2001 or more
13 Referral Use an AMOUNT of 1013
58 VeriSign, Inc. 00000013/Rev. 7
Chapter 5 Testing Payflow Pro Credit Card Transactions
19 Original transaction ID not found
Submit a Delayed Capture transaction with an invalid ORIGID
22 Invalid ABA number Applies only to ACH transactions – submit an invalid ABA number (8 digits)
23 Invalid account number Submit an invalid account number, for example, 000000000000000
24 Invalid expiration date Submit an invalid expiration date, for example, 0298
25 Transaction type not mapped to this host
Submit a transaction for a card or tender you are not currently set up to accept, for example, a Diners card if you aren’t set up to accept Diners.
29 Invalid XML document Pass a bad XML document (XMLPay users only).
30 Duplicate Transaction Use an AMOUNT of 1030. Only applies to Global Payments East and Central processors.
50 Insufficient funds available Use an amount of 1050. Only applies to Paymentech.
99 General error Use an AMOUNT of 1099. Only applies to Global Payments East.
100 Invalid transaction returned from host
Use an AMOUNT of 1100. Only applies to Global Payments East and Central.
101 Time-out value too small Set timeout value to 1.
103 Error reading response from host
Use an AMOUNT of 1103.
104 Timeout waiting for processor response
Use an AMOUNT of 1104.
105 Credit error Attempt to credit an authorization.
108 Void error Attempt to void a captured authorization.
111 Capture error Capture an Authorization transaction twice or attempt to capture a transaction that is not an Authorization transaction.
112 Failed AVS check You cannot generate this RESULT value by submitting an amount of 1112, but must submit a value for AVS that will fail.In production, this error occurs only if your account is configured by VeriSign customer service to use the “AVS Deny” feature.
Table 5-4 Obtaining VeriSign result code (Continued)
VeriSign, Inc. 00000013/Rev. 7 59
VeriSign Payment Services Payflow Pro Developer’s Guide
Testing Address Verification Service (AVS)The VeriSign testing server simulates AVS by returning a value for AVSADDR based on the first three characters of the submitted value for STREET.The testing server returns a value for AVSZIP based on the submitted ZIP value as shown in the table.
If STREET starts with 667 or higher or begins with a non-numeric character, then the simulator returns AVSADDR=X, AVSZIP=X.
113 Cannot exceed sales cap Applies to ACH transactions only.
114 CVV2 Mismatch Use an AMOUNT of 1114. Only applies to Vital and Global Payments East and Central processors.
1000 Generic Host Error Use an AMOUNT of 2000. Does not apply to Nova, American Express, or Global Payments East processors.
Table 5-4 Obtaining VeriSign result code (Continued)
Table 5-5 Testing AVSADDR
Submitted Value for STREET Example STREET Value AVSADDR Result
000-333 24285 Elm Y
334-666 49354 Main N
667 or higher or begins with a non-numeric character
79232 Maple X
Table 5-6 Testing AVSZIP
Submitted Value for ZIP Example ZIP Value AVSZIP Result
00000-50000 00382 Y
50001-99999 94303 N
Any value (if street address is 667 or higher or begins with a non-numeric character)
STREET=79232 Maple, ZIP=20304
X
60 VeriSign, Inc. 00000013/Rev. 7
Chapter 5 Testing Payflow Pro Credit Card Transactions
Testing Card Security Code (CVV2)If you submit a value for the card security code (CVV2), the cardholder’s bank returns a Yes / No / Not Supported (Y / N / X) response on whether the value matches the number on file at the bank. CSC is described in “Card Security Code (CSC) Validation” on page 39.
Tip Some processors decline failed card security code without returning a CVV2MATCH value. Test the results and check with your processor to determine whether they support CSC checking.
For the testing server, the first three characters of the CVV2 value determine the CVV2MATCH result, as shown here.
Testing TeleCheck TransactionsSee Appendix B, “Performing TeleCheck Electronic Check Transactions.” for information on testing TeleCheck transactions.
Table 5-7 Testing CVV2MATCH
CVV2 Value CVV2MATCH Value
000-300 Y
301-600 N
601 or higher X
VeriSign, Inc. 00000013/Rev. 7 61
VeriSign Payment Services Payflow Pro Developer’s Guide
62 VeriSign, Inc. 00000013/Rev. 7
6. Activating Your Payflow Account
When you are ready to activate your VeriSign Payflow Pro account (submit customer transactions to collect funds), follow these steps:
1 Log in to VeriSign Manager (https://manager.verisign.com).
2 Click the Click Here to Activate Your Account button and follow the on-screen instructions.
3 Point your clients to the Active Payflow Pro servers. In your client applications, change test-payflow.verisign.com to payflow.verisign.com
Change test-payflow.verisign.com to payflow.verisign.com wherever pfpro is invoked. For the executable client, this is in your CGI script analogous to cgitest.cgi in the testing examples.
The individual Readme files for the other SDKs contain references to test-payflow.verisign.com. Change all references to payflow.verisign.com.
VeriSign, Inc. 00000013/Rev. 7 63
VeriSign Payment Services Payflow Pro Developer’s Guide
64 VeriSign, Inc. 00000013/Rev. 7
A. Processors Requiring Additional Transaction Parameters
This appendix lists both required and optional parameters supplementary to the common parameter set.
In this Appendix“American Express” on page 66
“First Data Merchant Services (FDMS) Nashville” on page 68
“First Data Merchant Services (FDMS) South” on page 71
“Nova” on page 76
“Paymentech” on page 78
“Vital” on page 80
VeriSign, Inc. 00000013/Rev. 7 65
VeriSign Payment Services Payflow Pro Developer’s Guide
American Express
Additional Credit Card Parameters, American ExpressIn addition to the “Parameters Used in Credit Card Transactions” on page 19, American Express accepts the following parameters:
Mail: American Express19640 N. 31st AvenuePhoenix, AZ 85027
Phone: 800-297-5555
Table A-1 American Express additional parameters
Parameter Description Required Type Length
RECURRING Identifies the transaction as recurring. This value does not activate VeriSign’s Recurring Billing Service APIs.
If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming Credit, Void, and Force transactions.
If you subscribe to VeriSign’s Fraud Protection Services:
– To avoid charging you to filter recurring transactions that you know are reliable, the fraud filters do not screen recurring transactions.
– To screen a prospective recurring customer, submit the transaction data using VeriSign Manager’s Manual Transactions page. The filters screen the transaction in the normal manner. If the transaction triggers a filter, then you can follow the normal process to review the filter results.
No Alpha- numeric
Y or N
1
SWIPE Allows Track 1 and Track 2 data to be passed to enable a card-present transaction.
No Alpha- numeric
80
66 VeriSign, Inc. 00000013/Rev. 7
Appendix A Processors Requiring Additional Transaction Parameters
Commercial Card Parameters, American ExpressThe following parameters are recommended to obtain the best rates for processing commercial purchasing cards with American Express:
Table A-2 American Express commercial card parameters
Parameter Description Required Type Length
PONUM Up to 17 alphanumeric characters, specified by the cardholder to identify the order. Usually used as a Purchase Order number.
No Alpha-numeric
17
DESC General description of the transaction. No (but provides best rate when used)
Alpha-numeric
23
DESC1-4 Up to 4 lines of additional description of the charge.
No Alpha-numeric
40
INVNUM Merchant invoice number. This reference number (PNREF—generated by VeriSign) is used for authorizations and settlements.The Acquirer decides if this information will appear on the merchant’s bank reconciliation statement.
No Numeric 9
SHIPTOZIP Ship to postal code (called ZIP code in the USA).
No (but provides best rate when used)
Alpha-numeric
6
TAXAMT Tax Amount. Do not include comma separators. Use 1199.95 instead of 1,199.95.
No (but provides best rate when used)
Currency 10
VeriSign, Inc. 00000013/Rev. 7 67
VeriSign Payment Services Payflow Pro Developer’s Guide
First Data Merchant Services (FDMS) Nashville
Additional Credit Card Parameters, FDMS NashvilleIn addition to the “Parameters Used in Credit Card Transactions” on page 19, FDMS Nashville accepts the following parameters:
Mail: First Data Corporation2525 Perimeter Place DriveSuite 123Nashville, TN 37214
Phone: 800-647-3722
68 VeriSign, Inc. 00000013/Rev. 7
Appendix A Processors Requiring Additional Transaction Parameters
Table A-3 FDMS Nashville additional parameters
Parameter Description Required Type Length
INVNUM Merchant invoice number. This reference number (PNREF—generated by VeriSign) is used for authorizations and settlements.The Acquirer decides if this information will appear on the merchant’s bank reconciliation statement.
No Numeric 10
RECURRING Identifies the transaction as recurring. This value does not activate VeriSign’s Recurring Billing Service APIs.
If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming Credit, Void, and Force transactions.
If you subscribe to VeriSign’s Fraud Protection Services:
– To avoid charging you to filter recurring transactions that you know are reliable, the fraud filters do not screen recurring transactions.
– To screen a prospective recurring customer, submit the transaction data using VeriSign Manager’s Manual Transactions page. The filters screen the transaction in the normal manner. If the transaction triggers a filter, then you can follow the normal process to review the filter results.
No Alpha- numeric
Y or N
1
SWIPE Allows Track 1 and Track 2 data to be passed to enable a card-present transaction.
No Alpha- numeric
80
VeriSign, Inc. 00000013/Rev. 7 69
VeriSign Payment Services Payflow Pro Developer’s Guide
Commercial Card Parameters, FDMS NashvilleThe following parameters are recommended to obtain the best rates for processing commercial cards with FDMS Nashville.
Table A-4 FDMS commercial card parameters
Parameter Description Required Type Length
COMMCARD One-character value representing type of commercial card account number sent.
P Purchase CardC Corporate CardB Business CardU Unknown (default)N None
No (defaults to U - Unknown)
Alpha- numeric
1
DUTYAMT Sometimes called import tax. Amount should always be a decimal. Exact amount to the cent (34.00, not 34). Do not include comma separators. Use 1199.95 instead of 1,199.95.
No Currency 10
FREIGHTAMT Freight Amount. Amount should always be a decimal. Exact amount to the cent (34.00, not 34). Do not include comma separators. Use 1199.95 instead of 1,199.95.
No Currency 10
PONUM Purchase Order Number. No (but provides best rate when used)
Alpha- numeric
25
SHIPTOZIP Ship to postal code (called ZIP code in the USA).
No (but provides best rate when used)
Numeric 9
TAXAMT Tax Amount. Amount should always be a decimal. Exact amount to the cent (34.00, not 34). Do not include comma separators. Use 1199.95 instead of 1,199.95.
No (but provides best rate when used)
Currency 10
TAXEXEMPT Is the customer tax exempt? Y or N No Alpha 1
70 VeriSign, Inc. 00000013/Rev. 7
Appendix A Processors Requiring Additional Transaction Parameters
First Data Merchant Services (FDMS) South
Additional Credit Card Parameters, FDMS SouthIn addition to the “Parameters Used in Credit Card Transactions” on page 19, FDMS South accepts the following parameters:
Purchase Card Parameters, FDMS SouthThe following parameters are recommended to obtain the best rates for processing purchase cards (Level 2/3) with FDMS South:
Mail: First Data CorporationBusiness Payment Services Group4000 Coral Ridge DriveCoral Springs, FL 33065
Phone: 800-326-2217
Table A-5 FDMS South additional parameters
Parameter Description Required Type Length
SWIPE Allows Track 1 and Track 2 data to be passed to enable a card-present transaction.
No Alpha- numeric
80
Table A-6 FDMS South purchase card parameters
Parameter Description Required Type Length
CITY Cardholder’s city. No Alpha 13
COUNTRYCODE Destination Country Code. Visa and MasterCard are different. Refer to Country Code tables. (See Appendix G, “ISO Country Codes.”)
No Alpha 3
CUSTCODE Customer code/customer reference ID No Alpha- numeric
17
DISCOUNT Discount amount on total sale No Currency 10
VeriSign, Inc. 00000013/Rev. 7 71
VeriSign Payment Services Payflow Pro Developer’s Guide
DUTYAMT Sometimes called import tax. If the currency uses a decimal, then this parameter should specify the exact amount to the last decimal place (for example, 34.00, not 34). See “FDMS South Currency Codes and Decimal Positions” on page 139. Do not include comma separators in the amount. Use 1199.95 instead of 1,199.95.
No Currency 10
FIRSTNAME Cardholder’s first name. No Alpha 15
FREIGHTAMT Freight Amount - If the currency uses a decimal, then this parameter should specify the exact amount to the last decimal place (for example, 34.00, not 34). See “FDMS South Currency Codes and Decimal Positions” on page 139. Do not include comma separators in the amount. Use 1199.95 instead of 1,199.95.
No Currency 10
INVNUM Merchant invoice number. This reference number (PNREF—generated by VeriSign) is used for authorizations and settlements.The Acquirer decides if this information will appear on the merchant’s bank reconciliation statement.
No Numeric 10
LASTNAME Cardholder’s last name. No Alpha 15
ORDERDATE Order date: Format is mmddyy with no slashes or dashes. Example: July 28, 2003 would be 072803.
No Numeric 6
Table A-6 FDMS South purchase card parameters (Continued)
Parameter Description Required Type Length
72 VeriSign, Inc. 00000013/Rev. 7
Appendix A Processors Requiring Additional Transaction Parameters
ORDERDATETIME Order time and date. Format is either YYYY-MM-DD or YYYY-MM-DD HH:MI:SS (where HH is in 24-hour time).
If the value does not conform to one of the formats or if the date is not valid (for example, 2004-17-35), then the transaction is rejected with a RESULT=7 (SIG_FIELD_ERR) and RESPMSG=Invalid ORDERTIME.
A truncated version of the ORDERTIME value (up to 7 characters) overwrites any value provided by ORDERDATE.
If no value is provided, a NULL value is stored.
No Alphanumeric
19
PONUM Purchase Order Number / Merchant related data
No (but provides best rate when used)
Alpha- numeric
25
SHIPFROMZIP Ship from postal code (called ZIP code in the USA).
No (but provides best rate when used)
Numeric 9
SHIPTOZIP Ship to postal code (called ZIP code in the USA).
No (but provides best rate when used)
Numeric 9
STATE Cardholder’s state. No Alpha 2
SWIPE Allows Track 1 and Track 2 data to be passed to enable a card-present transaction.
No Alpha- numeric
80
Table A-6 FDMS South purchase card parameters (Continued)
Parameter Description Required Type Length
VeriSign, Inc. 00000013/Rev. 7 73
VeriSign Payment Services Payflow Pro Developer’s Guide
Purchase Card Line Item Parameters, FDMS SouthLine item data describes the details of the item purchased and can be can be passed for each transaction. The convention for passing line item data in name/value pairs is that each name/value starts with L_ and ends with n where n is the line item number. For example L_QTY0=1 is the quantity for line item 0 and is equal to 1, with n starting at 0.
TAXAMT Tax Amount - If the currency uses a decimal, then this parameter should specify the exact amount to the last decimal place (for example, 34.00, not 34). See “FDMS South Currency Codes and Decimal Positions” on page 139. Do not include comma separators in the amount. Use 1199.95 instead of 1,199.95.
No (but provides best rate when used)
Currency 10
TAXEXEMPT Is the customer tax exempt? Y or N No Alpha 1
Table A-6 FDMS South purchase card parameters (Continued)
Parameter Description Required Type Length
Table A-7 Purchase card line item parameters
Parameter Description Required Type Length
L_QTYn Quantity (whole units only) Yes Numeric 10
L_COMMCODEn Item commodity code No Alpha- numeric
12
L_DESCn Item description No Alpha-
numeric
35
L_UOMn Item unit of measure. See “Units of Measure” on page 134.
No Alpha 3
L_COSTn Cost per item, excluding tax No Currency 10
L_PRODCODEn Supplier specific product code No Alpha-
numeric
12
L_DISCOUNTn Discount per line item No Currency 10
74 VeriSign, Inc. 00000013/Rev. 7
Appendix A Processors Requiring Additional Transaction Parameters
Purchase Card Level 2 and 3 Examplepfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&STATE=CA&FIRSTNAME=John&LASTNAME=Smith&CITY=Redwood&COUNTRYCODE=USA&CUSTCODE=12345&DISCOUNT=.25&DUTYAMT=34.00&FREIGHTAMT=12.00&INVNUM=1234567890&ORDERDATE=021700&PONUM=1234567890123456789012345&SHIPFROMZIP=940151234&SHIPTOZIP=94065&TAXAMT=1.00&TAXEXEMPT=Y”30
Line Item Parameter Examplepfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&STATE=CA&FIRSTNAME=John&LASTNAME=Smith&CITY=Redwood&COUNTRYCODE=USA&CUSTCODE=12345&DISCOUNT=.25&DUTYAMT=34.00&FREIGHTAMT=12.00&INVNUM=1234567890&ORDERDATE=021700&PONUM=1234567890123456789012345&SHIPFROMZIP=940151234&SHIPTOZIP=94065&TAXAMT=1.00&TAXEXEMPT=Y&L_QTY1=1&L_UPC1=PN&L_DESC1=Test&L_UOM1=INQ&L_COST1=1.00&L_PRODCODE1=12345&L_DISCOUNT1=.25&&L_AMT1=.75&L_TAXAMT1=0” 30
L_AMTn Total line item amount including tax and discount. + for debit, - for credits
Yes Currency 10
L_TAXAMTn Line item Tax amount No Currency 10
Table A-7 Purchase card line item parameters (Continued)
Parameter Description Required Type Length
VeriSign, Inc. 00000013/Rev. 7 75
VeriSign Payment Services Payflow Pro Developer’s Guide
Nova
Additional Credit Card Parameters, NovaIn addition to the “Parameters Used in Credit Card Transactions” on page 19, Nova accepts the following parameter:
Mail: Nova Information Systems, Inc.Knoxville Operations Center7300 Chapman HighwayKnoxville, TN 37920-6609
Phone: 800-725-1243
Table A-8 Vital additional parameters
Parameter Description Required Type Length
RECURRING Identifies the transaction as recurring. This value does not activate VeriSign’s Recurring Billing Service APIs.
If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming Credit, Void, and Force transactions.
If you subscribe to VeriSign’s Fraud Protection Services:
– To avoid charging you to filter recurring transactions that you know are reliable, the fraud filters do not screen recurring transactions.
– To screen a prospective recurring customer, submit the transaction data using VeriSign Manager’s Manual Transactions page. The filters screen the transaction in the normal manner. If the transaction triggers a filter, then you can follow the normal process to review the filter results.
No Alpha- numeric
Y or N
1
76 VeriSign, Inc. 00000013/Rev. 7
Appendix A Processors Requiring Additional Transaction Parameters
Commercial Card Parameters, NovaThe following parameters are recommended to obtain the best rates for processing commercial cards with Nova:
Table A-9 Nova Commercial Card Parameters
Parameter Description Required Type Length
PONUM Purchase Order Number No (when used provides best rate)
Alphanumeric
25
TAXAMT Tax Amount - The amount should always specify a decimal, and the exact amount, to the cent (34.00, not 34). Do not include comma separators in the amount. Use 1199.95 instead of 1,199.95.
No (when used provides best rate)
Currency 10
VeriSign, Inc. 00000013/Rev. 7 77
VeriSign Payment Services Payflow Pro Developer’s Guide
Paymentech
Additional Credit Card Parameters, PaymentechIn addition to the “Parameters Used in Credit Card Transactions” on page 19, Paymentech accepts the following parameters. For best AVS results, pass the city and state parameters in the parameter list.
Mail: Paymentech4 Northeastern Blvd.Salem, NH 03079
Phone: 800-782-1266
Table A-10 Additional credit card parameters
Parameter Description Required Type Length
CITY Cardholder’s billing city. No Alpha 20
INVNUM Merchant invoice number. This reference number (PNREF—generated by VeriSign) is used for authorizations and settlements.The Acquirer decides if this information will appear on the merchant’s bank reconciliation statement.
No Numeric 10
MERCHDESCR
Merchant descriptor.
For example, ABCCMPY*FALLCATALOG
No Alphanumeric 22
MERCHSVC Merchant telephone number.
For example, 603-555-1212
No Alphanumeric 13
STATE Cardholder’s billing state. No Alpha 2
78 VeriSign, Inc. 00000013/Rev. 7
Appendix A Processors Requiring Additional Transaction Parameters
SWIPE Allows Track 1 and Track 2 data to be passed to enable a card-present transaction.
No Alpha- numeric
80
RECURRING Identifies the transaction as recurring. This value does not activate VeriSign’s Recurring Billing Service APIs.
If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming Credit, Void, and Force transactions.
If you subscribe to VeriSign’s Fraud Protection Services:
– To avoid charging you to filter recurring transactions that you know are reliable, the fraud filters do not screen recurring transactions.
– To screen a prospective recurring customer, submit the transaction data using VeriSign Manager’s Manual Transactions page. The filters screen the transaction in the normal manner. If the transaction triggers a filter, then you can follow the normal process to review the filter results.
No Alpha- numeric
Y or N
1
Table A-10 Additional credit card parameters (Continued)
Parameter Description Required Type Length
VeriSign, Inc. 00000013/Rev. 7 79
VeriSign Payment Services Payflow Pro Developer’s Guide
Vital
Additional Credit Card Parameters, VitalIn addition to the “Parameters Used in Credit Card Transactions” on page 19, Vital accepts the following parameter:
Mail: VitalVisanet Processing Services8320 South Hardy RoadTempe, AZ 85284
Phone: 800-847-2772 (Help Desk)
Table A-11 Vital additional parameters
Parameter Description Required Type Length
SWIPE Allows Track 1 and Track 2 data to be passed to enable a card-present transaction.
No Alpha- numeric
80
RECURRING Identifies the transaction as recurring. This value does not activate VeriSign’s Recurring Billing Service APIs.
If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming Credit, Void, and Force transactions.
If you subscribe to VeriSign’s Fraud Protection Services:
– To avoid charging you to filter recurring transactions that you know are reliable, the fraud filters do not screen recurring transactions.
– To screen a prospective recurring customer, submit the transaction data using VeriSign Manager’s Manual Transactions page. The filters screen the transaction in the normal manner. If the transaction triggers a filter, then you can follow the normal process to review the filter results.
No Alpha- numeric
Y or N
1
80 VeriSign, Inc. 00000013/Rev. 7
B. Performing TeleCheck Electronic Check Transactions
This chapter describes the process of performing electronic check transactions. Responses to transaction requests are described in Appendix C, “Responses to TeleCheck Transaction Requests.”
VeriSign offers electronic check acceptance through TeleCheck. Before processing electronic check transactions, merchants must obtain an account through TeleCheck (www.telecheck.com).
Note For information on credit card transactions, skip this chapter and see Chapter 3, “Performing Credit Card Transactions.”
For information on performing ACH transactions, contact your VeriSign Sales Representative at [email protected] or visit http://www.verisign.com/products/payflow/ach/findoutmore.html
TeleCheck Contact InformationMail: TeleCheck Merchant Services
PO Box 4513Houston, TX 77210-4513
Phone: 800-366-1054 (Merchant Services)
VeriSign, Inc. 00000013/Rev. 7 81
VeriSign Payment Services Payflow Pro Developer’s Guide
TeleCheck Transaction Syntax
Note The examples in this chapter use the syntax of the pfpro executable client. Other Payflow Pro clients differ in where and how the parameter values are set, but the meaning and uses are the same.
Use the following syntax when calling the Payflow Pro client (pfpro) to process a TeleCheck transaction. Table B-1 describes the arguments to the pfpro executable client command
pfpro <HostAddress> <HostPort> “<ParmList>” <TimeOut> <ProxyAddress> <ProxyPort> <ProxyLogon> <ProxyPassword>
For example:
pfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=K&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&AMT=123.00&MICR=1234567804390850014321&CHKNUM=4321&NAME=Lydia Chin&STREET=121 Park Street&CITY=Pleasanton&STATE=MA
&ZIP=123451234&DL=MA1234567&[email protected]”30
Table B-1 Arguments to the pfpro executable client
Argument Re-quired
Description
HOSTADDRESS Yes VeriSign’s host name.For live transactions, use payflow.verisign.com For testing purposes use test-payflow.verisign.com
HOSTPORT Yes VeriSign host port number: Use port 443.
PARMLIST Yes The ParmList is the list of parameters that specify the payment information for the transaction. The quotation marks “ ” at the beginning and end are required. In the example, the ParmList is:
“TRXTYPE=S&TENDER=K&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&AMT=123.00&MICR=1234567804390850014321&CHKNUM=4321&NAME=Lydia Chin&STREET=121 Park Street&CITY=Pleasanton&STATE=MA&ZIP=123451234&DL=MA1234567&[email protected]”
All parameters used in TeleCheck transactions are described in Table B-2 on page 85.
82 VeriSign, Inc. 00000013/Rev. 7
Appendix B Performing TeleCheck Electronic Check Transactions
Command Syntax GuidelinesFollow these guidelines:
The command must be a single string with no line breaks.
Use spaces as argument separators.
Enclose the ParmList in quotation marks (“”).
Quotation marks (“”) are absolutely not allowed in the body of the ParmList.
Separate all name/value pairs in the ParmList using an ampersand (&).
Calling pfpro without the required parameters results in an error message.
Using Special Characters in ValuesBecause the ampersand (&) and equal sign (=) characters have special meanings in the ParmList, name/value pairs like NAME=Ruff & Johnson, and COMMENT1=Level=5 are not valid.
To use the & and = characters in the value of a name/value pair, use a length tag. A length tag specifies the exact number of characters and spaces that appear in the value. The following name/value pairs are valid:
NAME[14]=Ruff & Johnson
COMMENT1[7]=Level=5
TIMEOUT Yes Time-out period for the transaction. The minimum recommended time-out value is 30 seconds. The VeriSign client begins tracking from the time that it sends the transaction request to the VeriSign server.
PROXYADDRESS No Proxy server address. Use the PROXY parameters for servers behind a firewall. Your network administrator can provide the values.
PROXYPORT No Proxy server port
PROXYLOGON No Proxy server logon ID
PROXYPASSWORD No Proxy server logon password
Table B-1 Arguments to the pfpro executable client
Argument Re-quired
Description
VeriSign, Inc. 00000013/Rev. 7 83
VeriSign Payment Services Payflow Pro Developer’s Guide
Note Quotation marks (“”) are absolutely not allowed in the body of the ParmList, even if you use length tags.
TeleCheck ParametersParameters used for processing electronic checks through TeleCheck are described in Table B-2. Required and optional parameters are noted.
Note Appendix E, “Additional Reporting Parameters,” provides a list of parameters that you can pass for reporting purposes.
Required ParametersAs a summary of Table B-2, the following parameters are required for every electronic check transaction:
TRXTYPETENDERCHKTYPEPARTNERVENDORUSERPWDAMTCITYDL or SSCHKNUMEMAILMICRNAMESTATESTREETZIP
84 VeriSign, Inc. 00000013/Rev. 7
Appendix B Performing TeleCheck Electronic Check Transactions
Table B-2 TeleCheck Parameters
Parameter Description Required Type Length
AMT This is the transaction amount in U.S. dollars. The transaction amount should always specify a decimal, and the exact amount to the cent (for example, 34.00, instead of 34). Do not include comma separators in the amount. Use 1199.95 not 1,199.95.
Yes Numeric
US Dollars only.
7
CITY Account holder’s city Yes Alpha 20
COMMENT1 User-defined value for reporting and auditing purposes.
No Alpha-numeric
128
COMMENT2 User-defined value for reporting and auditing purposes.
No Alpha-numeric
128
CHKNUM Account holder’s next unused (available) check number
Yes Numeric 7
CHKTYPE Check type: P: personal (default) or C: company
If CHKTYPE=P, then a value for either DL or SS must be passed as an identifier.
If CHKTYPE=C, then the Federal Tax ID must be passed as the SS value.
Yes Alpha
DL Driver’s license number. If CHKTYPE=P, a value for either DL or SS must be passed as an identifier.
Format: XXnnnnnnnn
XX = State Code
nnnnnnnn = DL Number
Yes Alpha-numeric
33
DOB Account holder’s date of birth. Format: mmddyyyy. For example, July 28, 1965 is represented as 07281965.
No Alpha-numeric
8
EMAIL Account holder’s e-mail address Yes Alpha-numeric
40
INVNUM Check invoice number No Alpha-numeric
17
VeriSign, Inc. 00000013/Rev. 7 85
VeriSign Payment Services Payflow Pro Developer’s Guide
MICR Magnetic Ink Check Reader. This is the entire line of numbers at the bottom of all checks. It includes the transit number, account number, and check number.
Yes Alpha-numeric
35
NAME Account holder’s name as it appears on the check
Yes Alpha-numeric
30
PARTNER The authorized VeriSign Reseller that registered you for the Payflow Pro service provided you with a Partner ID. If you registered yourself, use VeriSign.
This parameter is case-sensitive.
Yes Alpha-numeric
12
PHONENUM Account holder’s telephone number No Numeric 20
PWD Case-sensitive 6- to 32-character password that you created while registering for the account.
Yes Alpha-numeric
32
SS Account holder’s social security number.
If CHKTYPE=P, a value for either DL or SS must be passed as an identifier.
If CHKTYPE=C, the Federal Tax ID must be passed as the SS value.
No Alpha-numeric
35
STATE Account holder’s state Yes Alpha 2
STREET Account holder’s street address Yes Alpha-numeric
30
TENDER Tender type (method of payment). Use only the value K (electronic check).
Yes Alpha 1
TRXTYPE Type of transaction that should be processed. Allowed transaction types: Sale (S), Void (V), Inquiry (I).
Yes Alpha 1
USER Case-sensitive login ID for the Payflow account that you created while registering for the account.
In the future, each account will allow multiple users. This parameter will specify the user.
Yes Alpha-numeric
12
Table B-2 TeleCheck Parameters (Continued)
Parameter Description Required Type Length
86 VeriSign, Inc. 00000013/Rev. 7
Appendix B Performing TeleCheck Electronic Check Transactions
Testing TeleCheck TransactionsVeriSign provides a test server to support testing and configuration.
Test Transaction ServerSubmit test transactions to test-payflow.verisign.com, using port 443.
Example Test Transactionpfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=K&CHKTYPE=P&PARTNER=<your Partner Name (typically VeriSign>&VENDOR=<your Merchant Login Name>&USER=<your Merchant Login Name>&PWD=<your Payflow Pro password>& AMT=42.00&STREET=1234 Main&CITY=Buffalo&DL=CA123456&CHKNUM=1001&EMAIL=<your e-mail address>&MICR=<Use a MICR value from Table B-3>&NAME=Sally&STATE=CA&ZIP=95050”30
VENDOR Case-sensitive Vendor ID that you created while registering for the account.
Yes Alpha-numeric
12
ZIP Account holder’s 5- to 9-digit postal code (called ZIP code in the USA). Do not use spaces, dashes, or non-numeric characters.
Yes Alpha 9
Table B-2 TeleCheck Parameters (Continued)
Parameter Description Required Type Length
Table B-3 MICR values for testing
MICR HOSTCODE TeleCheck Result
1234567804390850001001 000800 Check Approved ECA
1234567804390850011001 000801 Check Approved No ECA
1234567804390850021001 000802 Check Approved ECA, No Guarantee
1234567804390850031001 000803 Check Approved No ECA, No Guarantee
1234567804390850041001 000804 Check Decline Negative Data
1234567804390850051001 000805 Check Decline Scoring
1234567804390850071001 000807 Check Failed
VeriSign, Inc. 00000013/Rev. 7 87
VeriSign Payment Services Payflow Pro Developer’s Guide
Preparing for TeleCheck Production TransactionsBefore going into production with your check integration, you must certify your storefront with TeleCheck. To begin the certification process, send an e-mail to [email protected]. Be sure to include the following information:
Your test Web site address where test transactions can be processed
The name, e-mail address, and phone number of the person to contact about any needed corrections.
The certification process usually takes 2-3 days.
Use HostAddress value of payflow.verisign.com and HostPort of 443
Logging Transaction InformationVeriSign maintains a record of all transactions executed on your account.
Note This record is not the official bank statement. The transaction summary that you receive from TeleCheck is the official record.
Use VeriSign Manager at https://manager.verisign.com to view this record and use the information to help reconcile your accounting records.
In addition, VeriSign strongly recommends that you log all transaction results (except for check information) on your own system. At a minimum, log the following data:
PNREF
Transaction Date
Transaction Amount
HOSTCODE
If you have any questions regarding a transaction, reference the PNREF (also called the transaction ID).
88 VeriSign, Inc. 00000013/Rev. 7
C. Responses to TeleCheck Transaction Requests
This chapter describes the contents of a response to a TeleCheck transaction request.
When a transaction finishes, VeriSign returns a response string made up of name/value pairs. For example:
RESULT=0&PNREF=VXYZ01234567&HOSTCODE=000500&RESPMSG=Approved
Transaction response values are described in Table C-1.
Table C-1 Transaction responses common to all tender types
Field Description Type Length
RESULT The outcome of the attempted transaction. A result of 0 (zero) indicates the transaction was approved. Any other number indicates a decline or error. RESULT codes are described in “RESULT Codes and RESPMSG Values” on page 47.
Numeric Variable
PNREF VeriSign Reference ID, a unique number that identifies the transaction. PNREF is described in “HOSTCODE Values” on page 90.
Alpha- numeric
12
HOSTCODE TeleCheck’s response code representing the results of the transaction authorization attempt. These values are described in “HOSTCODE Values” on page 90.
Numeric 6
RESPMSG A descriptive message associated with decline or error RESULTs. Response messages are described in “RESULT Codes and RESPMSG Values” on page 47.
Alpha- numeric
Variable
VeriSign, Inc. 00000013/Rev. 7 89
VeriSign Payment Services Payflow Pro Developer’s Guide
HOSTCODE ValuesThe HOSTCODE reflects the TeleCheck server result. The following tables describe the HOSTCODE values. TeleCheck requires that you display certain verbiage to the purchaser based on the returned HOSTCODE value—check with TeleCheck for details.
Note Many of these codes will not be encountered under normal operating conditions—they are included as a troubleshooting aid. In the tables, the Frequency column indicates the likelihood that you will encounter the code.
Table C-2 Sale Approved HOSTCODE values
Code Response Description Frequency
000500 Sale Approved Sale Approved by credit card network Common
000501 Sale Time-out Sale transaction time-out in credit card network
Common
000502 Test Card Test card sale approved (never billed)
Common
000504 ANI Sale Approved 900/Telco sale approved ANI bill only
000505 PB Sale Approved Private billing sale approved PB only
000800 Sale Approved Direct Check Sale/ECA approved Direct Check
000801 Sale Approved Direct Check Sale approved (no ECA)
Direct Check
000802 Sale Approved Direct Check Sale/ECA approved no guarantee
Direct Check
000803 Sale Approved Direct Check Sale approved no ECA no guarantee
Direct Check
90 VeriSign, Inc. 00000013/Rev. 7
Appendix C Responses to TeleCheck Transaction Requests
Table C-3 Sale Declined HOSTCODE values
Code Response Description Frequency
000300 Sale Declined Sale declined by credit card network Common
000301 Sale Rejected Sale does not meet risk standards Common
000804 Check Declined Direct Check Sale declined negative data
Direct Check
000805 Check Declined Direct Check Sale Decline Scoring Direct Check
000807 Check Failure Direct Check Sale Direct Check
Table C-4 Inquiry Approved HOSTCODE values
Code Response Description Frequency
000400 OTB Approved Preauth approved. AVS matches if provided.
Common
000401 No Response No response from credit card network for preauth.
Common
000402 AVS Time-out Preauth approved, AVS timed out AVS only
000403 PB Approved Private billing approved. PB only
000410 Positive Record Previous positive history. Common
000420 Test card Approved Test Card Common
000421 OTB/AVS Approval Preauth Approved, AVS match AVS only
000503 ANI Bill approved 900/TELCO billing approved ANI bill only
Table C-5 General Failure HOSTCODE values
Code Response Description Frequency
000100 General Failure General host based failure Rare
000101 Invalid Value Invalid for one or more fields in transaction
Common
999999 Unknown Response TeleCheck received an unknown response
Rare
VeriSign, Inc. 00000013/Rev. 7 91
VeriSign Payment Services Payflow Pro Developer’s Guide
1 This data is included in risk scoring decisions and a response of 210 has higher precedence.
Table C-6 Inquiry Declined HOSTCODE values
Code Response Description Frequency
000200 Preauth Declined Declined by credit card or Telco network (LIDB)
Common
000201 PIN Mismatch Mismatch on PIN stored in TeleCheck database
Not Used
000210 Negative Card Record
Temporary and permanent blocks. Prior OTB decline, sale decline or CS block Transaction falls below minimum scoring standards. Most frequently used for risk scoring declines, where a transaction falls below minimum standards.
Common
000215 Negative ANI Record ANI previously blocked by CS Common
000220 Chargeback Card Card with chargeback history Common
000225 Chargeback ANI ANI with chargeback history Common
000230 Exceed card profile1 Card has exceeded usage limits Uncommon
000240 Too many Cards1 ANI has excessive number of cards
Uncommon
000250 Exceed ANI profile1 ANI has exceeded usage limits Uncommon
000260 Too Many Phones1 Card has been used from excessive ANI
Uncommon
000270 OTB/AVS Decline OTB decline and AVS mismatch AVS OTB only
000271 OTB/AVS Decline OTB approved and AVS mismatch AVS OTB only
000272 OTB/AVS Decline OTB decline and AVS match AVS OTB only
000280 Risk Referral Temporary Risk referral, AVS necessary
Common
000281 Card Not Qualified Card does not meet minimum bank restrictions
Not Used
000282 PB Risk Referral Private billing risk referral, AVS necessary
PB Only
92 VeriSign, Inc. 00000013/Rev. 7
D. Purchasing Card Level 2 and Level 3 Support
VeriSign Payment Services supports passing Purchasing Card Level 2 information (such as purchase order number, tax amount, and charge description) in the settlement file.
If additional required invoice information and line items details are included in the transaction, VeriSign formats Purchasing Card Level 3 information in an appropriate format, for example, EDI (Electronic Data Interchange) 810 format as required by American Express during settlement processing.
In This AppendixAbout Purchasing Cards on page 94.
About Program Levels on page 95.
Performing American Express Purchasing Card Transactions Through the American Express Processor on page 96.
Performing Global Payments - Central Purchasing Card Transactions on page 106.
Performing Global Payments - East Purchasing Card Transactions on page 107.
Performing Nova Purchasing Card Transactions on page 108.
Performing Paymentech Level 2 Purchasing Card Transactions on page 109.
Performing Vital Level 2 Purchasing Card Transactions on page 110.
VeriSign, Inc. 00000013/Rev. 7 93
VeriSign Payment Services Payflow Pro Developer’s Guide
About Purchasing CardsPurchasing Cards are used in the procurement process to eliminate paper-based order systems and associated costs, to improve control and accountability through itemized statements, to foster better risk controls through spending limits and buying from approved vendors, to reduce administrative overhead because employees are empowered to make small purchases, and to enable enterprises to negotiate better contract pricing and discounts with suppliers through the use of vendor detail reports.
To promote acceptance and usage of Purchasing Card programs, card issuers have established incentive rates for merchants. These rates are available for merchants who comply at either Level 2 or Level 3 (described in the next section). Transactions that comply at Level 1 qualify as a normal credit card transactions.
Note Card issuing institutions perform strict data verification on the enhanced data that is submitted with Level 2 or Level 3 transactions. Issuers may charge stiff penalties if fields contain either inaccurate or filler data. Only transactions that contain accurate data are eligible for the incentive rates.
94 VeriSign, Inc. 00000013/Rev. 7
Appendix D Purchasing Card Level 2 and Level 3 Support
About Program LevelsThe term Level does not apply to the card, but to the transaction data submitted for that card. Generally, a higher level means more detailed data for reporting. The following transaction levels are recognized:
Level 1: Function as normal credit cards and are authorized and associated with normal transaction data in authorization and settlement. Any merchant who accepts credit cards supports this level.
Level 2: Additional data regarding sales tax, customer code, purchase order number, invoice number are captured at the point of sale. In most cases, this information is combined with the merchant’s Tax ID number, state, and postal code data and is then passed through during settlement. For some processors and banks, however, a Level 2 authorization may include some of this data.
In most cases, this information is combined with the merchant's Tax ID number, state, and postal code data and passed through during settlement. However, for some processors and banks, a Level 2 authorization may include some of this data.
Level 3: Significant additional information such as line items, product codes, item descriptions, unit price, unit quantities, and ship-to postal data are added to the Level 2 data to provide optimal reporting to buyers and sellers. Settlement transactions typically carry Level 3 data.
Level 2 and Level 3 data is generally considered non-financial data. Lack of adequate data may cause a transaction to be downgraded.
VeriSign generally requires up to Level 2 information in an Authorization transaction followed by additional Level 3 data in the associated Delayed Capture transaction. A Sale transaction should include all Level 3 data since it is authorized and later settled.
Accepted BIN RangesVisa, MasterCard, and American Express publish specific BIN ranges for Purchasing cards. Sometimes the determination of whether a card is a Purchasing card is left to the processor (for example, Vital). In other cases, the VeriSign Payment Gateway makes the determination based on the BIN range (for example, FDMS South and AMEX).
VeriSign, Inc. 00000013/Rev. 7 95
VeriSign Payment Services Payflow Pro Developer’s Guide
Performing American Express Purchasing Card Transactions Through the American Express Processor
The information in this section applies to transactions processed by the American Express Processor, not necessarily to all American Express cards. Level 2 and Level 3 purchasing card rules may differ for American Express card transactions processed by other processors such as Paymentech or First Data Nashville.
Supported Transaction TypesYou can submit Level 3 parameters with Delayed Capture, Sale, Credit, or Force transactions. Level 3 data in Auth transactions is ignored. The VeriSign Payment Gateway decides whether a transaction meets Level 3 requirements during authorization.
Level 3 data is passed to the AMEX processor only during settlement.
Avoiding DowngradeIf a transaction uses the Purchasing card BIN range and contains a line item, but does not include all mandatory Level 3 parameters, then the transaction succeeds, but is processed as Level 2 or Level 1 during settlement (depending on which data was passed).
For downgraded transactions, with the VERBOSITY parameter set to MEDIUM or HIGH, a message like the following is returned in the ADDLMSGS field:
Features not processed: PCARD L3 (missing or invalid: InvoiceNumber RequestorName )
or
Features not processed: PCARD L3 (line-item 3 missing: Description )
Submitting Successful Level 3 TransactionsIf a transaction uses the Purchasing card BIN range, contains all mandatory Level 3 fields, and has at least one line item (with all mandatory line item fields), the VeriSign Payment Gateway flags it as Level 3.
96 VeriSign, Inc. 00000013/Rev. 7
Appendix D Purchasing Card Level 2 and Level 3 Support
Edit Check VeriSign performs an edit check on the transaction’s amount fields to ensure that all line item and tax amounts balance.
If the edit check fails, the transaction fails with Result 4: Invalid Amount.
To pass the edit check, the following relationship must be true:
Transaction Amount = Total Tax Amount + Total Freight Amount + Total Handling Amount + Total Line-Item Amount.
– Transaction Amount is the total amount for the transaction, AMT.
– Total Tax Amount is TAXAMT.
– Total Freight Amount is FREIGHTAMT, or, if not present, the summation of L_FREIGHTAMT for all line items.
– Total Handling Amount is HANDLINGAMT, or, if not present, the summation of L_HANDLINGAMT for all line items.
– Total Line-Item Amount is the summation of L_QTYn * L_COSTn for all line items (n as the line item number). For example, if there are 2 line items, then the Total Line-item Amount would be (LQTY1*LCOST1) + (LQTY2*LCOST2)
Accepted BIN RangesThe following Bank Identification Numbers (BINs) are accepted for American Express Level 2 and Level 3 transactions:
37857
37859
37873
VeriSign, Inc. 00000013/Rev. 7 97
VeriSign Payment Services Payflow Pro Developer’s Guide
American Express Level 2 Transaction Data
Example American Express Level 2 Transaction "TRXTYPE=S&ACCT=372449635311003&AMT=20.06&CITY=Mountain View&DESC1=desc1&DESC2=desc2&DESC3=desc3&DESC4=FRT10.00&EXPDATE=1209&NAME=Cardholder Name&PARTNER=verisign&PONUM=12345&PWD=pwd&SHIPTOZIP=94045&STATE=CA&STREET=123 Main St.&TENDER=C&USER=user&ZIP=123451234" 30
Table D-1 American Express Level 2 transaction data
Pay Flow Pro SDK parameter Mandatory / Optional
Format (min/max, type)
PONUM M 1/17, A/N
SHIPTOZIP M 1/16, A/N
DESC1 O 1/40, A/N
DESC2 O 1/40, A/N
DESC3 O 1/40, A/N
DESC4 (Typically used to pass the freight amount as FRT<amount> (for example, FRT10.0.).
M 1/40, A/N
98 VeriSign, Inc. 00000013/Rev. 7
Appendix D Purchasing Card Level 2 and Level 3 Support
American Express Level 3 Transaction DataVeriSign provides the Merchant Registration data values: Supplier Name, Supplier City, Supplier State, Supplier Postal code, Merchant No, and Federal Tax ID. The merchant provides the values listed in Table D-2.
Table D-2 American Express Level 3 Parameters
AMEX Name (per American Express Specification)
Man
dato
ry/ O
ptio
nal Pay Flow Pro SDK
parameterXMLPayRequest parameter (See the XMLPay User’s Guide for detailed instructions.)
Format (min/max, type)
Supplier Reference Number
O INVNUM
Defaults to PNREF if not present.
Invoice.InvNum 1/9, A/N
Card Account No M ACCT Card.CardNum
Authorization Code
M AUTHCODE
(Passed transparently for delayed capture. Use only with voice authorized force capture transactions)
ForceCapture.Authcode
Requester Name M REQNAME ExtData ”REQNAME” 1/40, A/N
Cardmember Reference No
M PONUM BillTo.PONum 1/17, A/N
Purchase Order Num
M PONUM BillTo.PONum 1/17, A/N
Ship to ZIP M SHIPTOZIP ShipTo.Address.ZIP 5/6, A/N
Invoice Date O INVOICEDATE
Defaults to Transaction Date if not present.
Invoice.Date YYYYMMDD, NUM
Exp Date M EXPDATE Card.ExpDate
Total Transaction Amount
M AMT Invoice.TotalAmt 1/8 NUM
Total Tax Amount M TAXAMT Invoice.TaxAmt 1/6 NUM
VeriSign, Inc. 00000013/Rev. 7 99
VeriSign Payment Services Payflow Pro Developer’s Guide
Charge Description
O DESC
Defaults to “NO”
Invoice.Description 1/40, A/N
Total Freight Amt O FREIGHTAMT Invoice.FreightAmt 1/15, A/N
Total Handling Amt O HANDLINGAMT Invoice.HandlingAmt 1/15, A/N
Quantity Invoiced M L_QTY Item.Quantity 1/10, NUM
Unit of Measure M L_UOM Item.UnitOfMeasurement 2/2, A/N
Unit Price M L_COST Item.UnitPrice 1/15, NUM
Item Description M L_DESC Item.Description 1/80, A/N
Supplier Catalog No
M L_CATALOGNUM Item.CatalogNumber 1/20, A/N
Cost Center No M L_COSTCENTERNUM Item.CostCenterNumber 1/30, A/N
Supplier Stock Keeping Unit Number
O L_PRODCODE Item.SKU 1/30, A/N
Universal Product Code
O L_UPC Item.UPC 1/30, A/N
Item Tax Amount O L_TAXAMT Item.TaxAmt 1/6, NUM
Freight Amount O L_FREIGHTAMT Item.FreightAmt 1/15, NUM
Handling Amount O L_HANDLINGAMT Item.HandlingAmt 1/15, NUM
Tracking Number O L_TRACKINGNUM Item.TrackingNumber 1/30, A/N
Drop-off Address1 O L_PICKUPSTREET Item.PickUp.Address.Street 1/40, A/N
Drop-off City O L_PICKUPCITY Item.PickUp.Address.City 2/30, A/N
Drop-off State O L_PICKUPSTATE Item.PickUp.Address.State
2/2, A/N
Drop-off ZIP O L_PICKUPZIP Item.PickUp.Address.ZIP 3/15, A/N
Table D-2 American Express Level 3 Parameters (Continued)
AMEX Name (per American Express Specification)
Man
dato
ry/ O
ptio
nal Pay Flow Pro SDK
parameterXMLPayRequest parameter (See the XMLPay User’s Guide for detailed instructions.)
Format (min/max, type)
100 VeriSign, Inc. 00000013/Rev. 7
Appendix D Purchasing Card Level 2 and Level 3 Support
Example American Express Level 3 SDK Transaction"TRXTYPE=S&TENDER=C&partner=partner&PWD=test&USER=test&ACCT=378734493671000&EXPDATE=1213&AMT=5.00&COMMENT1=PCARD Test&COMMENT2=Hi KC&ZIP=940151234&STREET=123 KC WAY&CVV2=052&COUNTRYCODE=USA&CUSTCODE=12345&FREIGHTAMT=1.00&ORDERDATE=021700&HANDLINGAMT=1.00&PONUM=1234567890123456789012345&SHIPFROMZIP=940151234&SHIPTOZIP=940151234&TAXAMT=1.00&TAXEXEMPT=N&L_UPC1=PN&L_QTY1=1&L_DESC1=Test 123&L_UOM1=12&L_COST1=1.00&L_PRODCODE1=123&L_COSTCENTERNUM1=55&L_TAXAMT1=0&L_QTY2=1&L_UPC1=PN&L_DESC2=Test&L_UOM2=12&L_COST2=1.00&L_PRODCODE2=1234&L_COSTCENTERNUM2=55&L_TAXAMT2=1.00&REQNAME=Robert&SHIPTOZIP=543210&INVNUM=123456789&VERBOSITY=2" 30"
Example American Express Level 3 XMLPay Transaction
<?xml version="1.0" ?> - <XMLPayRequest Timeout="30">
- <RequestData> <Vendor>VENDOR</Vendor> <Partner>PARTNER</Partner>
- <Transactions>- <Transaction CustRef="CUST98345232345">
- <Sale>- <PayData>
- <Invoice><InvNum>123456789</InvNum> <Date>20030626</Date> <ExtData Name="REQNAME"
Value="[email protected]" /> - <BillTo>
Drop-off Country O L_PICKUPCOUNTRY Item.PickUp.Address.Country
2/3, A/N
UNSPSC Code O L_UNSPSCCODE Item.UNSPSCCode 1/30, A/N
Table D-2 American Express Level 3 Parameters (Continued)
AMEX Name (per American Express Specification)
Man
dato
ry/ O
ptio
nal Pay Flow Pro SDK
parameterXMLPayRequest parameter (See the XMLPay User’s Guide for detailed instructions.)
Format (min/max, type)
VeriSign, Inc. 00000013/Rev. 7 101
VeriSign Payment Services Payflow Pro Developer’s Guide
<PONum>PO7659200</PONum> <Name>John</Name>
- <Address> <Street>123 Test</Street> <City>Mountian View</City> <State>CA</State> <Zip>12345</Zip> <Country>840</Country>
</Address> <EMail>[email protected]</EMail>
</BillTo>- <ShipFrom>
- <Address> <Street>456 Test</Street> <City>Mountian View</City> <State>CA</State> <Zip>543210</Zip>
</Address> </ShipFrom>
- <ShipTo>- <Address>
<Street>789 Test</Street> <City>Mountian View</City> <State>CA</State> <Zip>99999</Zip> <Country>840</Country>
</Address> </ShipTo>
- <Items>- <Item Number="1">
<SKU>EAD240</SKU> <UPC>67899</UPC> <Description>Ducati parts</Description> <Quantity>2</Quantity> <UnitPrice>.10</UnitPrice>
102 VeriSign, Inc. 00000013/Rev. 7
Appendix D Purchasing Card Level 2 and Level 3 Support
<UnitOfMeasurement>10</UnitOfMeasurement> <CostCenterNumber>5000</CostCenterNumber> <TrackingNumber>TR42322</TrackingNumber> <UNSPSCCode>UNSPSC001</UNSPSCCode> <CatalogNumber>1551</CatalogNumber>
- <PickUp>- <Address>
<Street>112 Pickup Ave</Street> <City>Pickup City</City> <State>CA</State> <Zip>94043</Zip> <Country>840</Country>
</Address> </PickUp> <FreightAmt>0.50</FreightAmt> <HandlingAmt>0.50</HandlingAmt>
</Item>- <Item Number="2">
<SKU>42335</SKU> <UPC>45578</UPC> <Description>Honda Parts</Description> <Quantity>1</Quantity> <UnitPrice>.10</UnitPrice> <UnitOfMeasurement>50</UnitOfMeasurement> <CostCenterNumber>5003</CostCenterNumber> <TrackingNumber>TR34225</TrackingNumber> <UNSPSCCode>UNSPSC002</UNSPSCCode> <CatalogNumber>1555</CatalogNumber>
- <PickUp>- <Address>
<Street>113 Pickup Ave</Street> <City>Pickup City</City> <State>CA</State> <Zip>94043</Zip> <Country>840</Country>
VeriSign, Inc. 00000013/Rev. 7 103
VeriSign Payment Services Payflow Pro Developer’s Guide
</Address> </PickUp> <FreightAmt>0.50</FreightAmt> <HandlingAmt>0.50</HandlingAmt>
</Item>- <Item Number="3">
<SKU>12347</SKU> <UPC>54329</UPC> <Description>Harley Parts</Description> <Quantity>2</Quantity> <UnitPrice>.10</UnitPrice> <UnitOfMeasurement>15</UnitOfMeasurement> <CostCenterNumber>5009</CostCenterNumber> <TrackingNumber>TR32223</TrackingNumber> <UNSPSCCode>UNSPSC003</UNSPSCCode> <CatalogNumber>1560</CatalogNumber>
- <PickUp>- <Address>
<Street>114 Pickup Ave</Street> <City>Pickup City</City> <State>CA</State> <Zip>94043</Zip> <Country>840</Country>
</Address> </PickUp> <FreightAmt>0.50</FreightAmt> <HandlingAmt>0.50</HandlingAmt>
</Item> </Items> <Description>CAR PARTS</Description> <TaxAmt>1.60</TaxAmt> <TotalAmt>5.10</TotalAmt>
</Invoice>- <Tender>
- <Card>
104 VeriSign, Inc. 00000013/Rev. 7
Appendix D Purchasing Card Level 2 and Level 3 Support
<CardType>AMEX</CardType> <CardNum>378734493671000</CardNum> <ExpDate>201312</ExpDate>
</Card> </Tender>
</PayData> </Sale>
</Transaction> </Transactions>
</RequestData>- <RequestAuth>
- <UserPass> <User>USER</User> <Password>PASSWORD</Password>
</UserPass> </RequestAuth>
</XMLPayRequest>
VeriSign, Inc. 00000013/Rev. 7 105
VeriSign Payment Services Payflow Pro Developer’s Guide
Performing Global Payments - Central Purchasing Card Transactions
Global Payments - Central (MAPP) supports Level 2 for MasterCard, and Visa Sale, Credit, and Delayed Capture transactions.
Global Payments - Central Level 2 ParametersBoth Level 2 values listed in Table D-4 are required to get the discount rate. You must pass the following parameters.
Example Global Payments - Central Level 2 Visa or MasterCard Transaction
"TRXTYPE=S&ACCT=5105105105105100&AMT=20.10&CITY=Mountain View&COMMENT1=L2 Testing&EXPDATE=1209&NAME=Cardholder Name&PARTNER=VeriSign&PWD=pwd&STATE=CA&STREET=123 Main St.&TENDER=C&USER=user&ZIP=94043&CUSTCODE=123456&TAXAMT=1.34" 30
Table D-3 Required Level 2 parameters for Global Payments - Central
Data Items Mandatory / Optional
Payflow Pro Parameter
Format (min/max, type)
Customer Code M CUSTCODE 1/16, char
Sales Tax M TAXAMT N
106 VeriSign, Inc. 00000013/Rev. 7
Appendix D Purchasing Card Level 2 and Level 3 Support
Performing Global Payments - East Purchasing Card Transactions
Global Payments - East (NDCE) supports Level 2 for American Express, MasterCard, and Visa.
Global Payments - East Level 2 ParametersBoth Level 2 values listed in Table D-4 are required to get the discount rate. You must pass the following parameters in Authorization and Sale transactions.
Example Global Payments - East Level 2 Visa or MasterCard Transaction
"TRXTYPE=S&ACCT=5105105105105100&AMT=20.10&CITY=Mountain View&COMMENT1=L2 Testing&EXPDATE=1209&NAME=Cardholder Name&PARTNER=VeriSign&PWD=pwd&STATE=CA&STREET=123 Main St.&TENDER=C&USER=user&ZIP=94043&CUSTCODE=123456&TAXAMT=1.34" 30
Table D-4 Required Level 2 parameters for Global Payments - East
Data Items Mandatory / Optional
Payflow Pro Parameter
Format (min/max, type)
Customer Code M CUSTCODE 1/16, char
Sales Tax M TAXAMT N
VeriSign, Inc. 00000013/Rev. 7 107
VeriSign Payment Services Payflow Pro Developer’s Guide
Performing Nova Purchasing Card TransactionsNova supports Level 2 for Visa or MasterCard Sale, Credit, or Delayed Capture transactions.
Nova Level 2 ParametersBoth Level 2 values listed in Table D-4 are required to get the discount rate. You must pass the following parameters in Authorization and Sale transactions.
Example Nova Level 2 Transactions"TRXTYPE=S&ACCT=5105105105105100&AMT=20.10&CITY=Mountain View&COMMENT1=L2 Testing&EXPDATE=1209&NAME=Cardholder Name&PARTNER=VeriSign&PWD=pwd&STATE=CA&STREET=123 Main St.&TENDER=C&USER=user&ZIP=94043&CUSTCODE=123456&TAXAMT=1.34" 30
Table D-5 Required Level 2 parameters for Nova
Data Items Mandatory / Optional
Payflow Pro Parameter
Format (min/max, type)
Customer Code M
Sent as {ServerID}{TransID}
if not present
CUSTCODE 1/16, char
Sales Tax M
Sent as 0 if not present
TAXAMT N
108 VeriSign, Inc. 00000013/Rev. 7
Appendix D Purchasing Card Level 2 and Level 3 Support
Performing Paymentech Level 2 Purchasing Card TransactionsPaymentech supports Level 2 for American Express, MasterCard, and Visa.
Paymentech Level 2 ParametersBoth Level 2 values listed in Table D-6 are required to get the discount rate.
Example Paymentech Level 2 Transactions
Example Paymentech Level 2 Visa and MasterCard Transaction"TRXTYPE=S&TENDER=C&PARTNER=Partner&PWD=Password&USER=User&ACCT=5480180000000024&EXPDATE=1203&AMT=1.00&COMMENT1=0508&NAME=Robert&STREET=1600&ZIP=94065&CVV2=426&PONUM=ABCDEFGHIJ&TAXAMT=1.00"
"TRXTYPE=S&TENDER=C&PARTNER=Partner&PWD=Password&USER=User&ACCT=4275330012345626&EXPDATE=1203&AMT=1.00&COMMENT1=0508&STREET=1600&ZIP=94065&CVV2=426&PONUM=ABCDEFGHIJ&TAXAMT=1.00"
Example American Express Level 2 Transaction"TRXTYPE=S&TENDER=C&PARTNER=Partner&PWD=Password&USER=User&ACCT=378734493671000&EXPDATE=1203&AMT=1.00&COMMENT1=0508&NAME=Robert&STREET=1600&ZIP=94065&DESC=Descriptor&DESC1=Descriptor1&DESC2=Descriptor2&DESC3=Descriptor3&DESC4=Descriptor4"
Table D-6 Required Level 2 parameters for Paymentech
Paymentech Data Items Mandatory / Optional
Payflow Pro Parameter
Format (min/max, type)
Customer Ref No M PONUM 1/17, char
Sales Tax M TAXAMT N
VeriSign, Inc. 00000013/Rev. 7 109
VeriSign Payment Services Payflow Pro Developer’s Guide
Performing Vital Level 2 Purchasing Card TransactionsVital supports MasterCard and Visa for Level 2.
Vital indicates in the authorization response whether or not the credit card in the transaction is a commercial card. Based in the commercial card indicator, VeriSign will format the Level 2 information in the settlement request.
Vital Level 2 Transaction Data Level 2 values marked as mandatory in Table D-7 are required to get the discount rate.
Example Vital Level 2 Visa Transaction"TRXTYPE=S&ACCT=4111111111111111&AMT=20.02&CITY=Mountain View&COMMENT1=L2 Testing&EXPDATE=1209&INVNUM=6612545851&NAME=CardHolder Name&PARTNER=verisign&PWD=pwd&STATE=CA&STREET=123 Main St.&TAXAMT=1.01&TAXEXEMPT=N&TENDER=C&USER=user&ZIP=94043" 30
Table D-7 Vital Level 2 parameters
Vital Name Mandatory / Optional
Payflow Pro Parameter Format (min/max, type)
Invoice # / Cust Ref ID M INVNUM 1/17, A/N
Tax Amount M TAXAMT NUM
Tax Amount Identifier O TAXEXEMPT
If a purchase is exempted from local tax, then you must send TAXEXEMPT=Y.
1, A
110 VeriSign, Inc. 00000013/Rev. 7
E. Additional Reporting Parameters
This appendix lists parameters whose values can appear in VeriSign Manager reports. For example, the Shipping and Billing report displays these values. Some of the following parameters may also have other purposes. The STREET and ZIP parameters, for instance, are also used for AVS.
Note For regular credit card transactions, reporting parameters are normally not passed to the processor. See Appendix A, “Processors Requiring Additional Transaction Parameters” to learn which fields are sent to your processor.
Table E-1 VeriSign reporting parameters
Parameter Description Required Type Max Length
CITY Cardholder’s billing city No Alpha 20
COMMENT1 User-defined value for reporting and auditing purposes (VeriSign parameter only)
No Alpha-numeric
128
COMMENT2 User-defined value for reporting and auditing purposes (Verisign parameter only)
No Alpha-numeric
128
COMPANYNAME Cardholder’s company No Alpha-numeric
30
COUNTRY Cardholder’s billing country code No Alpha-numeric
3
CUSTCODE Customer code No Alpha-numeric
30
VeriSign, Inc. 00000013/Rev. 7 111
VeriSign Payment Services Payflow Pro Developer’s Guide
DUTYAMT Duty amount No Alpha-numeric
10
EMAIL Cardholder’s e-mail address No Alpha-numeric
64
FIRSTNAME Cardholder’s first name No Alpha 15
FREIGHTAMT Freight amount No Currency 10
LASTNAME Cardholder’s last name No Alpha 15
NAME Cardholder’s name No Alpha-numeric
15
PONUM Purchase Order Number No Alpha-numeric
15
SHIPTOCITY Shipping city No Alpha-numeric
30
SHIPTOFIRSTNAME First name in the shipping address No Alpha-numeric
30
SHIPTOLASTNAME Last name in the shipping address No Alpha-numeric
30
SHIPTOSTATE Shipping state. US = 2-letter state code. Outside US, use full name.
No Alpha-numeric
10
SHIPTOSTREET Shipping street address No Alpha-numeric
30
SHIPTOZIP Shipping postal code (called ZIP code in the USA)
No Alpha-numeric
9
STATE Cardholder’s billing state code No Alpha-numeric
2
STREET Cardholder’s billing street address (used for AVS and reporting)
No Alpha-numeric
30
Table E-1 VeriSign reporting parameters (Continued)
Parameter Description Required Type Max Length
112 VeriSign, Inc. 00000013/Rev. 7
Appendix E Additional Reporting Parameters
TAXAMT Tax amount No Currency 10
ZIP Account holder’s 5- to 9-digit postal code (called ZIP code in the USA). Do not use spaces, dashes, or non-numeric characters.
The postal code is verified by the AVS service.
No Numeric 9
Table E-1 VeriSign reporting parameters (Continued)
Parameter Description Required Type Max Length
VeriSign, Inc. 00000013/Rev. 7 113
VeriSign Payment Services Payflow Pro Developer’s Guide
114 VeriSign, Inc. 00000013/Rev. 7
F. XMLPay
About XMLPayXMLPay specifies an XML syntax for payment requests and associated responses in a payment-processing network. Instead of using name/value pairs, Payflow Pro allows for the use of XML documents via XMLPay.
The typical user of XMLPay is an Internet merchant or merchant aggregator who wants to dispatch credit card, corporate purchase card, Automated Clearinghouse (ACH), or other payment requests to a financial processing network.
Using the data type definitions specified by XMLPay, such a user creates a client payment request and dispatches it in the same fashion as using name/value pairs to an associated XMLPay-compliant server component. Responses are also formatted in XML and convey the results of the payment requests to the client.
XMLPay 2.0 Core Specification DocumentVeriSign XMLPay 2.0 Core Specification defines an XML syntax for payment transaction requests, responses, and receipts in a payment processing network.
You may obtain a copy of this document from the Downloads page of VeriSign Manager (https://manager.verisign.com).
Note For specific examples of how to submit XML documents using the Payflow Pro client API, see the Payflow Pro SDK Download package.
VeriSign, Inc. 00000013/Rev. 7 115
VeriSign Payment Services Payflow Pro Developer’s Guide
116 VeriSign, Inc. 00000013/Rev. 7
G. ISO Country Codes
The following International Standards Organization (ISO) country codes are used when filling the order fields COUNTRY, SHIPTOCOUNTRY, and CORPCOUNTRY: .
Table G-1 ISO country codes
Country Name Code
Afghanistan 4
Albania 8
Algeria 12
American Samoa 16
Andorra 20
Angola 24
Anguilla 660
Antarctica 10
Antigua and Barbuda 28
Argentina 32
Armenia 51
Aruba 533
Australia 36
Austria 40
Azerbaijan 31
VeriSign, Inc. 00000013/Rev. 7 117
Payflow Pro Developer’s Guide
Bahamas 44
Bahrain 48
Bangladesh 50
Barbados 52
Belarus 112
Belgium 56
Belize 84
Benin 204
Bermuda 60
Bhutan 64
Bolivia 68
Bosnia-Herzegovina 70
Botswana 72
Bouvet Island 74
Brazil 76
British Indian Ocean Territory 86
Brunei Darussalam 96
Bulgaria 100
Burkina Faso 854
Burundi 108
Cambodia 116
Cameroon 120
Canada 124
Cape Verde 132
Cayman Islands 136
Central African Republic 140
Table G-1 ISO country codes
Country Name Code
Chad 148
Chile 152
China 156
Christmas Island 162
Cocos (Keeling) Islands 166
Colombia 170
Comoros 174
Congo 178
Cook Islands 184
Costa Rica 188
Cote D’ivoire (formerly Ivory Coast)
384
Croatia (local name: Hrvatska) 191
Cuba 192
Cyprus 196
Czech Republic 203
Denmark 208
Djibouti 262
Dominica 212
Dominican Republic 214
East Timor 626
Ecuador 218
Egypt 818
El Salvador 222
Equatorial Guinea 226
Eritrea 232
Table G-1 ISO country codes
Country Name Code
118 VeriSign, Inc.
Payflow Pro Developer’s Guide
Estonia 233
Ethiopia 231
Falkland Islands (Malvinas) 238
Faroe Islands 234
Fiji 242
Finland 246
France 250
France, Metropolitan 249
French Guiana 254
French Polynesia 258
French Southern Territories 260
Gabon 266
Gambia 270
Georgia 268
Germany 276
Ghana 288
Gibraltar 292
Greece 300
Greenland 304
Grenada 308
Guadeloupe 312
Guam 316
Guatemala 320
Guinea 324
Guinea-Bissau 624
Guyana 328
Table G-1 ISO country codes
Country Name Code
Haiti 332
Heard and McDonald Islands 334
Honduras 340
Hong Kong 344
Hungary 348
Iceland 352
India 356
Indonesia 360
Iran (Islamic Republic of) 364
Iraq 368
Ireland 372
Israel 376
Italy 380
Jamaica 388
Japan 392
Jordan 400
Kazakhstan 398
Kenya 404
Kiribati 296
Korea, Democratic People’s Republic of (formerly North Korea)
408
Korea, Republic of (formerly South Korea)
410
Kuwait 414
Kyrgyzstan 417
Table G-1 ISO country codes
Country Name Code
119 VeriSign, Inc.
Payflow Pro Developer’s Guide
Lao People’s Democratic Republic (formerly Laos)
418
Latvia 428
Lebanon 422
Lesotho 426
Liberia 430
Libyan Arab Jamahiriya (formerly Libya)
434
Liechtenstein 438
Lithuania 440
Luxembourg 442
Macau 446
Macedonia, the Former Yugoslav Republic of
807
Madagascar 450
Malawi 454
Malaysia 458
Maldives 462
Mali 466
Malta 470
Marshall Islands 584
Martinique 474
Mauritania 478
Mauritius 480
Mayotte 175
Mexico 484
Table G-1 ISO country codes
Country Name Code
Micronesia, Federated States of
583
Moldova, Republic of 498
Monaco 492
Mongolia 496
Montserrat 500
Morocco 504
Mozambique 508
Myanmar (formerly Burma) 104
Namibia 516
Nauru 520
Nepal 524
Netherlands 528
Netherlands Antilles 530
New Caledonia 540
New Zealand 554
Nicaragua 558
Niger 562
Nigeria 566
Niue 570
Norfolk Island 574
Northern Mariana Islands 580
Norway 578
Oman 512
Pakistan 586
Palau 585
Table G-1 ISO country codes
Country Name Code
120 VeriSign, Inc.
Payflow Pro Developer’s Guide
Panama 591
Papua New Guinea 598
Paraguay 600
Peru 604
Philippines 608
Pitcairn 612
Poland 616
Portugal 620
Puerto Rico 630
Qatar 634
Reunion 638
Romania 642
Russian Federation 643
Rwanda 646
Saint Kitts and Nevis 659
Saint Lucia 662
Saint Vincent and the Grenadines
670
Samoa 882
San Marino 674
Sao Tome and Principe 678
Saudi Arabia 682
Senegal 686
Seychelles 690
Sierra Leona 694
Singapore 702
Table G-1 ISO country codes
Country Name Code
Slovakia (Slovak Republic) 703
Slovenia 705
Solomon Islands 90
Somalia 706
South Africa 710
South Georgia and the South Sandwich Islands
239
Spain 724
Sri Lanka 144
St. Helena 654
St. Pierre and Miquelon 666
Sudan 736
Suriname 740
Svalbard and Jan Mayen Islands
744
Swaziland 748
Sweden 752
Switzerland 756
Syrian Arab Republic (formerly Syria)
760
Taiwan, Province of China 158
Tajikistan 762
Tanzania, United Republic of 834
Thailand 764
Togo 768
Tokelau 772
Tonga 776
Table G-1 ISO country codes
Country Name Code
121 VeriSign, Inc.
Payflow Pro Developer’s Guide
Trinidad and Tobago 780
Tunisia 788
Turkey 792
Turkmenistan 795
Turks and Caicos Islands 796
Tuvalu 798
Uganda 800
Ukraine 804
United Arab Emirates 784
United Kingdom 826
United States 840
United States Minor Outlying Islands
581
Uruguay 858
Uzbekistan 860
Vanuatu 548
Vatican City State 336
Venezuela 862
Viet Nam 704
Virgin Islands (British) 92
Virgin Islands (U.S.) 850
Wallis and Futuna Islands 876
Western Sahara 732
Western Samoa 882
Yemen 887
Yugoslavia 891
Table G-1 ISO country codes
Country Name Code
Zaire 180
Zambia 894
Zimbabwe 716
Table G-1 ISO country codes
Country Name Code
122 VeriSign, Inc.
H. Codes Used by FDMS South Only: Country Codes, Units of Measure, and Currency Codes
MasterCard Country Codes
Table H-1MasterCard Country Codes
ALBANIA ALB
ALGERIA DZA
AMERICAN SAMOA ASM
ANDORRA AND
ANGOLA AGO
ANGUILLA AIA
ANTARCTICA ATA
ANTIGUA ATG
AO PEOPLES DEMOCRATIC
LAO
APHGANISTAN AFG
ARGENTINA ARG
ARMENIA ARN
ARUBA ABW
VeriSign, Inc. 00000013/Rev. 7 123
Payflow Pro Developer’s Guide
AUSTRALIA AUS
AUSTRIA AUT
AZERBAIJAN AZE
BAHAMAS BHS
BAHRAIN BHR
BANGLADESH BGD
BARBADOS BRB
BELARUS BLR
BELGIUM BEL
BELIZE BLZ
BENIN BEN
BERMUDA BMU
BHUTAN BTN
BOLIVIA BOL
BOSNIA AND HERZIGOVINA
BIH
BOTSWANA BWA
BOUVET ISLAND BVT
BRAZIL BRA
BRITISH INDIAN OCEAN TERRITORY
IOT
BRUNEI BRN
BULGARIA BGR
BURKINA FASO BFA
BURUNDI BDI
CAMBODIA KHM
CANADA CAN
Table H-1MasterCard Country Codes
CAPE VERDE CPV
CAYMAN ISLANDS CYM
CENTRAL AFRICAN REPUBLIC
CAF
CHAD TCD
CHILE CHL
CHINA CHN
CHRISTMAS ISLAND CXR
CMEROON, UNITED REP.
CMR
COCOS (KEELING) ISLAND
CCK
COLUMBIA COL
COMOROS COM
CONGO GOG
COOK ISLANDS COK
COSTA RICA CRI
COTED'IVOIRE CIV
CROATIA HRV
CYPRUS CYP
CZECH REPUBLIC CZE
DENMARK DNK
DJIBOUTI DJI
DOMINICA DMA
DOMINICAN REPUBLIC
DOM
EL SALVADOR SLV
EQUATORIAL GUINEA
GNQ
Table H-1MasterCard Country Codes
124 VeriSign, Inc.
Payflow Pro Developer’s Guide
ESTONIA EST
ETHIOPIA ETH
FAEROE ISLANDS FRO
FALKLAND ISLANDS (MALVINAS)
FLK
FIJI FJI
FINLAND FIN
FRANCE FRA
FRENCH GUIANA GUF
FRENCH POLYNESIA
PYF
FRENCH SOUTHERN TERRITORY
ATF
GABON GAB
GAMBIA GMB
GEORGIA GEO
GERMAN DEMOCRATIC REP
DDR
GERMANY DEU
GHANA GHA
GIBRALTER GIB
GRECE GRC
GREENLAND GRL
GRENADA GRD
GUADALUPE GLP
GUAM GUM
GUATEMALA GTM
GUINEA GIN
Table H-1MasterCard Country Codes
GUINEA-BISSAU GNB
GUYANA GUY
HAITI HTI
HEARD & MCDONALDS ISLAND
HMD
HONDURAS HND
HONG KONG HKG
HUNGARY HUN
ICELAND ISL
INDIA IND
INDONESIA IDN
IRAN IRN
IRAQ IRQ
IRELAND IRL
ISRAEL ISR
ITALY ITA
JAMAICA JAM
JAPAN JPN
JORDAN JOR
KAZAKHSTAN KAZ
KENYA KEN
KOREA, REPUBLIC OF
KOR
KUWAIT KWT
KYRGYZSTAN KGZ
LATVIA LVA
LEBANON LBN
Table H-1MasterCard Country Codes
125 VeriSign, Inc.
Payflow Pro Developer’s Guide
LESOTHO LSO
LIBERIA LBR
LIBYAN ARAB JAMAHIRIYA
LBY
LIECHTNSTIEN LIE
LITHUANIA LTU
LUXEMBOURG LUX
MACAU MAC
MALAYSIA MYS
MALDIVES MDV
MALI MLI
MALTA MLT
MANACO MCO
MARSHALL ISLANDS
MHL
MATINIQUE MTQ
MAURITANIA MRT
MAURITIUS MUS
MEXICO MEX
MICRONESIA FSM
MOLDOVA MDA
MONGOLIA MNG
MONTSERRAT MSR
MOROCCO MAR
MOZAMBIQUE MOZ
MYANMAR MMR
NAMIBIA NAM
Table H-1MasterCard Country Codes
NAURU NRU
NEGEL SEN
NEPAL NPL
NETHERLANDS NLD
NETHERLANDS ANTILLES
ANT
NEW CALDONIA NCL
NEW ZEALAND NZL
NICARAGUA NIC
NIGER NER
NIGERIA NGA
NIUE NIU
NORFOLK ISLAND NFK
NORTHERN MARIANA ISLAND
MNP
NORWAY NOR
OMAN OMN
PAKISTAN PAK
PALAU PLW
PANAMA PAN
PAPAU NEW GUINEA
PNG
PARAGUAY PRY
PERU PER
PHILIPPINES PHI
PITCAIRN ISLAND PCN
POLAND POL
PORTUGUL PRT
Table H-1MasterCard Country Codes
126 VeriSign, Inc.
Payflow Pro Developer’s Guide
PUERTO RICO PRI
QATAR QAT
REUNION REU
ROMANIA ROM
RUSSIAN FERERATION
RUS
RWANDA RWA
SAMOA WSM
SAN MARINO SMR
SAN TOME AND PRICIPEL
STP
SAUDI ARABIA SAU
SEYCHELLES SYC
SIERRA LEONE SLE
SINGAPORE SGP
ST. HELENA SHN
ST. KITTS-NEVIS-ANGUILLA
KNA
ST. LUCIA LCA
ST. PIERRE AND MIQUELON
SPM
ST. VINCENT AND THE GRENADINES
VCT
SUDAN SDN
SURINAM SUR
SVALBARD & JAN MAYEN IS.
SJM
SWAZILAND SWZ
Table H-1MasterCard Country Codes
SWEDEN SWE
SWITZERLAND CHE
SYRIAN ARAB REPUBLIC
SYR
TAIWAN, PROVIDENCE OF CHINA
TWN
TAJIKISTAN TJK
TANZANIA, UNITED REPUBLIC
TZA
THAILAND THA
TOGO TGO
TOKELAU TKL
TONGA TON
TRINIDAD AND TOBAGO
TTO
TUNISIA TUN
TURKEY TR
TURKMENISTAN TM
TURKS & CAICOS ISLANDS
TC
TUVALU TUV
U.S. MINOR OUTLYING ISL.
UMI
UGANDA UGA
UKRAINIAN SSR UKR
UNITED ARAB EMIRATES
ARE
UNITED KINGDOM GBR
UNITED STATES USA
Table H-1MasterCard Country Codes
127 VeriSign, Inc.
Payflow Pro Developer’s Guide
Visa Country Codes
URAGUAY URY
UZBEKISTAN UZB
VANUATU VUT
VATICAN CITY STATE
VAT
VENEZUELA VEN
VIETNAM VNM
VIRGIN ISLANDS BRITISH
VGB
VIRGIN ISLANDS US VIR
WALLIS AND FUTUNA IS
WLF
WESTERN SAHARA ESH
YEMEN YEM
YUGOSLAVIA YUG
ZAIRE ZAR
ZAMBIA ZMB
ZIMBABWE RHO
Table H-1MasterCard Country Codes
Table H-2 Visa Country Codes
ALBANIA AL
ALGERIA DZ
AMERICAN SAMOA AS
ANDORRA AD
ANGOLA AO
ANGUILLA AI
ANTARCTICA AQ
ANTIGUA AG
APHGANISTAN AF
ARGENTINA AR
ARMENIA AM
ARUBA AW
AUSTRALIA AU
AUSTRIA AT
Table H-2 Visa Country Codes
128 VeriSign, Inc.
Payflow Pro Developer’s Guide
AZERBAIJAN AZ
BAHAMAS BS
BAHRAIN BH
BANGLADESH BD
BARBADOS BB
BELARUS BY
BELGIUM BE
BELIZE BZ
BENIN BJ
BERMUDA BM
BHUTAN BT
BOLIVIA BO
BOSNIA AND HERZIGOVINA
BA
BOTSWANA BW
BOUVET ISLAND BV
BRAZIL BR
BRITISH INDIAN OCEAN TERRITORY
IO
BRUNEI BN
BULGARIA BG
BURKINA FASO BF
BURUNDI BI
CAMBODIA KH
CANADA CA
CAPE VERDE CV
CAYMAN ISLANDS KY
Table H-2 Visa Country Codes
CENTRAL AFRICAN REPUBLIC
CF
CHACOS (KEELING) ISLAND
CC
CHAD TD
CHILE CL
CHINA CN
CHRISTMAS ISLAND CX
CMEROON, UNITED REP.
CM
COLUMBIA CO
COMOROS KM
CONGO CG
COOK ISLANDS CK
COSTA RICA CR
COTED'IVOIRE CI
CROATIA HR
CYPRUS CY
CZECH REPUBLIC CZ
DENMARK DK
DJIBOUTI DJ
DOMINICA DM
DOMINICAN REPUBLIC
DO
EAST TIMOR TP
ECUADOR EC
EGYPT EG
EL SALVADOR SV
Table H-2 Visa Country Codes
129 VeriSign, Inc.
Payflow Pro Developer’s Guide
EQUATORIAL GUINEA
GQ
ERITREA ER
ESTONIA EE
ETHIOPIA ET
FAEROE ISLANDS FO
FALKLAND ISLANDS FK
FIJI FJ
FINLAND FI
FRANCE FR
FRENCH GUIANA GF
FRENCH METROPOLITAN
FX
FRENCH POLYNESIA PF
FRENCH SOUTHERN TERRITORY
TF
GABON GA
GAMBIA GM
GEORGIA GE
GERMANY DE
GHANA GH
GIBRALTER GI
GRECE GR
GREENLAND GL
GRENADA GD
GUADALUPE GP
GUAM GU
GUATEMALA GT
Table H-2 Visa Country Codes
GUINEA GN
GUINEA-BISSAU GW
GUYANA GY
HAITI HT
HEARD & MCDONALDS ISLAND
HM
HONDURAS HN
HONG KONG HK
HUNGARY HU
ICELAND IS
INDIA IN
INDONESIA ID
IRAN IR
IRAQ IQ
IRELAND IE
ISRAEL IL
ITALY IT
JAMAICA JM
JAPAN JP
JORDAN JO
KAZAKHSTAN KZ
KENYA KE
KIRIBATI KI
KOREA, REPUBLIC OF
KR
KUWAIT KW
KYRGYZSTAN KG
Table H-2 Visa Country Codes
130 VeriSign, Inc.
Payflow Pro Developer’s Guide
LAO PEOPLES DEMOCRATIC
LA
LATVIA LV
LEBANON LB
LESOTHO LS
LIBERIA LR
LIBYAN ARAB JAMAHIRIYA
LY
LIECHTNSTIEN LI
LITHUANIA LT
LUXEMBOURG LU
MACAU MO
MACEDONIA MK
MADAGASCAR MG
MALAWI MW
MALAYSIA MY
MALDIVES MV
MALI ML
MALTA MT
MANACO MC
MARSHALL ISLANDS MH
MATINIQUE MQ
MAURITANIA MR
MAURITIUS MU
MAYOTTE YT
MEXICO MX
MICRONESIA FM
Table H-2 Visa Country Codes
MOLDOVA MD
MONGOLIA MN
MONTSERRAT MS
MOROCCO MA
MOZAMBIQUE MZ
MYANMAR MM
NAMIBIA NA
NAURU NR
NEPAL NP
NETHERLANDS NL
NETHERLANDS ANTILLES
AN
NEW CALDONIA NC
NEW ZEALAND NZ
NICARAGUA NI
NIGER NE
NIGERIA NG
NIUE NU
NORFOLK ISLAND NF
NORTHERN MARIANA ISLAND
MP
NORWAY NO
OMAN OM
PAKISTAN PK
PALAU PW
PANAMA PA
PAPAU NEW GUINEA PG
Table H-2 Visa Country Codes
131 VeriSign, Inc.
Payflow Pro Developer’s Guide
PARAGUAY PY
PERU PE
PHILIPPINES PH
PITCAIRN ISLAND PN
POLAND PL
PORTUGUL PT
PUERTO RICO PR
QATAR QA
REUNION RE
ROMANIA RO
RUSSIAN FERERATION
RU
RWANDA RW
SAMOA WS
SAN MARINO SM
SAN TOME AND PRICIPEL
ST
SAUDI ARABIA SA
SENEGAL SN
SEYCHELLES SC
SIERRA LEONE SL
SINGAPORE SG
ST. HELENA SH
ST. KITTS-NEVIS-ANGUILLA
KN
ST. LUCIA LC
ST. PIERRE AND MIQUELON
PM
Table H-2 Visa Country Codes
ST. VINCENT AND THE GRENADINES
VC
SUDAN SD
SURINAM SR
SVALBARD & JAN MAYEN IS.
SJ
SWAZILAND SZ
SWEDEN SE
SWITZERLAND CH
SYRIAN ARAB REPUBLIC
SY
TAIWAN, PROVIDENCE OF CHINA
TW
TAJIKISTAN TJ
TANZANIA, UNITED REPUBLIC
TZ
THAILAND TH
TOGO TG
TOKELAU TK
TONGA TO
TRINIDAD AND TOBAGO
TT
TUNISIA TN
TURKEY TR
TURKMENISTAN TM
TURKS & CAICOS ISLANDS
TC
TUVALU TV
Table H-2 Visa Country Codes
132 VeriSign, Inc.
Payflow Pro Developer’s Guide
U.S. MINOR OUTLYING ISL.
UM
UGANDA UG
UKRAINIAN SSR UA
UNITED ARAB EMIRATES
AE
UNITED KINGDOM GB
UNITED STATES US
URAGUAY UY
UZBEKISTAN UZ
VANUATU VU
VATICAN CITY STATE VA
VENEZUELA VE
VIETNAM VN
VIRGIN ISLANDS BRITISH
VG
VIRGIN ISLANDS US VI
WALLIS AND FUTUNA IS
WF
WESTERN SAHARA EH
YEMEN YE
YUGOSLAVIA YU
ZAIRE ZR
ZAMBIA ZM
ZIMBABWE ZW
Table H-2 Visa Country Codes
133 VeriSign, Inc.
Payflow Pro Developer’s Guide
Units of Measure
Table H-3 Units of Measure
Acre (4840 yd2) ACR
Alcoholic strength by mass ASM
Alcoholic strength by volume
ASV
Ampere* AMP
Ampere=hour (3,6 kC)* AMH
Are (100 m2) ARE
Bar* BAR
Barrel (petroleum) (158,987 dm3)
BLL
Becquerel* BQL
Billion EUR BIL
Billion US MLD
Board foot BFT
Brake horse power (245,7 watts)
BHP
British thermal unit (1,055 kilojoules)
BTU
Bushel (35,2391 dm3) BUA
Bushel (36,36874 dm3) BUI
Candela* CDL
Carrying capacity in metric tonnes
CCT
Cental GB (45,359237 kg) CNT
Center, metric (100 kg) (syn.: Hectokilogram)
DTN
Centigram* CGM
Centilitre* CLT
Centimetre* CMT
Cord (3,63 m3) WCD
Coulomb per kilogram* CKG
Coulomb* COU
Cubic centimetre* CMQ
Cubic decimetre* DMQ
Cubic foot FTQ
Cubic inch INQ
Cubic metre per hour* MQH
Cubic metre per second* MQS
Cubic metre* MTQ
Cubic millimetre* MMQ
Cubic yard YDQ
Curie CUR
Day* DAY
Decade (ten years) DEC
Decare DAA
Decilitre* DLT
Decimetre* DMT
Decitonne* DTN
Degree Celsius CEL
Degree Fahrenheit FAH
Degree Kelvin: Kelvin
Displacement tonnage DPT
Table H-3 Units of Measure
134 VeriSign, Inc.
Payflow Pro Developer’s Guide
Dozen DZN
Dozen packs DZP
Dozen pairs DZR
Dozen pieces DCP
Dozen rolls DRL
Drachm GB (3,887935 g) DRM
Dram GB (1,771745 g) DRI
Dram US (3,887935 g) DRA
Dry Barrel (115,627 dm3) BLD
Dry gallon (4,404884 dm3) GLD
Dry pint (0,55061 dm3) PTD
Dry quart (1,101221 dm3) QTD
Farad* FAR
Fluid ounce (28,413 cm3) OZI
Fluid ounce (29,5735 cm3) OZA
Foot (0,3048 m) FOT
Gallon (4,546092 dm3) GLI
Gigabecquerel* GBQ
Gigawatt-hour (1 million kW/h)*
GWH
Gill (0,142065 dm3) GII
Gill (11,8294 cm3) GIA
Grain GB, US (64,798910 mg)
GRN
Gram of fissile isotopes GFI
Gram* GRM
Great gross (12 gross) GGR
Table H-3 Units of Measure
Gross GRO
Gross (register) ton GRT
Half year (six months) SAN
Hectare HAR
Hectobar* HBA
Hectogram* HGM
Hectokilogram* DTH
Hectolitre of pure alcohol HPA
Hectolitre* HLT
Hectometre* HMT
Hertz* HTZ
Hour* HUR
Hundred CEN
Hundred boxes BHX
Hundred international units HIU
Hundred leaves CLF
Hundred packs CNP
Hundredweight US (45,3592 kg)
CWA
Inch (25,4 mm) INH
Joule* JOU
Kelvin* KEL
Kilobar* KBA
Kilogram of caustic potash KPH
Kilogram of caustic soda KSH
Kilogram of named substance
KNS
Table H-3 Units of Measure
135 VeriSign, Inc.
Payflow Pro Developer’s Guide
Kilogram of nitrogen KNI
Kilogram of phosphonic anhydride
KPP
Kilogram of phosphorus pentoxide
KPP
Kilogram of potassium hydroxide
KPH
Kilogram of potassium oxide
KPO
Kilogram of sodium hydroxide
KSH
Kilogram of substance 90 percent dry
KSD
Kilogram per cubic meter* KMQ
Kilogram per second* KGS
Kilogram* KGM
Kilohertz* KHZ
Kilojoule* KJO
Kilometre per hour* KMH
Kilometre* KMT
Kilopascal* KPA
Kilorgram of uranium KUR
Kilotonne* KTN
Kilovar KVR
Kilovolt* KVT
Kilovolt-ampere* KVA
Kilowatt* KWT
Kilowatt-hour* KWH
Table H-3 Units of Measure
Knot (1 nautical mile per hour)
KNT
Leaf LEF
Liquid gallon (3,78541 dm3)
GLL
Liquid pint (0,473176 dm3) PTL
Liquid quart (0,946353 dm3)
QTL
Litre (1 dm3)* LTR
Litre of pure alcohol LPA
Long ton GB, US (1,0160469 t)
LTN
(long) hundredweight GB (50,802345 kg)
CWI
Lumen* LUM
Lux LUX
Megahertz* MHZ
Megalitre* MAL
Megametre* MAM
Megapascal* MPA
Megavolt-ampere (1000 KVA)*
MVA
Megawatt* MAW
Megawatt-hour (100 kW/h)*
MWH
Metre per second squared* MSK
Metre per second* MTS
Metre* MTR
Metric carat (200 mg=2,10-4 kg)
CTM
Table H-3 Units of Measure
136 VeriSign, Inc.
Payflow Pro Developer’s Guide
Metric ton (1000 kg) TNE
Milliard MLD
Millibar* MBR
Millicurie MCU
Milligram* MGM
Millilitre* MLT
Millimetre* MMT
Million MIO
Million cubic metres* HMQ
Million international units MIU
Minute* MIN
Month MON
Nautical mile (1852 m) NMI
Net (register) ton NTT
Newton* NEW
Number NMB
Number of articles NAR
Number of bobbons NBB
Number of cells* NCL
Number of international units
NIU
Number of packs NMP
Number of pairs NMR
Number of parcels NPL
Number of parts NPT
Number of rolls NRL
Ohm* OHM
Table H-3 Units of Measure
Ounce GB, US (28,349523 g)
ONZ
Ounce GB, US (31,103448 g) (syn: Troy ounce)
APZ
Pascal* PAL
Pennyweight GB, US (1555174 g)
DWT
Piece PCE
Pint (0,568262 dm3) PTI
Pound GB, US (0,45359237 kg)
LBR
Proof gallon PGL
Quart (1,136523 dm3) QTI
Quarter (of a year) QAN
Quarter, GB (12,700586 kg)
QTR
Quintal, metric (100 kg) DTN
Revolution per minute* RPM
Revolution per second* RPS
Score SCO
scruple, GB (1,2955982 g) SCR
Second* SEC
Set SET
Shipping ton SHT
Short standard (7200 matches)
SST
Short ton GB, US (0,90718474 t)
STN
Siemens* SIE
Table H-3 Units of Measure
137 VeriSign, Inc.
Payflow Pro Developer’s Guide
Square centimetre* CMK
Square decimetre* DMK
Square foot FTK
Square inch INK
Square kilometre* KMK
Square metre* MTK
Square mile MIK
Square millimetre* MMK
Square yard YDK
Standard WSD
standard atmosphere (101325 Pa)
ATM
(statue) mile (1609,344 m) SMI
Stone GB (6,350293 kg) STI
Technical atmosphere (98066,5 Pa)
ATT
Ten days DAD
Ten pairs TPR
Thousand MIL
Thousand ampere-hour* TAH
Thousand board feet (2,36 m3)
MBF
Thousand cubic metres per day*
TQD
Thousand standard brick equivalent
MBE
Ton of steam per hour TSH
Tonne (1000 kg)* TNE
Table H-3 Units of Measure
Tonne of substance 90 percent dry
TSD
Trillion EUR TRL
Trillion US BIL
Troy ounce APZ
Troy pound, US (373,242 g)
LBT
Volt* VLT
Watt* WTT
Watt-hour* WHR
Weber WEB
Week WEE
Yard (0,9144 m) YRD
Year ANN
Table H-3 Units of Measure
138 VeriSign, Inc.
Payflow Pro Developer’s Guide
FDMS South Currency Codes and Decimal PositionsTable H-4 FDMS South Currency Codes and Decimal Positions
Currency Name Currency Code Decimal Positions
Argentine Peso 32 2
Australian Dollar 36 2
Austrian Schilling 40 2
Belgian Franc 56 0
Canadian Dollar 124 2
Chilean Peso 152 2
Czech Koruna 203 2
Danish Krone 208 2
Dominican Peso 214 2
Markka 246 2
French Franc 250 2
Deutsche Mark 280 2
Drachma 300 0
Hong Kong Dollar 344 2
Indian Rupee 356 2
Irish Punt 372 2
Shekel 376 2
Italian Lira 380 0
Yen 392 0
Won 410 0
Luxembourg Franc 442 0
Mexican Duevo Peso 484 2
Netherlands Guilder 528 2
New Zealand Dollar 554 2
139 VeriSign, Inc.
Payflow Pro Developer’s Guide
Norwegian Frone 578 2
Philippine Peso 608 2
Portuguese Escudo 620 0
Rand 710 2
Spanish Peseta 724 0
Swedish Krona 752 2
Swiss Franc 756 2
Thailand Baht 764 2
Pound Sterling 826 2
Russian Ruble 810 2
U.S Dollar 840 2
Bolivar 862 2
New Taiwan Dollar 901 2
Euro Dollar 978 2
Polish New Zloty 985 2
Brazilian Real 986 2
Table H-4 FDMS South Currency Codes and Decimal Positions (Continued)
140 VeriSign, Inc.
I. Ensuring Safe Storage and Use of Passwords
You should always secure passwords and strive to eliminate unwanted access. Store passwords in encrypted form behind a properly configured firewall. This includes passwords in scripts, code, pages, logs, and databases.
This appendix describes the example Payflow Pro Encrypted Password program.
Overview of the RisksHere is a partial list of the risks of exposing your Payflow Pro password:
A hacker could issue fraudulent transactions using stolen credit cards.
A hacker could buy a product using a sale transaction, receive the downloaded product, and then void the transaction before settlement.
If the ability to issue credits is not disabled for your account, a hacker could fraudulently credit funds out of your account into:
A stolen credit card’s account (enabling further purchases)
An offshore account accessible by the hacker. Such funds are not recoverable within the U.S. legal system.
Tip VeriSign strongly recommends that you do not store credit card numbers at all. If you must store credit card numbers, then store them in encrypted form behind a properly configured firewall.
VeriSign, Inc. 00000013/Rev. 7 141
VeriSign Payment Services Payflow Pro Developer’s Guide
Fraud Prevention ResourcesFor more information about preventing fraud, see:
http://www.verisign.com/support/payflow/fraud/fraudPrevention.html
For information about VeriSign Manager security features that reduce unauthorized access to your account, see:
http://www.verisign.com/support/payflow/manager/selfHelp/security.html
Overview of the Example Password Encryption Program
CAUTION Do not use VeriSign's example scripts in your production environment. You must write a program that encrypts and decrypts your PayFlow Pro account password.
In actual practice, you must ensure that the file containing the key and the file containing the encrypted password are kept where they cannot be accessed or read except by the application that submits transactions.
The Payflow Pro Encrypted Password program provides an example of the process of dynamically generating a symmetric key, then using the key to encrypt the password. The script then stores the encrypted password file in a newly created lib subdirectory in a dynamically generated jar file that will be accessed as a java resource whenever the password is required. In this example, the symmetric key and the encrypted password reside on the same host.
Included FilesCode listings for the following files appear in “Code Listings” on page 144.
Figure I-1 Included Files
File Description
PFProEncrypt.java Sample java file
encrypt.pl Perl test script to encrypt and store the password.
PFProSecure.java Sample java file
securetest.pl Perl test script to decrypt the password and submit transactions with the decrypted password.
142 VeriSign, Inc. 00000013/Rev. 7
Appendix I Ensuring Safe Storage and Use of Passwords
RequirementsPayflow Pro Java SDK Client version 3.06. You can download the code from the Downloads page in the VeriSign Manager: https://manager.verisign.com
Encrypting the Password
Step 1 Configure the Script
The example Perl scripts provided by VeriSign set the CLASSPATH, and call javac for the java file each time the script is run. The script finally runs the java command on the compiled java class passing any needed parameters.
To prepare the encrypt.pl script, you must specify actual merchant values for the account variables. Modify the encrypt.pl Perl script as follows:
Replace the default text values with actual merchant values for the following account variables: $user, $vendor, $partner, and $password.
Step 2 Encrypt the Password
Run the encrypt.pl Perl script once to initialize the key file and encrypt the password file. The script then stores the encrypted password file in a newly created lib subdirectory in a jar file that will be accessed as a java resource.
>Perl encrypt.pl
Step 3 Delete the files used to encrypt the password
After encrypting the password, you must delete the files used to generate the password because both the password and method of encrypting it are contained within the files. Follow these steps:
1 Rename the ../lib/$encjar file and move it to a unique location so that its location and filename are difficult to discover.
Delete $encjar from ../lib.
Specify the new location and name in the CLASSPATH reference in the securetest.pl script. Alternatively, specify the path information from the command line when executing the PFProSecure java command.
VeriSign, Inc. 00000013/Rev. 7 143
VeriSign Payment Services Payflow Pro Developer’s Guide
2 To enable you to change the password in the future, move the following files to a safe location and then delete the files from their current location:
$keyfile (encrypt.pl provides the location)
$encfile (encrypt.pl provides the location)
PFProEncrypt.java
PFProEncrypt.class
readme.txt
encrypt.pl
Submitting Transactions Using the Encrypted PasswordRun the securetest.pl Perl test script for all test transactions.
>Perl securetest.pl
Code Listings
encrypt.pl Code Listing#!/usr/bin/perl##########################
use File::Copy;use Config;$: = $Config{path_sep};
# Set environment$LIBS = "$:.$:..$:../lib";
$ENV{PATH} .=$LIBS;$ENV{LD_LIBRARY_PATH} .=$LIBS;$ENV{SHLIB_PATH} .=$LIBS;$ENV{LIBPATH} .=$LIBS;
$ENV{CLASSPATH} .= "$:../lib/Verisign.jar$:../lib/JSSE/jnet.jar$:../lib/JSSE/jcert.jar$:../lib/JSSE/jsse.jar$:.";$ENV{PFPRO_CERT_PATH} = "../../dist/java/certs";
# Merchant Account values
144 VeriSign, Inc. 00000013/Rev. 7
Appendix I Ensuring Safe Storage and Use of Passwords
# => Change these to your account values$user = "user";$vendor = "vendor";$partner = "partner";$password = "password";# => Change the above to your account values
$JDKBIN="C:/j2sdk1.4.0/bin";
# Compile the codeprint ̀ $JDKBIN/javac PFProEncrypt.java`;
$encjar = "eqabz.jar";$keyfile = "key";$encfile = "encrypted";
# Run the testprint ̀ $JDKBIN/java PFProEncrypt -user $user -vendor $vendor -partner $partner -password $password`;print ̀ $JDKBIN/jar cM0f $encjar $keyfile $encfile`;mkdir("../lib",0744);copy($encjar,"../lib");print "\n";
PFProEncrypt.java Code Listing// Verisign, Inc.// http://www.verisign.com// See contact.txt for additional contact information
// Verisign Payflow Pro Encrypted Password Sample
import java.security.GeneralSecurityException;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.NoSuchAlgorithmException;import java.security.PrivateKey;import java.security.PublicKey;import java.security.cert.X509Certificate;import java.security.interfaces.RSAKey;
import java.io.*;import java.security.*;import javax.crypto.*;import javax.crypto.spec.*;
VeriSign, Inc. 00000013/Rev. 7 145
VeriSign Payment Services Payflow Pro Developer’s Guide
class PFProEncrypt {
public static void encode(String user, String vendor, String partner, String password)
throws Exception {
System.out.println("Encrypting...\n");//// Generate a symmetric key using the DES algorithm.//System.out.println(" Generating key...\n");
KeyGenerator kg = KeyGenerator.getInstance("DES"); kg.init(new SecureRandom()); SecretKey key = kg.generateKey(); SecretKeyFactory kf = SecretKeyFactory.getInstance("DES"); Class deskeyspec = Class.forName("javax.crypto.spec.DESKeySpec"); DESKeySpec keyspec = (DESKeySpec) kf.getKeySpec(key, deskeyspec); ObjectOutputStream keyfile = new ObjectOutputStream(new FileOutputStream("key")); keyfile.writeObject(keyspec.getKey());
Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding"); c.init(Cipher.ENCRYPT_MODE, key); CipherOutputStream pwdfile = new CipherOutputStream( new FileOutputStream("encrypted"), c); PrintWriter pw = new PrintWriter( new OutputStreamWriter(pwdfile) );
System.out.println(" writing encrypted values:\n");System.out.println(" user: " + user + "\n");
pw.println(user);System.out.println(" vendor: " + vendor + "\n");
pw.println(vendor);System.out.println(" partner: " + partner + "\n");
pw.println(partner);System.out.println(" password: " + password + "\n");
pw.println(password); pw.close(); keyfile.writeObject(c.getIV()); keyfile.close();
System.out.println("Done.\n"); } static private void usage()
146 VeriSign, Inc. 00000013/Rev. 7
Appendix I Ensuring Safe Storage and Use of Passwords
{java.io.PrintStream p = System.out;p.println("Syntactic usage:\n");p.println("java " + PFProEncrypt.class.getName() + "-user <user name>" + "-password <user password>" + "-vendor <vendor name>" + "-partner <partner name (case sensitive)>\n");
}
public static void main(String argv[]) {
try { if (argv.length < 2 || argv[0].equals("-h")) {
usage();return;
}
String user = findValue("-user", argv); String password = findValue("-password", argv); String vendor = findValue("-vendor", argv); String partner = findValue("-partner", argv);
System.out.println(password); encode(user, vendor, partner, password); //password = null; //System.out.println(password); //password = decode(); //System.out.println(password); } catch (Exception e) { System.out.println(e);}
}
static private String findValue(String toFind, String argv[]){return findValue(false, toFind, argv);
}
static private boolean find(String toFind, String argv[]){return find(false, toFind, argv);
}
VeriSign, Inc. 00000013/Rev. 7 147
VeriSign Payment Services Payflow Pro Developer’s Guide
static private String findValue(boolean required, String toFind, String argv[]){
for (int i = 0; i < argv.length; ++i){ if (argv[i].equals(toFind)){
return nextArgv(argv, i); }}if (required) { throw new IllegalArgumentException("'" + toFind +
"' argument missing in input");
} else { return null;}
}
static private boolean find(boolean required, String toFind, String argv[]){
for (int i = 0; i < argv.length; ++i){ if (argv[i].equals(toFind)){
String s = nextArgv(argv, i);return true;
}}if (required) { throw new IllegalArgumentException("'" + toFind +
"' argument missing in input");
} else { return false;}
}
/** * Returns the next entry in argv, unless it starts with * a '-' (to catch errors such as 'java xyz -a -b' where * '-a' needs a value 'java xyz -a value -b' */ private static String nextArgv(String[] argv, int i){
if ((argv[i+1] != null) && (!argv[i+1].startsWith("-"))){ return argv[i+1];} else { return null;}
}}
148 VeriSign, Inc. 00000013/Rev. 7
Appendix I Ensuring Safe Storage and Use of Passwords
securetest.pl Code Listing#!/usr/bin/perl##########################
use Config;$: = $Config{path_sep};
# Set environment$LIBS = "$:.$:..$:../lib";
$ENV{PATH} .=$LIBS;$ENV{LD_LIBRARY_PATH} .=$LIBS;$ENV{SHLIB_PATH} .=$LIBS;$ENV{LIBPATH} .=$LIBS;
# Directory containing the JSSE jar files# => Change this to your JSSE jar file directory$JSSEDIR = "../lib/JSSE";# => Change above to your JSSE jar file directory
$JSSECLASSPATH = "$:$JSSEDIR/jsse.jar$:$JSSEDIR/jcert.jar$:$JSSEDIR/jnet.jar";
$ENV{CLASSPATH} .= "$:../lib/eqabz.jar$:Verisign.jar$:.$:$JSSECLASSPATH";$ENV{PFPRO_CERT_PATH} = "../certs";
$JDKBIN="C:/j2sdk1.4.0/bin";
# Compile the codeprint ̀ $JDKBIN/javac PFProSecure.java`;
# Run the testprint ̀ $JDKBIN/java PFProSecure test-payflow.verisign.com 443 "TRXTYPE=S&TENDER=C&ACCT=4222222222222&EXPDATE=1209&AMT=14.42&COMMENT1[3]=123&COMMENT2=Good Customer&INVNUM=1234567890&STREET=5199 JOHNSON&ZIP=94588" 30`;print "\n";
PFProSecure.java Code Listing// Verisign, Inc.// http://www.verisign.com
VeriSign, Inc. 00000013/Rev. 7 149
VeriSign Payment Services Payflow Pro Developer’s Guide
// See contact.txt for additional contact information
// Verisign Payflow Pro Encrypted Password Sample
import com.Verisign.payment.PFProAPI;
import java.security.GeneralSecurityException;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.NoSuchAlgorithmException;import java.security.PrivateKey;import java.security.PublicKey;import java.security.cert.X509Certificate;import java.security.interfaces.RSAKey;
import java.io.*;import java.security.*;import javax.crypto.*;import javax.crypto.spec.*;
class PFProSecure {
public static class UserAuth {public String user= "user";public String vendor= "vendor";public String partner= "partner";public String password= "password";
public String toString(){ return ("&USER=" + user + "&PWD=" + password +
"&VENDOR=" + vendor + "&PARTNER=" + partner);}
}
public static UserAuth decode()throws Exception
{System.out.println("Decrypting...\n");System.out.println(" Retrieving key...\n");
ObjectInputStream keyfile = new ObjectInputStream( PFProSecure.class.getResourceAsStream("key") ); DESKeySpec ks = new DESKeySpec((byte[]) keyfile.readObject()); SecretKeyFactory kf = SecretKeyFactory.getInstance("DES"); SecretKey key = kf.generateSecret(ks);
150 VeriSign, Inc. 00000013/Rev. 7
Appendix I Ensuring Safe Storage and Use of Passwords
Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding"); c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec((byte[]) keyfile.readObject())); CipherInputStream pwdfile = new CipherInputStream(PFProSecure.class.getResourceAsStream("encrypted"), c); BufferedReader br = new BufferedReader( new InputStreamReader(pwdfile) );
System.out.println(" reading encrypted values:\n");UserAuth userauth = new UserAuth();
userauth.user = br.readLine();System.out.println(" user: " + userauth.user + "\n");
userauth.vendor = br.readLine();System.out.println(" vendor: " + userauth.vendor + "\n");
userauth.partner = br.readLine();System.out.println(" partner: " + userauth.partner + "\n");
userauth.password = br.readLine();System.out.println(" password: " + userauth.password +
"\n");
System.out.println("Done.\n");
return userauth; }
// Set defaultsstatic String HostAddress = "test-payflow.verisign.com";static Integer HostPort = Integer.decode("443");static String ParmList = "";static Integer Timeout = Integer.decode("30");static String ProxyAddress = "";static Integer ProxyPort = Integer.decode("0");static String ProxyLogon = "";static String ProxyPassword = "";
static UserAuth userauth = null;
// Help systemstatic void help(){
System.out.println( "Usage Error: \n" );
System.out.println("pfpro <hostAddress> <hostPort> <parmList> <timeout> <proxyAddress> <proxyPort> <proxyLogon> <proxyPassword>");
VeriSign, Inc. 00000013/Rev. 7 151
VeriSign Payment Services Payflow Pro Developer’s Guide
System.out.println("<hostAddress> host name 'test-payflow.verisign.com'");
System.out.println("<hostPort> host port number '443'");
System.out.println("<parmList> parameter list 'ccNum=5105105105105105100&ccExpDate=1299&amount=1.23'");
System.out.println("<timeOut> timeout(sec) - optional '30'");
System.out.println("<proxyAddress> proxy name - optional 'proxy'");
System.out.println("<proxyPort> proxy port - optional '8080'");
System.out.println("<proxyLogon> proxy logon name - optional 'admin'");
System.out.println("<proxyPassword> proxy password - optional 'password'");
}
public static void main(String[] args){
try {
userauth = decode();
} catch (Exception e) { System.out.println(e); }
PFProAPI pn = new PFProAPI();
// Check args, at least the first 3 must be thereif (args.length < 3) {
System.out.println( "\nPFPRO " + pn.Version() );
try {if ( args[0].equalsIgnoreCase(new
String("-version")) ) {System.out.println();return;
}} catch (Exception e) { }
help();return;
152 VeriSign, Inc. 00000013/Rev. 7
Appendix I Ensuring Safe Storage and Use of Passwords
}
// Place the arguments in the correct variables// Once we get an OutOfBounds exception, parsing will
stop // and the rest will retain their default values.try {
HostAddress = args[0];HostPort = Integer.decode(args[1]);ParmList = args[2];Timeout = Integer.decode(args[3]);ProxyAddress = args[4];ProxyPort = Integer.decode(args[5]);ProxyLogon = args[6];ProxyPassword = args[7];
} catch (Exception e) { }
// Set the certificate path pn.SetCertPath("../certs");
// Call the client.pn.CreateContext(HostAddress,
HostPort.intValue(), Timeout.intValue(), ProxyAddress, ProxyPort.intValue(), ProxyLogon, ProxyPassword);
String rc = pn.SubmitTransaction( ParmList + userauth );
System.out.println(rc);
pn.DestroyContext();}
}
VeriSign, Inc. 00000013/Rev. 7 153
VeriSign Payment Services Payflow Pro Developer’s Guide
154 VeriSign, Inc. 00000013/Rev. 7
J. Frequently Asked Questions
Where do I find online information about Payflow Pro?
See: http://www.verisign.com/support/payflow/pro/index.html
How do I download the VeriSign SDK?
Log in to VeriSign Manager and click Downloads. All VeriSign SDKs are listed by server platform and operating system. All SDKs are contained in downloadable WinZip files. You can download WinZip at http://www.winzip.com.
Do I need the VeriSign SDK if I already have a shopping cart?
Refer to your shopping cart documentation to verify its compatibility with VeriSign. Your shopping cart documentation should specify if it is pre-integrated or requires a VeriSign SDK plug-in. Shopping cart SDKs are available on VeriSign’s Manager’s Downloads page.
How do I know my transactions are connecting to VeriSign?
We send your server a 12-character PNREF (for example, VXES98765432) for every transaction submitted to our servers. The PNREF appears in VeriSign Manager Reports as the Transaction ID.
For Test transactions, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric (Example: V53A17230645). For Live transactions, all of the first four characters are alpha characters, for example: VPNE12564395.
VeriSign, Inc. 00000013/Rev. 7 155
VeriSign Payment Services Payflow Pro Developer’s Guide
How do I process test transactions?
Once you have registered with VeriSign and have completed the integration/configuration of your storefront use the following information to begin testing transactions:
HostAddress: test-payflow.verisign.comHostPort: 443PARTNER: Your partner ID or VeriSignVENDOR: Your case-sensitive loginUSER: Your case-sensitive loginPWD: Your case-sensitive password
How do I process live transactions?
Once you have successfully processed test transactions, use the following information to reconfigure your storefront:HostAddress: payflow.verisign.comHostPort: 443PARTNER: Your partner ID or VeriSignVENDOR: Your case-sensitive loginUSER: Your case-sensitive loginPWD: Your case-sensitive password
Is the SDK thread-safe?
Yes. All of our SDKs are thread-safe.
Can you provide guidelines about using the various Payflow SDKs to process transactions in a multi-threaded environment?
First, pfproInit() must be called at the start of the main thread, and pfproCleanup() must be called at its finish. You can create multiple threads, each with multiple contexts, and send any number of transactions using each context. However, all threads must be created and completed between the calls to pfproInit() and pfproCleanup().
While it is possible to submit multiple transactions using a single context, we strongly recommend that you create a new context for each transaction.
Example pseudo code:1 CreateObject - to create the COM object
2 CreateContext - to setup the context and communication parameters
156 VeriSign, Inc. 00000013/Rev. 7
Appendix J Frequently Asked Questions
3 (Build a string containing all transaction parameters)
4 SubmitTransaction - Process the transaction
5 (Parse the string returned for result information)
6 DestroyContext - Destroy the context.
VeriSign, Inc. 00000013/Rev. 7 157
VeriSign Payment Services Payflow Pro Developer’s Guide
158 VeriSign, Inc. 00000013/Rev. 7
Index
Index
AACCT parameter 19Address 37Address Verification Service 37American Express 6, 66AMT parameter 19AUTHCODE 46AUTHCODE parameter 19AVS, see Verification ServiceAVSADDR 46AVSZIP 46
Ccard security codeCHKNUM parameter 85CITY 71close batch
see settlement operationCOMMCARD 70COMMENT1 parameter 19COMMENT2 parameter 19Common Gateway Interface 3communications errors 53COUNTRYCODE 71credit card
types 4credit card transaction
required parameters 25credit transaction type 26CSC, see card security codeCUSTCODE 71CUSTREF parameter 20CVV2 parameter 20
DDISCOUNT 71DL parameter 85DOB field 85DUTYAMT 70, 72
Eelectronic check transaction
required parameters 84ENDTIME parameter 20EXPDATE parameter 20
FFDMS Nashville 6, 68FDMS South 6, 71FIRSTNAME 72FIRSTNAME parameter 20FREIGHTAMT 70, 72
GGlobal Payments Central 6Global Payments East 6
HHostAddress 17HOSTPORT 17
Iinquiry transaction type 30INVNUM 67, 69, 72, 78
LLASTNAME 72length tags 18, 83live transactions 156
VeriSign, Inc. 00000013/Rev. 7 159
VeriSign Payment Services Payflow Pro Developer’s Guide
logging transaction information 43, 88
MMAPP 6MICR field 86
NNAME parameter 20NDCE 6Nova 6, 76
OORDERDATE 72ORIGID parameter 21
Pparameters
required for credit card 25required for electronic check 84
PARMLIST 17Partner Manager
overview 8PARTNER parameter 21Payflow Pro 1
library formats 1, 11software formats 1, 11
Payflow Pro clientpayment types 4Paymentech 7, 78pfpro, see Payflow Pro clientPHONENUM field 86PNREF 45, 89
format of value 47PNREF value 47PONUM 70, 73processors 4
Wells Fargo Bank 7PROXYADDRESS 18, 83PROXYLOGON 18, 83PROXYPASSWORD 18, 83PROXYPORT 18, 83
purchase cardline item parameters 74
PWD parameter 21
Rrequired parameters
credit card 25electronic check 84
RESPMSG 46, 89RESPMSG value 48responses
credit card transaction 45RESULT 45, 89RESULT value 47RESULT values
communication errors 53
Ssale transaction type 25SDK 1Secure Sockets Layer 2security
AVS 37CSC
settlement operation 2SHIPFROMZIP 73SHIPTOZIP 70, 73shopping carts 11, 155Software Development Kit 1SS field 86SSL, see Secure Sockets LayerSTARTTIME parameter 21STATE 73Street field 86STREET parameter 21SWIPE parameter 22syntax 17, 82
TTAXAMT 70, 74TAXEXEMPT 70, 74
160 VeriSign, Inc. 00000013/Rev. 7
Index
TCP 1TeleCheck 7, 81TENDER parameter 22test transactions 156TIMEOUT 18, 83transaction
format 17transaction response
PNREF parameter 47RESPMSG parameter 48RESULT parameter 47
transactionscommercial card 34creating 25credit 26inquiry 30sale 25voice authorization 29
void 28TRXTYPE parameter 22
UUSER parameter 22
VVENDOR parameter 22VERBOSITY parameter 22Vital 7, 80voice authorization transaction type 29void transaction type 28
WWells Fargo Bank 7
ZZIP parameter 23
VeriSign, Inc. 00000013/Rev. 7 161
VeriSign Payment Services Payflow Pro Developer’s Guide
162 VeriSign, Inc. 00000013/Rev. 7