VeriSign Payment Services - pacbuilder.com · VeriSign Payment Services Payflow Pro Developer’s...

VeriSign Payment Services
Payflow Pro Developer’s Guide
Customer Support: 1.888.883.9770

[email protected], Inc. 00000013/Rev. 7

VeriSign Payment Services Payflow Pro Developer’s Guide

ii VeriSign, Inc. 00000013/Rev. 7

DISCLAIMER AND LIMITATION OF LIABILITY

VeriSign, Inc. has made efforts to ensure the accuracy and completeness of the information in this document. However,VeriSign, Inc. makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein.VeriSign, Inc. assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.

Further, VeriSign, Inc. assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. VeriSign Inc. reserves the right to make changes to any information herein without further notice.

TRADEMARKS

VeriSign, the VeriSign logo, VeriSign Intelligence and Control Services, VeriSign Trust Network, Payflow, Payflow Pro, Payflow Link, XMLPay, and other trademarks, service marks, and logos are registered or unregistered trademarks of VeriSign and its subsidiaries in the United States and in foreign countries. Other trademarks and service marks in this document are the property of their respective owners.

This document may describe features and/or functionality that are not present in your software or your service agreement. Contact your account representative to learn more about what is available with this VeriSign product.


VeriSign, Inc. 00000013/Rev. 7

Copyright © 1998 - 2004 VeriSign, Inc. All rights reserved.Printed in the United States of America.

Publication date: June 2004

Contents

Contents

Summary of Revisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

About Payflow Pro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1How Payflow Pro Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Payflow Pro Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Pre-integrated Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Supported Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Supported Credit Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Supported Payment Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Payflow Recurring Billing Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

VeriSign Payment Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Processor Contact Information: Transaction Settlement . . . . . . . . . . . . . 6

About this Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8About Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2. Installing and Configuring the Payflow Pro SDK . . . . . . . . . . 11

Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Preparing the Payflow Pro Client Application . . . . . . . . . . . . . . . . . . . . . . . 11

3. Performing Credit Card Transactions . . . . . . . . . . . . . . . . . . . . . 13

About Credit Card Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Obtaining an Internet Merchant Account . . . . . . . . . . . . . . . . . . . . . . . . 14Planning Your Payflow Pro Integration . . . . . . . . . . . . . . . . . . . . . . . . . . 15E-commerce Indicator (ECI) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Credit Card Transaction Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Command Syntax Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Parameters Used in Credit Card Transactions . . . . . . . . . . . . . . . . . . . . . . 19Viewing Processor-specific Transaction Results: Verbosity . . . . . . . . . . . . 23

Supported Verbosity Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Changing the Verbosity Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Values Required by All Transaction Types . . . . . . . . . . . . . . . . . . . . . . . . . 25

VeriSign, Inc. 00000013/Rev. 7 iii


Performing Sale Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Additional Required Parameters for Sale Transactions . . . . . . . . . . . . . 25Example Sale Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Performing Credit Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Additional Required Parameters for Credit Transactions . . . . . . . . . . . . 26Fields Copied From the Original Transaction into the Credit Transaction 27

Performing Void Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Additional Required Parameters for Void Transactions . . . . . . . . . . . . . 28Fields Copied From the Original Transaction into the Void Transaction . 28

Performing Voice Authorization Transactions . . . . . . . . . . . . . . . . . . . . . . . 29Additional Required Parameters for Voice Authorization Transactions . . 29Example Voice Authorization Transaction . . . . . . . . . . . . . . . . . . . . . . . 30

Performing Inquiry Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Using the PNREF to Perform Inquiry Transactions . . . . . . . . . . . . . . . . . 30Using the CUSTREF to Perform Inquiry Transactions . . . . . . . . . . . . . . 30

Performing Authorization/Delayed Capture Transactions . . . . . . . . . . . . . . 31Additional Required Parameters for Authorization Transactions . . . . . . . 31Additional Required Parameters for Delayed Capture Transactions . . . . 31Fields Copied From the Authorization Transaction into the

Delayed Capture Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Performing Purchasing Card Transactions . . . . . . . . . . . . . . . . . . . . . . . . . 34Performing Reference Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Transaction Types that can be Used as the Original Transaction . . . . . . 35Fields Copied From Reference Transactions . . . . . . . . . . . . . . . . . . . . . 35Example Reference Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Using Address Verification Service (AVS) . . . . . . . . . . . . . . . . . . . . . . . . . 37Processors Supporting AVS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Example AVS Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Example AVS Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Card Security Code (CSC) Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Processors and Credit Cards Supporting CSC . . . . . . . . . . . . . . . . . . . . 40CSC Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Example CVV2 Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Example CVV2MATCH Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Performing Card-Present (Swipe) Transactions . . . . . . . . . . . . . . . . . . . . . 42Supported Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Card-present Transaction Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Example Card-present Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Logging Transaction Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

iv VeriSign, Inc. 00000013/Rev. 7

Contents

4. Responses to SDK Credit Card Transaction Requests . . . . 45

Contents of a Response to a Credit Card Transaction Request . . . . . . . . . 45PNREF Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

PNREF Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47RESULT Codes and RESPMSG Values . . . . . . . . . . . . . . . . . . . . . . . . . . 47

RESULT Values for Transaction Declines or Errors . . . . . . . . . . . . . . . . 48RESULT Values for Communications Errors . . . . . . . . . . . . . . . . . . . . . 53

5. Testing Payflow Pro Credit Card Transactions . . . . . . . . . . . . 55

Testing Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Differences Between Responses Returned by Live (Production)

Servers and Test Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Credit Card Numbers Used for Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Testing Result Codes Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

VeriSign Result Codes Returned Based on Transaction Amount . . . . . 57Alternative Methods for Generating Specific Result Codes . . . . . . . . . . 58

Testing Address Verification Service (AVS) . . . . . . . . . . . . . . . . . . . . . . . . 60Testing Card Security Code (CVV2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61Testing TeleCheck Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

6. Activating Your Payflow Account . . . . . . . . . . . . . . . . . . . . . . . . . 63

A. Processors Requiring Additional Transaction Parameters 65

American Express . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Additional Credit Card Parameters, American Express . . . . . . . . . . . . . 66Commercial Card Parameters, American Express . . . . . . . . . . . . . . . . . 67

First Data Merchant Services (FDMS) Nashville . . . . . . . . . . . . . . . . . . . . 68Additional Credit Card Parameters, FDMS Nashville . . . . . . . . . . . . . . . 68Commercial Card Parameters, FDMS Nashville . . . . . . . . . . . . . . . . . . 70

First Data Merchant Services (FDMS) South . . . . . . . . . . . . . . . . . . . . . . . 71Additional Credit Card Parameters, FDMS South . . . . . . . . . . . . . . . . . 71Purchase Card Parameters, FDMS South . . . . . . . . . . . . . . . . . . . . . . . 71Purchase Card Line Item Parameters, FDMS South . . . . . . . . . . . . . . . 74Purchase Card Level 2 and 3 Example . . . . . . . . . . . . . . . . . . . . . . . . . 75Line Item Parameter Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Nova . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Additional Credit Card Parameters, Nova . . . . . . . . . . . . . . . . . . . . . . . . 76

VeriSign, Inc. 00000013/Rev. 7 v


Commercial Card Parameters, Nova . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Paymentech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Additional Credit Card Parameters, Paymentech . . . . . . . . . . . . . . . . . . 78Vital . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Additional Credit Card Parameters, Vital . . . . . . . . . . . . . . . . . . . . . . . . 80

B. Performing TeleCheck Electronic Check Transactions . . . . 81

TeleCheck Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81TeleCheck Transaction Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Command Syntax Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83TeleCheck Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Required Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Testing TeleCheck Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Test Transaction Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Example Test Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Preparing for TeleCheck Production Transactions . . . . . . . . . . . . . . . . . . . 88Logging Transaction Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

C. Responses to TeleCheck Transaction Requests . . . . . . . . . . 89

HOSTCODE Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

D. Purchasing Card Level 2 and Level 3 Support . . . . . . . . . . . . 93

About Purchasing Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94About Program Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Accepted BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Performing American Express Purchasing Card Transactions Through the

American Express Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Supported Transaction Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Avoiding Downgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Submitting Successful Level 3 Transactions . . . . . . . . . . . . . . . . . . . . . . 96Edit Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Accepted BIN Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97American Express Level 2 Transaction Data . . . . . . . . . . . . . . . . . . . . . 98Example American Express Level 2 Transaction . . . . . . . . . . . . . . . . . . 98American Express Level 3 Transaction Data . . . . . . . . . . . . . . . . . . . . . 99Example American Express Level 3 SDK Transaction . . . . . . . . . . . . . 101Example American Express Level 3 XMLPay Transaction . . . . . . . . . . 101

Performing Global Payments - Central Purchasing Card Transactions . . 106

vi VeriSign, Inc. 00000013/Rev. 7

Contents

Global Payments - Central Level 2 Parameters . . . . . . . . . . . . . . . . . . 106Example Global Payments - Central Level 2 Visa or MasterCard

Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Performing Global Payments - East Purchasing Card Transactions . . . . 107

Global Payments - East Level 2 Parameters . . . . . . . . . . . . . . . . . . . . 107Example Global Payments - East Level 2 Visa or MasterCard

Transaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Performing Nova Purchasing Card Transactions . . . . . . . . . . . . . . . . . . . 108

Nova Level 2 Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Example Nova Level 2 Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Performing Paymentech Level 2 Purchasing Card Transactions . . . . . . . 109Paymentech Level 2 Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Example Paymentech Level 2 Transactions . . . . . . . . . . . . . . . . . . . . . 109

Performing Vital Level 2 Purchasing Card Transactions . . . . . . . . . . . . . 110Vital Level 2 Transaction Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Example Vital Level 2 Visa Transaction . . . . . . . . . . . . . . . . . . . . . . . . 110

E. Additional Reporting Parameters . . . . . . . . . . . . . . . . . . . . . . . . 111

F. XMLPay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

About XMLPay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115XMLPay 2.0 Core Specification Document . . . . . . . . . . . . . . . . . . . . . . . . 115

G. ISO Country Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

H. Codes Used by FDMS South Only: Country Codes, Units of Measure, and Currency Codes . . . . . . . . . . . . . . . . . . 123

MasterCard Country Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Visa Country Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Units of Measure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134FDMS South Currency Codes and Decimal Positions . . . . . . . . . . . . . . . 139

I. Ensuring Safe Storage and Use of Passwords . . . . . . . . . . . . 141

Overview of the Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Fraud Prevention Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142Overview of the Example Password Encryption Program . . . . . . . . . . . . 142

Included Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

VeriSign, Inc. 00000013/Rev. 7 vii


Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Encrypting the Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Submitting Transactions Using the Encrypted Password . . . . . . . . . . . . . 144Code Listings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

encrypt.pl Code Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144PFProEncrypt.java Code Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145securetest.pl Code Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149PFProSecure.java Code Listing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

J. Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

viii VeriSign, Inc. 00000013/Rev. 7

e

Summary of Revisions

Document 00000013/Rev. 7The following changes were made to this document since the last revision:

Recurring indicator supported by additional processors.

American Express and Nova processors now support the RECURRING indicator. See “Additional Credit Card Parameters, American Express” on page 66 and “Additional Credit Card Parameters, Vital” on page 80.

Recurring indicator usage

For processors that use the RECURRING indicator (American Express, FDMS Nashville, Nova, Paymentech, and Vital): If the RECURRING indicator was set to Y for the original transaction, then the setting is ignored when forming Credit, Force, and Void transactions.

See “Additional Credit Card Parameters, American Express” on page 66, “Additional Credit Card Parameters, FDMS Nashville” on page 68, “Additional Credit Card Parameters, American Express” on page 66, “Additional Credit Card Parameters, Paymentech” on page 78, and “Additional Credit Card Parameters, Vital” on page 80.

PNREF value The first character in the PNREF (Transaction ID) value can now be any alphabetic character. It is no longer restricted to V.

See “PNREF Value” on page 47.

Nova: Card-present (swipe) transaction support

VeriSign is now certified to submit card-present (swipe) transactions for the Nova processor.

See “Performing Card-Present (Swipe) Transactions” on page 42. All processors supporting swipe are listed in the section.

Purchasing card support

Purchasing Card Level 2 is now supported for Global Payments - Central and Nova. See “Performing Global Payments - Central Purchasing Card Transactions” on page 106 and “Performing Nova Purchasing Card Transactions” on page 108.

First Data Merchant Services South (FDMS): New parameter

The optional ORDERDATETIME parameter enables you to store thtime of a transaction with accuracy in seconds. ORDERDATETIMEsupersedes ORDERDATE and overwrites any value sent by ORDERDATE. See “Additional Credit Card Parameters, FDMS South” on page 71.

VeriSign, Inc. 00000013/Rev. 7 ix

Document 00000013/Rev. 6The following changes were made to this document since the last revision:

Document 00000013/Rev. 5

The following changes have been made to this document since the previous revi-sion:

VERBOSITY parameter

You can now control the amount of information returned for transactions. See “Viewing Processor-specific Transaction Results: Verbosity” on page 23.

Inquiry transaction enhancements

Inquiry transactions based on a CUSTREF value now return data on the most recent non-Inquiry transaction rather than the first transaction. Inquiry transactions support the new VERBOSITY parameter.

See “Performing Inquiry Transactions” on page 30.

Result Code 126 described more fully

New Payflow accounts include a “test drive” of the Fraud Protection Services at no charge.

This means that you might encounter Result 126 for transactions that triggered the test Fraud Protection filters. Result 126 is a notice to you, not an error.

Result 126 is intended to give you an idea of the kind of transaction that is considered suspicious so you can evaluate whether you can benefit from using the Fraud Protection Services.

See “RESULT Codes and RESPMSG Values” on page 47 for further clarification.

Purchasing Card support

Payflow Pro supports Purchasing Card transactions. See Appendix D, “Purchasing Card Level 2 and Level 3 Support.”

Card-present transactions

Payflow Pro supports card-present transactions (face-to-face or swipe purchases). See “Performing Card-Present (Swipe) Transactions” on page 42.

Processors supporting CSC

“Processors and Credit Cards Supporting CSC” on page 40 has been updated to reflect additional processors supporting Card Security Code validation.

Reference transactions

The section entitled “Performing Reference Transactions” on page 34 has been expanded and clarified.

VeriSign, Inc. 00000013/Rev. 7 x


The following change has been made to this document since the previous revision:


The following changes have been made to this document since the previous revi-sion:

Values copied into dependent transactions

The values that are copied from an Authorization transaction into the associated Delayed Capture transaction are listed on page 32.

The values that are copied from the original transaction into an associated Credit transaction are listed on page 27.

The values that are copied from the original transaction into the associated Void transaction are listed on page 28.

CUSTREF parameter

Added CUSTREF, a merchant-defined identifier for reporting and auditing purposes. For example, you can set CUSTREF to the invoice number. You can use the CUSTREF value to identify the original transaction when performing Inquiries.

CUSTREF is listed in “Parameters Used in Credit Card Transactions” beginning on page 19 and has been added to “Performing Inquiry Transactions” on page 30.

Processors added

Wells Fargo Bank, First Data Client Services, and Global Payments Central processors support Payflow. See “Processor Contact Information: Transaction Settlement” on page 6.

ACH Transactions

Information on Automated Clearing House (ACH) transactions has been removed from this document. For information on performing ACH transactions, contact your VeriSign Sales Representative at [email protected] or visit http://www.verisign.com/products/payflow/ach/findoutmore.html

Referenced Transactions

The list of fields copied from the referenced transaction to the new transaction has been enlarged. See “Fields Copied From Reference Transactions” on page 35.

VeriSign, Inc. 00000013/Rev. 7 xi


xii VeriSign, Inc. 00000013/Rev. 7

1. Introduction

VeriSign Payflow Pro is a high performance TCP/IP-based Internet payment solution. Payflow Pro is pre-integrated with leading e-commerce solutions and is also available as a downloadable software development kit (SDK).

About Payflow ProThe Payflow Pro client resides on your computer system and is available on all major Web server platforms in a variety of formats to support integration requirements. It is available as a C library (.dll/.so), binary executable, Java library, COM object, Java Native Interface, and Perl Module Interface.

Payflow Pro is multi-threaded and allows multiple concurrent transactions from a single client. It can be integrated as a Web-based or a non-Web-based application. It does not require the HTTP protocol to run, which allows for greater flexibility in configuration and reduced processing overhead for higher performance.

How Payflow Pro WorksPayflow Pro uses a client/server architecture to transfer transaction data from you to the processing networks, and then returns the authorization results to you.

VeriSign, Inc. 00000013/Rev. 7 1


Payflow Pro can process real-time credit card transactions and other transaction types to most of the financial processing centers in the United States.

1 The Payflow Pro client encrypts each transaction request using the latest Secure Sockets Layer (SSL) encryption and establishes a secure link with the VeriSign Payflow server over the Internet.

2 The VeriSign Payflow server, a multi-threaded processing environment, receives the request and transmits it (over a secure private network) to the appropriate financial processing network for real-time payment authorization.

3 The response (approved/declined, and so on) is received from the financial network and is returned in the same session to the Payflow Pro client.

4 The Payflow Pro client completes each transaction session by transparently sending a transaction receipt to the VeriSign server before disconnecting the session.

The entire process is a real-time synchronous transaction. Once connected, the transaction is immediately processed and the answer returned in about three seconds. Payflow Pro does not affect or define the time periods of authorizations, nor does it influence the approval or denial of a transaction by the issuer.

When integrating with Payflow Pro, you need only be concerned with passing all the required data for transaction authorization. For transactions that you want to be settled (close batch), the operation is handled by VeriSign.

Figure 1-1 Payflow Pro transaction flow

Merchant

Custom Web Applications

Shopping Carts

Bill Presentment Solutions

Internet EnabledLegacy Systems

Payflow Prosoftware

development kit

VeriSign Payflowpayment gateway

TCP/IP SSL

Merchant VeriSign

Internet

2 VeriSign, Inc. 00000013/Rev. 7

Chapter 1 Introduction

Payflow Pro AdvantagesConfigurable to any e-commerce application. Payflow Pro is ideal for enterprise merchants who require complete customizability for a controlled buyer experience.

Easy to install and implement. Downloadable from VeriSign’s Web site, Payflow Pro can be easily integrated into a customized e-commerce solution in a matter of hours.

Integration versatility. Payflow Pro can be integrated as an application library or can be run using CGI scripts.

Pre-integrated SolutionsPayflow Pro is integrated with the majority of third-party shopping carts and e-commerce applications.

For a list of shopping carts compatible with Payflow Pro, see http://www.verisign.com/products/payflow/partners/cartPartners.html.

Some VeriSign integrations are included with the third-party solution. For a list of e-commerce applications compatible with Payflow Pro, see http://www.verisign.com/products/payflow/partners/devPartners.html.

The following VeriSign integrations are available from VeriSign Manager’s Download page (https://manager.verisign.com):

– BEA Weblogic

– IBM Websphere Payment Manager

– Macromedia Cold Fusion

– Microsoft Commerce Server 2000 and 2002

– Miva

– Oracle iPayment


http://www.verisign.com/products/payflow/partners/cartPartners.html

https://manager.verisign.com

http://www.verisign.com/products/payflow/partners/devPartners.html


Supported ProcessorsPayflow Pro supports the following processors:

American ExpressFirst Data Merchant Services (FDMS) NashvilleFirst Data Merchant Services (FDMS) SouthGlobal Payments Central (MAPP)Global Payments East (NDCE)Nova Paymentech TeleCheckVital

Supported Credit CardsPayflow Pro supports multiple credit card types, including:

American Express/OptimaDiners ClubDiscover/NovusJCBMasterCardVisa

Supported Payment TypesPayflow Pro supports multiple payment types in a single installation, including:

Credit cardsElectronic check (TeleCheck)Delayed shipment billingPurchasing cards (also referred to as commercial cards, corporate cards, procurement cards, or business cards) Level II and Level IIIAutomated Clearing House (ACH). For information on performing ACH transactions, contact your VeriSign Sales Representative at [email protected] or visit http://www.verisign.com/products/payflow/ach/findoutmore.html



Payflow Recurring Billing ServiceVeriSign’s Payflow Recurring Billing Service is a scheduled payment solution that enables you to automatically bill your customers at regular intervals—for example, a monthly fee of $42 for 36 months with an initial fee of $129.

You enroll separately for the Payflow Recurring Billing Service. Using Payflow Pro to define and manage recurring transactions is fully described in VeriSign Payment Services Recurring Billing Guide.

Customer SupportFor problems with transaction processing or your connection to VeriSign, contact:

VeriSign Payment ServicesOnline Information: http://www.verisign.com/products/payment.html

http://www.verisign.com/support/payflow/pro/index.htmlE-mail: [email protected]

Mail: VeriSign Payment ServicesAttn: Customer Support487 E. Middlefield Rd.Mountain View, CA 94043

Phone: 1.888.883.9770result code


http://www.verisign.com/products/payment.html

http://www.verisign.com/support/payflow/pro/index.html


Processor Contact Information: Transaction SettlementFor questions regarding transaction settlement, contact your processor:

American Express19640 N. 31st AvenuePhoenix, AX 85027(800) 297-5555

First Data Merchant Services (FDMS) Nashville First Data Corporation2525 Perimeter Place DriveSuite 123Nashville, TN 37214(800) 647-3722

First Data Merchant Services (FDMS) SouthFirst Data CorporationBusiness Payment Services Group4000 Coral Ridge DriveCoral Springs, FL 33065(800) 326-2217

Global Payments East (NDCE)Global Payments Inc.Four Corporate SquareAtlanta, Georgia 30329-2010800-622-2318 Main corporate number: 404-235-4400

Global Payments Central (MAPP)Global Payments Inc.2045 Westport Center Dr.St. Louis, MO 63146(314) [email protected]

Nova Information Systems, Inc.Knoxville Operations Center7300 Chapman HighwayKnoxville, TN 37920-6609(800) 725-1243



Paymentech, Inc.4 Northeastern Blvd.Salem, NH 03079(800) 782-1266

TeleCheck Merchant ServicesP.O. Box 4513Houston, TX 77210-4513(800) 366-1054 (Merchant Services)

VitalVisanet Processing Services8320 South Hardy RoadTempe, AZ 85284(800) 847-2772 (Merchant Help Desk)

Wells Fargo BankMerchant Card Services 1200 Montego Way Walnut Creek, California 94598

About this DocumentThis document is organized as follows:

Chapter 2, “Installing and Configuring the Payflow Pro SDK,” shows a typical Payflow Pro installation procedure for NT and UNIX.

Chapter 3, “Performing Credit Card Transactions,” discusses credit card transaction syntax and parameters and describes how to perform transactions.

Chapter 4, “Responses to SDK Credit Card Transaction Requests,” describes the responses to credit card transaction requests.

Chapter 5, “Testing Payflow Pro Credit Card Transactions,” describes how to test your Payflow Pro integration for credit card transactions.

Chapter 6, “Activating Your Payflow Account,” specifies the steps you follow when you are ready to go live with Payflow Pro.

Appendix A, “Processors Requiring Additional Transaction Parameters,” lists processors and their processor-specific parameters.



Appendix B, “Performing TeleCheck Electronic Check Transactions,” discusses TeleCheck transaction syntax and parameters and describes how to perform transactions. In addition, this chapter describes testing your TeleCheck integration.

Appendix C, “Responses to TeleCheck Transaction Requests,” describes the responses to TeleCheck transaction requests.

Appendix E, “Additional Reporting Parameters,” details the parameters that can be passed to VeriSign for reporting purposes.

Appendix F, “XMLPay,” briefly describes XMLPay and tells where you may obtain a copy of VeriSign Payment Services XMLPay 2.0 Core Specification.

Appendix G, “ISO Country Codes,” lists Country Codes, Units of Measure, and Currency Codes.

Appendix J, “Frequently Asked Questions,” contains answers to the most commonly asked questions about Payflow Pro.

Related DocumentsFor descriptions of all VeriSign Payment Services products and definitions of terms used in the transaction processing field, see VeriSign Payment Services Introduction.

VeriSign Manager User’s Guide describes the use of VeriSign Manager—the Web-based administration tool that you use to process transactions manually, issue credits, and generate reports.

About SecurityIt is your responsibility to protect your passwords and other confidential data and to implement security safeguards on your Web site and in your organization, or to ensure that your hosting company or internal Web operations team is implementing them on your behalf. You or your ISP/shopping cart provider should be able to adhere to security requirements as protective as those described at: http://www.verisign.com/support/payflow/security.html


http://www.verisign.com/support/payflow/security.html


IMPORTANT! To enable you to test Payflow Pro, VeriSign provides sample transaction scripts that you customize with your VeriSign account information and password. Because the password is initially stored in the text of the program, it is vulnerable.

Do not use VeriSign's test scripts in your production environment. To minimize fraud, machine passwords should always be encrypted. You must write a program that encrypts and decrypts your Payflow Pro account password.

Appendix I, “Ensuring Safe Storage and Use of Passwords,” describes an example method for encrypting your Payflow Pro password and enabling your application to access and decrypt the password when submitting Payflow Pro transactions.


2. Installing and Configuring the Payflow Pro SDK

Before You BeginIf you plan to configure and customize Payflow Pro SDK yourself

You should be familiar with Web development tools and procedures. If you are not, consider letting one of VeriSign's Web development partners help you. You can find a VeriSign Web development partner at http://www.verisign.com/products/payflow/partners/solution.html

If you do not have Web development expertise and you do not want to hire someone to help you

Consider using one of the shopping carts that integrate Payflow Pro. You can find more information at http://www.verisign.com/products/payflow/partners/carts.html

Preparing the Payflow Pro Client ApplicationPayflow Pro is available on all major Web server platforms in a variety of formats to support your integration requirements. It is available as a C library (.dll/.so), binary executable, Java library, COM object, Java Native Interface, and Perl Module Interface.

Step 1 Download the Payflow Pro SDK

From the Download section of the VeriSign Manager https://manager.verisign.com, download the Payflow Pro SDK to your hard drive.


http://www.verisign.com/products/payflow/partners/solution.html

http://www.verisign.com/products/payflow/partners/carts.html



Step 2 Extract the files to a local directory

Step 3 Configure your firewall

Enable inbound traffic for SSL (port 443).

Step 4 Set the certificate path

To enable the client to authenticate the VeriSign Payment Services server, you must set the path to include the certs directory (included with the SDK that you downloaded).

For specific information on setting the certificate path, see the Readme file and example applications in the SDK.

Step 5 Read the Readme file

The readme.txt file includes integration information and samples that illustrate how to use the client in your development environment.


3. Performing Credit Card Transactions

This chapter describes the process of performing credit card transactions.

Responses to transaction requests are described in Chapter 4, “Responses to SDK Credit Card Transaction Requests.”

Using Payflow Pro to define and manage recurring transactions is fully described in Recurring Billing Service Guide.

Note For information on TeleCheck transactions, skip this chapter and see Appendix B, “Performing TeleCheck Electronic Check Transactions.”

In This ChapterAbout Credit Card Processing on page 14.Credit Card Transaction Format on page 17.Parameters Used in Credit Card Transactions on page 19.Values Required by All Transaction Types on page 25.Performing Sale Transactions on page 25.Performing Credit Transactions on page 26.Performing Void Transactions on page 28.Performing Voice Authorization Transactions on page 29.Performing Inquiry Transactions on page 30.Performing Authorization/Delayed Capture Transactions on page 31.Performing Purchasing Card Transactions on page 34.Performing Reference Transactions on page 34.Using Address Verification Service (AVS) on page 37.Card Security Code (CSC) Validation on page 39.Performing Card-Present (Swipe) Transactions on page 42.Logging Transaction Information on page 43.



About Credit Card ProcessingCredit card processing occurs in two steps — a real-time authorization and a capture (settlement) of the funds that were authorized. As discussed below, you perform these two steps either as a single transaction or as two transactions, depending on your business model.

For an authorization, VeriSign sends the transaction information to a credit card processor who routes the transaction through the financial networks to the cardholder’s issuing bank. The issuing bank checks whether the card is valid, evaluates whether sufficient credit exists, checks values such as Address Verification Service and Card Security Codes (discussed below), and returns a response: Approval, Decline, Referral, or others.

You receive the response a few seconds after you submit the transaction to VeriSign. If the authorization is approved, the bank temporarily reserves credit for the amount of the transaction to prepare to capture (fulfill) the transaction. The hold on funds typically lasts for about a week.

Note You cannot remove a hold on funds through the processing networks—you must contact the issuing bank to lift a hold early.

Capturing a transaction (also known as settling a transaction) actually transfers the funds to your bank. At least once a day, VeriSign gathers all transactions that are flagged to be settled and sends them in a batch file to the processor. The processor then charges the issuing bank and transfers the funds to your bank. It typically takes a few days before the money is actually available in your account, depending on your bank.

Obtaining an Internet Merchant AccountTo accept credit cards over the Internet, you need a special account called an Internet Merchant Account. Your account provider or acquiring bank works with a VeriSign-supported credit card processor, such as First Data, Vital, or Paymentech. To use Payflow Pro to accept live credit cards, you must provide certain details about your account to VeriSign during the “Go Live” part of the enrollment process.


Chapter 3 Performing Credit Card Transactions

Note An Internet Merchant Account is separate from a merchant account used for in-person retail transactions due to the different risk profile for card-not-present (e-commerce) transactions.

VeriSign has partnered with several Internet Merchant Account providers to make applying easy. Seehttp://www.VeriSign.com/products/payflow/merchant.html

Planning Your Payflow Pro IntegrationIn designing your Payflow Pro integration, you should evaluate the following:

Whether to use a one-step or two-step transaction process. One-step: Submit a Sale transaction, which performs the authorization and (if successful) then flags the transaction for settlement. Two-step: Perform an Authorization-only transaction and then later perform a Delayed Capture transaction. The Delayed Capture transaction can be for the same amount as the original transaction or for a lower amount. (In the case of a split shipment, you can perform a Delayed Capture transaction for the initial shipment and a reference transaction for the final payment. These transaction types are described in this chapter.)

According to card association rules, most physical goods merchants should use a two-step process, since settlement should occur when the goods are fulfilled or shipped. A two-step process is also useful if you want to evaluate information in the response, such as whether the issuer verifies the billing address, and so on. Electronic goods merchants, who fulfill the order immediately, can use the one-step process. Check with your Internet Merchant Account provider for suggestions on the best method for you.

Whether or how to use risk management tools such as Address Verification Service (AVS) and card security code (CSC).

For AVS, if the data is submitted with the initial transaction, the issuer checks the street address and/or the ZIP (postal) code against the billing address on file for the consumer. AVS is described on page 37.

CSC refers to a 3- or 4-digit number that appears on the back of credit cards. (CSC is known by other names, such as CVV2 and CID, depending on the type


http://www.VeriSign.com/products/payflow/merchant.html


of card.) If CSC data is submitted, the issuer can notify you whether the number matches the number assigned to the card. CSC is described on page 39.

It may also be possible to implement additional safeguards yourself or to use a fraud service from VeriSign. You might want to discuss risk management with your Internet Merchant Account provider.

Store information in your local database or use VeriSign Manager reports to manage the data. You may want to store shipping information in your system, or you may prefer to send the information to VeriSign with the transaction and report on it later.

Note VeriSign recommends that you do not store credit card numbers. If you must store numbers, encrypt and store them behind properly configured firewalls. You should also consider whether and how to use the merchant-defined fields COMMENT1 and COMMENT2 to help tie VeriSign reports to your orders/customers or to report on other information about the transaction.

If or how you want to integrate with other systems, such as order fulfillment, customer service, and so on. You may wish to connect these systems directly to Payflow Pro for capturing funds, issuing refunds/credits, and so on. Alternatively, you may prefer to perform these steps manually using VeriSign Manager. Either way, VeriSign recommends that you monitor transaction activity using VeriSign Manager.

You may want to discuss, with your Internet Merchant Acquirer, practices that help you to obtain the most advantageous rates.

E-commerce Indicator (ECI)Some processors support a software flag called E-commerce Indicator (ECI) that indicates that the associated transaction is an Internet transaction. Payflow Pro complies with ECI basic requirements for all supported processors.

If you use VeriSign’s Buyer Authentication Service, then the ECI values reflects the Authentication status. See Fraud Protection Services Guide.



Credit Card Transaction Format

Note The examples in this chapter use the syntax of the pfpro executable client. Other Payflow Pro clients differ in where and how the parameter values are set, but the meaning and uses are the same.

Use the following syntax when calling the Payflow Pro client (pfpro) to process a transaction. Table 3-1 describes the arguments to the command.

pfpro <HostAddress> <HostPort> “<ParmList>” <TimeOut> <ProxyAddress> <ProxyPort> <ProxyLogon> <ProxyPassword>

For example:

pfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”30

Table 3-1 Arguments to the pfpro executable client

Argument Required Description

HOSTADDRESS Yes VeriSign’s host name.For live transactions, use payflow.verisign.com For testing purposes use test-payflow.verisign.com

HOSTPORT Yes Use port 443

PARMLIST Yes The ParmList is the list of parameters that specify the payment information for the transaction. The quotation marks “ ” at the beginning and end are required. In the example, the ParmList is:“TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”

The content of the ParmList varies by the type of transaction being processed. For example, a Void transaction requires a different set of parameters than does a Sale transaction.

“Parameters Used in Credit Card Transactions” on page 19 defines the parameters used to create credit card transactions. “Values Required by All Transaction Types” on page 25 lists the parameters required by each transaction type.



Command Syntax GuidelinesFollow these guidelines:

The command must be a single string with no line breaks.

Spaces are allowed in values

Enclose the ParmList in quotation marks (“”).

Quotation marks (“”) are not allowed within the body of the ParmList.

Separate all name/value pairs in the ParmList using an ampersand (&).

Calling pfpro without the required parameters results in an error message.

Using Special Characters in ValuesBecause the ampersand (&) and equal sign (=) characters have special meanings in the ParmList, name/value pairs like NAME=Ruff & Johnson, and COMMENT1=Level=5 are not valid.

To use special characters in the value of a name/value pair, use a length tag. The length tag specifies the exact number of characters and spaces that appear in the value. The following name/value pairs are valid:

NAME[14]=Ruff & Johnson

COMMENT1[7]=Level=5

Note Quotation marks (“”) are not allowed even if you use a length tag.

TIMEOUT Yes Time-out period for the transaction. The minimum recommended time-out value is 30 seconds. The VeriSign client begins tracking from the time that it sends the transaction request to the VeriSign server.

PROXYADDRESS No Proxy server address. Use the PROXY parameters for servers behind a firewall. Your network administrator can provide the values.

PROXYPORT No Proxy server port

PROXYLOGON No Proxy server logon ID

PROXYPASSWORD No Proxy server logon password

Table 3-1 Arguments to the pfpro executable client (Continued)

Argument Required Description



Parameters Used in Credit Card TransactionsAll credit card processors accept the parameters listed in Table 3-2 (required and optional parameters are noted). “Values Required by All Transaction Types” on page 25 lists the parameters required for each transaction type.

Note Some processors require yet additional parameters. See Appendix A, “Processors Requiring Additional Transaction Parameters,” for details on your processor’s requirements.Appendix E, “Additional Reporting Parameters,” provides a list of parameters that you can pass for reporting purposes.

Table 3-2 Credit-card transaction parameters

Parameter Description Required Type Max. Length

ACCT The credit card or purchase card number may not contain spaces, non-numeric characters, or dashes. For example, ACCT=5555555555554444

Yes1 Numeric 19

AMT Amount (US Dollars) U.S. based currency.

Specify the exact amount to the cent using a decimal point—use 34.00, not 34. Do not include comma separators—use 1199.95 not 1,199.95.

Your processor and/or Internet merchant account provider may stipulate a maximum amount.

Yes1 NumericUSD only

10

AUTHCODE AUTHCODE is returned only for approved Voice Authorization transactions. AUTHCODE is the approval code obtained over the phone from the processing network.

No, except for Voice Authorizations.

Numeric 6

COMMENT1 Merchant-defined value for reporting and auditing purposes.

No Alpha- numeric

128

COMMENT2 Merchant-defined value for reporting and auditing purposes.

No Alpha- numeric

128



CUSTREF Merchant-defined identifier for reporting and auditing purposes. For example, you can set CUSTREF to the invoice number.

You can use CUSTREF when performing Inquiry transactions. To ensure that you can always access the correct transaction when performing an Inquiry, you must provide a unique CUSTREF when submitting any transaction, including retries.

See STARTTIME and ENDTIME.

No Alpha- numeric

12

CVV2 A 3- or 4-digit code that is printed (not imprinted) on the back of a credit card. Used as partial assurance that the card is in the buyer’s possession.

See “Card Security Code (CSC) Validation” on page 39.

No Alpha- numeric

4

ENDTIME Optional for Inquiry transactions when using CUSTREF to specify the transaction.

ENDTIME specifies the end of the time period during which the transaction specified by the CUSTREF occurred. See STARTTIME.

ENDTIME must be less than 30 days after STARTTIME. An inquiry cannot be performed across a date range greater than 30 days.

If you set ENDTIME, and not STARTTIME, then STARTTIME is defaulted to 30 days before ENDTIME.

If neither STARTTIME nor ENDTIME is specified, then the system searches the last 30 days.

Format: yyyymmddhhmmss

No Numeric 14

EXPDATE Expiration date of the credit card in mmyy format.

For example, 0308 represents March 2008.

Yes1 Numeric 4

NAME or FIRSTNAME

Account holder's name. This single field holds all of the person’s name information.

No, but recom-mended

Alpha-numeric upper-case

30

Table 3-2 Credit-card transaction parameters (Continued)




ORIGID The ID of the original transaction that is being referenced. This ID is returned by the PNREF parameter and appears as the Transaction ID in VeriSign Manager reports.

Case-sensitive.

Yes1 Alpha- numeric

12

PARTNER The authorized VeriSign Reseller that registered you for the Payflow Pro service provided you with a Partner ID. If you registered yourself, use VeriSign.

Case-sensitive.

Yes Alpha- numeric

12

PWD Case-sensitive 6- to 32-character password that you defined while registering for the account.

Yes Alpha- numeric

32

STARTTIME Optional for Inquiry transactions when using CUSTREF to specify the transaction.

STARTTIME specifies the beginning of the time period during which the transaction specified by the CUSTREF occurred. See ENDTIME.

If you set STARTTIME, and not ENDTIME, then ENDTIME is defaulted to 30 days after STARTTIME.

If neither STARTTIME nor ENDTIME is specified, then the system searches the last 30 days.

Format: yyyymmddhhmmss

No Numeric 14

STREET The cardholder’s street address (number and street name).

The STREET address is verified by the AVS service (described in page 37.)

No Alpha- numeric

30





SWIPE Used to pass the Track 1 or Track 2 data (the card’s magnetic stripe information) for card-present transactions. Include either Track 1 or Track 2 data—not both. If Track 1 is physically damaged, the POS application can send Track 2 data instead.

The track data includes the disallowed = (equal sign) character. To enable you to use the data, the SWIPE parameter must include a length tag specifying the number of characters in the track data. For this reason, in addition to passing the track data, the POS application must count the characters in the track data and pass that number. Length tags are described in “Using Special Characters in Values” on page 18.

Required only for card- present transac-tions.

Alpha- numeric

TENDER The tender type (method of payment). Use only the value C for credit card transactions.

Yes Alpha 1

TRXTYPE The kind of transaction, for example, Sale or Credit. Described in “Values Required by All Transaction Types” on page 25.

Yes Alpha 1

USER Your login name. The examples in this document use USER=SuperMerchant.

This value is case-sensitive. You created the login name while registering for your Payflow account.

Currently, USER takes the same value as VENDOR. In a future release, each account will allow multiple users. The USER parameter will then specify the particular user.

Yes Alpha- numeric

64

VENDOR Your login name. The examples in this document use VENDOR=SuperMerchant.

This value is case-sensitive. You created the login name while registering for your Payflow account.

Yes Alpha- numeric

64

VERBOSITY LOW or MEDIUM.

LOW is the default setting—normalized values.

MEDIUM returns the processor’s raw response values.

See “Viewing Processor-specific Transaction Results: Verbosity” on page 23.

No Alpha





Viewing Processor-specific Transaction Results: VerbosityTransaction results (especially values for declines and error conditions) returned by each VeriSign-supported processor vary in detail level and in format. To simplify the process of integrating Payflow Pro, VeriSign normalizes the transaction result values, that is, limits them to a standardized set of values.

You can view the processor’s raw response values by setting the Payflow Pro Verbosity parameter to MEDIUM (the default setting—normalized values—is LOW).

Supported Verbosity SettingsThe following Verbosity settings are supported for VeriSign-supported processors. Contact your processor or bank for definitions of the returned values. Processor contact information appears in the “Introduction” chapter of Payflow Pro Developer’s Guide.

Note If you use Nashville, TeleCheck, or Paymentech, then you must use a client version newer than 2.09 to take advantage of the MEDIUM Verbosity setting.

LOW: This is the default setting for VeriSign accounts. The following values (described in Payflow Pro Developer’s Guide) are returned: {RESULT, PNREF, RESPMSG, AUTHCODE, AVSADDR, AVSZIP, CVV2MATCH, IAVS, CARDSECURE}

MEDIUM: All of the values returned for a LOW setting, plus the following values:

ZIP Account holder’s 5- to 9-digit ZIP (postal) code. Do not use spaces, dashes, or non-numeric characters.

The ZIP code is verified by the AVS service (described in page 37.)

No Alpha 9

1. Some transaction types do not require this parameter. See “Values Required by All Transaction Types” on page 25.





Note For information on interpreting the responses returned by the processor for the MEDIUM Verbosity setting, contact your processor directly. Processor contact information appears in “Supported Processors” on page 4.

Changing the Verbosity SettingSetting the default Verbosity level for all transactions

Contact VeriSign Customer Service to set your account’s Verbosity setting to LOW or MEDIUM for all transaction requests.

Field Name Type Length Description

HOSTCODE char 7 Response code returned by the processor. This value is not normalized by VeriSign.

RESPTEXT char 17 Text corresponding to the response code returned by the processor. This text is not normalized by VeriSign.

PROCAVS char 2 AVS (Address Verification Service) response from the processor

PROCCVV2 char 1 CVV2 (buyer authentication) response from the processor

PROCCARDSECURE char 1 VPAS/SPA response from the processor

ADDLMSGS char Up to 1048 characters.

Typically 50 characters.

Additional error message that indicates that the merchant used a feature that is disabled

DATE_TO_SETTLE Value available only before settlement has started.

BATCHID Value available only after settlement has assigned a Batch ID.

SETTLE_DATE Value available only after settlement has completed.



Setting the Verbosity level on a per-transaction basis

To specify a setting for Verbosity that differs from your account’s current setting, include the VERBOSITY=<value> name/value pair in the transaction request, where <value> is LOW or MEDIUM.

Values Required by All Transaction TypesAll transaction APIs require values for the TRXTYPE, TENDER, PARTNER, VENDOR, USER, and PWD parameters. Each transaction API has additional parameter requirements, as listed here. Transaction responses are described in Chapter 4, “Responses to SDK Credit Card Transaction Requests.”

Performing Sale Transactions The Sale API (TRXTYPE=S) charges the specified amount against the account, and marks the transaction for immediate fund transfer during the next settlement period. VeriSign submits each merchant’s transactions for settlement on a daily basis.

Additional Required Parameters for Sale TransactionsThe set: [ACCT, EXPDATE, and AMT]

or

Set ORIGID to the PNREF (Transaction ID in VeriSign Manager reports) value returned for the original transaction. When you use ORIGID, the Sale transaction uses the transaction referred to by the ORIGID as a reference transaction. See “Performing Reference Transactions” on page 34.

Example Sale Transaction pfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”30



Performing Credit TransactionsThe Credit API (TRXTYPE=C) returns the specified amount to the account holder. It is not necessary to provide the credit card number (ACCT) if you have the Transaction ID (PNREF) that was returned for the original transaction. If you issue a credit using the PNREF and not specifying an amount, the amount of the original transaction is used.

IMPORTANT! For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric (Example: V53A17230645). For Live servers, all of the first four characters are alpha characters, for example: VPNE12564395.

Additional Required Parameters for Credit TransactionsSet ORIGID to the PNREF (Transaction ID) value returned for the original transaction.

or

The set: [ACCT, EXPDATE, and AMT]

IMPORTANT! Because the default security setting for Payflow Pro accounts requires API calls to use the ORIGID parameter, this is the preferred method for performing credit transactions. Using the ACCT, EXPDATE, or AMT parameters for such accounts leads to Result code 117 (failed the security check). For information on setting the security settings, see the chapter on configuring account security in VeriSign Manager User’s Guide.



Fields Copied From the Original Transaction into the Credit Transaction

The following fields are copied from the original transaction into the Credit transaction (if they exist in the original transaction). If you provide a new value for any of these parameters when submitting the Credit transaction, then the new value is used (except Account number, Expiration date, or Swipe data).

Note For processors that use the RECURRING parameter: If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming the Credit transaction.

Example Credit Transaction

pfpro test-payflow.verisign.com 443 “TRXTYPE=C&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ORIGID=VPNE12564395”30

or

pfpro test-payflow.verisign.com 443 “TRXTYPE=C&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”30

Account number Amount City Comment1

Comment2 Company Name Country Cust_Code

CustIP DL Num DOB Duty amount

EMail Expiration date First name Freight amount

Invoice number Last name Middle Name Purchase order number

Ship To City Ship To Country Ship To First Name Ship To Last Name

Ship To Middle Name

Ship To State Ship To Street Ship To ZIP

SS Num State Street Suffix

Swipe data Tax amount Tax exempt Telephone

Title ZIP



Performing Void Transactions The Void API (TRXTYPE=V) prevents a transaction from being settled, but does not release the authorization (hold on funds) on the cardholder’s account. Follow these guidelines:

You can void Delayed Capture, Sale, Credit, Authorization, and Voice Authorization transactions. You cannot void a Void transaction.

The Void must occur prior to settlement.

Additional Required Parameters for Void TransactionsSet ORIGID to the PNREF (Transaction ID in VeriSign Manager reports) value returned for the original transaction.

Fields Copied From the Original Transaction into the Void Transaction

The following fields are copied from the original transaction into the Void transaction (if they exist in the original transaction). If you provide a new value for any of these parameters when submitting the Void transaction, then the new value is used (except Account number, Expiration date, or Swipe data).

Note For processors that use the RECURRING parameter: If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming the Void transaction.







Ship To Middle Name




Example Void Transaction pfpro test-payflow.verisign.com 443 “TRXTYPE=V&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ORIGID=VPNE12564395”30

Performing Voice Authorization Transactions Some transactions cannot be authorized over the Internet (for example, high dollar amounts)—processing networks generate Referral (Result Code 13) transactions. In these situations, you contact the customer service department of your merchant bank and provide the payment information as requested. If the transaction is approved, the bank provides you with a voice authorization code (AUTHCODE) for the transaction. You include this AUTHCODE as part of a Voice Authorization (TRXTYPE=F) transaction.

IMPORTANT! For Test servers, the AUTHCODE contains alpha-numeric characters (for example, 123PNI). For Live servers, the AUTHCODE contains only numeric digits (for example, 123456).

Once a Voice Authorization transaction has been approved, it is treated like a Sale or a Delayed Capture transaction and is settled with no further action on your part.

Like Sale or Delayed Capture transactions, approved Voice Authorization transactions can be voided.

Additional Required Parameters for Voice Authorization Transactions

AUTHCODE

ACCT

EXPDATE

AMT



Title ZIP



Example Voice Authorization Transaction pfpro test-payflow.verisign.com 443 “TRXTYPE=F&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&AUTHCODE=AB34RT56&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00”30

Performing Inquiry Transactions An Inquiry transaction (TRXTYPE=I) returns the result and status of a transaction. You perform inquiries using a reference to the original transaction—either the PNREF value returned for the original transaction or the CUSTREF value that you specified for the original transaction.

Inquiries based on a CUSTREF value return data on the most recent non-Inquiry transaction rather than the first transaction.

While the amount of information returned in an Inquiry transaction depends upon the VERBOSITY setting, Inquiry responses mimic the verbosity level of the original transaction as much as possible.

Using the PNREF to Perform Inquiry TransactionsSet ORIGID to the PNREF (Transaction ID in VeriSign Manager reports) value returned for the original transaction.

Example Inquiry Transaction Using the ORIGID Parameter set to the PNREF Value

pfpro test-payflow.verisign.com 443 “TRXTYPE=I&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&ORIGID=VPNE12564395”30

Using the CUSTREF to Perform Inquiry TransactionsSpecify the CUSTREF value and, optionally, the STARTTIME and ENDTIME parameters.



Example Inquiry Transaction Using the CUSTREFpfpro test-payflow.verisign.com 443 “TRXTYPE=I&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&CUSTREF=Inv00012345”30

Performing Authorization/Delayed Capture TransactionsVisa/MasterCard regulations prohibit merchants from capturing credit card transaction funds until product has shipped to the buyer. Because of this rule, most processing networks implement a two-stage transaction solution. VeriSign refers to this as delayed capture processing. This process consists of an authorization (TRXTYPE=A) transaction followed (when the merchant is ready to collect funds) by a Delayed Capture (TRXTYPE=D) transaction.

An Authorization transaction does not transfer funds, rather it places a hold on the cardholder’s open-to-buy limit, lowering the cardholder’s limit by the amount of the transaction. A delayed capture transaction then captures the original authorization amount. The transaction is scheduled for settlement during the next settlement period.

IMPORTANT! Only one Delayed Capture transaction is allowed per Authorization transaction.

Additional Required Parameters for Authorization TransactionsThe set: [ACCT, EXPDATE, and AMT]

or

Perform a reference transaction by specifying the ORIGID of an existing transaction. See “Performing Reference Transactions” on page 34.

Additional Required Parameters for Delayed Capture TransactionsSet ORIGID to the PNREF (Transaction ID in VeriSign Manager reports) value returned for the original transaction. If the amount of the capture differs from the amount of the authorization, then you must specify a value for AMT.



Fields Copied From the Authorization Transaction into the Delayed Capture Transaction

The following fields are copied from the Authorization transaction into the Delayed Capture transaction (if they exist in the original transaction). If you provide a new value for any of these parameters when submitting the Delayed Capture transaction, then the new value is used (except Account number, Expiration date, or Swipe data).

Step 1 Perform the Authorization transaction

The Authorization transaction uses the same parameters as Sale transactions, except that the transaction type is A.

The return data for an Authorization transaction is the same as for a Sale transaction. To capture the authorized funds, perform a Delayed Capture transaction that includes the value returned for PNREF, as described in Step 2 on page 33.

IMPORTANT! For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric (Example: V53A17230645). For Live servers, all of the first four characters are alpha characters (letters), for example: VPNE12564395.







Ship To Middle Name




Title ZIP



Example Authorization TransactionIssue Authorization-only Transaction

pfpro test-payflow.verisign.com 443 “TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&COMMENT1=Second purchase&COMMENT2=Low risk customer&INVNUM=1234567890&STREET=5199 MAPLE&ZIP=94588”30

Example Authorization ResponseRESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N

Step 2 Perform the Delayed Capture transaction

Set ORIGID to the PNREF value from the original authorization transaction. (There is no need to retransmit the credit card or billing address information—it is stored at VeriSign.)

If the capture succeeds, the amount of the sale is transferred to the merchant’s account during the daily settlement process. If the capture does not succeed, the hold on the cardholder’s open-to-buy is still in effect.

Example Delayed Capture Transactionpfpro test-payflow.verisign.com 443 “TRXTYPE=D&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ORIGID=VXYZ00887892”30

Example Delayed Capture ResponseRESULT=0&PNREF=VXYZ00895642&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N

Delayed Capture Transaction: Capturing Transactions for Lower Amounts

You can perform a delayed capture transaction for an amount lower than the original authorization amount (useful, for example, when you make a partial shipment).

Delayed Capture Transaction: Capturing Transactions for Higher Amounts

You can perform a delayed capture transaction for an amount higher than the original authorization amount, however, you are charged for an extra transaction.



In addition, the cardholder’s open-to-buy is reduced by the sum of the original authorization-only amount and the final delayed capture amount.

Delayed Capture Transaction: Error Handling and RetransmittalIf an error occurs while processing a delayed capture transaction, it is safe to retry the capture with values that allow the VeriSign server to successfully process it. Conversely, if a capture for a previous authorization succeeds, subsequent attempts to capture it again will return an error.

Performing Purchasing Card TransactionsA purchasing card (also referred to as a commercial card, corporate card, procurement card or business card) is a credit card that is issued at the request of an employer. It is usually reserved for business-related charges. The card issuer provides specialized reporting for this card type so the employer can monitor the use of the card. There is no method for determining whether a card is a purchase card or a commercial card based on the card number.

To obtain the best bank interchange rates for commercial cards, you must pass specific additional transaction information. See Appendix D, “Purchasing Card Level 2 and Level 3 Support.”

Commercial card support and parameters vary from processor to processor. See the entry for your processor in Appendix A, “Processors Requiring Additional Transaction Parameters” for additional information.

Performing Reference Transactions

CAUTION As a security measure, reference transactions are disallowed by default. Only your account administrator can enable reference transactions for your account. If you attempt to perform a reference transaction in an account for which reference transactions are disallowed, result code 117 is returned. See VeriSign Manager Guide for instructions on setting this and other VeriSign Manager security features.

Sale and Authorization transactions can make use of a reference transaction as a source of transaction data. VeriSign looks up the reference transaction and copies its transaction data into the new Sale or Authorization transaction.



IMPORTANT! When VeriSign looks up the reference transaction, neither the transaction being referenced nor any other transaction in the database is changed in any way. That is, a reference transaction is a read-only operation—only the new transaction is populated with data and acted upon. No linkage is maintained between the reference transaction and the new transaction.

Reference transactions are not screened by Fraud Protection Services filters.

You can also initiate reference transactions from VeriSign Manager. See VeriSign Manager User’s Guide for details.

Transaction Types that can be Used as the Original TransactionYou can reference the following transaction types to supply data for new Sale or Authorization transactions:Authorization (To capture the funds for an approved Authorization transaction, be sure to perform a Delayed Capture transaction—not a Reference transaction.)

CreditDelayed CaptureSaleVoice Authorization (The Voice Authorization code is not copied to the new transaction)

Void

Fields Copied From Reference TransactionsThe following fields are copied from the referenced transaction into the new Sale or Authorization transaction (if they exist in the original transaction). If you provide a value for any of these parameters when submitting the new transaction, then the new value is used.



Fields Copied From Original Transactions

Example Reference TransactionIn this example, you authorize an amount of $100 for a shipment and charge $66 for the first partial shipment using a normal delayed capture transaction. You charge the $34 for the final part of the shipment using a reference transaction to draw credit card and shipping address information from the initial authorization transaction.

Step 1 Submit the Initial transaction (authorization in this example)

You use an authorization transaction for the full amount of the purchase of $100:

pfpro test-payflow.verisign.com 443 "TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ACCT=5555555555554444&EXPDATE=0308&AMT=100.00&INVNUM=1234567890&STREET=5199 MAPLE&ZIP=94588"30

RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N

Step 2 Capture the authorized funds for a partial shipment of $66

When you deliver the first $66 worth of product, you use a normal delayed capture transaction to collect the $66.

pfpro test-payflow.verisign.com 443 "TRXTYPE=D&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ORIGID=VXYZ01234567&AMT=66.00"30

RESULT=0&PNREF=VXYZ01234568&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N

Account Type Street

Account Number City

Expiration Date State

First Name ZIP

Middle Name Country

Last Name Swipe Data



Step 3 Submit a new sales transaction of $34 for the rest of the shipment

Once you have shipped the remainder of the product, you can collect the remaining $34 in a sale transaction that uses the initial authorization as a reference transaction. (This is a sale transaction because only one delayed capture transaction is allowed per authorization.)

pfpro test-payflow.verisign.com 443 "TRXTYPE=S&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&ORIGID=VXYZ01234567&AMT=34.00"30

RESULT=0&PNREF=VXYZ01234569&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N

Note In the case that your business model uses the authorization/delayed capture cycle for all transactions, you could have chosen to use an authorization/delayed capture to collect the $34 in this example. You would generate the authorization for the $34 using the initial authorization as a reference transaction.

Using Address Verification Service (AVS)To qualify for the lowest bank rate, you must pass Address Verification Service (AVS) information—street address and ZIP (postal) code.

AVS compares the submitted street address and ZIP code with the values on file at the cardholder’s bank. The response includes values for AVSADDR and AVSZIP: Y, N, or X for the match status of the customer’s street address and ZIP code. Y = match, N = no match, X = cardholder’s bank does not support AVS. The AVS result is for advice only. Banks do not decline transactions based on the AVS result—the merchant makes the decision to approve or decline a transaction. AVS is supported by most US banks and some international banks.

Note AVS checks only for a street number match, not a street name match, so 123 Main Street returns the same response as 123 Elm Street.

The International AVS response (IAVS) indicates whether AVS response is international (Y), USA (N), or cannot be determined (X). Client version 3.06 or later is required.



Processors Supporting AVS

Tip See your processor’s information in Appendix A, “Processors Requiring Additional Transaction Parameters,” for information on their handling of AVS.

Example AVS Request This example request include the AVS request parameters STREET and ZIP:

pfpro test-payflow.verisign.com 443 “TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&STREET=5199 Maple&ZIP=98765”30

Table 3-3 Processors supporting AVS

Cards → American Express Discover MasterCard Visa

American Express — — —

FDMS South

FDMS Nashville

Global Payments Central (MAPP)

Global Payments East

Norwest — — — —

Nova

Paymentech

Vital

Wells Fargo Bank



Example AVS Response In this example, the address value matches the value in the bank’s records, but the ZIP code does not. The IAVS response is X.

RESULT=0&PNREF=VXW412345678&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N&IAVS=X

Card Security Code (CSC) ValidationThe card security code (CSC) is a 3- or 4-digit number (not part of the credit card number) that is printed on the credit card. Because the CSC appears only on the card and not on receipts or statements, the CSC provides some assurance that the physical card is in the possession of the buyer.

Tip This fraud prevention tool has various names, depending on the payment network. Visa calls it CVV2, MasterCard calls it CVC2, and American Express and Discover call it CID. To ensure that your customers see a consistent name, VeriSign recommends use of the term Card Security Code (CSC) on all end-user materials.

On most cards, the CSC is printed on the back of the card (usually in the signature field). All or part of the card number appears before the CSC (567 in the example). For American Express, the 4-digit number (1122 in the example) is printed on the front of the card, above and to the right of the embossed account number. Be sure to explain this to your customers.



Processors and Credit Cards Supporting CSCThe CSC validation service is not available for all processors or for all credit cards.

Even though your processor may be certified for CSC, they may not be certified for all card types (for example, American Express (CID), or Discover). The list will change as VeriSign continues to enhance its service offering. See http://www.verisign.com/support/payflow/cardSecurityCode.html for the latest information.

Special Cases: American Express and DiscoverAmerican ExpressTo enable the account to accept the CSC code, you must send an e-mail request to [email protected]. Once American Express has approved the request and has activated CSC for the you, you can begin passing CSC data and receiving the appropriate responses (Y, N, or X). If you attempt to send CSC data without having requested setup, American Express does not send a response.

Table 3-4 Processors and credit cards supporting CSC

Credit Cards → American Express

Discover MasterCard Visa

American Express — — —

FDMS South

FDMS Nashville — —


—

Global Payments East

Norwest — — — —

Nova —

Paymentech

Vital


http://www.verisign.com/support/payflow/cardSecurityCode.html


DiscoverDiscover does not currently support CSC. If a merchant attempts to send CSC data, Discover does not send a response.

CSC ResultsIf you submit the CVV2 parameter, the cardholder’s bank returns a Yes/No response in the CVV2MATCH response value as follows:

CSC results vary depending on your processor, as described in this table:

Table 3-5 CVV2MATCH response values

CVV2MATCH Value Description

Y The submitted value matches the data on file for the card.

N The submitted value does not match the data on file for the card.

X The cardholder’s bank does not support this service.

Table 3-6 CSC results

Processor Results

American Express CSC mismatches cause a non-approved result (RESULT = 114).

No CVV2MATCH value is returned.

VitalNovaGlobal Payments – EastGlobal Payments – Central

CSC mismatches may cause a non-approved result (RESULT = 112 or 114) in some cases. In other cases, the transaction may be approved despite the CSC mismatch.

The match or mismatch information is indicated in the CVV2MATCH value.

FDMS NashvilleFDMS SouthPaymentech

Transactions that have CSC mismatches can come back as an approved transaction (RESULT = 0).

The match or mismatch information is indicated in the CVV2MATCH value.

As with AVS, if the authorization was successful, you must make a decision based on the CVV2MATCH value whether or not to proceed with the order.



Example CVV2 RequestThis example request includes the CVV2 parameter:

pfpro test-payflow.verisign.com 443 “TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&&ACCT=5555555555554444&EXPDATE=0308&AMT=123.00&CVV2=567”30

Example CVV2MATCH ResponseIn this example result, the CSC value matches the value in the bank’s records.

RESULT=0&PNREF=VXW412345678&RESPMSG=APPROVED&AUTHCODE=123456&CVV2MATCH=Y

Performing Card-Present (Swipe) TransactionsPayflow Pro supports card-present transactions (face-to-face purchases). Follow these guidelines to take advantage of the lower card-present transaction rate:

Contact your merchant account provider to ensure that they support card-present transactions.

Contact VeriSign to set up a separate Payflow Pro account for card-present transactions.

Supported ProcessorsVeriSign is certified to submit card-present transactions for the following processors:

First Data Merchant Services (FDMS) Nashville

First Data Merchant Services (FDMS) South

Global Payments - Central (MAPP)

Nova

Paymentech

Vital

Card-present Transaction SyntaxUse the SWIPE parameter to pass the Track 1 or Track 2 data (the card’s magnetic stripe information). Include either Track 1 or Track 2 data—not both (up to 80



alpha-numeric characters). If Track 1 is physically damaged, the POS application can send Track 2 data instead.

The track data includes the disallowed = (equal sign) character. To enable you to use the data, the SWIPE parameter must include a length tag specifying the number of characters in the track data. For this reason, in addition to passing the track data, the POS application must count the characters in the track data and pass that number. Length tags are described in “Using Special Characters in Values” on page 18. The length tag in the following example is [40].

Do not include the ACCT or EXPDATE parameters in card-present transactions.

Example Card-present TransactionTRXTYPE=S&TENDER=C&PARTNER=VeriSign&USER=SuperMerchant&PWD=SuperMerchant&SWIPE[40]=;4912000033330026=05121011000012345678?&AMT=21.00

Logging Transaction InformationVeriSign maintains a record of all transactions executed on your account. This record is not the official bank statement. The credit card transaction summary that you receive from your acquiring bank is the official record.Use VeriSign Manager at https://manager.verisign.com to view this record and use the information to help reconcile your accounting records.

VeriSign strongly recommends that you log all transaction results on your own system and that you do not store credit card information.

At a minimum, log the following data:

PNREF

IMPORTANT! For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric (for example, V53A17230645). For Live servers, all of the first four characters are alpha characters (for example, VPNE12564395).

If you have any questions regarding a transaction, refer to or search on the PNREF. In VeriSign Manager reports, the PNREF value appears in the Transaction ID column.

Transaction Date




Transaction AmountAUTHCODE


4. Responses to SDK Credit Card Transaction Requests

This chapter describes the contents of a response to a credit card transaction request.

When a transaction finishes, VeriSign returns a response string made up of name/value pairs. For example, this is a response to a credit card Sale transaction request:

RESULT=0&PNREF=VXYZ01234567&RESPMSG=APPROVED&AUTHCODE=123456&AVSADDR=Y&AVSZIP=N&IAVS=Y&CVV2MATCH=Y

Contents of a Response to a Credit Card Transaction RequestAll transaction responses include values for RESULT, PNREF, RESPMSG. A value for AUTHCODE is included for Voice Authorization transactions. Values for AVSADDR and AVSZIP are included if you use AVS. Table 4-1 describes the values returned in a response string.

Table 4-1 Transaction response values

Field Description Type Length

PNREF VeriSign Reference ID, a unique number that identifies the transaction. PNREF is described in “PNREF Value” on page 47.

Alpha- numeric

12

RESULT The outcome of the attempted transaction. A result of 0 (zero) indicates the transaction was approved. Any other number indicates a decline or error. RESULT codes are described in “RESULT Codes and RESPMSG Values” on page 47.

Numeric Variable



CVV2MATCH Result of the card security code (CVV2) check. This value does not affect the outcome of the transaction.

AlphaY, N, X, or no response

1

RESPMSG The response message returned with the transaction result. Exact wording varies. Sometimes a colon appears after the initial RESPMSG followed by more detailed information. Response messages are described in “RESULT Codes and RESPMSG Values” on page 47.

Alpha- numeric

Variable

AUTHCODE Returned for Sale, Authorization, and Voice Authorization transactions. AUTHCODE is the approval code obtained over the phone from the processing network.

AUTHCODE is required when submitting a Force (F) transaction.

Alpha- numeric

6

AVSADDR AVS address responses are for advice only. This process does not affect the outcome of the authorization. See “Using Address Verification Service (AVS)” on page 37.


1

AVSZIP AVS ZIP code responses are for advice only. This process does not affect the outcome of the authorization. See “Using Address Verification Service (AVS)” on page 37.


1

IAVS International AVS address responses are for advice only. This value does not affect the outcome of the transaction.

Indicates whether AVS response is international (Y), US (N), or cannot be determined (X). Client version 3.06 or later is required.

See “Using Address Verification Service (AVS)” on page 37.


1

Table 4-1 Transaction response values (Continued)



Chapter 4 Responses to SDK Credit Card Transaction Requests

PNREF ValueThe Payment Network Reference ID value (PNREF) is a unique transaction identification number issued by VeriSign that identifies the transaction for billing, reporting, and transaction data purposes. The PNREF value appears in the Transaction ID column in VeriSign Manager reports.

The PNREF value is used as the TRANSID value (original transaction ID) in delayed capture transactions (TRXTYPE=D), credits (TRXTYPE=C), inquiries (TRXTYPE=I), and voids (TRXTYPE=V).

The PNREF value is used as the TRANSID value (original transaction ID) value in reference transactions for authorization (TRXTYPE=A) and Sale (TRXTYPE=S).

PNREF FormatThe PNREF value is a 12-character alpha-numeric string. The content depends on whether the value represents a test or live transaction, as follows:

For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric, for example V53A17230645.

For Live servers, all of the first four characters are alpha characters (letters), for example: VPNE12564395.

RESULT Codes and RESPMSG ValuesRESULT is the first value returned in the VeriSign server response string. The value of the RESULT parameter indicates the overall status of the transaction attempt.

A value of 0 (zero) indicates that no errors occurred and the transaction was approved.

A value less than zero indicates that a communication error occurred. In this case, no transaction is attempted.

A value greater than zero indicates a decline or error.

The response message (RESPMSG) provides a brief description for decline or error results.



RESULT Values for Transaction Declines or ErrorsFor non-zero Results, the response string includes a RESPMSG name/value pair. The exact wording of the RESPMSG (shown in bold) may vary. Sometimes a colon appears after the initial RESPMSG followed by more detailed information.

Table 4-2 VeriSign transaction RESULT values and RESPMSG text

RESULT RESPMSG and Explanation

0 Approved

1 User authentication failed. Error is caused by one or more of the following:

1) Invalid User, Merchant Login, Partner, or Password entered during login. Login information is case-sensitive.

2) Invalid Processor information entered. Contact merchant bank to verify.

3) "Allowed IP Address" security feature implemented.

4) Test account submitting transactions to live VeriSign servers.

2 Invalid tender type. Your merchant bank account does not support the following credit card type that was submitted.

3 Invalid transaction type. Transaction type is not appropriate for this transaction. For example, you cannot credit an authorization-only transaction.

4 Invalid amount format

5 Invalid merchant information. Processor does not recognize your merchant account information. Contact your bank account acquirer to resolve this problem.

7 Field format error. Invalid information entered. See RESPMSG.

8 Not a transaction server

9 Too many parameters or invalid stream

10 Too many line items

11 Client time-out waiting for response

12 Declined. Check the credit card number and transaction information to make sure they were entered correctly. If this does not resolve the problem, have the customer call the credit card issuer to resolve.

13 Referral. Transaction was declined but could be approved with a verbal authorization from the bank that issued the card. Submit a manual Voice Authorization transaction and enter the verbal auth code.



19 Original transaction ID not found. The transaction ID you entered for this transaction is not valid. See RESPMSG.

20 Cannot find the customer reference number

22 Invalid ABA number

23 Invalid account number. Check credit card number and re-submit.

24 Invalid expiration date. Check and re-submit.

25 Invalid Host Mapping. Not signed up for this tender type.

26 Invalid vendor account

27 Insufficient partner permissions

28 Insufficient user permissions

29 Invalid XML document. This could be caused by an unrecognized XML tag or a bad XML format that cannot be parsed by the system.

30 Duplicate transaction

31 Error in adding the recurring profile

32 Error in modifying the recurring profile

33 Error in canceling the recurring profile

34 Error in forcing the recurring profile

35 Error in reactivating the recurring profile

36 OLTP Transaction failed

37 Invalid recurring profile ID

50 Insufficient funds available in account

99 General error. See RESPMSG.

100 Transaction type not supported by host

101 Time-out value too small

102 Processor not available

103 Error reading response from host

Table 4-2 VeriSign transaction RESULT values and RESPMSG text (Continued)




104 Timeout waiting for processor response. Try your transaction again.

105 Credit error. Make sure you have not already credited this transaction, or that this transaction ID is for a creditable transaction. (For example, you cannot credit an authorization.)

106 Host not available

107 Duplicate suppression time-out

108 Void error. See RESPMSG. Make sure the transaction ID entered has not already been voided. If not, then look at the Transaction Detail screen for this transaction to see if it has settled. (The Batch field is set to a number greater than zero if the transaction has been settled). If the transaction has already settled, your only recourse is a reversal (credit a payment or submit a payment for a credit).

109 Time-out waiting for host response

111 Capture error. Either an attempt to capture a transaction that is not an authorization transaction type, or an attempt to capture an authorization transaction that has already been captured.

112 Failed AVS check. Address and ZIP code do not match. An authorization may still exist on the cardholder’s account.

113 Merchant sale total will exceed the sales cap with current transaction. ACH transactions only.

114 Card Security Code (CSC) Mismatch. An authorization may still exist on the cardholder’s account.

115 System busy, try again later

116 VPS Internal error. Failed to lock terminal number

117 Failed merchant rule check. One or more of the following three failures occurred:

An attempt was made to submit a transaction that failed to meet the security settings specified on the VeriSign Manager Security Settings page. If the transaction exceeded the Maximum Amount security setting, then no values are returned for AVS or CSC. See VeriSign Manager User’s Guide for information on the Security Settings page.

AVS validation failed. The AVS return value should appear in the RESPMSG.CSC validation failed. The CSC return value should appear in the RESPMSG.





118 Invalid keywords found in string fields

122 Merchant sale total will exceed the credit cap with current transaction. ACH transactions only.

125 Fraud Protection Services Filter — Declined by filters

126 Fraud Protection Services Filter — Flagged for review by filters

Important Note: Result code 126 indicates that a transaction triggered a fraud filter. This is not an error, but a notice that the transaction is in a review status. The transaction has been authorized but requires you to review and to manually accept the transaction before it will be allowed to settle.

This result occurred due to that fact that all new Payflow accounts include a “test drive” of the Fraud Protection Services at no charge. The filters are on by default, and a suspicious transaction triggered Result code 126. You can modify these settings based on your business needs.

Result code 126 is intended to give you an idea of the kind of transaction that is considered suspicious to enable you to evaluate whether you can benefit from using the Fraud Protection Services.

For more information, see the chapter entitled “Assessing Transactions that Triggered Filters” in Fraud Protection Services Guide or User’s Guide for Payflow Link Guide With Fraud Protection Services.

127 Fraud Protection Services Filter — Not processed by filters

128 Fraud Protection Services Filter — Declined by merchant after being flagged for review by filters.

131 Version 1 Payflow Pro SDK client no longer supported. Upgrade to the most recent version of the Payflow Pro client.

1000 Generic host error. This is a generic message returned by your credit card processor. The RESPMSG will contain more information describing the error.

1001 Buyer Authentication Service unavailable

1002 Buyer Authentication Service — Transaction timeout

1003 Buyer Authentication Service — Invalid client version

1004 Buyer Authentication Service — Invalid timeout value








1014 Buyer Authentication Service — Merchant is not enrolled for Buyer Authentication Service (3-D Secure). To enroll, log in to VeriSign Manager, click Security, and then click the Buyer Authentication Service banner on the page.

1016 Buyer Authentication Service — 3-D Secure error response received. Instead of receiving a PARes response to a Validate Authentication transaction, an error response was received.

1017 Buyer Authentication Service — 3-D Secure error response is invalid. An error response is received and the response is not well formed for a Validate Authentication transaction.

1021 Buyer Authentication Service — Invalid card type

1022 Buyer Authentication Service — Invalid or missing currency code

1023 Buyer Authentication Service — merchant status for 3D secure is invalid

1041 Buyer Authentication Service — Validate Authentication failed: missing or invalid PARES

1042 Buyer Authentication Service — Validate Authentication failed: PARES format is invalid

1043 Buyer Authentication Service — Validate Authentication failed: Cannot find successful Verify Enrollment

1044 Buyer Authentication Service — Validate Authentication failed: Signature validation failed for PARES

1045 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid amount in PARES

1046 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid acquirer in PARES

1047 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid Merchant ID in PARES

1048 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid card number in PARES

1049 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid currency code in PARES





RESULT Values for Communications ErrorsA value for RESULT less than zero indicates that a communication error occurred. In this case, no transaction is attempted.

A value of -1 or -2 usually indicates a configuration error. Either the VeriSign server is unavailable, or incorrect server/socket pairs have been specified. A value of -1 can also result when there are Internet connectivity errors. Refer other errors to VeriSign at [email protected].

1050 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid XID in PARES

1051 Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid order date in PARES

1052 Buyer Authentication Service — Validate Authentication failed: This PARES was already validated for a previous Validate Authentication transaction



Table 4-3 RESULT values for communications errors

RESULT Description

-1 Failed to connect to host

-2 Failed to resolve hostname

-5 Failed to initialize SSL context

-6 Parameter list format error: & in name

-7 Parameter list format error: invalid [ ] name length clause

-8 SSL failed to connect to host

-9 SSL read failed

-10 SSL write failed

-11 Proxy authorization failed

-12 Timeout waiting for response

-13 Select failure

-14 Too many connections


[email protected]


-15 Failed to set socket options

-20 Proxy read failed

-21 Proxy write failed

-22 Failed to initialize SSL certificate

-23 Host address not specified

-24 Invalid transaction type

-25 Failed to create a socket

-26 Failed to initialize socket layer

-27 Parameter list format error: invalid [ ] name length clause

-28 Parameter list format error: name

-29 Failed to initialize SSL connection

-30 Invalid timeout value

-31 The certificate chain did not validate, no local certificate found

-32 The certificate chain did not validate, common name did not match URL

-99 Out of memory

Table 4-3 RESULT values for communications errors (Continued)

RESULT Description


5. Testing Payflow Pro Credit Card Transactions

To test your application, direct all transactions to test-payflow.verisign.com. Transactions directed to this URL are processed through VeriSign’s simulated payment network, enabling you to test the configuration and operation of your application or storefront — no money changes hands. (You must activate your account and configure your application for live transactions before accepting real orders.)

Note New Payflow accounts include a “test drive” of the Fraud Protection Services at no charge. This means that you might encounter Result 126 for transactions that triggered the test Fraud Protection filters. Result 126 is intended to give you an idea of the kind of transaction that is considered suspicious so you can evaluate whether you can benefit from using the Fraud Protection Services.

For more information, see the chapter entitled “Assessing Transactions that Triggered Filters” in Fraud Protection Services Guide or User’s Guide for Payflow Link Guide With Fraud Protection Services.

Testing GuidelinesWhile testing, use only the credit card numbers listed in this chapter. Other numbers produce an error.

Expiration Date must be a valid date in the future (use the mmyy format).

To view the credit card processor that you have selected for testing, see Account Info → Processor Info in VeriSign Manager.



Differences Between Responses Returned by Live (Production) Servers and Test Servers

For Test servers, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric, for example V53A17230645.

For Live servers, all of the first four characters in the PNREF value are alpha characters (letters), for example: VPNE12564395.

Credit Card Numbers Used for TestingUse the following credit card numbers for testing. Any other card number produces a general failure.

Table 5-1 Test credit card numbers

American Express 378282246310005

American Express 371449635398431

Amex Corporate 378734493671000

Australian BankCard 5610591081018250

Diners Club 30569309025904

Diners Club 38520000023237

Discover 6011111111111117

Discover 6011000990139424

JCB 3530111333300000

JCB 3566002020360505

MasterCard 5555555555554444

MasterCard 5105105105105100

Visa 4111111111111111

Visa 4012888888881881

Visa 4222222222222

Note: Even though this number has a different character count than the other test numbers, it is the correct and functional number.


Chapter 5 Testing Payflow Pro Credit Card Transactions

Testing Result Codes ResponsesYou can use the amount of the transaction to generate a particular Result code. Table 5-2 lists the general guidelines for specifying amounts. Table 5-3 lists VeriSign result codes that are supported by this testing mechanism.

Note For all hosts except Global Payments Central (MAPP): Credit (C) and Force (F) transactions will always be approved regardless of dollar amount or card number.

VeriSign Result Codes Returned Based on Transaction AmountThis table lists the VeriSign Result codes that you can generate using the amount of the transaction. To generate a specific code, submit an amount of 1000 plus the code number (for example, submit an amount of 1013 for a Result code of 13).

Table 5-2 Result codes resulting from amount submitted

Amount Result (RESPMSG)

$0 – $1000 0 (Approved)

$1001 – $2000 Certain amounts in this range will return specific VeriSign result codes, and can be generated by adding $1000 to that result code. For example, for Result 13 (Referral), submit the amount 1013.

If the amount is in this range but does not correspond to a VeriSign result code supported by this testing mechanism, result 12 (Declined) is returned.

$2001+ 12 – Decline

Table 5-3 VeriSign result codes supporting the amount control

Processor Result Codes available for testing

FDMS Nashville 0, 12, 13, 104

Paymentech 0, 12, 13, 104

Vital 0, 4, 12, 13, 23, 104, 114, 1000

Nova 0, 12, 13, 104

FDMS South 0, 12, 13, 104



Alternative Methods for Generating Specific Result CodesThis table shows another method for obtaining VeriSign result codes. Non-zero results from processors are not returned by VeriSign’s servers, and therefore cannot be simulated using the amount. In some cases, you may get certain results using the result code plus 1000 even though this table suggests another means of obtaining the result code.

Amex 0, 12, 13, 104, 1000

Global Payments East (NDCE)

0, 4, 5, 12, 13, 23, 24, 30, 100, 104, 114, 1000


0, 4, 5, 8, 12, 13, 23, 24, 104, 111, 114, 1000

Table 5-3 VeriSign result codes supporting the amount control

Processor Result Codes available for testing

Table 5-4 Obtaining VeriSign result code

Result Definition How to test using Payflow Pro

0 Approved Use an AMOUNT of $1000 or less

For all hosts except Global Payments Central (MAPP), PBS, and FDRA: Credit (C) and Force (F) transactions will always be approved regardless of dollar amount or card number.

1 User authentication failed Use an invalid PWD

2 Invalid tender Use an invalid TENDER, such as G

3 Invalid transaction type Use an invalid TRXTYPE, such as G

4 Invalid amount Use an invalid AMOUNT, such as –1

5 Invalid merchant information Use an AMOUNT of 1005. Applies only to the following processors: Global Payments East and Central, and American Express).

7 Field format error Submit a Delayed Capture transaction with no ORIGID

10 Too many line items OBSOLETE.

12 Declined Use an AMOUNT of 1012 or an AMOUNT of 2001 or more

13 Referral Use an AMOUNT of 1013



19 Original transaction ID not found

Submit a Delayed Capture transaction with an invalid ORIGID

22 Invalid ABA number Applies only to ACH transactions – submit an invalid ABA number (8 digits)

23 Invalid account number Submit an invalid account number, for example, 000000000000000

24 Invalid expiration date Submit an invalid expiration date, for example, 0298

25 Transaction type not mapped to this host

Submit a transaction for a card or tender you are not currently set up to accept, for example, a Diners card if you aren’t set up to accept Diners.

29 Invalid XML document Pass a bad XML document (XMLPay users only).

30 Duplicate Transaction Use an AMOUNT of 1030. Only applies to Global Payments East and Central processors.

50 Insufficient funds available Use an amount of 1050. Only applies to Paymentech.

99 General error Use an AMOUNT of 1099. Only applies to Global Payments East.

100 Invalid transaction returned from host

Use an AMOUNT of 1100. Only applies to Global Payments East and Central.

101 Time-out value too small Set timeout value to 1.

103 Error reading response from host

Use an AMOUNT of 1103.

104 Timeout waiting for processor response

Use an AMOUNT of 1104.

105 Credit error Attempt to credit an authorization.

108 Void error Attempt to void a captured authorization.

111 Capture error Capture an Authorization transaction twice or attempt to capture a transaction that is not an Authorization transaction.

112 Failed AVS check You cannot generate this RESULT value by submitting an amount of 1112, but must submit a value for AVS that will fail.In production, this error occurs only if your account is configured by VeriSign customer service to use the “AVS Deny” feature.

Table 5-4 Obtaining VeriSign result code (Continued)



Testing Address Verification Service (AVS)The VeriSign testing server simulates AVS by returning a value for AVSADDR based on the first three characters of the submitted value for STREET.The testing server returns a value for AVSZIP based on the submitted ZIP value as shown in the table.

If STREET starts with 667 or higher or begins with a non-numeric character, then the simulator returns AVSADDR=X, AVSZIP=X.

113 Cannot exceed sales cap Applies to ACH transactions only.

114 CVV2 Mismatch Use an AMOUNT of 1114. Only applies to Vital and Global Payments East and Central processors.

1000 Generic Host Error Use an AMOUNT of 2000. Does not apply to Nova, American Express, or Global Payments East processors.

Table 5-4 Obtaining VeriSign result code (Continued)

Table 5-5 Testing AVSADDR

Submitted Value for STREET Example STREET Value AVSADDR Result

000-333 24285 Elm Y

334-666 49354 Main N

667 or higher or begins with a non-numeric character

79232 Maple X

Table 5-6 Testing AVSZIP

Submitted Value for ZIP Example ZIP Value AVSZIP Result

00000-50000 00382 Y

50001-99999 94303 N

Any value (if street address is 667 or higher or begins with a non-numeric character)

STREET=79232 Maple, ZIP=20304

X



Testing Card Security Code (CVV2)If you submit a value for the card security code (CVV2), the cardholder’s bank returns a Yes / No / Not Supported (Y / N / X) response on whether the value matches the number on file at the bank. CSC is described in “Card Security Code (CSC) Validation” on page 39.

Tip Some processors decline failed card security code without returning a CVV2MATCH value. Test the results and check with your processor to determine whether they support CSC checking.

For the testing server, the first three characters of the CVV2 value determine the CVV2MATCH result, as shown here.

Testing TeleCheck TransactionsSee Appendix B, “Performing TeleCheck Electronic Check Transactions.” for information on testing TeleCheck transactions.

Table 5-7 Testing CVV2MATCH

CVV2 Value CVV2MATCH Value

000-300 Y

301-600 N

601 or higher X


6. Activating Your Payflow Account

When you are ready to activate your VeriSign Payflow Pro account (submit customer transactions to collect funds), follow these steps:

1 Log in to VeriSign Manager (https://manager.verisign.com).

2 Click the Click Here to Activate Your Account button and follow the on-screen instructions.

3 Point your clients to the Active Payflow Pro servers. In your client applications, change test-payflow.verisign.com to payflow.verisign.com

Change test-payflow.verisign.com to payflow.verisign.com wherever pfpro is invoked. For the executable client, this is in your CGI script analogous to cgitest.cgi in the testing examples.

The individual Readme files for the other SDKs contain references to test-payflow.verisign.com. Change all references to payflow.verisign.com.



A. Processors Requiring Additional Transaction Parameters

This appendix lists both required and optional parameters supplementary to the common parameter set.

In this Appendix“American Express” on page 66

“First Data Merchant Services (FDMS) Nashville” on page 68

“First Data Merchant Services (FDMS) South” on page 71

“Nova” on page 76

“Paymentech” on page 78

“Vital” on page 80



American Express

Additional Credit Card Parameters, American ExpressIn addition to the “Parameters Used in Credit Card Transactions” on page 19, American Express accepts the following parameters:

Mail: American Express19640 N. 31st AvenuePhoenix, AZ 85027

Phone: 800-297-5555

Table A-1 American Express additional parameters

Parameter Description Required Type Length

RECURRING Identifies the transaction as recurring. This value does not activate VeriSign’s Recurring Billing Service APIs.

If the RECURRING parameter was set to Y for the original transaction, then the setting is ignored when forming Credit, Void, and Force transactions.

If you subscribe to VeriSign’s Fraud Protection Services:

– To avoid charging you to filter recurring transactions that you know are reliable, the fraud filters do not screen recurring transactions.

– To screen a prospective recurring customer, submit the transaction data using VeriSign Manager’s Manual Transactions page. The filters screen the transaction in the normal manner. If the transaction triggers a filter, then you can follow the normal process to review the filter results.

No Alpha- numeric

Y or N

1

SWIPE Allows Track 1 and Track 2 data to be passed to enable a card-present transaction.

No Alpha- numeric

80


Appendix A Processors Requiring Additional Transaction Parameters

Commercial Card Parameters, American ExpressThe following parameters are recommended to obtain the best rates for processing commercial purchasing cards with American Express:

Table A-2 American Express commercial card parameters


PONUM Up to 17 alphanumeric characters, specified by the cardholder to identify the order. Usually used as a Purchase Order number.

No Alpha-numeric

17

DESC General description of the transaction. No (but provides best rate when used)

Alpha-numeric

23

DESC1-4 Up to 4 lines of additional description of the charge.

No Alpha-numeric

40

INVNUM Merchant invoice number. This reference number (PNREF—generated by VeriSign) is used for authorizations and settlements.The Acquirer decides if this information will appear on the merchant’s bank reconciliation statement.

No Numeric 9

SHIPTOZIP Ship to postal code (called ZIP code in the USA).

No (but provides best rate when used)

Alpha-numeric

6

TAXAMT Tax Amount. Do not include comma separators. Use 1199.95 instead of 1,199.95.


Currency 10



First Data Merchant Services (FDMS) Nashville

Additional Credit Card Parameters, FDMS NashvilleIn addition to the “Parameters Used in Credit Card Transactions” on page 19, FDMS Nashville accepts the following parameters:

Mail: First Data Corporation2525 Perimeter Place DriveSuite 123Nashville, TN 37214

Phone: 800-647-3722



Table A-3 FDMS Nashville additional parameters



No Numeric 10






No Alpha- numeric

Y or N

1


No Alpha- numeric

80



Commercial Card Parameters, FDMS NashvilleThe following parameters are recommended to obtain the best rates for processing commercial cards with FDMS Nashville.

Table A-4 FDMS commercial card parameters


COMMCARD One-character value representing type of commercial card account number sent.

P Purchase CardC Corporate CardB Business CardU Unknown (default)N None

No (defaults to U - Unknown)

Alpha- numeric

1

DUTYAMT Sometimes called import tax. Amount should always be a decimal. Exact amount to the cent (34.00, not 34). Do not include comma separators. Use 1199.95 instead of 1,199.95.

No Currency 10

FREIGHTAMT Freight Amount. Amount should always be a decimal. Exact amount to the cent (34.00, not 34). Do not include comma separators. Use 1199.95 instead of 1,199.95.

No Currency 10

PONUM Purchase Order Number. No (but provides best rate when used)

Alpha- numeric

25



Numeric 9

TAXAMT Tax Amount. Amount should always be a decimal. Exact amount to the cent (34.00, not 34). Do not include comma separators. Use 1199.95 instead of 1,199.95.


Currency 10

TAXEXEMPT Is the customer tax exempt? Y or N No Alpha 1



First Data Merchant Services (FDMS) South

Additional Credit Card Parameters, FDMS SouthIn addition to the “Parameters Used in Credit Card Transactions” on page 19, FDMS South accepts the following parameters:

Purchase Card Parameters, FDMS SouthThe following parameters are recommended to obtain the best rates for processing purchase cards (Level 2/3) with FDMS South:

Mail: First Data CorporationBusiness Payment Services Group4000 Coral Ridge DriveCoral Springs, FL 33065

Phone: 800-326-2217

Table A-5 FDMS South additional parameters



No Alpha- numeric

80

Table A-6 FDMS South purchase card parameters


CITY Cardholder’s city. No Alpha 13

COUNTRYCODE Destination Country Code. Visa and MasterCard are different. Refer to Country Code tables. (See Appendix G, “ISO Country Codes.”)

No Alpha 3

CUSTCODE Customer code/customer reference ID No Alpha- numeric

17

DISCOUNT Discount amount on total sale No Currency 10



DUTYAMT Sometimes called import tax. If the currency uses a decimal, then this parameter should specify the exact amount to the last decimal place (for example, 34.00, not 34). See “FDMS South Currency Codes and Decimal Positions” on page 139. Do not include comma separators in the amount. Use 1199.95 instead of 1,199.95.

No Currency 10

FIRSTNAME Cardholder’s first name. No Alpha 15

FREIGHTAMT Freight Amount - If the currency uses a decimal, then this parameter should specify the exact amount to the last decimal place (for example, 34.00, not 34). See “FDMS South Currency Codes and Decimal Positions” on page 139. Do not include comma separators in the amount. Use 1199.95 instead of 1,199.95.

No Currency 10


No Numeric 10

LASTNAME Cardholder’s last name. No Alpha 15

ORDERDATE Order date: Format is mmddyy with no slashes or dashes. Example: July 28, 2003 would be 072803.

No Numeric 6

Table A-6 FDMS South purchase card parameters (Continued)




ORDERDATETIME Order time and date. Format is either YYYY-MM-DD or YYYY-MM-DD HH:MI:SS (where HH is in 24-hour time).

If the value does not conform to one of the formats or if the date is not valid (for example, 2004-17-35), then the transaction is rejected with a RESULT=7 (SIG_FIELD_ERR) and RESPMSG=Invalid ORDERTIME.

A truncated version of the ORDERTIME value (up to 7 characters) overwrites any value provided by ORDERDATE.

If no value is provided, a NULL value is stored.

No Alphanumeric

19

PONUM Purchase Order Number / Merchant related data


Alpha- numeric

25

SHIPFROMZIP Ship from postal code (called ZIP code in the USA).


Numeric 9



Numeric 9

STATE Cardholder’s state. No Alpha 2


No Alpha- numeric

80





Purchase Card Line Item Parameters, FDMS SouthLine item data describes the details of the item purchased and can be can be passed for each transaction. The convention for passing line item data in name/value pairs is that each name/value starts with L_ and ends with n where n is the line item number. For example L_QTY0=1 is the quantity for line item 0 and is equal to 1, with n starting at 0.

TAXAMT Tax Amount - If the currency uses a decimal, then this parameter should specify the exact amount to the last decimal place (for example, 34.00, not 34). See “FDMS South Currency Codes and Decimal Positions” on page 139. Do not include comma separators in the amount. Use 1199.95 instead of 1,199.95.


Currency 10

TAXEXEMPT Is the customer tax exempt? Y or N No Alpha 1



Table A-7 Purchase card line item parameters


L_QTYn Quantity (whole units only) Yes Numeric 10

L_COMMCODEn Item commodity code No Alpha- numeric

12

L_DESCn Item description No Alpha-

numeric

35

L_UOMn Item unit of measure. See “Units of Measure” on page 134.

No Alpha 3

L_COSTn Cost per item, excluding tax No Currency 10

L_PRODCODEn Supplier specific product code No Alpha-

numeric

12

L_DISCOUNTn Discount per line item No Currency 10



Purchase Card Level 2 and 3 Examplepfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&STATE=CA&FIRSTNAME=John&LASTNAME=Smith&CITY=Redwood&COUNTRYCODE=USA&CUSTCODE=12345&DISCOUNT=.25&DUTYAMT=34.00&FREIGHTAMT=12.00&INVNUM=1234567890&ORDERDATE=021700&PONUM=1234567890123456789012345&SHIPFROMZIP=940151234&SHIPTOZIP=94065&TAXAMT=1.00&TAXEXEMPT=Y”30

Line Item Parameter Examplepfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=C&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&STATE=CA&FIRSTNAME=John&LASTNAME=Smith&CITY=Redwood&COUNTRYCODE=USA&CUSTCODE=12345&DISCOUNT=.25&DUTYAMT=34.00&FREIGHTAMT=12.00&INVNUM=1234567890&ORDERDATE=021700&PONUM=1234567890123456789012345&SHIPFROMZIP=940151234&SHIPTOZIP=94065&TAXAMT=1.00&TAXEXEMPT=Y&L_QTY1=1&L_UPC1=PN&L_DESC1=Test&L_UOM1=INQ&L_COST1=1.00&L_PRODCODE1=12345&L_DISCOUNT1=.25&&L_AMT1=.75&L_TAXAMT1=0” 30

L_AMTn Total line item amount including tax and discount. + for debit, - for credits

Yes Currency 10

L_TAXAMTn Line item Tax amount No Currency 10

Table A-7 Purchase card line item parameters (Continued)




Nova

Additional Credit Card Parameters, NovaIn addition to the “Parameters Used in Credit Card Transactions” on page 19, Nova accepts the following parameter:

Mail: Nova Information Systems, Inc.Knoxville Operations Center7300 Chapman HighwayKnoxville, TN 37920-6609

Phone: 800-725-1243

Table A-8 Vital additional parameters







No Alpha- numeric

Y or N

1



Commercial Card Parameters, NovaThe following parameters are recommended to obtain the best rates for processing commercial cards with Nova:

Table A-9 Nova Commercial Card Parameters


PONUM Purchase Order Number No (when used provides best rate)

Alphanumeric

25

TAXAMT Tax Amount - The amount should always specify a decimal, and the exact amount, to the cent (34.00, not 34). Do not include comma separators in the amount. Use 1199.95 instead of 1,199.95.

No (when used provides best rate)

Currency 10



Paymentech

Additional Credit Card Parameters, PaymentechIn addition to the “Parameters Used in Credit Card Transactions” on page 19, Paymentech accepts the following parameters. For best AVS results, pass the city and state parameters in the parameter list.

Mail: Paymentech4 Northeastern Blvd.Salem, NH 03079

Phone: 800-782-1266

Table A-10 Additional credit card parameters


CITY Cardholder’s billing city. No Alpha 20


No Numeric 10

MERCHDESCR

Merchant descriptor.

For example, ABCCMPY*FALLCATALOG

No Alphanumeric 22

MERCHSVC Merchant telephone number.

For example, 603-555-1212

No Alphanumeric 13

STATE Cardholder’s billing state. No Alpha 2




No Alpha- numeric

80






No Alpha- numeric

Y or N

1

Table A-10 Additional credit card parameters (Continued)




Vital

Additional Credit Card Parameters, VitalIn addition to the “Parameters Used in Credit Card Transactions” on page 19, Vital accepts the following parameter:

Mail: VitalVisanet Processing Services8320 South Hardy RoadTempe, AZ 85284

Phone: 800-847-2772 (Help Desk)

Table A-11 Vital additional parameters



No Alpha- numeric

80






No Alpha- numeric

Y or N

1


B. Performing TeleCheck Electronic Check Transactions

This chapter describes the process of performing electronic check transactions. Responses to transaction requests are described in Appendix C, “Responses to TeleCheck Transaction Requests.”

VeriSign offers electronic check acceptance through TeleCheck. Before processing electronic check transactions, merchants must obtain an account through TeleCheck (www.telecheck.com).

Note For information on credit card transactions, skip this chapter and see Chapter 3, “Performing Credit Card Transactions.”

For information on performing ACH transactions, contact your VeriSign Sales Representative at [email protected] or visit http://www.verisign.com/products/payflow/ach/findoutmore.html

TeleCheck Contact InformationMail: TeleCheck Merchant Services

PO Box 4513Houston, TX 77210-4513

Phone: 800-366-1054 (Merchant Services)



TeleCheck Transaction Syntax

Note The examples in this chapter use the syntax of the pfpro executable client. Other Payflow Pro clients differ in where and how the parameter values are set, but the meaning and uses are the same.

Use the following syntax when calling the Payflow Pro client (pfpro) to process a TeleCheck transaction. Table B-1 describes the arguments to the pfpro executable client command

pfpro <HostAddress> <HostPort> “<ParmList>” <TimeOut> <ProxyAddress> <ProxyPort> <ProxyLogon> <ProxyPassword>

For example:

pfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=K&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&AMT=123.00&MICR=1234567804390850014321&CHKNUM=4321&NAME=Lydia Chin&STREET=121 Park Street&CITY=Pleasanton&STATE=MA

&ZIP=123451234&DL=MA1234567&[email protected]”30

Table B-1 Arguments to the pfpro executable client

Argument Re-quired

Description

HOSTADDRESS Yes VeriSign’s host name.For live transactions, use payflow.verisign.com For testing purposes use test-payflow.verisign.com

HOSTPORT Yes VeriSign host port number: Use port 443.

PARMLIST Yes The ParmList is the list of parameters that specify the payment information for the transaction. The quotation marks “ ” at the beginning and end are required. In the example, the ParmList is:

“TRXTYPE=S&TENDER=K&PARTNER=VeriSign&VENDOR=SuperMerchant&USER=SuperMerchant&PWD=x1y2z3&AMT=123.00&MICR=1234567804390850014321&CHKNUM=4321&NAME=Lydia Chin&STREET=121 Park Street&CITY=Pleasanton&STATE=MA&ZIP=123451234&DL=MA1234567&[email protected]”

All parameters used in TeleCheck transactions are described in Table B-2 on page 85.


Appendix B Performing TeleCheck Electronic Check Transactions

Command Syntax GuidelinesFollow these guidelines:

The command must be a single string with no line breaks.

Use spaces as argument separators.

Enclose the ParmList in quotation marks (“”).

Quotation marks (“”) are absolutely not allowed in the body of the ParmList.

Separate all name/value pairs in the ParmList using an ampersand (&).

Calling pfpro without the required parameters results in an error message.

Using Special Characters in ValuesBecause the ampersand (&) and equal sign (=) characters have special meanings in the ParmList, name/value pairs like NAME=Ruff & Johnson, and COMMENT1=Level=5 are not valid.

To use the & and = characters in the value of a name/value pair, use a length tag. A length tag specifies the exact number of characters and spaces that appear in the value. The following name/value pairs are valid:

NAME[14]=Ruff & Johnson

COMMENT1[7]=Level=5

TIMEOUT Yes Time-out period for the transaction. The minimum recommended time-out value is 30 seconds. The VeriSign client begins tracking from the time that it sends the transaction request to the VeriSign server.

PROXYADDRESS No Proxy server address. Use the PROXY parameters for servers behind a firewall. Your network administrator can provide the values.

PROXYPORT No Proxy server port

PROXYLOGON No Proxy server logon ID

PROXYPASSWORD No Proxy server logon password

Table B-1 Arguments to the pfpro executable client

Argument Re-quired

Description



Note Quotation marks (“”) are absolutely not allowed in the body of the ParmList, even if you use length tags.

TeleCheck ParametersParameters used for processing electronic checks through TeleCheck are described in Table B-2. Required and optional parameters are noted.

Note Appendix E, “Additional Reporting Parameters,” provides a list of parameters that you can pass for reporting purposes.

Required ParametersAs a summary of Table B-2, the following parameters are required for every electronic check transaction:

TRXTYPETENDERCHKTYPEPARTNERVENDORUSERPWDAMTCITYDL or SSCHKNUMEMAILMICRNAMESTATESTREETZIP



Table B-2 TeleCheck Parameters


AMT This is the transaction amount in U.S. dollars. The transaction amount should always specify a decimal, and the exact amount to the cent (for example, 34.00, instead of 34). Do not include comma separators in the amount. Use 1199.95 not 1,199.95.

Yes Numeric

US Dollars only.

7

CITY Account holder’s city Yes Alpha 20

COMMENT1 User-defined value for reporting and auditing purposes.

No Alpha-numeric

128

COMMENT2 User-defined value for reporting and auditing purposes.

No Alpha-numeric

128

CHKNUM Account holder’s next unused (available) check number

Yes Numeric 7

CHKTYPE Check type: P: personal (default) or C: company

If CHKTYPE=P, then a value for either DL or SS must be passed as an identifier.

If CHKTYPE=C, then the Federal Tax ID must be passed as the SS value.

Yes Alpha

DL Driver’s license number. If CHKTYPE=P, a value for either DL or SS must be passed as an identifier.

Format: XXnnnnnnnn

XX = State Code

nnnnnnnn = DL Number

Yes Alpha-numeric

33

DOB Account holder’s date of birth. Format: mmddyyyy. For example, July 28, 1965 is represented as 07281965.

No Alpha-numeric

8

EMAIL Account holder’s e-mail address Yes Alpha-numeric

40

INVNUM Check invoice number No Alpha-numeric

17



MICR Magnetic Ink Check Reader. This is the entire line of numbers at the bottom of all checks. It includes the transit number, account number, and check number.

Yes Alpha-numeric

35

NAME Account holder’s name as it appears on the check

Yes Alpha-numeric

30

PARTNER The authorized VeriSign Reseller that registered you for the Payflow Pro service provided you with a Partner ID. If you registered yourself, use VeriSign.

This parameter is case-sensitive.

Yes Alpha-numeric

12

PHONENUM Account holder’s telephone number No Numeric 20

PWD Case-sensitive 6- to 32-character password that you created while registering for the account.

Yes Alpha-numeric

32

SS Account holder’s social security number.

If CHKTYPE=P, a value for either DL or SS must be passed as an identifier.

If CHKTYPE=C, the Federal Tax ID must be passed as the SS value.

No Alpha-numeric

35

STATE Account holder’s state Yes Alpha 2

STREET Account holder’s street address Yes Alpha-numeric

30

TENDER Tender type (method of payment). Use only the value K (electronic check).

Yes Alpha 1

TRXTYPE Type of transaction that should be processed. Allowed transaction types: Sale (S), Void (V), Inquiry (I).

Yes Alpha 1

USER Case-sensitive login ID for the Payflow account that you created while registering for the account.

In the future, each account will allow multiple users. This parameter will specify the user.

Yes Alpha-numeric

12

Table B-2 TeleCheck Parameters (Continued)




Testing TeleCheck TransactionsVeriSign provides a test server to support testing and configuration.

Test Transaction ServerSubmit test transactions to test-payflow.verisign.com, using port 443.

Example Test Transactionpfpro test-payflow.verisign.com 443 “TRXTYPE=S&TENDER=K&CHKTYPE=P&PARTNER=<your Partner Name (typically VeriSign>&VENDOR=<your Merchant Login Name>&USER=<your Merchant Login Name>&PWD=<your Payflow Pro password>& AMT=42.00&STREET=1234 Main&CITY=Buffalo&DL=CA123456&CHKNUM=1001&EMAIL=<your e-mail address>&MICR=<Use a MICR value from Table B-3>&NAME=Sally&STATE=CA&ZIP=95050”30

VENDOR Case-sensitive Vendor ID that you created while registering for the account.

Yes Alpha-numeric

12

ZIP Account holder’s 5- to 9-digit postal code (called ZIP code in the USA). Do not use spaces, dashes, or non-numeric characters.

Yes Alpha 9

Table B-2 TeleCheck Parameters (Continued)


Table B-3 MICR values for testing

MICR HOSTCODE TeleCheck Result

1234567804390850001001 000800 Check Approved ECA

1234567804390850011001 000801 Check Approved No ECA

1234567804390850021001 000802 Check Approved ECA, No Guarantee

1234567804390850031001 000803 Check Approved No ECA, No Guarantee

1234567804390850041001 000804 Check Decline Negative Data

1234567804390850051001 000805 Check Decline Scoring

1234567804390850071001 000807 Check Failed



Preparing for TeleCheck Production TransactionsBefore going into production with your check integration, you must certify your storefront with TeleCheck. To begin the certification process, send an e-mail to [email protected]. Be sure to include the following information:

Your test Web site address where test transactions can be processed

The name, e-mail address, and phone number of the person to contact about any needed corrections.

The certification process usually takes 2-3 days.

Use HostAddress value of payflow.verisign.com and HostPort of 443

Logging Transaction InformationVeriSign maintains a record of all transactions executed on your account.

Note This record is not the official bank statement. The transaction summary that you receive from TeleCheck is the official record.

Use VeriSign Manager at https://manager.verisign.com to view this record and use the information to help reconcile your accounting records.

In addition, VeriSign strongly recommends that you log all transaction results (except for check information) on your own system. At a minimum, log the following data:

PNREF

Transaction Date

Transaction Amount

HOSTCODE

If you have any questions regarding a transaction, reference the PNREF (also called the transaction ID).



C. Responses to TeleCheck Transaction Requests

This chapter describes the contents of a response to a TeleCheck transaction request.

When a transaction finishes, VeriSign returns a response string made up of name/value pairs. For example:

RESULT=0&PNREF=VXYZ01234567&HOSTCODE=000500&RESPMSG=Approved

Transaction response values are described in Table C-1.

Table C-1 Transaction responses common to all tender types


RESULT The outcome of the attempted transaction. A result of 0 (zero) indicates the transaction was approved. Any other number indicates a decline or error. RESULT codes are described in “RESULT Codes and RESPMSG Values” on page 47.

Numeric Variable

PNREF VeriSign Reference ID, a unique number that identifies the transaction. PNREF is described in “HOSTCODE Values” on page 90.

Alpha- numeric

12

HOSTCODE TeleCheck’s response code representing the results of the transaction authorization attempt. These values are described in “HOSTCODE Values” on page 90.

Numeric 6

RESPMSG A descriptive message associated with decline or error RESULTs. Response messages are described in “RESULT Codes and RESPMSG Values” on page 47.

Alpha- numeric

Variable



HOSTCODE ValuesThe HOSTCODE reflects the TeleCheck server result. The following tables describe the HOSTCODE values. TeleCheck requires that you display certain verbiage to the purchaser based on the returned HOSTCODE value—check with TeleCheck for details.

Note Many of these codes will not be encountered under normal operating conditions—they are included as a troubleshooting aid. In the tables, the Frequency column indicates the likelihood that you will encounter the code.

Table C-2 Sale Approved HOSTCODE values

Code Response Description Frequency

000500 Sale Approved Sale Approved by credit card network Common

000501 Sale Time-out Sale transaction time-out in credit card network

Common

000502 Test Card Test card sale approved (never billed)

Common

000504 ANI Sale Approved 900/Telco sale approved ANI bill only

000505 PB Sale Approved Private billing sale approved PB only

000800 Sale Approved Direct Check Sale/ECA approved Direct Check

000801 Sale Approved Direct Check Sale approved (no ECA)

Direct Check

000802 Sale Approved Direct Check Sale/ECA approved no guarantee

Direct Check

000803 Sale Approved Direct Check Sale approved no ECA no guarantee

Direct Check


Appendix C Responses to TeleCheck Transaction Requests

Table C-3 Sale Declined HOSTCODE values


000300 Sale Declined Sale declined by credit card network Common

000301 Sale Rejected Sale does not meet risk standards Common

000804 Check Declined Direct Check Sale declined negative data

Direct Check

000805 Check Declined Direct Check Sale Decline Scoring Direct Check

000807 Check Failure Direct Check Sale Direct Check

Table C-4 Inquiry Approved HOSTCODE values


000400 OTB Approved Preauth approved. AVS matches if provided.

Common

000401 No Response No response from credit card network for preauth.

Common

000402 AVS Time-out Preauth approved, AVS timed out AVS only

000403 PB Approved Private billing approved. PB only

000410 Positive Record Previous positive history. Common

000420 Test card Approved Test Card Common

000421 OTB/AVS Approval Preauth Approved, AVS match AVS only

000503 ANI Bill approved 900/TELCO billing approved ANI bill only

Table C-5 General Failure HOSTCODE values


000100 General Failure General host based failure Rare

000101 Invalid Value Invalid for one or more fields in transaction

Common

999999 Unknown Response TeleCheck received an unknown response

Rare



1 This data is included in risk scoring decisions and a response of 210 has higher precedence.

Table C-6 Inquiry Declined HOSTCODE values


000200 Preauth Declined Declined by credit card or Telco network (LIDB)

Common

000201 PIN Mismatch Mismatch on PIN stored in TeleCheck database

Not Used

000210 Negative Card Record

Temporary and permanent blocks. Prior OTB decline, sale decline or CS block Transaction falls below minimum scoring standards. Most frequently used for risk scoring declines, where a transaction falls below minimum standards.

Common

000215 Negative ANI Record ANI previously blocked by CS Common

000220 Chargeback Card Card with chargeback history Common

000225 Chargeback ANI ANI with chargeback history Common

000230 Exceed card profile1 Card has exceeded usage limits Uncommon

000240 Too many Cards1 ANI has excessive number of cards

Uncommon

000250 Exceed ANI profile1 ANI has exceeded usage limits Uncommon

000260 Too Many Phones1 Card has been used from excessive ANI

Uncommon

000270 OTB/AVS Decline OTB decline and AVS mismatch AVS OTB only

000271 OTB/AVS Decline OTB approved and AVS mismatch AVS OTB only

000272 OTB/AVS Decline OTB decline and AVS match AVS OTB only

000280 Risk Referral Temporary Risk referral, AVS necessary

Common

000281 Card Not Qualified Card does not meet minimum bank restrictions

Not Used

000282 PB Risk Referral Private billing risk referral, AVS necessary

PB Only


D. Purchasing Card Level 2 and Level 3 Support

VeriSign Payment Services supports passing Purchasing Card Level 2 information (such as purchase order number, tax amount, and charge description) in the settlement file.

If additional required invoice information and line items details are included in the transaction, VeriSign formats Purchasing Card Level 3 information in an appropriate format, for example, EDI (Electronic Data Interchange) 810 format as required by American Express during settlement processing.

In This AppendixAbout Purchasing Cards on page 94.

About Program Levels on page 95.

Performing American Express Purchasing Card Transactions Through the American Express Processor on page 96.

Performing Global Payments - Central Purchasing Card Transactions on page 106.

Performing Global Payments - East Purchasing Card Transactions on page 107.

Performing Nova Purchasing Card Transactions on page 108.

Performing Paymentech Level 2 Purchasing Card Transactions on page 109.

Performing Vital Level 2 Purchasing Card Transactions on page 110.



About Purchasing CardsPurchasing Cards are used in the procurement process to eliminate paper-based order systems and associated costs, to improve control and accountability through itemized statements, to foster better risk controls through spending limits and buying from approved vendors, to reduce administrative overhead because employees are empowered to make small purchases, and to enable enterprises to negotiate better contract pricing and discounts with suppliers through the use of vendor detail reports.

To promote acceptance and usage of Purchasing Card programs, card issuers have established incentive rates for merchants. These rates are available for merchants who comply at either Level 2 or Level 3 (described in the next section). Transactions that comply at Level 1 qualify as a normal credit card transactions.

Note Card issuing institutions perform strict data verification on the enhanced data that is submitted with Level 2 or Level 3 transactions. Issuers may charge stiff penalties if fields contain either inaccurate or filler data. Only transactions that contain accurate data are eligible for the incentive rates.


Appendix D Purchasing Card Level 2 and Level 3 Support

About Program LevelsThe term Level does not apply to the card, but to the transaction data submitted for that card. Generally, a higher level means more detailed data for reporting. The following transaction levels are recognized:

Level 1: Function as normal credit cards and are authorized and associated with normal transaction data in authorization and settlement. Any merchant who accepts credit cards supports this level.

Level 2: Additional data regarding sales tax, customer code, purchase order number, invoice number are captured at the point of sale. In most cases, this information is combined with the merchant’s Tax ID number, state, and postal code data and is then passed through during settlement. For some processors and banks, however, a Level 2 authorization may include some of this data.

In most cases, this information is combined with the merchant's Tax ID number, state, and postal code data and passed through during settlement. However, for some processors and banks, a Level 2 authorization may include some of this data.

Level 3: Significant additional information such as line items, product codes, item descriptions, unit price, unit quantities, and ship-to postal data are added to the Level 2 data to provide optimal reporting to buyers and sellers. Settlement transactions typically carry Level 3 data.

Level 2 and Level 3 data is generally considered non-financial data. Lack of adequate data may cause a transaction to be downgraded.

VeriSign generally requires up to Level 2 information in an Authorization transaction followed by additional Level 3 data in the associated Delayed Capture transaction. A Sale transaction should include all Level 3 data since it is authorized and later settled.

Accepted BIN RangesVisa, MasterCard, and American Express publish specific BIN ranges for Purchasing cards. Sometimes the determination of whether a card is a Purchasing card is left to the processor (for example, Vital). In other cases, the VeriSign Payment Gateway makes the determination based on the BIN range (for example, FDMS South and AMEX).



Performing American Express Purchasing Card Transactions Through the American Express Processor

The information in this section applies to transactions processed by the American Express Processor, not necessarily to all American Express cards. Level 2 and Level 3 purchasing card rules may differ for American Express card transactions processed by other processors such as Paymentech or First Data Nashville.

Supported Transaction TypesYou can submit Level 3 parameters with Delayed Capture, Sale, Credit, or Force transactions. Level 3 data in Auth transactions is ignored. The VeriSign Payment Gateway decides whether a transaction meets Level 3 requirements during authorization.

Level 3 data is passed to the AMEX processor only during settlement.

Avoiding DowngradeIf a transaction uses the Purchasing card BIN range and contains a line item, but does not include all mandatory Level 3 parameters, then the transaction succeeds, but is processed as Level 2 or Level 1 during settlement (depending on which data was passed).

For downgraded transactions, with the VERBOSITY parameter set to MEDIUM or HIGH, a message like the following is returned in the ADDLMSGS field:

Features not processed: PCARD L3 (missing or invalid: InvoiceNumber RequestorName )

or

Features not processed: PCARD L3 (line-item 3 missing: Description )

Submitting Successful Level 3 TransactionsIf a transaction uses the Purchasing card BIN range, contains all mandatory Level 3 fields, and has at least one line item (with all mandatory line item fields), the VeriSign Payment Gateway flags it as Level 3.



Edit Check VeriSign performs an edit check on the transaction’s amount fields to ensure that all line item and tax amounts balance.

If the edit check fails, the transaction fails with Result 4: Invalid Amount.

To pass the edit check, the following relationship must be true:

Transaction Amount = Total Tax Amount + Total Freight Amount + Total Handling Amount + Total Line-Item Amount.

– Transaction Amount is the total amount for the transaction, AMT.

– Total Tax Amount is TAXAMT.

– Total Freight Amount is FREIGHTAMT, or, if not present, the summation of L_FREIGHTAMT for all line items.

– Total Handling Amount is HANDLINGAMT, or, if not present, the summation of L_HANDLINGAMT for all line items.

– Total Line-Item Amount is the summation of L_QTYn * L_COSTn for all line items (n as the line item number). For example, if there are 2 line items, then the Total Line-item Amount would be (LQTY1*LCOST1) + (LQTY2*LCOST2)

Accepted BIN RangesThe following Bank Identification Numbers (BINs) are accepted for American Express Level 2 and Level 3 transactions:

37857

37859

37873



American Express Level 2 Transaction Data

Example American Express Level 2 Transaction "TRXTYPE=S&ACCT=372449635311003&AMT=20.06&CITY=Mountain View&DESC1=desc1&DESC2=desc2&DESC3=desc3&DESC4=FRT10.00&EXPDATE=1209&NAME=Cardholder Name&PARTNER=verisign&PONUM=12345&PWD=pwd&SHIPTOZIP=94045&STATE=CA&STREET=123 Main St.&TENDER=C&USER=user&ZIP=123451234" 30

Table D-1 American Express Level 2 transaction data

Pay Flow Pro SDK parameter Mandatory / Optional

Format (min/max, type)

PONUM M 1/17, A/N

SHIPTOZIP M 1/16, A/N

DESC1 O 1/40, A/N

DESC2 O 1/40, A/N

DESC3 O 1/40, A/N

DESC4 (Typically used to pass the freight amount as FRT<amount> (for example, FRT10.0.).

M 1/40, A/N



American Express Level 3 Transaction DataVeriSign provides the Merchant Registration data values: Supplier Name, Supplier City, Supplier State, Supplier Postal code, Merchant No, and Federal Tax ID. The merchant provides the values listed in Table D-2.

Table D-2 American Express Level 3 Parameters

AMEX Name (per American Express Specification)

Man

dato

ry/ O

ptio

nal Pay Flow Pro SDK

parameterXMLPayRequest parameter (See the XMLPay User’s Guide for detailed instructions.)


Supplier Reference Number

O INVNUM

Defaults to PNREF if not present.

Invoice.InvNum 1/9, A/N

Card Account No M ACCT Card.CardNum

Authorization Code

M AUTHCODE

(Passed transparently for delayed capture. Use only with voice authorized force capture transactions)

ForceCapture.Authcode

Requester Name M REQNAME ExtData ”REQNAME” 1/40, A/N

Cardmember Reference No

M PONUM BillTo.PONum 1/17, A/N

Purchase Order Num

M PONUM BillTo.PONum 1/17, A/N

Ship to ZIP M SHIPTOZIP ShipTo.Address.ZIP 5/6, A/N

Invoice Date O INVOICEDATE

Defaults to Transaction Date if not present.

Invoice.Date YYYYMMDD, NUM

Exp Date M EXPDATE Card.ExpDate

Total Transaction Amount

M AMT Invoice.TotalAmt 1/8 NUM

Total Tax Amount M TAXAMT Invoice.TaxAmt 1/6 NUM



Charge Description

O DESC

Defaults to “NO”

Invoice.Description 1/40, A/N

Total Freight Amt O FREIGHTAMT Invoice.FreightAmt 1/15, A/N

Total Handling Amt O HANDLINGAMT Invoice.HandlingAmt 1/15, A/N

Quantity Invoiced M L_QTY Item.Quantity 1/10, NUM

Unit of Measure M L_UOM Item.UnitOfMeasurement 2/2, A/N

Unit Price M L_COST Item.UnitPrice 1/15, NUM

Item Description M L_DESC Item.Description 1/80, A/N

Supplier Catalog No

M L_CATALOGNUM Item.CatalogNumber 1/20, A/N

Cost Center No M L_COSTCENTERNUM Item.CostCenterNumber 1/30, A/N

Supplier Stock Keeping Unit Number

O L_PRODCODE Item.SKU 1/30, A/N

Universal Product Code

O L_UPC Item.UPC 1/30, A/N

Item Tax Amount O L_TAXAMT Item.TaxAmt 1/6, NUM

Freight Amount O L_FREIGHTAMT Item.FreightAmt 1/15, NUM

Handling Amount O L_HANDLINGAMT Item.HandlingAmt 1/15, NUM

Tracking Number O L_TRACKINGNUM Item.TrackingNumber 1/30, A/N

Drop-off Address1 O L_PICKUPSTREET Item.PickUp.Address.Street 1/40, A/N

Drop-off City O L_PICKUPCITY Item.PickUp.Address.City 2/30, A/N

Drop-off State O L_PICKUPSTATE Item.PickUp.Address.State

2/2, A/N

Drop-off ZIP O L_PICKUPZIP Item.PickUp.Address.ZIP 3/15, A/N

Table D-2 American Express Level 3 Parameters (Continued)


Man

dato

ry/ O

ptio






Example American Express Level 3 SDK Transaction"TRXTYPE=S&TENDER=C&partner=partner&PWD=test&USER=test&ACCT=378734493671000&EXPDATE=1213&AMT=5.00&COMMENT1=PCARD Test&COMMENT2=Hi KC&ZIP=940151234&STREET=123 KC WAY&CVV2=052&COUNTRYCODE=USA&CUSTCODE=12345&FREIGHTAMT=1.00&ORDERDATE=021700&HANDLINGAMT=1.00&PONUM=1234567890123456789012345&SHIPFROMZIP=940151234&SHIPTOZIP=940151234&TAXAMT=1.00&TAXEXEMPT=N&L_UPC1=PN&L_QTY1=1&L_DESC1=Test 123&L_UOM1=12&L_COST1=1.00&L_PRODCODE1=123&L_COSTCENTERNUM1=55&L_TAXAMT1=0&L_QTY2=1&L_UPC1=PN&L_DESC2=Test&L_UOM2=12&L_COST2=1.00&L_PRODCODE2=1234&L_COSTCENTERNUM2=55&L_TAXAMT2=1.00&REQNAME=Robert&SHIPTOZIP=543210&INVNUM=123456789&VERBOSITY=2" 30"

Example American Express Level 3 XMLPay Transaction

<?xml version="1.0" ?> - <XMLPayRequest Timeout="30">

- <RequestData> <Vendor>VENDOR</Vendor> <Partner>PARTNER</Partner>

- <Transactions>- <Transaction CustRef="CUST98345232345">

- <Sale>- <PayData>

- <Invoice><InvNum>123456789</InvNum> <Date>20030626</Date> <ExtData Name="REQNAME"

Value="[email protected]" /> - <BillTo>

Drop-off Country O L_PICKUPCOUNTRY Item.PickUp.Address.Country

2/3, A/N

UNSPSC Code O L_UNSPSCCODE Item.UNSPSCCode 1/30, A/N

Table D-2 American Express Level 3 Parameters (Continued)


Man

dato

ry/ O

ptio






<PONum>PO7659200</PONum> <Name>John</Name>

- <Address> <Street>123 Test</Street> <City>Mountian View</City> <State>CA</State> <Zip>12345</Zip> <Country>840</Country>

</Address> <EMail>[email protected]</EMail>

</BillTo>- <ShipFrom>

- <Address> <Street>456 Test</Street> <City>Mountian View</City> <State>CA</State> <Zip>543210</Zip>

</Address> </ShipFrom>

- <ShipTo>- <Address>

<Street>789 Test</Street> <City>Mountian View</City> <State>CA</State> <Zip>99999</Zip> <Country>840</Country>

</Address> </ShipTo>

- <Items>- <Item Number="1">

<SKU>EAD240</SKU> <UPC>67899</UPC> <Description>Ducati parts</Description> <Quantity>2</Quantity> <UnitPrice>.10</UnitPrice>



<UnitOfMeasurement>10</UnitOfMeasurement> <CostCenterNumber>5000</CostCenterNumber> <TrackingNumber>TR42322</TrackingNumber> <UNSPSCCode>UNSPSC001</UNSPSCCode> <CatalogNumber>1551</CatalogNumber>

- <PickUp>- <Address>

<Street>112 Pickup Ave</Street> <City>Pickup City</City> <State>CA</State> <Zip>94043</Zip> <Country>840</Country>

</Address> </PickUp> <FreightAmt>0.50</FreightAmt> <HandlingAmt>0.50</HandlingAmt>

</Item>- <Item Number="2">

<SKU>42335</SKU> <UPC>45578</UPC> <Description>Honda Parts</Description> <Quantity>1</Quantity> <UnitPrice>.10</UnitPrice> <UnitOfMeasurement>50</UnitOfMeasurement> <CostCenterNumber>5003</CostCenterNumber> <TrackingNumber>TR34225</TrackingNumber> <UNSPSCCode>UNSPSC002</UNSPSCCode> <CatalogNumber>1555</CatalogNumber>






</Item>- <Item Number="3">

<SKU>12347</SKU> <UPC>54329</UPC> <Description>Harley Parts</Description> <Quantity>2</Quantity> <UnitPrice>.10</UnitPrice> <UnitOfMeasurement>15</UnitOfMeasurement> <CostCenterNumber>5009</CostCenterNumber> <TrackingNumber>TR32223</TrackingNumber> <UNSPSCCode>UNSPSC003</UNSPSCCode> <CatalogNumber>1560</CatalogNumber>




</Item> </Items> <Description>CAR PARTS</Description> <TaxAmt>1.60</TaxAmt> <TotalAmt>5.10</TotalAmt>

</Invoice>- <Tender>

- <Card>



<CardType>AMEX</CardType> <CardNum>378734493671000</CardNum> <ExpDate>201312</ExpDate>

</Card> </Tender>

</PayData> </Sale>

</Transaction> </Transactions>

</RequestData>- <RequestAuth>

- <UserPass> <User>USER</User> <Password>PASSWORD</Password>

</UserPass> </RequestAuth>

</XMLPayRequest>



Performing Global Payments - Central Purchasing Card Transactions

Global Payments - Central (MAPP) supports Level 2 for MasterCard, and Visa Sale, Credit, and Delayed Capture transactions.

Global Payments - Central Level 2 ParametersBoth Level 2 values listed in Table D-4 are required to get the discount rate. You must pass the following parameters.

Example Global Payments - Central Level 2 Visa or MasterCard Transaction

"TRXTYPE=S&ACCT=5105105105105100&AMT=20.10&CITY=Mountain View&COMMENT1=L2 Testing&EXPDATE=1209&NAME=Cardholder Name&PARTNER=VeriSign&PWD=pwd&STATE=CA&STREET=123 Main St.&TENDER=C&USER=user&ZIP=94043&CUSTCODE=123456&TAXAMT=1.34" 30

Table D-3 Required Level 2 parameters for Global Payments - Central

Data Items Mandatory / Optional

Payflow Pro Parameter


Customer Code M CUSTCODE 1/16, char

Sales Tax M TAXAMT N



Performing Global Payments - East Purchasing Card Transactions

Global Payments - East (NDCE) supports Level 2 for American Express, MasterCard, and Visa.

Global Payments - East Level 2 ParametersBoth Level 2 values listed in Table D-4 are required to get the discount rate. You must pass the following parameters in Authorization and Sale transactions.

Example Global Payments - East Level 2 Visa or MasterCard Transaction

"TRXTYPE=S&ACCT=5105105105105100&AMT=20.10&CITY=Mountain View&COMMENT1=L2 Testing&EXPDATE=1209&NAME=Cardholder Name&PARTNER=VeriSign&PWD=pwd&STATE=CA&STREET=123 Main St.&TENDER=C&USER=user&ZIP=94043&CUSTCODE=123456&TAXAMT=1.34" 30

Table D-4 Required Level 2 parameters for Global Payments - East




Customer Code M CUSTCODE 1/16, char




Performing Nova Purchasing Card TransactionsNova supports Level 2 for Visa or MasterCard Sale, Credit, or Delayed Capture transactions.

Nova Level 2 ParametersBoth Level 2 values listed in Table D-4 are required to get the discount rate. You must pass the following parameters in Authorization and Sale transactions.

Example Nova Level 2 Transactions"TRXTYPE=S&ACCT=5105105105105100&AMT=20.10&CITY=Mountain View&COMMENT1=L2 Testing&EXPDATE=1209&NAME=Cardholder Name&PARTNER=VeriSign&PWD=pwd&STATE=CA&STREET=123 Main St.&TENDER=C&USER=user&ZIP=94043&CUSTCODE=123456&TAXAMT=1.34" 30

Table D-5 Required Level 2 parameters for Nova




Customer Code M

Sent as {ServerID}{TransID}

if not present

CUSTCODE 1/16, char

Sales Tax M

Sent as 0 if not present

TAXAMT N



Performing Paymentech Level 2 Purchasing Card TransactionsPaymentech supports Level 2 for American Express, MasterCard, and Visa.

Paymentech Level 2 ParametersBoth Level 2 values listed in Table D-6 are required to get the discount rate.

Example Paymentech Level 2 Transactions

Example Paymentech Level 2 Visa and MasterCard Transaction"TRXTYPE=S&TENDER=C&PARTNER=Partner&PWD=Password&USER=User&ACCT=5480180000000024&EXPDATE=1203&AMT=1.00&COMMENT1=0508&NAME=Robert&STREET=1600&ZIP=94065&CVV2=426&PONUM=ABCDEFGHIJ&TAXAMT=1.00"

"TRXTYPE=S&TENDER=C&PARTNER=Partner&PWD=Password&USER=User&ACCT=4275330012345626&EXPDATE=1203&AMT=1.00&COMMENT1=0508&STREET=1600&ZIP=94065&CVV2=426&PONUM=ABCDEFGHIJ&TAXAMT=1.00"

Example American Express Level 2 Transaction"TRXTYPE=S&TENDER=C&PARTNER=Partner&PWD=Password&USER=User&ACCT=378734493671000&EXPDATE=1203&AMT=1.00&COMMENT1=0508&NAME=Robert&STREET=1600&ZIP=94065&DESC=Descriptor&DESC1=Descriptor1&DESC2=Descriptor2&DESC3=Descriptor3&DESC4=Descriptor4"

Table D-6 Required Level 2 parameters for Paymentech

Paymentech Data Items Mandatory / Optional



Customer Ref No M PONUM 1/17, char




Performing Vital Level 2 Purchasing Card TransactionsVital supports MasterCard and Visa for Level 2.

Vital indicates in the authorization response whether or not the credit card in the transaction is a commercial card. Based in the commercial card indicator, VeriSign will format the Level 2 information in the settlement request.

Vital Level 2 Transaction Data Level 2 values marked as mandatory in Table D-7 are required to get the discount rate.

Example Vital Level 2 Visa Transaction"TRXTYPE=S&ACCT=4111111111111111&AMT=20.02&CITY=Mountain View&COMMENT1=L2 Testing&EXPDATE=1209&INVNUM=6612545851&NAME=CardHolder Name&PARTNER=verisign&PWD=pwd&STATE=CA&STREET=123 Main St.&TAXAMT=1.01&TAXEXEMPT=N&TENDER=C&USER=user&ZIP=94043" 30

Table D-7 Vital Level 2 parameters

Vital Name Mandatory / Optional

Payflow Pro Parameter Format (min/max, type)

Invoice # / Cust Ref ID M INVNUM 1/17, A/N

Tax Amount M TAXAMT NUM

Tax Amount Identifier O TAXEXEMPT

If a purchase is exempted from local tax, then you must send TAXEXEMPT=Y.

1, A


E. Additional Reporting Parameters

This appendix lists parameters whose values can appear in VeriSign Manager reports. For example, the Shipping and Billing report displays these values. Some of the following parameters may also have other purposes. The STREET and ZIP parameters, for instance, are also used for AVS.

Note For regular credit card transactions, reporting parameters are normally not passed to the processor. See Appendix A, “Processors Requiring Additional Transaction Parameters” to learn which fields are sent to your processor.

Table E-1 VeriSign reporting parameters

Parameter Description Required Type Max Length

CITY Cardholder’s billing city No Alpha 20

COMMENT1 User-defined value for reporting and auditing purposes (VeriSign parameter only)

No Alpha-numeric

128

COMMENT2 User-defined value for reporting and auditing purposes (Verisign parameter only)

No Alpha-numeric

128

COMPANYNAME Cardholder’s company No Alpha-numeric

30

COUNTRY Cardholder’s billing country code No Alpha-numeric

3

CUSTCODE Customer code No Alpha-numeric

30



DUTYAMT Duty amount No Alpha-numeric

10

EMAIL Cardholder’s e-mail address No Alpha-numeric

64

FIRSTNAME Cardholder’s first name No Alpha 15

FREIGHTAMT Freight amount No Currency 10

LASTNAME Cardholder’s last name No Alpha 15

NAME Cardholder’s name No Alpha-numeric

15

PONUM Purchase Order Number No Alpha-numeric

15

SHIPTOCITY Shipping city No Alpha-numeric

30

SHIPTOFIRSTNAME First name in the shipping address No Alpha-numeric

30

SHIPTOLASTNAME Last name in the shipping address No Alpha-numeric

30

SHIPTOSTATE Shipping state. US = 2-letter state code. Outside US, use full name.

No Alpha-numeric

10

SHIPTOSTREET Shipping street address No Alpha-numeric

30

SHIPTOZIP Shipping postal code (called ZIP code in the USA)

No Alpha-numeric

9

STATE Cardholder’s billing state code No Alpha-numeric

2

STREET Cardholder’s billing street address (used for AVS and reporting)

No Alpha-numeric

30

Table E-1 VeriSign reporting parameters (Continued)



Appendix E Additional Reporting Parameters

TAXAMT Tax amount No Currency 10

ZIP Account holder’s 5- to 9-digit postal code (called ZIP code in the USA). Do not use spaces, dashes, or non-numeric characters.

The postal code is verified by the AVS service.

No Numeric 9

Table E-1 VeriSign reporting parameters (Continued)



F. XMLPay

About XMLPayXMLPay specifies an XML syntax for payment requests and associated responses in a payment-processing network. Instead of using name/value pairs, Payflow Pro allows for the use of XML documents via XMLPay.

The typical user of XMLPay is an Internet merchant or merchant aggregator who wants to dispatch credit card, corporate purchase card, Automated Clearinghouse (ACH), or other payment requests to a financial processing network.

Using the data type definitions specified by XMLPay, such a user creates a client payment request and dispatches it in the same fashion as using name/value pairs to an associated XMLPay-compliant server component. Responses are also formatted in XML and convey the results of the payment requests to the client.

XMLPay 2.0 Core Specification DocumentVeriSign XMLPay 2.0 Core Specification defines an XML syntax for payment transaction requests, responses, and receipts in a payment processing network.

You may obtain a copy of this document from the Downloads page of VeriSign Manager (https://manager.verisign.com).

Note For specific examples of how to submit XML documents using the Payflow Pro client API, see the Payflow Pro SDK Download package.



G. ISO Country Codes

The following International Standards Organization (ISO) country codes are used when filling the order fields COUNTRY, SHIPTOCOUNTRY, and CORPCOUNTRY: .

Table G-1 ISO country codes

Country Name Code

Afghanistan 4

Albania 8

Algeria 12

American Samoa 16

Andorra 20

Angola 24

Anguilla 660

Antarctica 10

Antigua and Barbuda 28

Argentina 32

Armenia 51

Aruba 533

Australia 36

Austria 40

Azerbaijan 31



Bahamas 44

Bahrain 48

Bangladesh 50

Barbados 52

Belarus 112

Belgium 56

Belize 84

Benin 204

Bermuda 60

Bhutan 64

Bolivia 68

Bosnia-Herzegovina 70

Botswana 72

Bouvet Island 74

Brazil 76

British Indian Ocean Territory 86

Brunei Darussalam 96

Bulgaria 100

Burkina Faso 854

Burundi 108

Cambodia 116

Cameroon 120

Canada 124

Cape Verde 132

Cayman Islands 136

Central African Republic 140


Country Name Code

Chad 148

Chile 152

China 156

Christmas Island 162

Cocos (Keeling) Islands 166

Colombia 170

Comoros 174

Congo 178

Cook Islands 184

Costa Rica 188

Cote D’ivoire (formerly Ivory Coast)

384

Croatia (local name: Hrvatska) 191

Cuba 192

Cyprus 196

Czech Republic 203

Denmark 208

Djibouti 262

Dominica 212

Dominican Republic 214

East Timor 626

Ecuador 218

Egypt 818

El Salvador 222

Equatorial Guinea 226

Eritrea 232


Country Name Code

118 VeriSign, Inc.


Estonia 233

Ethiopia 231

Falkland Islands (Malvinas) 238

Faroe Islands 234

Fiji 242

Finland 246

France 250

France, Metropolitan 249

French Guiana 254

French Polynesia 258

French Southern Territories 260

Gabon 266

Gambia 270

Georgia 268

Germany 276

Ghana 288

Gibraltar 292

Greece 300

Greenland 304

Grenada 308

Guadeloupe 312

Guam 316

Guatemala 320

Guinea 324

Guinea-Bissau 624

Guyana 328


Country Name Code

Haiti 332

Heard and McDonald Islands 334

Honduras 340

Hong Kong 344

Hungary 348

Iceland 352

India 356

Indonesia 360

Iran (Islamic Republic of) 364

Iraq 368

Ireland 372

Israel 376

Italy 380

Jamaica 388

Japan 392

Jordan 400

Kazakhstan 398

Kenya 404

Kiribati 296

Korea, Democratic People’s Republic of (formerly North Korea)

408

Korea, Republic of (formerly South Korea)

410

Kuwait 414

Kyrgyzstan 417


Country Name Code

119 VeriSign, Inc.


Lao People’s Democratic Republic (formerly Laos)

418

Latvia 428

Lebanon 422

Lesotho 426

Liberia 430

Libyan Arab Jamahiriya (formerly Libya)

434

Liechtenstein 438

Lithuania 440

Luxembourg 442

Macau 446

Macedonia, the Former Yugoslav Republic of

807

Madagascar 450

Malawi 454

Malaysia 458

Maldives 462

Mali 466

Malta 470

Marshall Islands 584

Martinique 474

Mauritania 478

Mauritius 480

Mayotte 175

Mexico 484


Country Name Code

Micronesia, Federated States of

583

Moldova, Republic of 498

Monaco 492

Mongolia 496

Montserrat 500

Morocco 504

Mozambique 508

Myanmar (formerly Burma) 104

Namibia 516

Nauru 520

Nepal 524

Netherlands 528

Netherlands Antilles 530

New Caledonia 540

New Zealand 554

Nicaragua 558

Niger 562

Nigeria 566

Niue 570

Norfolk Island 574

Northern Mariana Islands 580

Norway 578

Oman 512

Pakistan 586

Palau 585


Country Name Code

120 VeriSign, Inc.


Panama 591

Papua New Guinea 598

Paraguay 600

Peru 604

Philippines 608

Pitcairn 612

Poland 616

Portugal 620

Puerto Rico 630

Qatar 634

Reunion 638

Romania 642

Russian Federation 643

Rwanda 646

Saint Kitts and Nevis 659

Saint Lucia 662

Saint Vincent and the Grenadines

670

Samoa 882

San Marino 674

Sao Tome and Principe 678

Saudi Arabia 682

Senegal 686

Seychelles 690

Sierra Leona 694

Singapore 702


Country Name Code

Slovakia (Slovak Republic) 703

Slovenia 705

Solomon Islands 90

Somalia 706

South Africa 710

South Georgia and the South Sandwich Islands

239

Spain 724

Sri Lanka 144

St. Helena 654

St. Pierre and Miquelon 666

Sudan 736

Suriname 740

Svalbard and Jan Mayen Islands

744

Swaziland 748

Sweden 752

Switzerland 756

Syrian Arab Republic (formerly Syria)

760

Taiwan, Province of China 158

Tajikistan 762

Tanzania, United Republic of 834

Thailand 764

Togo 768

Tokelau 772

Tonga 776


Country Name Code

121 VeriSign, Inc.


Trinidad and Tobago 780

Tunisia 788

Turkey 792

Turkmenistan 795

Turks and Caicos Islands 796

Tuvalu 798

Uganda 800

Ukraine 804

United Arab Emirates 784

United Kingdom 826

United States 840

United States Minor Outlying Islands

581

Uruguay 858

Uzbekistan 860

Vanuatu 548

Vatican City State 336

Venezuela 862

Viet Nam 704

Virgin Islands (British) 92

Virgin Islands (U.S.) 850

Wallis and Futuna Islands 876

Western Sahara 732

Western Samoa 882

Yemen 887

Yugoslavia 891


Country Name Code

Zaire 180

Zambia 894

Zimbabwe 716


Country Name Code

122 VeriSign, Inc.

H. Codes Used by FDMS South Only: Country Codes, Units of Measure, and Currency Codes

MasterCard Country Codes

Table H-1MasterCard Country Codes

ALBANIA ALB

ALGERIA DZA

AMERICAN SAMOA ASM

ANDORRA AND

ANGOLA AGO

ANGUILLA AIA

ANTARCTICA ATA

ANTIGUA ATG

AO PEOPLES DEMOCRATIC

LAO

APHGANISTAN AFG

ARGENTINA ARG

ARMENIA ARN

ARUBA ABW



AUSTRALIA AUS

AUSTRIA AUT

AZERBAIJAN AZE

BAHAMAS BHS

BAHRAIN BHR

BANGLADESH BGD

BARBADOS BRB

BELARUS BLR

BELGIUM BEL

BELIZE BLZ

BENIN BEN

BERMUDA BMU

BHUTAN BTN

BOLIVIA BOL

BOSNIA AND HERZIGOVINA

BIH

BOTSWANA BWA

BOUVET ISLAND BVT

BRAZIL BRA

BRITISH INDIAN OCEAN TERRITORY

IOT

BRUNEI BRN

BULGARIA BGR

BURKINA FASO BFA

BURUNDI BDI

CAMBODIA KHM

CANADA CAN


CAPE VERDE CPV

CAYMAN ISLANDS CYM

CENTRAL AFRICAN REPUBLIC

CAF

CHAD TCD

CHILE CHL

CHINA CHN

CHRISTMAS ISLAND CXR

CMEROON, UNITED REP.

CMR

COCOS (KEELING) ISLAND

CCK

COLUMBIA COL

COMOROS COM

CONGO GOG

COOK ISLANDS COK

COSTA RICA CRI

COTED'IVOIRE CIV

CROATIA HRV

CYPRUS CYP

CZECH REPUBLIC CZE

DENMARK DNK

DJIBOUTI DJI

DOMINICA DMA

DOMINICAN REPUBLIC

DOM

EL SALVADOR SLV

EQUATORIAL GUINEA

GNQ


124 VeriSign, Inc.


ESTONIA EST

ETHIOPIA ETH

FAEROE ISLANDS FRO

FALKLAND ISLANDS (MALVINAS)

FLK

FIJI FJI

FINLAND FIN

FRANCE FRA

FRENCH GUIANA GUF

FRENCH POLYNESIA

PYF

FRENCH SOUTHERN TERRITORY

ATF

GABON GAB

GAMBIA GMB

GEORGIA GEO

GERMAN DEMOCRATIC REP

DDR

GERMANY DEU

GHANA GHA

GIBRALTER GIB

GRECE GRC

GREENLAND GRL

GRENADA GRD

GUADALUPE GLP

GUAM GUM

GUATEMALA GTM

GUINEA GIN


GUINEA-BISSAU GNB

GUYANA GUY

HAITI HTI

HEARD & MCDONALDS ISLAND

HMD

HONDURAS HND

HONG KONG HKG

HUNGARY HUN

ICELAND ISL

INDIA IND

INDONESIA IDN

IRAN IRN

IRAQ IRQ

IRELAND IRL

ISRAEL ISR

ITALY ITA

JAMAICA JAM

JAPAN JPN

JORDAN JOR

KAZAKHSTAN KAZ

KENYA KEN

KOREA, REPUBLIC OF

KOR

KUWAIT KWT

KYRGYZSTAN KGZ

LATVIA LVA

LEBANON LBN


125 VeriSign, Inc.


LESOTHO LSO

LIBERIA LBR

LIBYAN ARAB JAMAHIRIYA

LBY

LIECHTNSTIEN LIE

LITHUANIA LTU

LUXEMBOURG LUX

MACAU MAC

MALAYSIA MYS

MALDIVES MDV

MALI MLI

MALTA MLT

MANACO MCO

MARSHALL ISLANDS

MHL

MATINIQUE MTQ

MAURITANIA MRT

MAURITIUS MUS

MEXICO MEX

MICRONESIA FSM

MOLDOVA MDA

MONGOLIA MNG

MONTSERRAT MSR

MOROCCO MAR

MOZAMBIQUE MOZ

MYANMAR MMR

NAMIBIA NAM


NAURU NRU

NEGEL SEN

NEPAL NPL

NETHERLANDS NLD

NETHERLANDS ANTILLES

ANT

NEW CALDONIA NCL

NEW ZEALAND NZL

NICARAGUA NIC

NIGER NER

NIGERIA NGA

NIUE NIU

NORFOLK ISLAND NFK

NORTHERN MARIANA ISLAND

MNP

NORWAY NOR

OMAN OMN

PAKISTAN PAK

PALAU PLW

PANAMA PAN

PAPAU NEW GUINEA

PNG

PARAGUAY PRY

PERU PER

PHILIPPINES PHI

PITCAIRN ISLAND PCN

POLAND POL

PORTUGUL PRT


126 VeriSign, Inc.


PUERTO RICO PRI

QATAR QAT

REUNION REU

ROMANIA ROM

RUSSIAN FERERATION

RUS

RWANDA RWA

SAMOA WSM

SAN MARINO SMR

SAN TOME AND PRICIPEL

STP

SAUDI ARABIA SAU

SEYCHELLES SYC

SIERRA LEONE SLE

SINGAPORE SGP

ST. HELENA SHN

ST. KITTS-NEVIS-ANGUILLA

KNA

ST. LUCIA LCA

ST. PIERRE AND MIQUELON

SPM

ST. VINCENT AND THE GRENADINES

VCT

SUDAN SDN

SURINAM SUR

SVALBARD & JAN MAYEN IS.

SJM

SWAZILAND SWZ


SWEDEN SWE

SWITZERLAND CHE

SYRIAN ARAB REPUBLIC

SYR

TAIWAN, PROVIDENCE OF CHINA

TWN

TAJIKISTAN TJK

TANZANIA, UNITED REPUBLIC

TZA

THAILAND THA

TOGO TGO

TOKELAU TKL

TONGA TON

TRINIDAD AND TOBAGO

TTO

TUNISIA TUN

TURKEY TR

TURKMENISTAN TM

TURKS & CAICOS ISLANDS

TC

TUVALU TUV

U.S. MINOR OUTLYING ISL.

UMI

UGANDA UGA

UKRAINIAN SSR UKR

UNITED ARAB EMIRATES

ARE

UNITED KINGDOM GBR

UNITED STATES USA


127 VeriSign, Inc.


Visa Country Codes

URAGUAY URY

UZBEKISTAN UZB

VANUATU VUT

VATICAN CITY STATE

VAT

VENEZUELA VEN

VIETNAM VNM

VIRGIN ISLANDS BRITISH

VGB

VIRGIN ISLANDS US VIR

WALLIS AND FUTUNA IS

WLF

WESTERN SAHARA ESH

YEMEN YEM

YUGOSLAVIA YUG

ZAIRE ZAR

ZAMBIA ZMB

ZIMBABWE RHO


Table H-2 Visa Country Codes

ALBANIA AL

ALGERIA DZ

AMERICAN SAMOA AS

ANDORRA AD

ANGOLA AO

ANGUILLA AI

ANTARCTICA AQ

ANTIGUA AG

APHGANISTAN AF

ARGENTINA AR

ARMENIA AM

ARUBA AW

AUSTRALIA AU

AUSTRIA AT


128 VeriSign, Inc.


AZERBAIJAN AZ

BAHAMAS BS

BAHRAIN BH

BANGLADESH BD

BARBADOS BB

BELARUS BY

BELGIUM BE

BELIZE BZ

BENIN BJ

BERMUDA BM

BHUTAN BT

BOLIVIA BO

BOSNIA AND HERZIGOVINA

BA

BOTSWANA BW

BOUVET ISLAND BV

BRAZIL BR

BRITISH INDIAN OCEAN TERRITORY

IO

BRUNEI BN

BULGARIA BG

BURKINA FASO BF

BURUNDI BI

CAMBODIA KH

CANADA CA

CAPE VERDE CV

CAYMAN ISLANDS KY


CENTRAL AFRICAN REPUBLIC

CF

CHACOS (KEELING) ISLAND

CC

CHAD TD

CHILE CL

CHINA CN

CHRISTMAS ISLAND CX

CMEROON, UNITED REP.

CM

COLUMBIA CO

COMOROS KM

CONGO CG

COOK ISLANDS CK

COSTA RICA CR

COTED'IVOIRE CI

CROATIA HR

CYPRUS CY

CZECH REPUBLIC CZ

DENMARK DK

DJIBOUTI DJ

DOMINICA DM

DOMINICAN REPUBLIC

DO

EAST TIMOR TP

ECUADOR EC

EGYPT EG

EL SALVADOR SV


129 VeriSign, Inc.


EQUATORIAL GUINEA

GQ

ERITREA ER

ESTONIA EE

ETHIOPIA ET

FAEROE ISLANDS FO

FALKLAND ISLANDS FK

FIJI FJ

FINLAND FI

FRANCE FR

FRENCH GUIANA GF

FRENCH METROPOLITAN

FX

FRENCH POLYNESIA PF

FRENCH SOUTHERN TERRITORY

TF

GABON GA

GAMBIA GM

GEORGIA GE

GERMANY DE

GHANA GH

GIBRALTER GI

GRECE GR

GREENLAND GL

GRENADA GD

GUADALUPE GP

GUAM GU

GUATEMALA GT


GUINEA GN

GUINEA-BISSAU GW

GUYANA GY

HAITI HT

HEARD & MCDONALDS ISLAND

HM

HONDURAS HN

HONG KONG HK

HUNGARY HU

ICELAND IS

INDIA IN

INDONESIA ID

IRAN IR

IRAQ IQ

IRELAND IE

ISRAEL IL

ITALY IT

JAMAICA JM

JAPAN JP

JORDAN JO

KAZAKHSTAN KZ

KENYA KE

KIRIBATI KI

KOREA, REPUBLIC OF

KR

KUWAIT KW

KYRGYZSTAN KG


130 VeriSign, Inc.


LAO PEOPLES DEMOCRATIC

LA

LATVIA LV

LEBANON LB

LESOTHO LS

LIBERIA LR

LIBYAN ARAB JAMAHIRIYA

LY

LIECHTNSTIEN LI

LITHUANIA LT

LUXEMBOURG LU

MACAU MO

MACEDONIA MK

MADAGASCAR MG

MALAWI MW

MALAYSIA MY

MALDIVES MV

MALI ML

MALTA MT

MANACO MC

MARSHALL ISLANDS MH

MATINIQUE MQ

MAURITANIA MR

MAURITIUS MU

MAYOTTE YT

MEXICO MX

MICRONESIA FM


MOLDOVA MD

MONGOLIA MN

MONTSERRAT MS

MOROCCO MA

MOZAMBIQUE MZ

MYANMAR MM

NAMIBIA NA

NAURU NR

NEPAL NP

NETHERLANDS NL

NETHERLANDS ANTILLES

AN

NEW CALDONIA NC

NEW ZEALAND NZ

NICARAGUA NI

NIGER NE

NIGERIA NG

NIUE NU

NORFOLK ISLAND NF

NORTHERN MARIANA ISLAND

MP

NORWAY NO

OMAN OM

PAKISTAN PK

PALAU PW

PANAMA PA

PAPAU NEW GUINEA PG


131 VeriSign, Inc.


PARAGUAY PY

PERU PE

PHILIPPINES PH

PITCAIRN ISLAND PN

POLAND PL

PORTUGUL PT

PUERTO RICO PR

QATAR QA

REUNION RE

ROMANIA RO

RUSSIAN FERERATION

RU

RWANDA RW

SAMOA WS

SAN MARINO SM

SAN TOME AND PRICIPEL

ST

SAUDI ARABIA SA

SENEGAL SN

SEYCHELLES SC

SIERRA LEONE SL

SINGAPORE SG

ST. HELENA SH

ST. KITTS-NEVIS-ANGUILLA

KN

ST. LUCIA LC

ST. PIERRE AND MIQUELON

PM


ST. VINCENT AND THE GRENADINES

VC

SUDAN SD

SURINAM SR

SVALBARD & JAN MAYEN IS.

SJ

SWAZILAND SZ

SWEDEN SE

SWITZERLAND CH

SYRIAN ARAB REPUBLIC

SY

TAIWAN, PROVIDENCE OF CHINA

TW

TAJIKISTAN TJ

TANZANIA, UNITED REPUBLIC

TZ

THAILAND TH

TOGO TG

TOKELAU TK

TONGA TO

TRINIDAD AND TOBAGO

TT

TUNISIA TN

TURKEY TR

TURKMENISTAN TM

TURKS & CAICOS ISLANDS

TC

TUVALU TV


132 VeriSign, Inc.


U.S. MINOR OUTLYING ISL.

UM

UGANDA UG

UKRAINIAN SSR UA

UNITED ARAB EMIRATES

AE

UNITED KINGDOM GB

UNITED STATES US

URAGUAY UY

UZBEKISTAN UZ

VANUATU VU

VATICAN CITY STATE VA

VENEZUELA VE

VIETNAM VN

VIRGIN ISLANDS BRITISH

VG

VIRGIN ISLANDS US VI

WALLIS AND FUTUNA IS

WF

WESTERN SAHARA EH

YEMEN YE

YUGOSLAVIA YU

ZAIRE ZR

ZAMBIA ZM

ZIMBABWE ZW


133 VeriSign, Inc.


Units of Measure

Table H-3 Units of Measure

Acre (4840 yd2) ACR

Alcoholic strength by mass ASM

Alcoholic strength by volume

ASV

Ampere* AMP

Ampere=hour (3,6 kC)* AMH

Are (100 m2) ARE

Bar* BAR

Barrel (petroleum) (158,987 dm3)

BLL

Becquerel* BQL

Billion EUR BIL

Billion US MLD

Board foot BFT

Brake horse power (245,7 watts)

BHP

British thermal unit (1,055 kilojoules)

BTU

Bushel (35,2391 dm3) BUA

Bushel (36,36874 dm3) BUI

Candela* CDL

Carrying capacity in metric tonnes

CCT

Cental GB (45,359237 kg) CNT

Center, metric (100 kg) (syn.: Hectokilogram)

DTN

Centigram* CGM

Centilitre* CLT

Centimetre* CMT

Cord (3,63 m3) WCD

Coulomb per kilogram* CKG

Coulomb* COU

Cubic centimetre* CMQ

Cubic decimetre* DMQ

Cubic foot FTQ

Cubic inch INQ

Cubic metre per hour* MQH

Cubic metre per second* MQS

Cubic metre* MTQ

Cubic millimetre* MMQ

Cubic yard YDQ

Curie CUR

Day* DAY

Decade (ten years) DEC

Decare DAA

Decilitre* DLT

Decimetre* DMT

Decitonne* DTN

Degree Celsius CEL

Degree Fahrenheit FAH

Degree Kelvin: Kelvin

Displacement tonnage DPT


134 VeriSign, Inc.


Dozen DZN

Dozen packs DZP

Dozen pairs DZR

Dozen pieces DCP

Dozen rolls DRL

Drachm GB (3,887935 g) DRM

Dram GB (1,771745 g) DRI

Dram US (3,887935 g) DRA

Dry Barrel (115,627 dm3) BLD

Dry gallon (4,404884 dm3) GLD

Dry pint (0,55061 dm3) PTD

Dry quart (1,101221 dm3) QTD

Farad* FAR

Fluid ounce (28,413 cm3) OZI

Fluid ounce (29,5735 cm3) OZA

Foot (0,3048 m) FOT

Gallon (4,546092 dm3) GLI

Gigabecquerel* GBQ

Gigawatt-hour (1 million kW/h)*

GWH

Gill (0,142065 dm3) GII

Gill (11,8294 cm3) GIA

Grain GB, US (64,798910 mg)

GRN

Gram of fissile isotopes GFI

Gram* GRM

Great gross (12 gross) GGR


Gross GRO

Gross (register) ton GRT

Half year (six months) SAN

Hectare HAR

Hectobar* HBA

Hectogram* HGM

Hectokilogram* DTH

Hectolitre of pure alcohol HPA

Hectolitre* HLT

Hectometre* HMT

Hertz* HTZ

Hour* HUR

Hundred CEN

Hundred boxes BHX

Hundred international units HIU

Hundred leaves CLF

Hundred packs CNP

Hundredweight US (45,3592 kg)

CWA

Inch (25,4 mm) INH

Joule* JOU

Kelvin* KEL

Kilobar* KBA

Kilogram of caustic potash KPH

Kilogram of caustic soda KSH

Kilogram of named substance

KNS


135 VeriSign, Inc.


Kilogram of nitrogen KNI

Kilogram of phosphonic anhydride

KPP

Kilogram of phosphorus pentoxide

KPP

Kilogram of potassium hydroxide

KPH

Kilogram of potassium oxide

KPO

Kilogram of sodium hydroxide

KSH

Kilogram of substance 90 percent dry

KSD

Kilogram per cubic meter* KMQ

Kilogram per second* KGS

Kilogram* KGM

Kilohertz* KHZ

Kilojoule* KJO

Kilometre per hour* KMH

Kilometre* KMT

Kilopascal* KPA

Kilorgram of uranium KUR

Kilotonne* KTN

Kilovar KVR

Kilovolt* KVT

Kilovolt-ampere* KVA

Kilowatt* KWT

Kilowatt-hour* KWH


Knot (1 nautical mile per hour)

KNT

Leaf LEF

Liquid gallon (3,78541 dm3)

GLL

Liquid pint (0,473176 dm3) PTL

Liquid quart (0,946353 dm3)

QTL

Litre (1 dm3)* LTR

Litre of pure alcohol LPA

Long ton GB, US (1,0160469 t)

LTN

(long) hundredweight GB (50,802345 kg)

CWI

Lumen* LUM

Lux LUX

Megahertz* MHZ

Megalitre* MAL

Megametre* MAM

Megapascal* MPA

Megavolt-ampere (1000 KVA)*

MVA

Megawatt* MAW

Megawatt-hour (100 kW/h)*

MWH

Metre per second squared* MSK

Metre per second* MTS

Metre* MTR

Metric carat (200 mg=2,10-4 kg)

CTM


136 VeriSign, Inc.


Metric ton (1000 kg) TNE

Milliard MLD

Millibar* MBR

Millicurie MCU

Milligram* MGM

Millilitre* MLT

Millimetre* MMT

Million MIO

Million cubic metres* HMQ

Million international units MIU

Minute* MIN

Month MON

Nautical mile (1852 m) NMI

Net (register) ton NTT

Newton* NEW

Number NMB

Number of articles NAR

Number of bobbons NBB

Number of cells* NCL

Number of international units

NIU

Number of packs NMP

Number of pairs NMR

Number of parcels NPL

Number of parts NPT

Number of rolls NRL

Ohm* OHM


Ounce GB, US (28,349523 g)

ONZ

Ounce GB, US (31,103448 g) (syn: Troy ounce)

APZ

Pascal* PAL

Pennyweight GB, US (1555174 g)

DWT

Piece PCE

Pint (0,568262 dm3) PTI

Pound GB, US (0,45359237 kg)

LBR

Proof gallon PGL

Quart (1,136523 dm3) QTI

Quarter (of a year) QAN

Quarter, GB (12,700586 kg)

QTR

Quintal, metric (100 kg) DTN

Revolution per minute* RPM

Revolution per second* RPS

Score SCO

scruple, GB (1,2955982 g) SCR

Second* SEC

Set SET

Shipping ton SHT

Short standard (7200 matches)

SST

Short ton GB, US (0,90718474 t)

STN

Siemens* SIE


137 VeriSign, Inc.


Square centimetre* CMK

Square decimetre* DMK

Square foot FTK

Square inch INK

Square kilometre* KMK

Square metre* MTK

Square mile MIK

Square millimetre* MMK

Square yard YDK

Standard WSD

standard atmosphere (101325 Pa)

ATM

(statue) mile (1609,344 m) SMI

Stone GB (6,350293 kg) STI

Technical atmosphere (98066,5 Pa)

ATT

Ten days DAD

Ten pairs TPR

Thousand MIL

Thousand ampere-hour* TAH

Thousand board feet (2,36 m3)

MBF

Thousand cubic metres per day*

TQD

Thousand standard brick equivalent

MBE

Ton of steam per hour TSH

Tonne (1000 kg)* TNE


Tonne of substance 90 percent dry

TSD

Trillion EUR TRL

Trillion US BIL

Troy ounce APZ

Troy pound, US (373,242 g)

LBT

Volt* VLT

Watt* WTT

Watt-hour* WHR

Weber WEB

Week WEE

Yard (0,9144 m) YRD

Year ANN


138 VeriSign, Inc.


FDMS South Currency Codes and Decimal PositionsTable H-4 FDMS South Currency Codes and Decimal Positions

Currency Name Currency Code Decimal Positions

Argentine Peso 32 2

Australian Dollar 36 2

Austrian Schilling 40 2

Belgian Franc 56 0

Canadian Dollar 124 2

Chilean Peso 152 2

Czech Koruna 203 2

Danish Krone 208 2

Dominican Peso 214 2

Markka 246 2

French Franc 250 2

Deutsche Mark 280 2

Drachma 300 0

Hong Kong Dollar 344 2

Indian Rupee 356 2

Irish Punt 372 2

Shekel 376 2

Italian Lira 380 0

Yen 392 0

Won 410 0

Luxembourg Franc 442 0

Mexican Duevo Peso 484 2

Netherlands Guilder 528 2

New Zealand Dollar 554 2

139 VeriSign, Inc.


Norwegian Frone 578 2

Philippine Peso 608 2

Portuguese Escudo 620 0

Rand 710 2

Spanish Peseta 724 0

Swedish Krona 752 2

Swiss Franc 756 2

Thailand Baht 764 2

Pound Sterling 826 2

Russian Ruble 810 2

U.S Dollar 840 2

Bolivar 862 2

New Taiwan Dollar 901 2

Euro Dollar 978 2

Polish New Zloty 985 2

Brazilian Real 986 2

Table H-4 FDMS South Currency Codes and Decimal Positions (Continued)

140 VeriSign, Inc.

I. Ensuring Safe Storage and Use of Passwords

You should always secure passwords and strive to eliminate unwanted access. Store passwords in encrypted form behind a properly configured firewall. This includes passwords in scripts, code, pages, logs, and databases.

This appendix describes the example Payflow Pro Encrypted Password program.

Overview of the RisksHere is a partial list of the risks of exposing your Payflow Pro password:

A hacker could issue fraudulent transactions using stolen credit cards.

A hacker could buy a product using a sale transaction, receive the downloaded product, and then void the transaction before settlement.

If the ability to issue credits is not disabled for your account, a hacker could fraudulently credit funds out of your account into:

A stolen credit card’s account (enabling further purchases)

An offshore account accessible by the hacker. Such funds are not recoverable within the U.S. legal system.

Tip VeriSign strongly recommends that you do not store credit card numbers at all. If you must store credit card numbers, then store them in encrypted form behind a properly configured firewall.



Fraud Prevention ResourcesFor more information about preventing fraud, see:

http://www.verisign.com/support/payflow/fraud/fraudPrevention.html

For information about VeriSign Manager security features that reduce unauthorized access to your account, see:

http://www.verisign.com/support/payflow/manager/selfHelp/security.html

Overview of the Example Password Encryption Program

CAUTION Do not use VeriSign's example scripts in your production environment. You must write a program that encrypts and decrypts your PayFlow Pro account password.

In actual practice, you must ensure that the file containing the key and the file containing the encrypted password are kept where they cannot be accessed or read except by the application that submits transactions.

The Payflow Pro Encrypted Password program provides an example of the process of dynamically generating a symmetric key, then using the key to encrypt the password. The script then stores the encrypted password file in a newly created lib subdirectory in a dynamically generated jar file that will be accessed as a java resource whenever the password is required. In this example, the symmetric key and the encrypted password reside on the same host.

Included FilesCode listings for the following files appear in “Code Listings” on page 144.

Figure I-1 Included Files

File Description

PFProEncrypt.java Sample java file

encrypt.pl Perl test script to encrypt and store the password.

PFProSecure.java Sample java file

securetest.pl Perl test script to decrypt the password and submit transactions with the decrypted password.


http://www.verisign.com/support/payflow/fraud/fraudPrevention.html

http://www.verisign.com/support/payflow/manager/selfHelp/security.html

Appendix I Ensuring Safe Storage and Use of Passwords

RequirementsPayflow Pro Java SDK Client version 3.06. You can download the code from the Downloads page in the VeriSign Manager: https://manager.verisign.com

Encrypting the Password

Step 1 Configure the Script

The example Perl scripts provided by VeriSign set the CLASSPATH, and call javac for the java file each time the script is run. The script finally runs the java command on the compiled java class passing any needed parameters.

To prepare the encrypt.pl script, you must specify actual merchant values for the account variables. Modify the encrypt.pl Perl script as follows:

Replace the default text values with actual merchant values for the following account variables: $user, $vendor, $partner, and $password.

Step 2 Encrypt the Password

Run the encrypt.pl Perl script once to initialize the key file and encrypt the password file. The script then stores the encrypted password file in a newly created lib subdirectory in a jar file that will be accessed as a java resource.

>Perl encrypt.pl

Step 3 Delete the files used to encrypt the password

After encrypting the password, you must delete the files used to generate the password because both the password and method of encrypting it are contained within the files. Follow these steps:

1 Rename the ../lib/$encjar file and move it to a unique location so that its location and filename are difficult to discover.

Delete $encjar from ../lib.

Specify the new location and name in the CLASSPATH reference in the securetest.pl script. Alternatively, specify the path information from the command line when executing the PFProSecure java command.




2 To enable you to change the password in the future, move the following files to a safe location and then delete the files from their current location:

$keyfile (encrypt.pl provides the location)

$encfile (encrypt.pl provides the location)

PFProEncrypt.java

PFProEncrypt.class

readme.txt

encrypt.pl

Submitting Transactions Using the Encrypted PasswordRun the securetest.pl Perl test script for all test transactions.

>Perl securetest.pl

Code Listings

encrypt.pl Code Listing#!/usr/bin/perl##########################

use File::Copy;use Config;$: = $Config{path_sep};

# Set environment$LIBS = "$:.$:..$:../lib";

$ENV{PATH} .=$LIBS;$ENV{LD_LIBRARY_PATH} .=$LIBS;$ENV{SHLIB_PATH} .=$LIBS;$ENV{LIBPATH} .=$LIBS;

$ENV{CLASSPATH} .= "$:../lib/Verisign.jar$:../lib/JSSE/jnet.jar$:../lib/JSSE/jcert.jar$:../lib/JSSE/jsse.jar$:.";$ENV{PFPRO_CERT_PATH} = "../../dist/java/certs";

# Merchant Account values



# => Change these to your account values$user = "user";$vendor = "vendor";$partner = "partner";$password = "password";# => Change the above to your account values

$JDKBIN="C:/j2sdk1.4.0/bin";

# Compile the codeprint ̀ $JDKBIN/javac PFProEncrypt.java`;

$encjar = "eqabz.jar";$keyfile = "key";$encfile = "encrypted";

# Run the testprint ̀ $JDKBIN/java PFProEncrypt -user $user -vendor $vendor -partner $partner -password $password`;print ̀ $JDKBIN/jar cM0f $encjar $keyfile $encfile`;mkdir("../lib",0744);copy($encjar,"../lib");print "\n";

PFProEncrypt.java Code Listing// Verisign, Inc.// http://www.verisign.com// See contact.txt for additional contact information

// Verisign Payflow Pro Encrypted Password Sample

import java.security.GeneralSecurityException;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.NoSuchAlgorithmException;import java.security.PrivateKey;import java.security.PublicKey;import java.security.cert.X509Certificate;import java.security.interfaces.RSAKey;

import java.io.*;import java.security.*;import javax.crypto.*;import javax.crypto.spec.*;



class PFProEncrypt {

public static void encode(String user, String vendor, String partner, String password)

throws Exception {

System.out.println("Encrypting...\n");//// Generate a symmetric key using the DES algorithm.//System.out.println(" Generating key...\n");

KeyGenerator kg = KeyGenerator.getInstance("DES"); kg.init(new SecureRandom()); SecretKey key = kg.generateKey(); SecretKeyFactory kf = SecretKeyFactory.getInstance("DES"); Class deskeyspec = Class.forName("javax.crypto.spec.DESKeySpec"); DESKeySpec keyspec = (DESKeySpec) kf.getKeySpec(key, deskeyspec); ObjectOutputStream keyfile = new ObjectOutputStream(new FileOutputStream("key")); keyfile.writeObject(keyspec.getKey());

Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding"); c.init(Cipher.ENCRYPT_MODE, key); CipherOutputStream pwdfile = new CipherOutputStream( new FileOutputStream("encrypted"), c); PrintWriter pw = new PrintWriter( new OutputStreamWriter(pwdfile) );

System.out.println(" writing encrypted values:\n");System.out.println(" user: " + user + "\n");

pw.println(user);System.out.println(" vendor: " + vendor + "\n");

pw.println(vendor);System.out.println(" partner: " + partner + "\n");

pw.println(partner);System.out.println(" password: " + password + "\n");

pw.println(password); pw.close(); keyfile.writeObject(c.getIV()); keyfile.close();

System.out.println("Done.\n"); } static private void usage()



{java.io.PrintStream p = System.out;p.println("Syntactic usage:\n");p.println("java " + PFProEncrypt.class.getName() + "-user <user name>" + "-password <user password>" + "-vendor <vendor name>" + "-partner <partner name (case sensitive)>\n");

}

public static void main(String argv[]) {

try { if (argv.length < 2 || argv[0].equals("-h")) {

usage();return;

}

String user = findValue("-user", argv); String password = findValue("-password", argv); String vendor = findValue("-vendor", argv); String partner = findValue("-partner", argv);

System.out.println(password); encode(user, vendor, partner, password); //password = null; //System.out.println(password); //password = decode(); //System.out.println(password); } catch (Exception e) { System.out.println(e);}

}

static private String findValue(String toFind, String argv[]){return findValue(false, toFind, argv);

}

static private boolean find(String toFind, String argv[]){return find(false, toFind, argv);

}



static private String findValue(boolean required, String toFind, String argv[]){

for (int i = 0; i < argv.length; ++i){ if (argv[i].equals(toFind)){

return nextArgv(argv, i); }}if (required) { throw new IllegalArgumentException("'" + toFind +

"' argument missing in input");

} else { return null;}

}

static private boolean find(boolean required, String toFind, String argv[]){

for (int i = 0; i < argv.length; ++i){ if (argv[i].equals(toFind)){

String s = nextArgv(argv, i);return true;

}}if (required) { throw new IllegalArgumentException("'" + toFind +

"' argument missing in input");

} else { return false;}

}

/** * Returns the next entry in argv, unless it starts with * a '-' (to catch errors such as 'java xyz -a -b' where * '-a' needs a value 'java xyz -a value -b' */ private static String nextArgv(String[] argv, int i){

if ((argv[i+1] != null) && (!argv[i+1].startsWith("-"))){ return argv[i+1];} else { return null;}

}}



securetest.pl Code Listing#!/usr/bin/perl##########################

use Config;$: = $Config{path_sep};

# Set environment$LIBS = "$:.$:..$:../lib";

$ENV{PATH} .=$LIBS;$ENV{LD_LIBRARY_PATH} .=$LIBS;$ENV{SHLIB_PATH} .=$LIBS;$ENV{LIBPATH} .=$LIBS;

# Directory containing the JSSE jar files# => Change this to your JSSE jar file directory$JSSEDIR = "../lib/JSSE";# => Change above to your JSSE jar file directory

$JSSECLASSPATH = "$:$JSSEDIR/jsse.jar$:$JSSEDIR/jcert.jar$:$JSSEDIR/jnet.jar";

$ENV{CLASSPATH} .= "$:../lib/eqabz.jar$:Verisign.jar$:.$:$JSSECLASSPATH";$ENV{PFPRO_CERT_PATH} = "../certs";

$JDKBIN="C:/j2sdk1.4.0/bin";

# Compile the codeprint ̀ $JDKBIN/javac PFProSecure.java`;

# Run the testprint ̀ $JDKBIN/java PFProSecure test-payflow.verisign.com 443 "TRXTYPE=S&TENDER=C&ACCT=4222222222222&EXPDATE=1209&AMT=14.42&COMMENT1[3]=123&COMMENT2=Good Customer&INVNUM=1234567890&STREET=5199 JOHNSON&ZIP=94588" 30`;print "\n";

PFProSecure.java Code Listing// Verisign, Inc.// http://www.verisign.com



// See contact.txt for additional contact information

// Verisign Payflow Pro Encrypted Password Sample

import com.Verisign.payment.PFProAPI;

import java.security.GeneralSecurityException;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.NoSuchAlgorithmException;import java.security.PrivateKey;import java.security.PublicKey;import java.security.cert.X509Certificate;import java.security.interfaces.RSAKey;

import java.io.*;import java.security.*;import javax.crypto.*;import javax.crypto.spec.*;

class PFProSecure {

public static class UserAuth {public String user= "user";public String vendor= "vendor";public String partner= "partner";public String password= "password";

public String toString(){ return ("&USER=" + user + "&PWD=" + password +

"&VENDOR=" + vendor + "&PARTNER=" + partner);}

}

public static UserAuth decode()throws Exception

{System.out.println("Decrypting...\n");System.out.println(" Retrieving key...\n");

ObjectInputStream keyfile = new ObjectInputStream( PFProSecure.class.getResourceAsStream("key") ); DESKeySpec ks = new DESKeySpec((byte[]) keyfile.readObject()); SecretKeyFactory kf = SecretKeyFactory.getInstance("DES"); SecretKey key = kf.generateSecret(ks);



Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding"); c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec((byte[]) keyfile.readObject())); CipherInputStream pwdfile = new CipherInputStream(PFProSecure.class.getResourceAsStream("encrypted"), c); BufferedReader br = new BufferedReader( new InputStreamReader(pwdfile) );

System.out.println(" reading encrypted values:\n");UserAuth userauth = new UserAuth();

userauth.user = br.readLine();System.out.println(" user: " + userauth.user + "\n");

userauth.vendor = br.readLine();System.out.println(" vendor: " + userauth.vendor + "\n");

userauth.partner = br.readLine();System.out.println(" partner: " + userauth.partner + "\n");

userauth.password = br.readLine();System.out.println(" password: " + userauth.password +

"\n");

System.out.println("Done.\n");

return userauth; }

// Set defaultsstatic String HostAddress = "test-payflow.verisign.com";static Integer HostPort = Integer.decode("443");static String ParmList = "";static Integer Timeout = Integer.decode("30");static String ProxyAddress = "";static Integer ProxyPort = Integer.decode("0");static String ProxyLogon = "";static String ProxyPassword = "";

static UserAuth userauth = null;

// Help systemstatic void help(){

System.out.println( "Usage Error: \n" );

System.out.println("pfpro <hostAddress> <hostPort> <parmList> <timeout> <proxyAddress> <proxyPort> <proxyLogon> <proxyPassword>");



System.out.println("<hostAddress> host name 'test-payflow.verisign.com'");

System.out.println("<hostPort> host port number '443'");

System.out.println("<parmList> parameter list 'ccNum=5105105105105105100&ccExpDate=1299&amount=1.23'");

System.out.println("<timeOut> timeout(sec) - optional '30'");

System.out.println("<proxyAddress> proxy name - optional 'proxy'");

System.out.println("<proxyPort> proxy port - optional '8080'");

System.out.println("<proxyLogon> proxy logon name - optional 'admin'");

System.out.println("<proxyPassword> proxy password - optional 'password'");

}

public static void main(String[] args){

try {

userauth = decode();

} catch (Exception e) { System.out.println(e); }

PFProAPI pn = new PFProAPI();

// Check args, at least the first 3 must be thereif (args.length < 3) {

System.out.println( "\nPFPRO " + pn.Version() );

try {if ( args[0].equalsIgnoreCase(new

String("-version")) ) {System.out.println();return;

}} catch (Exception e) { }

help();return;



}

// Place the arguments in the correct variables// Once we get an OutOfBounds exception, parsing will

stop // and the rest will retain their default values.try {

HostAddress = args[0];HostPort = Integer.decode(args[1]);ParmList = args[2];Timeout = Integer.decode(args[3]);ProxyAddress = args[4];ProxyPort = Integer.decode(args[5]);ProxyLogon = args[6];ProxyPassword = args[7];

} catch (Exception e) { }

// Set the certificate path pn.SetCertPath("../certs");

// Call the client.pn.CreateContext(HostAddress,

HostPort.intValue(), Timeout.intValue(), ProxyAddress, ProxyPort.intValue(), ProxyLogon, ProxyPassword);

String rc = pn.SubmitTransaction( ParmList + userauth );

System.out.println(rc);

pn.DestroyContext();}

}


J. Frequently Asked Questions

Where do I find online information about Payflow Pro?

See: http://www.verisign.com/support/payflow/pro/index.html

How do I download the VeriSign SDK?

Log in to VeriSign Manager and click Downloads. All VeriSign SDKs are listed by server platform and operating system. All SDKs are contained in downloadable WinZip files. You can download WinZip at http://www.winzip.com.

Do I need the VeriSign SDK if I already have a shopping cart?

Refer to your shopping cart documentation to verify its compatibility with VeriSign. Your shopping cart documentation should specify if it is pre-integrated or requires a VeriSign SDK plug-in. Shopping cart SDKs are available on VeriSign’s Manager’s Downloads page.

How do I know my transactions are connecting to VeriSign?

We send your server a 12-character PNREF (for example, VXES98765432) for every transaction submitted to our servers. The PNREF appears in VeriSign Manager Reports as the Transaction ID.

For Test transactions, the first and fourth characters in the PNREF value are alpha characters (letters), and the second and third characters are numeric (Example: V53A17230645). For Live transactions, all of the first four characters are alpha characters, for example: VPNE12564395.


http://www.winzip.com

http://www.verisign.com/support/payflow/pro/index.html


How do I process test transactions?

Once you have registered with VeriSign and have completed the integration/configuration of your storefront use the following information to begin testing transactions:

HostAddress: test-payflow.verisign.comHostPort: 443PARTNER: Your partner ID or VeriSignVENDOR: Your case-sensitive loginUSER: Your case-sensitive loginPWD: Your case-sensitive password

How do I process live transactions?

Once you have successfully processed test transactions, use the following information to reconfigure your storefront:HostAddress: payflow.verisign.comHostPort: 443PARTNER: Your partner ID or VeriSignVENDOR: Your case-sensitive loginUSER: Your case-sensitive loginPWD: Your case-sensitive password

Is the SDK thread-safe?

Yes. All of our SDKs are thread-safe.

Can you provide guidelines about using the various Payflow SDKs to process transactions in a multi-threaded environment?

First, pfproInit() must be called at the start of the main thread, and pfproCleanup() must be called at its finish. You can create multiple threads, each with multiple contexts, and send any number of transactions using each context. However, all threads must be created and completed between the calls to pfproInit() and pfproCleanup().

While it is possible to submit multiple transactions using a single context, we strongly recommend that you create a new context for each transaction.

Example pseudo code:1 CreateObject - to create the COM object

2 CreateContext - to setup the context and communication parameters


Appendix J Frequently Asked Questions

3 (Build a string containing all transaction parameters)

4 SubmitTransaction - Process the transaction

5 (Parse the string returned for result information)

6 DestroyContext - Destroy the context.


Index

Index

AACCT parameter 19Address 37Address Verification Service 37American Express 6, 66AMT parameter 19AUTHCODE 46AUTHCODE parameter 19AVS, see Verification ServiceAVSADDR 46AVSZIP 46

Ccard security codeCHKNUM parameter 85CITY 71close batch

see settlement operationCOMMCARD 70COMMENT1 parameter 19COMMENT2 parameter 19Common Gateway Interface 3communications errors 53COUNTRYCODE 71credit card

types 4credit card transaction

required parameters 25credit transaction type 26CSC, see card security codeCUSTCODE 71CUSTREF parameter 20CVV2 parameter 20

DDISCOUNT 71DL parameter 85DOB field 85DUTYAMT 70, 72

Eelectronic check transaction

required parameters 84ENDTIME parameter 20EXPDATE parameter 20

FFDMS Nashville 6, 68FDMS South 6, 71FIRSTNAME 72FIRSTNAME parameter 20FREIGHTAMT 70, 72

GGlobal Payments Central 6Global Payments East 6

HHostAddress 17HOSTPORT 17

Iinquiry transaction type 30INVNUM 67, 69, 72, 78

LLASTNAME 72length tags 18, 83live transactions 156



logging transaction information 43, 88

MMAPP 6MICR field 86

NNAME parameter 20NDCE 6Nova 6, 76

OORDERDATE 72ORIGID parameter 21

Pparameters

required for credit card 25required for electronic check 84

PARMLIST 17Partner Manager

overview 8PARTNER parameter 21Payflow Pro 1

library formats 1, 11software formats 1, 11

Payflow Pro clientpayment types 4Paymentech 7, 78pfpro, see Payflow Pro clientPHONENUM field 86PNREF 45, 89

format of value 47PNREF value 47PONUM 70, 73processors 4

Wells Fargo Bank 7PROXYADDRESS 18, 83PROXYLOGON 18, 83PROXYPASSWORD 18, 83PROXYPORT 18, 83

purchase cardline item parameters 74

PWD parameter 21

Rrequired parameters

credit card 25electronic check 84

RESPMSG 46, 89RESPMSG value 48responses

credit card transaction 45RESULT 45, 89RESULT value 47RESULT values

communication errors 53

Ssale transaction type 25SDK 1Secure Sockets Layer 2security

AVS 37CSC

settlement operation 2SHIPFROMZIP 73SHIPTOZIP 70, 73shopping carts 11, 155Software Development Kit 1SS field 86SSL, see Secure Sockets LayerSTARTTIME parameter 21STATE 73Street field 86STREET parameter 21SWIPE parameter 22syntax 17, 82

TTAXAMT 70, 74TAXEXEMPT 70, 74


Index

TCP 1TeleCheck 7, 81TENDER parameter 22test transactions 156TIMEOUT 18, 83transaction

format 17transaction response

PNREF parameter 47RESPMSG parameter 48RESULT parameter 47

transactionscommercial card 34creating 25credit 26inquiry 30sale 25voice authorization 29

void 28TRXTYPE parameter 22

UUSER parameter 22

VVENDOR parameter 22VERBOSITY parameter 22Vital 7, 80voice authorization transaction type 29void transaction type 28

WWells Fargo Bank 7

ZZIP parameter 23


VeriSign Payment Services - pacbuilder.com · VeriSign Payment Services Payflow Pro Developer’s...

Documents

Transcript of VeriSign Payment Services - pacbuilder.com · VeriSign Payment Services Payflow Pro Developer’s...