User s Guide Simple Order API Version 1.14 May 2005

Transcription

1 CyberSource Business Center Simple Order API User s Guide Simple Order API Version 1.14 May 2005

2 CyberSource Contact Information For technical support questions, go to the Home page in the Business Center to see the contact information appropriate for your account. Visit the Business Center, your central location for managing your online payment transactions, at For general information about our company, products, and services, go to For sales questions about any CyberSource Service, or call or (toll-free in the United States). Copyright 2005 CyberSource Corporation. All rights reserved. CyberSource Corporation ("CyberSource") furnishes this document and the software described in this document under the applicable agreement between the reader of this document ("You") and CyberSource ("Agreement"). You may use this document and/or software only in accordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the information contained in this document is subject to change without notice and therefore should not interpreted in any way as a guarantee or warranty by CyberSource. CyberSource assumes no responsibility or liability for any errors that may appear in this document. The copyrighted software that accompanies this document is licensed to You for use only in strict accordance with the Agreement. You should read the Agreement carefully before using the software. Except as permitted by the Agreement, You may not reproduce any part of this document, store this document in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written consent of CyberSource. Restricted Rights Legends For Government or defense agencies. Use, duplication, or disclosure by the Government or defense agencies is subject to restrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS and in similar clauses in the FAR and NASA FAR Supplement. For civilian agencies. Use, reproduction, or disclosure is subject to restrictions set forth in subparagraphs (a) through (d) of the Commercial Computer Software Restricted Rights clause at and the limitations set forth in CyberSource Corporation's standard commercial agreement for this software. Unpublished rights reserved under the copyright laws of the United States. Trademarks CyberSource, the Power Behind the Buy Button, the CyberSource logo, SmartCert, and PaylinX are registered trademarks of CyberSource Corporation in the U.S. and other countries. The Power of Payment, CyberSource Payment Manager, CyberSource Risk Manager, CyberSource Decision Manager, and CyberSource Connect are trademarks and/or service marks of CyberSource Corporation. All other brands and product names are trademarks or registered trademarks of their respective owners. ii CyberSource Corporation

3 Contents Documentation Changes and Enhancements...vii Chapter 1 Introduction...1 Welcome!...1 About the Business Center...1 Where You Can Get More Information...2 About Processing Credit Cards...2 MasterCard and Diners Club Alliance...3 Reducing Your Chances of Fraud...4 Address Verification Service...4 Card Verification Number...4 Smart Authorization...5 $0 Authorization...6 Chapter 2 Processing Orders with the API...9 Downloading a Client...9 Using the Latest API Version...9 Understanding API Requests and Replies...10 A Few Details about Requests...10 Using Items...10 Using a Grand Total, Total Tax, or Total Freight Amount...11 A Few Details about Replies...13 Decisions...13 Reason Codes...13 Example Replies...14 Processing a Credit Card Order...15 Requesting the Authorization...15 Using the Address Verification Service...15 Using the Card Verification Number...15 Using Smart Authorization...16 Performing a Forced Capture...16 Indicating a Bill Payment...17 API Fields...17 Authorization Request Fields...17 Business Center Simple Order API User s Guide May 2005 iii

4 Authorization Reply Fields...23 Testing Your Implementation...25 Capturing the Order...26 Refunding the Customer s Money...27 Going Live...27 Chapter 3 Additional Useful Information...29 Order Identifiers...29 Reconciling Your Orders...29 Missing and Invalid Request Fields...29 Chapter 4 Processing Orders with Electronic Checks...31 Preparing to Accept Electronic Checks...31 Processing Electronic Check Payments...32 Corporate Checks...32 Reconciliation ID...32 Electronic Check Debit Fields...33 Request Fields...33 Reply Fields...39 Seeing When the Check Has Cleared...41 Refunding the Customer s Money...41 Testing Your Implementation...41 Example Request and Reply...43 Appendix A Product Codes...45 Appendix B Reason Codes...47 Reason Codes for Credit Card Services...47 Reason Codes for Electronic Check Services...50 Appendix C Codes for Fraud Tests...53 Address Verification Service Codes...53 Card Verification Codes...54 Smart Authorization Codes...55 Appendix D Advanced API Capabilities for Credit Cards...57 Why Use the API for Captures and Credits?...57 Requesting a Capture...57 Processing a Verbal Authorization...57 Capture Request Fields...58 Capture Reply Fields...60 iv CyberSource Corporation

5 Contents Requesting a Credit...61 Indicating a Bill Payment...62 Credit Request Fields...62 Credit Reply Fields...65 Processing a Sale with the API...66 Using Payer Authentication...67 Appendix E Advanced API Capabilities for Electronic Checks...71 Why Use the API for Credits?...71 Requesting a Credit...71 Follow-On Credits...71 Stand-Alone Credits...72 Reconciliation ID...72 Payment Events Report...72 Credit Request Fields...72 Credit Reply Fields...76 Reason Codes...77 Appendix F Level III with Vital...79 About Level III Processing with CyberSource...79 Prerequisites...79 Processor Specification Used...80 Indicating the Request Is for Level III...80 Level II Fields Needed for Level III...81 Field to Send with the Authorization...81 About Using Decimals and Strings...82 Level III Fields...82 Order-Level Fields...83 Item-Level Fields...87 Example Requests...91 Appendix G Using the XML API...95 Downloading a Client...95 About the XML API...95 Constructing Requests...95 Parsing Replies...96 Correlating Fields Names...97 Requesting Credit Card Authorization...97 Numbering Items...97 Example Authorization Request...99 Example Authorization Reply Appendix H Using the Testing Simulator Business Center Simple Order API User s Guide May 2005 v

6 General Testing Information FDMS Nashville Testing Information FDMS Nashville General Error Triggers FDMS Nashville AVS Triggers FDMS Nashville CVV Triggers FDMS South Testing Information FDMS South Error Triggers FDMS South Visa AVS Triggers FDMS South MasterCard AVS Triggers FDMS South American Express AVS Triggers FDMS South Discover AVS Triggers FDMS South CVV Triggers Paymentech Testing Information Paymentech Error Triggers Paymentech AVS Triggers Paymentech CVV Triggers Vital Testing Information Vital Error Triggers Vital AVS Triggers Vital CVV Triggers Index vi CyberSource Corporation

7 Documentation Changes and Enhancements The following changes were made to this guide since its last publication: Added information about performing forced captures. See Performing a Forced Capture on page 16. Added information about using the bill payment indicator for Visa. See Indicating a Bill Payment on page 17. Added information about the Payment Events Report. See Seeing When the Check Has Cleared on page 41. Clarified how to perform credits through the API, and added information about stand-alone credits with TeleCheck. See Requesting a Credit on page 71. Added information about performing a $0 authorization with FDMS South. See $0 Authorization on page 6. Added information about using CyberSource s test simulator. See Appendix H, Using the Testing Simulator, on page 101. Business Center Simple Order API User s Guide May 2005 vii

8 viii CyberSource Corporation

9 Chapter 1 Introduction Welcome! This document is for users of the Business Center, and it covers processing credit card orders with CyberSource s Simple Order API. You might want to use the API (as opposed to CyberSource s Virtual Terminal or Hosted Order Page) if you want more flexibility and control over the customer s buying experience at your Web store. You might want to use the API also if your business has grown, and your order volume warrants a higher level of order processing automation. You should use the API and this guide only if: You have an ISP or hosting provider to host your online store You store uses a secure (SSL) online payment form Your store does not already have a shopping cart to process payments You have programming skills in Java, ASP, or.net If you are a developer with XML experience and you want to use CyberSource s XML API instead of the Simple Order API, start here, but also see Appendix G, Using the XML API, on page 95. About the Business Center The CyberSource Business Center is a secure, Web-based tool that enables you to process credit cards online. CyberSource provides an easy-to-use Internet payment gateway fully integrated with popular shopping-cart software. To seamlessly integrate payment and fraud controls into your Web site, you can use a Virtual Terminal to process mail and telephone orders, a hosted payment order form if you do not use a shopping cart, or a Simple Order API. The CyberSource Business Center offers the following advantages: Easy to implement. CyberSource is integrated into a number of popular shopping carts; however, if you prefer, you can integrate a hosted payment order form into your web site, or you can use our Simple Order API. Business Center Simple Order API User s Guide May

10 Where You Can Get More Information Easy to manage. With the Business Center, you can submit orders via telephone or fax by using the Virtual Terminal, search for an order, view reports, and use the online help. Reliable and scalable technology. The CyberSource Business Center is based on technology designed for the largest online businesses to accept a high volume of transactions 24 hours a day. As your business grows, you can be confident that you have a reliable and fully tested payment service. Combined payment and fraud control tools. The CyberSource Business Center enables you to combine payment with fraud control tools. You can configure the fraud controls to create a simple but effective tool to minimize your exposure to online fraud. This tool uses address verification, card number verification, and transaction amount limit to review and match the billing and shipping addresses of your customers. Where You Can Get More Information You can get more information about processing orders with CyberSource in these guides: Introduction to Processing Orders, available on the Business Center. We recommend that you read this particular guide and understand how order processing works before you start implementing the CyberSource API. The Business Center User s Guide, also available on the Business Center. This guide shows you how to perform the various functions available in the Business Center. About Processing Credit Cards You have probably already learned something about credit card processing from reading Introduction to Processing Orders. You will use the API to call CyberSource s credit card authorization service. The service contacts the bank that issued the card, checks to see if the card has enough funds for the order, and reserves those funds. It also performs some basic fraud checks that are discussed in the next section. Once your authorization is complete, you still must move the money from the customer s account into your account. You should move the money only after you have shipped the goods to the customer. To get the money to move, you must perform a capture of the authorization. You do not need to do this through the CyberSource API, though. Instead, you can do it by using the Business Center. For instructions on how to perform a capture, see the Business Center User s Guide. Note If you are an advanced user with large order volume, you may want to use the API to perform captures. See Appendix D, Advanced API Capabilities for Credit Cards, on page 57 for more information. 2 CyberSource Corporation

11 Chapter 1 Introduction MasterCard and Diners Club Alliance In 2004, MasterCard and Diners Club announced an alliance that allows Diners Club cards to be processed as MasterCard cards. This alliance enables merchants who accept MasterCard cards to automatically accept Diners Club cards. MasterCard cards have a 16-digit number that begins with 5. Diners Club has two types of cards: Those issued in North America (by Diners Club North America), which have a 14- digit number that begins with either 30 or 38 Those issued outside of North America (by Diners Club International), which have a 14-digit number that begins with 36 The Diners Club cards issued in North America will be replaced with MasterCard cards (with the 16-digit number starting with 5) by the end of June During the transition period while the North American cards are being replaced, you do not need to do anything differently; continue to process North America Diners Club cards as Diners Club cards. If after June 2005 you process a North American Diners Club card that has a 14-digit number that begins with 30 or 38, the issuer will decline the authorization. The Diners Club cards issued outside North America are not being replaced by MasterCard cards; they will continue to have the 14-digit number that begins with 36. If you are a merchant outside North America, you should continue to process these cards as Diners Club cards. However, if you are a North American merchant, you must now process these cards as MasterCard cards (by setting the card type to MasterCard). It is up to you, the merchant, to determine whether you should process a Diners Club card as a Diners Club card or as a MasterCard card. If you are a North American merchant, you should review your code to ensure that you indicate the card type correctly to CyberSource: If you explicitly set the card type in your request to CyberSource, you should use the card number to determine the card type and not the card type indicated by the customer. It is acceptable for you to NOT set the card type in the request to CyberSource and let CyberSource determine the card type based on the card number EXCEPT when the card is a Diners Club International card (with the 14-digit number that begins with 36). In this case you must explicitly set the card type field in the request to indicate a MasterCard card. If you are a merchant outside North America, you do not need to change how you process MasterCard or Diners Club cards. Business Center Simple Order API User s Guide May

12 Reducing Your Chances of Fraud Reducing Your Chances of Fraud You have several ways to reduce the chance of accepting a fraudulent credit card order. This section describes these features, and the next chapter explains how to use the API for the features. Address Verification Service Depending on who your payment processor is and what type of credit card you are processing, the issuing bank might use the Address Verification Service (AVS) to confirm that your customer has provided the correct billing address. If the customer provides incorrect information, the order might be fraudulent. AVS occurs automatically with the authorization request. You can use the Smart Authorization settings (discussed on page 5) to control which AVS results cause CyberSource to decline the order. Use the Business Center to change your Smart Authorization settings. See the Business Center User s Guide for more information. CyberSource returns AVS results for these processors and card types: Concord EFS: Visa, MasterCard, American Express, Discover, Diners Club FDMS Nashville: Visa, MasterCard, American Express, Discover FDMS South: Visa, MasterCard, American Express, Discover, Diners Club Paymentech New Hampshire: Visa (billing country must be U.S., Canada, or Great Britain) American Express (billing country must be U.S. or Canada) MasterCard, Discover, Diners Club (billing country must be U.S.) Vital: Visa, MasterCard, American Express, Diners Club (billing country must be U.S.) Card Verification Number Many credit cards have a card verification number printed on the card. To reduce your risk of fraud, you can ask the customer for that number and then send it with your credit card authorization request. This number does not appear on receipts and should be known only by the cardholder. For Visa, MasterCard, and Discover, the card verification number is 3 digits long and is printed in the signature area on the back of the card. For American Express, the number is 4 digits long and is printed on the front of the card, typically up and to the right of the embossed card number. 4 CyberSource Corporation

13 Chapter 1 Introduction Figure 1 Example of a Visa Card Verification Number Card verification number You can use the Smart Authorization settings (discussed on page 5) to control which card verification results cause CyberSource to decline the order. Use the Business Center to change your Smart Authorization settings. See the Business Center User s Guide for more information. CyberSource supports card verification numbers for these processors and card types: FDMS Nashville: Visa, MasterCard FDMS South: Visa, MasterCard, American Express, Discover Paymentech New Hampshire: Visa, MasterCard, American Express, Discover Vital: Visa, MasterCard, American Express, Discover Smart Authorization The Smart Authorization service can help you validate your customers identities and guard against fraud losses. Your credit card authorizations are automatically screened using Smart Authorization, which allows you to detect fraud based on the following criteria: Address Verification Service (AVS) result (as described above) Card verification (CV) result (as described above) Transaction amount You should consider, however, signing up to use Advanced Smart Authorization, which screens your credit card authorizations based on the following additional, more sophisticated criteria: The order contains obscenities. The order contains nonsensical input. For example, if the customer enters their last name as zqmmmmz. Business Center Simple Order API User s Guide May

14 Reducing Your Chances of Fraud The billing or shipping address is not verified. The system could not verify that the billing or shipping address exists. The billing and shipping addresses do not match. USA PATRIOT Act compliance. The person or organization placing the order, or the country in the shipping address, are on a list of denied parties or places to whom the United States prohibits commercial sale according to the USA PATRIOT Act. Important You must configure the Smart Authorization settings in the Business Center before you accept orders. See Figure 2 on page 7 for what the settings look like. Smart Authorization analyzes each credit card authorization based on your settings. If you have configured the service to reject orders failing any or all of the Smart Authorization tests, the service will respond to your authorization request with a decline message, even if the card issuer itself approved the purchase. $0 Authorization If you are using FDMS South or Vital as your processor, you can perform an authorization for $0 to check if the card account is valid and whether the card is lost or stolen. You may not process a capture for a $0 authorization. For Vital, in the reply you receive authorization code=preath instead of the normal authorization code. For FDMS South, you receive the normal authorization code. You may not include the card verification number in the $0 authorization request for FDMS South. If you do, the request will be rejected. 6 CyberSource Corporation

15 Chapter 1 Introduction Figure 2 Smart Authorization Settings in the Business Center Business Center Simple Order API User s Guide May

16 Reducing Your Chances of Fraud 8 CyberSource Corporation

17 Chapter 2 Processing Orders with the API This chapter describes how to process a credit card order by using the CyberSource Simple Order API. For information about processing electronic check orders, see Chapter 4, Processing Orders with Electronic Checks, on page 31. Important Before going any further, make sure you are accepting orders using a secure connection (SSL). If you do not use SSL to take orders on your Web site, do not use the API. Instead, use the Hosted Order Page or the Virtual Terminal. See the Hosted Order Page User s Guide or Introduction to Processing Orders for more information about how to use them. Downloading a Client To use the API to process orders, the first thing you need to do is pick one of our clients: Java.NET ASP PHP Perl You can download your chosen client and its related documentation from the Developer Center. Using the Latest API Version CyberSource updates the Simple Order API on a regular basis to introduce new API fields and functionality and assigns a new version number each time it is updated. The latest API version at the time of this guide s publication is This represents the version of the server-side code for the ICS services. Business Center Simple Order API User s Guide May

18 Understanding API Requests and Replies Note The API version is different from the version of the CyberSource client SDK that you are using. See the CHANGES or README documentation for the SDK if you need to know which version of the client SDK you are using. When configuring the CyberSource client SDK, you indicate which version of the API you want to use. CyberSource suggests you use the latest version of the API. To determine the latest version, go to To see what has changed from version to version of the API, see the Simple Order API Release Notes. Note The Simple Order API was originally referred to as the Web Services API in the CyberSource documentation. You may still see old references to the Web Services API in some locations. Understanding API Requests and Replies In general, you process a credit card order through CyberSource like this: 1 You collect information about the order (the items being bought, the customer s name and address, the credit card information, and so on). 2 You send us a request with the information and ask us to perform the credit card authorization service. 3 We process your request and send you a response. 4 You look at the response and then tell your customer the results of their order. For example, the bank that issued the card may decide not to authorize the payment. You then need to tell your customer that the credit card has been denied, and possibly ask them for another form of payment. A Few Details about Requests A request includes information about the customer, their payment method, the items they are buying, and the service you are requesting. All of the fields you use in a credit card authorization are listed in Table 1. Using Items For the items being purchased, you number each item and call them item_0, item_1, item_ 2, and so on. You have fields that you can use to help describe the customer s order for that item. These include item_#_quantity, item_#_unitprice, and others. CyberSource uses the information you provide for each item to calculate the total amount for the order, the total tax amount for the order (if you provide tax information), and the freight amount for the order (if you provide freight information). 10 CyberSource Corporation

19 Chapter 2 Processing Orders with the API Important Do not include any carets (^) or colons (:) in the values you send in the request for any of the item_#_ fields. Carets and colons are reserved for use by the CyberSource services. Do not put any newlines or carriage returns into the values of any of the request fields. However, you can put embedded spaces and any other printable characters in the values. We will remove all leading and trailing spaces. Using a Grand Total, Total Tax, or Total Freight Amount Alternately, you may send a grand total amount, a total tax amount, or a total freight amount for the order using these fields: purchasetotals_grandtotalamount purchasetotals_taxamount purchasetotals_freightamount You may send these fields instead of or in addition to the item information discussed above. If you send these fields, CyberSource does not use the item information to calculate the grand total, total tax, or freight amount for the order. Instead, we use the values you give in the above fields. Note that the item information (if you provide it) still appears in the Transaction Detail page for the order in the Business Center. Important If you provide either purchasetotals_taxamount or purchasetotals_ freightamount, then you must also provide purchasetotals_grandtotalamount in your request. But, if you provide purchasetotals_grandtotalamount, you are not required to provide purchasetotals_taxamount or purchasetotals_freightamount. The following sections further explain how to use items and order totals. Grand Total Amount To specify the grand total for the order, you can do either of these: Use the item_#_unitprice field to specify the unit price for each item. CyberSource uses these values for the items to calculate the grand total for the order. Use the purchasetotals_grandtotalamount field. CyberSource uses this value as the grand total for the order. Total Tax Amount To specify the total tax amount for the order, you can do either of these: Use the item_#_taxamount field to specify the total tax amount for each item ordered (not the per-item tax amount). CyberSource uses these values for the items to calculate the total tax for the order, and thus the grand total amount for the order. Use this method if you do not plan to use the purchasetotals_grandtotalamount field in the request, but you want to specify tax amounts for the items in the order. Business Center Simple Order API User s Guide May

20 Understanding API Requests and Replies Use the purchasetotals_taxamount field. CyberSource uses this value as the total tax amount for the order. Use this method if you plan to use the purchasetotals_ grandtotalamount field in the request. Freight Amount To specify the freight amount, you can do either of these: Add an additional item to the order specifically to send the freight information for the order. You set item_#_unitprice to the freight amount and item_#_productcode to shipping_only, handling_only, or shipping_and_handling (see the list of product codes in Product Codes on page 45). Use this method if you do not plan to use the purchasetotals_grandtotalamount in your request but you want to specify a freight amount for the order. Set the purchasetotals_freightamount field to the total shipping and handling amount for the order. Use this method if you plan to use the purchasetotals_ grandtotalamount field in the request. See the example below for what a basic request for credit card authorization looks like. Note that it uses name-value pairs. In this example, John Doe is buying one item that costs $ ccauthservice_run=true merchantid=infodev merchantreferencecode=482046c3a7e94f5 billto_firstname=john billto_lastname=doe billto_street1=1295 Charleston Rd. billto_city=mountain View billto_state=ca billto_postalcode=94043 billto_country=us billto_phonenumber= billto_ [email protected] item_0_unitprice=49.95 item_0_quantity=1 purchasetotals_currency=usd card_expirationmonth=12 card_expirationyear=2015 card_accountnumber= CyberSource Corporation

21 Chapter 2 Processing Orders with the API Notice that the first field (ccauthservice_run) tells CyberSource to run the credit card authorization service. For a complete list of the fields you use with a credit card authorization, see Authorization Request Fields on page 17. A Few Details about Replies The reply you get from CyberSource gives you the results of your request. To use the reply information, you need to integrate it into your system and any other system that uses that data. You should write an error handler to interpret the information that you get in the reply. Do not show the reply information from CyberSource directly to the customer. Instead, show an appropriate response that tells the customer the result of the order. Decisions In the reply, you receive a field named decision, which summarizes the overall result of your request. Look at this field first to determine what to do with the order. The decision can be one of the following: ACCEPT: The request succeeded ERROR: There was a system error REJECT: The request was rejected If you get an ACCEPT, then you should proceed taking the customer s order. You get errors typically because of CyberSource system issues unrelated to the content of your request. Errors are very rare; however, you must design your system to include a way to correctly handle them. Depending on which payment processor is handling the order, the error may indicate a valid CyberSource system error, or it may indicate a processor rejection because of some type of invalid data. In either case, we recommend that you do not design your system to endlessly retry sending a request in the case of a system error. See the documentation for the CyberSource client (SDK) you are using for more information about how to handle system errors and retries. You can get a REJECT for different reasons. Your request can be rejected by CyberSource, the payment processor, or the issuing bank. For example, CyberSource will reject a request if it is missing required fields or a value is invalid. The issuing bank will reject a request if the card limit has been reached and funds are not available. To determine why a request was rejected, look at the reasoncode field (discussed below). You are charged for all accepted and rejected requests. You are not charged for requests that result in errors. Reason Codes After looking at the decision field, look at the reasoncode field to determine the reason for the decision and to decide if you want to take further action. Business Center Simple Order API User s Guide May

22 Understanding API Requests and Replies If the decision was ERROR, the reasoncode tells you what type of error occurred. If the decision was REJECT, the reasoncode tells you the reason for the reject and whether you can take action that might still result in a successful order. For descriptions of the reason codes for the credit card service, see Appendix B, Reason Codes, on page 47. You also receive ccauthreply_reasoncode in the reply. If you are requesting only credit card authorization and no additional services, you can ignore this field, as its value will always be the same as the reasoncode value. Note CyberSource reserves the right to add new reason codes at any time. If your error handler receives a reason code that it does not recognize, it should use the decision field to determine the result. Example Replies See the example below for a basic reply showing an ACCEPT decision. After this first example is another that shows a REJECT decision. All the fields you see in these replies are described in Table 2 on page 24. requestid= merchantreferencecode=482046c3a7e94f5 decision=accept ccauthreply_ ccauthreply_amount=49.95 ccauthreply_authorizationcode= ccauthreply_avscode=y ccauthreply_avscoderaw=yyy ccauthreply_authorizeddatetime= t23:44:27z ccauthreply_processorresponse=a purchasetotals_currency=usd The example reply below shows a REJECT decision. The payment was rejected for reason code 204, which indicates that the card had insufficient funds. You may receive other reply fields depending on the type of REJECT that occurs. requestid= decision=reject reasoncode=204 ccauthreply_reasoncode= CyberSource Corporation

23 Chapter 2 Processing Orders with the API Processing a Credit Card Order The only part of processing the order that you do through the API is the authorization. You do the capture and a refund (if necessary) in the Business Center (see page 26). Requesting the Authorization To indicate to CyberSource in your request that you want to run credit card authorization, set the ccauthservice_run field to true. Also include all the required fields listed in Table 1 on page 17. These next few sections describe how to use the API fields related to the fraud screening tests described in Chapter 1, Reducing Your Chances of Fraud, on page 4. Note If your order is flagged for one of the fraud checks described below, but you received a valid authorization code from the bank, you can still choose to accept the customer s order and capture the authorization. However, consider reviewing the order first to make sure that it is legitimate. Using the Address Verification Service The Address Verification Service (AVS) looks at the billing address the customer provided and checks if it matches the address that the issuing bank has on file. See Address Verification Service on page 4 for more information. You can configure your Smart Authorization settings in the Business Center to control which AVS results cause CyberSource to reject the order (see the Business Center User s Guide for more information). If your Smart Authorization settings for AVS cause CyberSource to reject the order, you get decision=reject and ccauthreply_ reasoncode=520. You can get details about the AVS result in the ccauthreply_avscode reply field. See Appendix C, Address Verification Service Codes, on page 53 for descriptions of the codes that you can receive in this field. Using the Card Verification Number You can request the card verification number from your customer and send it in your authorization request to help reduce the risk of fraud. See Card Verification Number on page 4 for more information. Use the card_cvnumber field in the request to send the customer s card verification number. Business Center Simple Order API User s Guide May

24 Processing a Credit Card Order Note If your processor is FDMS Nashville or FDMS South, and you decide to use card verification numbers, you can use the request field card_cvindicator to indicate if you are sending a card verification number in the request. The field is described below in Table 1. You can configure your Smart Authorization settings in the Business Center to control which card verification results cause CyberSource to reject the order (see the Business Center User s Guide for more information). If your Smart Authorization settings cause CyberSource to reject the order, you get decision=reject and ccauthreply_ reasoncode=520. You can get details about the CV result in the ccauthreply_cvcode field. See Appendix C, Card Verification Codes, on page 54 for descriptions of the codes that you can receive in this field. Using Smart Authorization Smart Authorization automatically screens all of your orders to flag ones that appear risky. See Smart Authorization on page 5 for more information. If Smart Authorization flags your order, in the reply you get decision=reject and ccauthreply_reasoncode=520. You can get details about why Smart Authorization flagged the order in the ccauthreply_authfactorcode reply field. See Appendix C, Smart Authorization Codes, on page 55 for descriptions of the codes you can receive in this field. Performing a Forced Capture If you are using Vital as your processor, you can perform forced captures. A forced capture occurs when you process an authorization outside the CyberSource system but capture the order by using CyberSource. Note You can perform a forced capture in the Business Center s Virtual Terminal. There, when you select the transaction type, select Capture with Verbal Auth. The Business Center automatically performs both the authorization and capture. Follow these steps to perform a forced capture through the API: 1 After you have processed the authorization outside the CyberSource system, request a CyberSource authorization (ccauthservice) as described in this chapter. As part of the request, include these fields: ccauthservice_authtype=verbal ccauthservice_verbalauthcode=<the authorization code you received> This authorization request does not get sent to the processor; CyberSource simply stores the information so that it can be used later for the capture. 16 CyberSource Corporation

25 Chapter 2 Processing Orders with the API 2 When ready, request the capture just like you would a normal capture (see Requesting a Capture on page 57). You do not need to provide the authorization code in the capture because CyberSource already has it in the database. The forced capture is processed. Indicating a Bill Payment You can indicate in the authorization request that the transaction is a bill that the customer is paying with a Visa card. Visa requests that you identify bill payments so that Visa can separate them from normal credit card purchases. Use the ccauthservice_billpayment field to do this. Although CyberSource accepts the ccauthservice_billpayment field no matter which processor you are using, currently CyberSource forwards the information only to Vital. API Fields Authorization Request Fields Table 1 lists the fields you use to request credit card authorization. If you are using Payer Authentication, see Using Payer Authentication on page 67 for additional authorization request fields that you must use. Table 1 Authorization Request Fields Field Name Description Required / Optional Datatype and Max Length billto_city City of the billing address. Required String (50) billto_country billto_ billto_firstname billto_lastname Country of the billing address. Use the two-character ISO codes (see the Support Center for a list of codes). Customer s address, including the full domain name (for example, [email protected]). Customer s first name.the value should be the same as the one that appears on the card. Customer s last name. The value should be the same as the one that appears on the card. Required String (2) Required String (255) Required String (60) Required String (60) billto_phonenumber Customer s phone number. Optional String (15) Business Center Simple Order API User s Guide May

26 Processing a Credit Card Order Table 1 Authorization Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length billto_postalcode Postal code of the billing address. The field must contain between five and nine digits. Required for U.S. or Canada String (10) If the value of billto_country is CA, the number of characters in billto_ postalcode must follow these rules: If the number of characters is greater than three, the first three characters must be of the format [alpha][numeric][alpha]. If the number of characters is seven, the last three characters must be of the format [numeric][alpha][numeric]. billto_state State or province of the billing address. Use the two-character codes (see the Support Center for a list of codes). Required for U.S. and Canada String (2) billto_street1 First line of the billing street address. Required String (60) billto_street2 Second line of the billing street address. Used for additional address information, for example: Attention: Accounts Payable Optional String (60) card_accountnumber Customer s credit card number. Required String with numbers only (20) 18 CyberSource Corporation

27 Chapter 2 Processing Orders with the API Table 1 Authorization Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length card_cardtype Type of card to authorize. This field is required if the card type is JCB (007), and optional for all other card types. See MasterCard and Diners Club Alliance on page 3 for important information. This field can contain one of the following values: 001: Visa 002: MasterCard 003: American Express 004: Discover 005: Diners Club 007: JCB (required) Optional (see description) String (3) card_cvindicator Card verification indicator used to indicate if a card verification value was sent. Accepted by FDMS Nashville and FDMS South. Optional String with numbers only (1) The field can contain one of the following values: 0: CV number service not requested. 1: CV number service requested and supported. 2: CV number on credit card is illegible. 9: CV number was not imprinted on credit card. The default value is 1 if you send the card_cvnumber field in the request, and 0 if you do not send the card_ cvnumber field. card_cvnumber Card verification number. See Using the Card Verification Number on page 15 for more information. Do not include this field if FDMS South is your processor and you are performing a $0 authorization. Optional String with numbers only (4) Business Center Simple Order API User s Guide May

28 Processing a Credit Card Order Table 1 Authorization Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length card_expirationmonth Two-digit month (MM - 01 through 12, inclusive) that the credit card expires in. The leading 0 is required. Required Integer (2) card_expirationyear Four-digit year (YYYY) that the credit card expires in. Required Integer (4) ccauthservice_authtype Set this field to verbal to indicate that you are performing a forced capture (that you received the authorization code outside the CyberSource system). See Performing a Forced Capture on page 16. Required for a forced capture. String (6) ccauthservice_ billpayment ccauthservice_ commerceindicator ccauthservice_run Indicates to Visa if the transaction is a bill that the customer is paying with a Visa card. Currently supported only for Vital. Use one of the following values: N (default): Not a bill payment Y: Bill payment See Indicating a Bill Payment on page 17. Transaction channel type. This field can contain one of the following values: internet (default): ecommerce transaction. moto: Mail order or telephone order. recurring: Recurring mail order or telephone order transaction. Set to true to include the credit card authorization service in your request. Optional String (1) Optional String (13) Required String (5) ccauthservice_ verbalauthcode The authorization code you received from an authorization that you performed outside the CyberSource system. See Performing a Forced Capture on page 16. Required for a forced capture String (6) 20 CyberSource Corporation

29 Chapter 2 Processing Orders with the API Table 1 Authorization Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length item_#_productcode Type of product, which is also used to determine the category that the product falls under (electronic, handling, physical, service, or shipping). The default value is default. See Product Codes on page 45 for a list of valid values. Optional String (30) item_#_productname Name of the product. Optional String (30) item_#_productsku Product s identifier code. Optional String (15) item_#_quantity item_#_taxamount item_#_unitprice Quantity of the product being purchased. The default value is 1. Required if item_#_productcode is NOT default, stored_value, or one of the values related to shipping and/or handling. Total tax to apply to the product. This value cannot be negative. The item_#_taxamount field is additive. For example, if you send one item with unitprice of $10.00 and taxamount of $0.80, and you send another item with unitprice of $20.00 and taxamount of $1.60, the total amount authorized will be for $32.40, not $30.00 with $2.40 of tax included. Per-item price of the product. You must provide either this field or purchasetotals_grandtotalamount in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. You can use a decimal if you want. For example, you can use either or 100 to represent one hundred dollars. Do not include any special characters, such as a dollar sign ($). If Vital is your processor, you may set this field to 0 to check if the card is lost or stolen. See description Integer (10) Optional String (15) See description String (15) Business Center Simple Order API User s Guide May

30 Processing a Credit Card Order Table 1 Authorization Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length merchantid merchantreferencecode purchasetotals_currency purchasetotals_ freightamount purchasetotals_ grandtotalamount purchasetotals_taxamount Your CyberSource merchant ID. You received this in the registration from CyberSource after you registered for a Business Center account. Merchant-generated order reference or tracking number. See Order Identifiers on page 29 for more information. Currency used for the order. All orders must use U.S. dollars. Use USD for this field. Total freight amount for the order. If you include this field, purchasetotals_grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Grand total for the order. You must provide either this field or item_#_ unitprice in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. If Vital is your processor, you may set this field to 0 to check if the card is lost or stolen. Total tax for the order. If you include this field, purchasetotals_ grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Required String (30) Required String (50) Required String (5) Optional String (15) See description String (15) Optional String (15) shipto_city City to which to ship the product. Optional (Required if providing any shipping information) String (50) 22 CyberSource Corporation

31 Chapter 2 Processing Orders with the API Table 1 Authorization Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length shipto_country shipto_ shipto_firstname shipto_lastname shipto_phonenumber Country to which to ship the product. Use the two-character ISO codes (see the Support Center for a list of codes). address of the person receiving the shipment (for example, [email protected]). First name of the person receiving the shipment. First name of the person receiving the shipment. Phone number for the person receiving the shipment. Optional String (2) Optional String (255) Optional String (60) Optional String (60) Optional String (15) shipto_postalcode Postal code to which to ship the product. Optional (Required if address is in U.S. and Canada) String (10) shipto_state State or province to which to ship the product. Use the two-character codes (see the Support Center for a list of codes). Optional (Required if address is in U.S. and Canada) String (2) shipto_street1 First line of the address to which to ship the product. Optional (Required if providing any shipping information) String (60) shipto_street2 Second line of the address to which to ship the product. Optional String (60) Authorization Reply Fields Table 2 lists the credit card authorization reply fields. Business Center Simple Order API User s Guide May

32 Processing a Credit Card Order Table 2 Authorization Reply Fields Field Name Description Datatype and Max Length ccauthreply_amount Total amount of the authorization. String (15) ccauthreply_ authfactorcode ccauthreply_ authorizationcode ccauthreply_ authorizeddatetime ccauthreply_avscode ccauthreply_ avscoderaw ccauthreply_cvcode ccauthreply_ cvcoderaw ccauthreply_ processorresponse ccauthreply_ reasoncode ccauthreply_ reconciliationid Risk factor code from Smart Authorization. This field will contain one or more of the codes, separated by carets (^). See Smart Authorization Codes on page 55 for a list of the codes. Authorization code. Returned only if a value if returned by the processor. For a Vital $0, the value you receive is PREATH. Time of authorization. The format is YYYY-MM- DDThh:mm:ssZ. For example, T22:47:57Z is equal to August 11, 2003, at 10:47:57 P.M. The T separates the date and the time, and the Z indicates UTC. Results of address verification. See Address Verification Service Codes on page 53 for a list of possible values. AVS result code sent directly from the processor. Returned only if a value is returned by the processor. Note Do not use this field to interpret the result of AVS. Use for debugging purposes only. Result of processing the card verification number. See Card Verification Codes on page 54 for a list of the possible values for this field. Card verification result code sent directly from the processor. Returned only if a value is returned by the processor. Note Do not use this field to interpret the result of card verification. Use for debugging purposes only. Processor s response code. Note Do not use this field to interpret the result of the authorization. Numeric value corresponding to the result of the credit card authorization request. See Reason Codes on page 47 for a list of possible values. Reference number for the transaction. Returned for Paymentech only. String (100) String (6) String (20) String (1) String (10) String (1) String (10) String (10) Integer (5) String (60) 24 CyberSource Corporation

33 Chapter 2 Processing Orders with the API Table 2 Authorization Reply Fields (Continued) Field Name decision Description Summarizes the result of the overall request. The field can contain one of the following values: ACCEPT: The request succeeded ERROR: There was a system error REJECT: One or more of the services in the request was declined Datatype and Max Length String (6) invalidfield_0...n Fields in the request that contained invalid data. String (100) merchantreferencecode Order reference or tracking number that you provided in the request. String (50) missingfield_0...n Required fields that were missing from the request. String (100) purchasetotals_ currency reasoncode Currency used for the order. For U.S. dollars, the value will be USD. Numeric value corresponding to the result of the overall request. See Reason Codes on page 47 for a list of possible values. String (5) Integer (5) requestid Identifier for the request. String (26) Testing Your Implementation To make sure that your requests are completed correctly, you need to test the basic success and error conditions for each ICS service you plan to use. When testing, follow these rules: Use your regular CyberSource merchant ID to perform testing. Use a non-existent account and domain name for the customer s address (for example, [email protected]). Make sure your client is configured to send requests to the test server ( ics2wstest.ic3.com/commerce/1.x/transactionprocessor). See the documentation for your client for information about how to do this. Business Center Simple Order API User s Guide May

34 Processing a Credit Card Order Unless otherwise specified, use the following test credit card numbers (without the spaces), not real ones: Credit Card Type Test Account Number Visa MasterCard American Express Discover JCB Diners Club Important The test credit card numbers are valid only when testing on the test server. CyberSource has created a simulator that allows you to use specific amounts in the test authorization request to trigger specific responses. This allows you to test your system with the different responses you might receive. For more information about using the simulator, see Appendix H, Using the Testing Simulator, on page 101. Capturing the Order 1 Once you have shipped the order, go to the Business Center to capture the authorization and move money into your bank account. Important If you do not capture the authorization, you do not receive payment. 2 Search in the Business Center for authorizations that have not been captured. Your order will look similar to this: 3 Capture the authorization. You will receive payment in your bank account within two to four days. 26 CyberSource Corporation

35 Chapter 2 Processing Orders with the API Note If you want to use the API to capture authorizations, see Appendix D, Requesting a Capture, on page 57. If you want to process Level III transactions with Vital, see Appendix F, Level III with Vital, on page 79 for information. Refunding the Customer s Money If you need to refund the customer s money, use the Business Center. See the Business Center User s Guide for information about how to credit the customer s card. Note You must perform a refund within 60 days of the authorization. If you need to refund a customer s money after that 60-day period, you need to issue a check to your customer. If your business s order and credit volume is large enough, you might instead consider processing credits using the API. See Appendix D, Requesting a Credit, on page 61 for more information. Going Live When you are ready to accept orders from customers, you can use the Business Center Web site to go live. See the Business Center User s Guide for more information. Important You must also configure your client so that it sends transactions to the production server and not the test server. See the documentation for your client for information about how to do this. After you go live, use real card numbers and other data to test every card type you support. Because these are real transactions in which you are buying from yourself, use small amounts, such as one dollar, to do the tests. Process an authorization, then capture the authorization, and later refund the money. Use your bank statements to verify that money is deposited into and withdrawn from your merchant bank account as expected. If you have more than one CyberSource merchant ID, test each one separately. Business Center Simple Order API User s Guide May

36 Going Live 28 CyberSource Corporation

37 Chapter 3 Additional Useful Information This chapter contains additional information that is useful for processing orders. Order Identifiers Each order you process has three identifiers associated with it: Order Number. This is an order number that you assign. You send this value in the merchantreferencecode field in the request. CyberSource recommends you use a unique number for each order as you use this value to track your order through the CyberSource system. You can use the order number to search for an order in the Business Center. Request ID. This is an identifier that CyberSource assigns to the request. You receive it in the reply in the requestid field. You can use the request ID to search for an order in the Business Center. Reconciliation ID. This is an identifier that the payment processor assigns to your order. You receive this in the reply in the ccauthreply_reconciliationid field. You might use this value when you need to do research on an order. You do not need to store this value as you can retrieve it from the Business Center. Reconciling Your Orders An important part of processing your orders is reconciliation. This is the process of verifying that the list of your processed orders matches the deposits into your bank account. For information about using CyberSource reports to reconcile your orders, see the Business Center User s Guide. Missing and Invalid Request Fields When you are first setting up your integration with the API, you might accidentally forget to include a required field, or you might send invalid data in a field. Business Center Simple Order API User s Guide May

38 Missing and Invalid Request Fields If your request is missing required fields, you receive reason code 101. If the request contains invalid data, you receive reason code 102. You also receive reply fields named missingfield_0...n and invalidfield_0...n, which list the fields that you need to correct. For example, if your request is missing three required fields, you receive the reply fields missingfield_0, missingfield_1, and missingfield_2. You should correct your code to make sure that you are providing all of the required fields and that the values you pass are valid. 30 CyberSource Corporation

39 Chapter 4 Processing Orders with Electronic Checks This chapter describes the Simple Order API fields that you use to process electronic check payments. Before reading this chapter, make sure to read the Business Center User s Guide. That guide explains important information about processing electronic checks. Also, this chapter assumes you have experience using the Simple Order API to process credit card payments. If you are not familiar with the API already, read Chapter 2, Processing Orders with the API, on page 9 to understand the basic concepts of processing requests and replies with the API. Preparing to Accept Electronic Checks To process electronic checks, you must add two items to your Web store: 1 On your Web site, add a link to the table of current state returned check fees ( Because this table is updated regularly, we recommend that you link directly to it. You can display the state fees table in a pop-up window, a full browser window, or directly on the checkout page. 2 At the end of the checkout process on your Web site, display the following consent statement for the check authorization that your customer must accept before submitting the order: By clicking Authorize, you authorize an electronic debit from your checking account that will be processed through the regular banking system. If your full order is not available at the same time, you authorize partial debits to your account, not to exceed the total authorized amount. The partial debits will take place upon each shipment of partial goods. If any of your payments are returned unpaid, you will be charged a returned item fee up to the maximum allowed by law. To exit without authorizing, click Cancel. Click here to view your state s returned item fee. Business Center Simple Order API User s Guide May

40 Processing Electronic Check Payments Processing Electronic Check Payments To process an order that uses an electronic check, you use the ecdebitservice. To request the service, set the ecdebitservice_run field to true. See Table 3 on page 33 for a list and description of the API fields to use when requesting the service. See Example Request and Reply on page 43 for an example request and reply. Many of the API fields that you use to process an electronic check are the same ones that you use to process a credit card. The difference is in the account information: Instead of collecting credit card information, you collect bank account information (including the bank account number and bank routing number). As a reminder, here is an image showing the location of the bank account number, bank routing number, and check number on a paper check: Figure 3 Location of Bank Routing Number, Bank Account Number, and Check Number NAME ADDRESS CITY, STATE ZIP DATE /6789 PAY TO THE ORDER OF $ BANK NAME ADDRESS CITY, STATE ZIP DOLLARS FOR Bank Routing Number You can use either AmeriNet or TeleCheck as your electronic check processor. Depending on which payment processor you use, you might need to collect other personal information from the customer. For example, AmeriNet requires the customer s date of birth, and TeleCheck requires the customer s driver s license information. Corporate Checks If you are processing corporate checks with TeleCheck, you must include either both billto_driverslicensenumber and billto_driverslicensestate, or both billto_company and billto_companytaxid. If you are processing corporate checks with AmeriNet, set the billto_dateofbirth to Reconciliation ID Bank Account Number Check Number In the electronic check debit reply, you receive a unique reconciliation ID that is assigned by CyberSource. You use it to reconcile the transactions in your CyberSource reports with 32 CyberSource Corporation

41 Chapter 4 Processing Orders with Electronic Checks the transactions in your processor reports. This number appears in the ecdebitreply_ reconciliationid field. Electronic Check Debit Fields Request Fields Table 3 lists the request fields you use when requesting an electronic check debit. Table 3 Electronic Check Debit Request Fields Field Name Description Required / Optional Datatype and Max Length billto_city City of the billing address. Required String (50) billto_company Name of the customer s company. Used only for TeleCheck corporate checks. For these checks, either both billto_driverslicensenumber and billto_driverslicensestate are required, or both billto_company and billto_companytaxid are required. See field description String (40) billto_companytaxid Company s tax identifier. Used only for TeleCheck corporate checks. For these checks, either both billto_ driverslicensenumber and billto_ driverslicensestate are required, or both billto_company and billto_ companytaxid are required. See field description String with numbers only (9) billto_country Country of the billing address. Use the two-character ISO codes (see the Support Center for a list of codes). Required String (2) billto_dateofbirth Customer s date of birth. Use format YYYY-MM-DD or YYYYMMDD. NOTE If using AmeriNet, check with them to see if they require you to provide this field. Optional (For AmeriNet, see field description) String (10) For AmeriNet corporate checks, use the value Business Center Simple Order API User s Guide May

42 Processing Electronic Check Payments Table 3 Electronic Check Debit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length billto_ driverslicensenumber Customer s driver s license number. Required for TeleCheck personal checks. See field description String (30) For TeleCheck corporate checks, either both billto_ driverslicensenumber and billto_ driverslicensestate are required, or both billto_company and billto_ companytaxid are required. billto_ driverslicensestate State or province where the customer s driver s license was issued. Used only for TeleCheck. Use the two-character codes (see the Support Center for a list of codes). See field description String (2) Required for TeleCheck personal checks. For TeleCheck corporate checks, either both billto_ driverslicensenumber and billto_ driverslicensestate are required, or both billto_company and billto_ companytaxid are required. Use the two-character codes (see the Support Center for a list of codes). billto_ billto_firstname billto_ipaddress billto_lastname Customer s address, including the full domain name (for example, [email protected]). Customer s first name. If the first name is unavailable or inapplicable (for example, for a corporate account), enter a dummy value such as NA. Customer s IP address (for example, ). Customer s last name. If the transaction is for a corporate account, use the company name. Required String (255) Required String (60) Optional String (15) Required String (60) 34 CyberSource Corporation

43 Chapter 4 Processing Orders with Electronic Checks Table 3 Electronic Check Debit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length billto_phonenumber Customer s phone number. Required String (15) billto_postalcode billto_state Postal code of the billing address. The field must contain between five and nine digits. If the value of billto_country is CA, the number of characters in billto_ postalcode must follow these rules: If the number of characters is greater than three, the first three characters must be of the format [alpha][numeric][alpha]. If the number of characters is seven, the last three characters must be of the format [numeric][alpha][numeric]. State or province of the billing address. Use the two-character codes (see the Support Center for a list of codes). Required String (10) Required String (2) billto_street1 First line of the billing street address. Required String (60) billto_street2 Second line of the billing street address. Used for additional address information, for example: Attention: Accounts Payable Optional String (60) check_accountnumber Customer s checking account number. Required String with numbers only (17) check_accounttype Checking account type. This field can contain one of the following values: C: Checking S: Savings X: Corporate checking Required String (1) check_banktransitnumber Bank routing number (also known as the transit number ). Required String with numbers only (9) Business Center Simple Order API User s Guide May

44 Processing Electronic Check Payments Table 3 Electronic Check Debit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length check_checknumber Check number. NOTE If using AmeriNet, check with them to see if they require you to provide this field. Optional (for AmeriNet, see field description) String with numbers only (8) ecdebitservice_ referencenumber For TeleCheck, this is an optional merchant-generated reference number that TeleCheck uses to track the transaction in their system. If you do not send this field in your request, CyberSource generates a unique value for you and returns it in the reply field ecdebitreply_ reconciliationid. See field description String (25) Not used for AmeriNet. ecdebitservice_run item_#_productcode Whether to include ecdebitservice in your request. The field can contain one of the following values: true: Include the service in your request. false (default): Do not include the service in your request. Type of product, which is also used to determine the category that the product falls under (electronic, handling, physical, service, or shipping). The default value is default. See Product Codes on page 45 for a list of valid values. Required String (5) Optional String (30) item_#_productname Name of the product. Optional String (30) item_#_productsku Product s identifier code. Optional String (15) item_#_quantity Quantity of the product being purchased. The default value is 1. Optional Integer (10) 36 CyberSource Corporation

45 Chapter 4 Processing Orders with Electronic Checks Table 3 Electronic Check Debit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length item_#_taxamount Total tax to apply to the product. This value cannot be negative. The item_#_taxamount field is additive. For example, if you send one item with unitprice of $10.00 and taxamount of $0.80, and you send another item with unitprice of $20.00 and taxamount of $1.60, the total amount authorized will be for $32.40, not $30.00 with $2.40 of tax included. Optional String (15) item_#_unitprice Per-item price of the product. You must provide either this field or purchasetotals_ grandtotalamount in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. See description String (15) You can use a decimal if you want. For example, you can use either or 100 to represent one hundred dollars. Do not include any special characters, such as a dollar sign ($). merchantid merchantreferencecode purchasetotals_currency Your CyberSource merchant ID. You received this in the registration from CyberSource after you registered for a Business Center account. Use the same merchantid for evaluation, testing, and production. Merchant-generated order reference or tracking number. See Order Identifiers on page 29 for more information. Currency used for the order. All orders must use U.S. dollars. Use USD for this field. Required String (30) Required String (50) Required String (5) Business Center Simple Order API User s Guide May

46 Processing Electronic Check Payments Table 3 Electronic Check Debit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length purchasetotals_ freightamount Total freight amount for the order. If you include this field, purchasetotals_ grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Optional String (15) purchasetotals_ grandtotalamount Grand total for the order. You must provide either this field or item_#_ unitprice in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. See field description String (15) purchasetotals_taxamount Total tax for the order. If you include this field, purchasetotals_ grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Optional String (15) shipto_city City to which to ship the product. Optional (Required if providing any shipping information) String (50) shipto_country shipto_ shipto_firstname shipto_lastname shipto_phonenumber Country to which to ship the product. Use the two-character ISO codes (see the Support Center for a list of codes). address of the person receiving the shipment (for example, [email protected]). First name of the person receiving the shipment. First name of the person receiving the shipment. Phone number for the person receiving the shipment. Optional String (2) Optional String (255) Optional String (60) Optional String (60) Optional String (15) 38 CyberSource Corporation

47 Chapter 4 Processing Orders with Electronic Checks Table 3 Electronic Check Debit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length shipto_postalcode Postal code to which to ship the product. Optional (Required if address is in U.S. and Canada) String (10) shipto_state State or province to which to ship the product. Use the two-character codes (see the Support Center for a list of codes). Optional (Required if address is in U.S. and Canada) String (2) shipto_street1 First line of the address to which to ship the product. Optional (Required if providing any shipping information) String (60) shipto_street2 Second line of the address to which to ship the product. Optional String (60) Reply Fields Table 4 lists the electronic check debit reply fields. Table 4 Electronic Check Debit Reply Fields Field Name decision Description Summarizes the result of the overall request. The field can contain one of the following values: ACCEPT ERROR REJECT Datatype and Max Length String (6) ecdebitreply_amount Total amount submitted to the payment processor. String (15) ecdebitreply_ processortransactionid Transaction identifier or tracking ID returned by AmeriNet. String (87) Business Center Simple Order API User s Guide May

48 Processing Electronic Check Payments Table 4 Electronic Check Debit Reply Fields (Continued) Field Name ecdebitreply_reasoncode ecdebitreply_ reconciliationid ecdebitreply_ requestdatetime Description A numeric value corresponding to the result of the debit request. See Reason Codes for Electronic Check Services on page 50 for a list of possible values. Reference number that you use to reconcile your CyberSource reports with your processor reports. Time when debit is requested. The format is YYYY- MM-DDThh:mm:ssZ. For example, T22:47:57Z is equal to August 11, 2003, at 10:47:57 P.M. The T separates the date and the time, and the Z indicates UTC. Datatype and Max Length Integer (5) String (60) String (20) ecdebitreply_ processorresponse Result code returned by the payment processor. String (6) ecdebitreply_ settlementmethod ecdebitreply_ verificationlevel Method used to settle the debit. This field will contain B to indicate best possible method (best of either ACH or facsimile). Level of screening for the request. This field will contain 1 to indicate validation. String (1) Integer (1) invalidfield_0...n Fields in the request that contained invalid data. String (100) merchantreferencecode Order reference or tracking number that you provided in the request. String (50) missingfield_0...n Required fields that were missing from the request. String (100) purchasetotals_currency reasoncode Currency used for the order. For U.S. dollars, the value will be USD. Numeric value corresponding to the result of the overall request. See Reason Codes for Electronic Check Services on page 50 for a list of possible values. String (5) Integer (5) requestid Identifier for the request. String (26) 40 CyberSource Corporation

49 Chapter 4 Processing Orders with Electronic Checks Seeing When the Check Has Cleared To determine when your electronic checks have cleared, use the Payment Events Report, which is available in the Business Center. For TeleCheck, when the check clears, the event type listed in the report is Payment. If you use AmeriNet, the report shows an event type of Payment when AmeriNet receives your debit request. AmeriNet then waits for six days, and if they receive no word from the bank of any problems transferring the funds, they consider the check cleared. You then see an event type of Completed for the check. CyberSource does not guarantee that the check has truly cleared. The report also shows when other events occur. For example, it shows if the bank has any problems processing the check (insufficient funds, errors, and so on), and when refunds clear. For more information about the Payment Events Report, see the Business Center Reporting User s Guide. Refunding the Customer s Money If you need to refund the customer s money, use the Business Center. See the Business Center User s Guide for information about how to credit the customer s bank account. Note If your business s order and credit volume is large enough, you might consider processing credits by using the API. See Appendix E, Advanced API Capabilities for Electronic Checks, on page 71 for more information about using the API to process credits. Testing Your Implementation To test your electronic check implementation, you may use the test server or production server: Test: Production: You select which server to use in the CyberSource client configuration (see the documentation for your client for more information). Your status in the Business Center will typically already be live when testing electronic checks, so only transactions that you send to the production server will appear in the Business Center. You may, however, send transactions to the test server to verify your requests and responses. Business Center Simple Order API User s Guide May

50 Testing Your Implementation CyberSource recommends that you test on the production server, using your own bank account and debits for small amounts such as $2.00. Check your bank statements to verify that the money moves as you expect. You should also test the credit function in the Business Center (and with the API if you are using the API for credits). 42 CyberSource Corporation

51 Chapter 4 Processing Orders with Electronic Checks Example Request and Reply The following examples show a request and reply for processing a payment with an electronic check. Example Electronic Check Debit Request ecdebitservice_run=true merchantid=infodev merchantreferencecode=482046c3a7e94f7 billto_firstname=john billto_lastname=doe billto_street1=1295 Charleston Rd. billto_city=mountain View billto_state=ca billto_postalcode=94043 billto_country=us billto_phonenumber= billto_ [email protected] billto_dateofbirth= item_0_unitprice= purchasetotals_currency=usd check_accountnumber=4100 check_accounttype=c check_banktransitnumber= Business Center Simple Order API User s Guide May

52 Example Request and Reply Example Electronic Check Debit Reply requestid= merchantreferencecode=482046c3a7e94f7 decision=accept ecdebitreply_ ecdebitreply_settlementmethod=a ecdebitreply_requestdatetime= t23:48:09z ecdebitreply_amount= ecdebitreply_verificationlevel=1 ecdebitreply_reconciliationid=02ryxspgcqh60nwa ecdebitreply_processorresponse= purchasetotals_currency=usd 44 CyberSource Corporation

53 Appendix A Product Codes This table lists the values you can use for the product code, which you can specify by using the item_#_productcode request field. Table 5 Product Code Values Product Code adult_content default electronic_good electronic_software gift_certificate handling_only service shipping_and_ handling shipping_only stored_value subscription Definition Adult content. Default value for the product code. CyberSource uses default when a request provides no value for the product code. Electronic product other than software. Software distributed electronically rather than on tapes, disks, or other media. Gift certificate not issued with CyberSource Stored Value Services. Separate charge that is generally a fee imposed by the seller on the customer. The fee pays for the seller s administrative selling costs. Service that you perform for the customer. Shipping is a separate charge for shipping the product to the purchaser. Handling is generally a fee imposed by the seller to pay for administrative selling costs. Charge for transporting tangible personal property from the seller to the purchaser. Documentation must be maintained that clearly establishes where title to the tangible personal property passed from the seller to the purchaser. Stored Value certificate. Subscription to a Web site or other content. Business Center Simple Order API User s Guide May

54 46 CyberSource Corporation

55 Appendix B Reason Codes This appendix lists the reason codes returned for the credit card and electronic check services. See A Few Details about Replies on page 13 for a discussion of replies, decisions, and reason codes. Note CyberSource reserves the right to add new reason codes at any time. If your error handler receives a reason code that it does not recognize, it should use the decision field to determine the result. Reason Codes for Credit Card Services Table 6 Reason Codes for Credit Card Services Reason Code Description 100 Successful transaction. 101 The request is missing one or more required fields. Possible action: See the reply fields missingfield_0...n for which fields are missing. Resend the request with the complete information. 102 One or more fields in the request contains invalid data. Possible action: See the reply fields invalidfield_0...n for which fields are invalid. Resend the request with the correct information. 104 The merchantreferencecode sent with this authorization request matches the merchantreferencecode of another authorization request that you sent in the last 15 minutes. Possible action: Resend the request with a unique merchantreferencecode value. Business Center Simple Order API User s Guide May

56 Reason Codes for Credit Card Services Table 6 Reason Codes for Credit Card Services (Continued) Reason Code Description 150 Error: General system failure. See the documentation for your CyberSource client (SDK) for information about how to handle retries in the case of system errors. 151 Error: The request was received but there was a server timeout. This error does not include timeouts between the client and the server. Possible action: To avoid duplicating the order, do not resend the request until you have reviewed the order status in the Business Center. See the documentation for your CyberSource client (SDK) for information about how to handle retries in the case of system errors. 152 Error: The request was received, but a service did not finish running in time. Possible action: To avoid duplicating the order, do not resend the request until you have reviewed the order status in the Business Center. See the documentation for your CyberSource client (SDK) for information about how to handle retries in the case of system errors. 201 The issuing bank has questions about the request. You do not receive an authorization code programmatically, but you might receive one verbally by calling the processor. Possible action: Call your processor or the issuing bank to possibly receive a verbal authorization. For contact phone numbers, refer to your merchant bank information. 202 Expired card. Possible action: Request a different card or other form of payment. 203 General decline of the card. No other information provided by the issuing bank. Possible action: Request a different card or other form of payment. 204 Insufficient funds in the account. Possible action: Request a different card or other form of payment. 205 Stolen or lost card. Possible action: Review the customer s information and determine if you want to request a different card from the customer. 207 Issuing bank unavailable. Possible action: Wait a few minutes and resend the request. 208 Inactive card or card not authorized for card-not-present transactions. Possible action: Request a different card or other form of payment. 48 CyberSource Corporation

57 Appendix B Reason Codes Table 6 Reason Codes for Credit Card Services (Continued) Reason Code Description 210 The card has reached the credit limit. Possible action: Request a different card or other form of payment. 211 Invalid card verification number. Possible action: Request a different card or other form of payment. 221 The customer matched an entry on the processor s negative file. Possible action: Review the order and contact the payment processor. 231 Invalid account number. Possible action: Request a different card or other form of payment. 232 The card type is not accepted by the payment processor. Possible action: Request a different card or other form of payment. Also, check with CyberSource Customer Support to make sure your account is configured correctly. 233 General decline by the processor. Possible action: Request a different card or other form of payment. 234 There is a problem with your CyberSource merchant configuration. Possible action: Do not resend the request. Contact Customer Support to correct the configuration problem. 235 The requested amount exceeds the originally authorized amount. Occurs, for example, if you try to capture an amount larger than the original authorization amount. This reason code applies if you are processing a capture through the API. Possible action: Issue a new authorization and capture request for the new amount. 236 Processor failure. Possible action: Tell the customer the payment processing system is unavailable temporarily, and to try their order again in a few minutes. 238 The authorization has already been captured. This reason code applies if you are processing a capture through the API. Possible action: No action required. 239 The requested transaction amount must match the previous transaction amount. Possible action: Correct the amount and resend the request. Business Center Simple Order API User s Guide May

58 Reason Codes for Electronic Check Services Table 6 Reason Codes for Credit Card Services (Continued) Reason Code Description 240 The card type sent is invalid or does not correlate with the credit card number. Possible action: Ask your customer to verify that the card is really the type that they indicated in your Web store, then resend the request. 241 The request ID is invalid. This reason code applies when you are processing a capture or credit through the API. Possible action: Request a new authorization, and if successful, proceed with the capture. 242 You requested a capture through the API, but there is no corresponding, unused authorization record. Occurs if there was not a previously successful authorization request or if the previously successful authorization has already been used by another capture request. Possible action: Request a new authorization, and if successful, proceed with the capture. 250 Error: The request was received, but there was a timeout at the payment processor. Possible action: To avoid duplicating the transaction, do not resend the request until you have reviewed the transaction status in the Business Center. 520 The authorization request was approved by the issuing bank but declined by CyberSource based on your Smart Authorization settings. Possible action: Do not capture the authorization without further review. Review the ccauthreply_avscode, ccauthreply_cvcode, and ccauthreply_authfactorcode fields to determine why CyberSource rejected the request. Reason Codes for Electronic Check Services Table 6 lists the reason codes returned for the electronic check services. 50 CyberSource Corporation

59 Appendix B Reason Codes Table 7 Reason Codes for Electronic Check Services Reason Code Description 100 Successful transaction. 101 The request is missing one or more required fields. Possible action: See the reply fields missingfield_0...n for which fields are missing. Resend the request with the complete information. 102 One or more fields in the request contains invalid data. Possible action: See the reply fields invalidfield_0...n for which fields are invalid. Resend the request with the correct information. 150 Error: General system failure. See the documentation for your CyberSource client (SDK) for information about how to handle retries in the case of system errors. 151 Error: The request was received, but there was a server timeout. This error does not include timeouts between the client and the server. Possible action: To avoid duplicating the order, do not resend the request until you have reviewed the order status in the Business Center. See the documentation for your CyberSource client (SDK) for information about how to handle retries in the case of system errors. 152 Error: The request was received, but a service did not finish running in time. Possible action: To avoid duplicating the order, do not resend the request until you have reviewed the order status in the Business Center. See the documentation for your CyberSource client (SDK) for information about how to handle retries in the case of system errors. 220 The processor declined the request based on a general issue with the customer s account. Possible action: Request a different form of payment. 221 The customer matched an entry on the processor s negative file. Possible action: Review the order and contact the payment processor. 222 The customer s bank account is frozen. Possible action: Review the order or request a different form of payment. 233 The processor declined the request based on an issue with the request itself. Possible action: Request a different form of payment. 234 There is a problem with your CyberSource merchant configuration. Possible action: Do not resend the request. Contact Customer Support to correct the configuration problem. Business Center Simple Order API User s Guide May

60 Reason Codes for Electronic Check Services Table 7 Reason Codes for Electronic Check Services Reason Code Description 236 Processor failure. Possible action: Wait a few minutes and resend the request. 241 The request ID is invalid for the follow-on request. This reason code is returned for follow-on credits only (see Appendix E, Advanced API Capabilities for Electronic Checks, on page 71). Possible action: Verify the request ID is valid and resend the request. 250 Error: The request was received, but there was a timeout at the payment processor. Possible action: To avoid duplicating the order, do not resend the request until you have reviewed the order status in the Business Center. 52 CyberSource Corporation

61 Appendix C Codes for Fraud Tests Address Verification Service Codes Table 8 lists the possible result codes for the Address Verification Service. See Address Verification Service on page 4 for general information about AVS. Some of the codes have the same meaning. All codes are valid for any type of merchant to receive. You should be prepared to receive any of them. The alphabetic values in the table below are the Visa standard AVS codes. AVS codes for other types of credit cards are mapped to the Visa standard codes. Some codes are returned only for Visa cards issued outside the U.S. You receive these codes in the ccauthreply_avscode reply field. Table 8 Address Verification Service Codes Code Summary Description A Partial match Street address matches, but both 5-digit ZIP code and 9-digit ZIP code do not match. B Partial match Street address matches, but postal code not verified. Returned only for non-u.s.-issued Visa cards. C Not verified Street address and postal code not verified. Returned only for non-u.s.-issued Visa cards. D Match Street address and postal code both match. Returned only for non-u.s.-issued Visa cards. E Invalid AVS data is invalid. G Not supported Non-U.S. issuing bank does not support AVS. I Not verified Address information not verified. Returned only for non-u.s.- issued Visa cards. Business Center Simple Order API User s Guide May

62 Card Verification Codes Table 8 Address Verification Service Codes Code Summary Description M Match Street address and postal code both match. Returned only for non-u.s.-issued Visa cards. N No match Street address, 5-digit ZIP code, and 9-digit ZIP code all do not match. P Partial match Postal code matches, but street address not verified. Returned only for non-u.s.-issued Visa cards. R System unavailable System unavailable. S Not supported U.S. issuing bank does not support AVS. U System unavailable Address information unavailable. Returned if the U.S. bank does not support non-u.s. AVS or if the AVS in a U.S. bank is not functioning properly. W Partial match Street address does not match, but 9-digit ZIP code matches. X Match Exact match. Street address and 9-digit ZIP code both match. Y Match Street address and 5-digit ZIP code both match. Z Partial Match Street address does not match, but 5-digit ZIP code matches. 1 Not supported CyberSource AVS code. AVS is not supported for this processor or card type. 2 Invalid CyberSource AVS code. The processor returned an unrecognized value for the AVS response. Card Verification Codes Table 9 lists the possible result codes for the Card Verification Number check. See Card Verification Number on page 4 for general information. You receive these codes in the ccauthreply_cvcode reply field. 54 CyberSource Corporation

63 Appendix C Codes for Fraud Tests Table 9 Card Verification Codes Code I M N P S U X Description Card verification number failed processor's data validation check. Card verification number matched. Card verification number not matched. Card verification number not processed. Card verification number is on the card but was not included in the request. Card verification is not supported by the issuing bank. Card verification is not supported by the card association. 1 Card verification is not supported for this processor or card type. 2 The processor returned an unrecognized value for the card verification response. 3 The processor did not return a card verification result code. Smart Authorization Codes Table 10 lists the possible result codes for Smart Authorization. See Smart Authorization on page 5 for general information. You receive these codes in the ccauthreply_authfactorcode reply field. Table 10 Smart Authorization Codes Code J M N O Description Billing and shipping address do not match. Cost of the order exceeds the maximum transaction amount. Nonsensical input in the customer name or address fields. Obscenities in the order form. Business Center Simple Order API User s Guide May

64 Smart Authorization Codes Table 10 Smart Authorization Codes Code U X Description Unverifiable billing or shipping address. Order does not comply with the USA PATRIOT Act. 56 CyberSource Corporation

65 Appendix D Advanced API Capabilities for Credit Cards This appendix describes several advanced API topics, including: Using the API for captures, credits, and sales Using additional authorization fields for Payer Authentication Why Use the API for Captures and Credits? The main chapters in this guide say to use the Business Center to perform captures and credits. You can, however, perform captures and credits through the API. Whether you do this depends on the volume of orders you have and how you have structured your fulfillment system. If you want to process Level III transactions with Vital, see Appendix F, Level III with Vital, on page 79. Requesting a Capture To request a capture, send a request and set the cccaptureservice_run field to true. Also include all the required fields listed in Table 11. Processing a Verbal Authorization A verbal authorization occurs when you request an authorization through CyberSource, and the issuing bank asks you to call the payment processor to answer questions about the order (reasoncode=201). In this case, you do not receive an authorization code programmatically in the reply, but you may be able to receive one verbally over the phone. Once you have the code, you may then request a capture through the API and include the verbal authorization code as part of the capture request. Business Center Simple Order API User s Guide May

66 Requesting a Capture Note For normal authorizations, you receive the authorization code programmatically. For verbal authorizations, you receive the code manually. Make sure you can enter verbal authorization codes manually into your order system. Important Do not confuse the verbal authorization discussed here with a forced capture. The difference is that with a verbal authorization, you get the authorization code directly from the processor or issuing bank after requesting an authorization through CyberSource and receiving a CyberSource decline. With a forced capture, you get the authorization code by performing an authorization outside of CyberSource. In both cases, you follow up with a capture that uses CyberSource s system. For information about processing forced captures, see Performing a Forced Capture on page 16. Using verbal authorization, you can request to capture an authorization that was declined for any of the following reasons: Verbal authorization required Card expired Card refused Invalid card To capture an authorization with a verbal authorization code, send the authorization code in the cccaptureservice_verbalauthcode request field. Also, include the word verbal in the cccaptureservice_authtype field. Note You must set the cccaptureservice_authtype field to verbal or else the cccaptureservice_verbalauthcode field will be ignored. Capture Request Fields Table 11 lists the fields you use to request a capture. Table 11 Capture Request Fields Field Name Description Required / Optional Datatype and Max Length cccaptureservice_ authrequestid Value of requestid returned from the credit card authorization reply. Required String (26) 58 CyberSource Corporation

67 Appendix D Advanced API Capabilities for Credit Cards Table 11 Capture Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length cccaptureservice_ authtype Set to verbal to indicate a verbal authorization. See Processing a Verbal Authorization on page 57. Required for a verbal authorization String (6) cccaptureservice_run Set to true to include the credit card capture service in your request. Required String (5) cccaptureservice_ verbalauthcode Verbally obtained authorization code. See Processing a Verbal Authorization on page 57. Required for a verbal authorization String (6) item_#_productcode For descriptions for all of the item_#_ fields, see Table 1 on page 17. Optional String (30) item_#_productname Optional String (30) item_#_productsku Optional String (15) item_#_quantity Optional Integer (10) item_#_taxamount Optional String (15) item_#_unitprice Per-item price of the product. You must provide either this field or purchasetotals_grandtotalamount in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. See description String (15) merchantid merchantreferencecode purchasetotals_currency Your CyberSource merchant ID. You received this in the registration from CyberSource after you registered for a Business Center account. Merchant-generated order reference or tracking number. Use the same value that you used for the authorization. See Order Identifiers on page 29 for more information. Currency used for the order. All orders must use U.S. dollars. Use USD for this field. Required String (30) Required String (50) Required String (5) Business Center Simple Order API User s Guide May

68 Requesting a Capture Table 11 Capture Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length purchasetotals_ freightamount Total freight amount for the order. If you include this field, purchasetotals_grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Optional String (15) purchasetotals_ grandtotalamount Grand total for the order. You must provide either this field or item_#_ unitprice in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. See description String (15) purchasetotals_ taxamount Total tax for the order. If you include this field, purchasetotals_ grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Optional String (15) Capture Reply Fields Table 12 lists the capture reply fields. Table 12 Capture Reply Fields Field Name Description Datatype and Max Length cccapturereply_amount Total amount of the capture. String (15) cccapturereply_ reasoncode cccapturereply_ reconciliationid Numeric value corresponding to the result of the capture request. See Reason Codes on page 47 for a list of possible values. Reference number that you use to reconcile your CyberSource reports with your processor reports. Integer (5) String (60) 60 CyberSource Corporation

69 Appendix D Advanced API Capabilities for Credit Cards Table 12 Capture Reply Fields (Continued) Field Name cccapturereply_ requestdatetime decision Description Time when capture is requested. The format is YYYY-MM-DDThh:mm:ssZ. For example, T22:47:57Z is equal to August 11, 2003, at 10:47:57 P.M. The T separates the date and the time, and the Z indicates UTC. Summarizes the result of the overall request. The field can contain one of the following values: ACCEPT: The request succeeded ERROR: There was a system error REJECT: One or more of the services in the request was declined Datatype and Max Length String (20) String (6) invalidfield_0...n Fields in the request that contained invalid data. String (100) merchantreferencecode Order reference or tracking number that you provided in the request. String (50) missingfield_0...n Required fields that were missing from the request. String (100) purchasetotals_ currency reasoncode requestid Currency used for the order. For U.S. dollars, the value will be USD. Numeric value corresponding to the result of the overall request. See Reason Codes on page 47 for a list of possible values. Identifier for the request. Note that this request ID is different than the request ID you received for the authorization request. String (5) Integer (5) String (26) Requesting a Credit Normally you will process credits through the Business Center. There, you search for the original order, CyberSource retrieves the order information from our database, and then you click a button to perform the credit. This type of credit is called a follow-on credit because it references the order information stored in our database. You can also perform a follow-on credit through the API. You provide the request ID from the authorization in the cccreditservice_capturerequestid field and we use that to reference the order information from the authorization. Business Center Simple Order API User s Guide May

70 Requesting a Credit However, we retain the order data for only 60 days after the authorization. If you need to refund a customer s money after that 60-day period, you can perform a stand-alone credit. It is called stand-alone because it does not rely on previous order information stored in our database. Instead, you must get from the customer their credit card number and billing address, and provide that information to CyberSource in a credit request through the API. To request either type of credit, send a request and set the cccreditservice_run field to true. Also include all the required fields as listed in Table 13. Indicating a Bill Payment You can indicate in the request that the credit is for a bill that the customer paid with a Visa card. Visa requests that you identify bill payments so that Visa can separate them from normal credit card purchases/credits. Use the cccreditservice_billpayment field to do this. Although CyberSource accepts the cccreditservice_billpayment field no matter which processor you are using, currently CyberSource forwards the information only to Vital. Credit Request Fields Table 13 lists the fields you use to request a credit. The fields with asterisks (**) are optional for follow-on credits. Table 13 Credit Request Fields Field Name Description Required / Optional Datatype and Max Length billto_city For descriptions for all of the billto_ fields, see Table 1 on page 17. Required ** String (50) billto_country Required ** String (2) billto_ Required ** String (255) billto_firstname Required ** String (60) billto_lastname Required ** String (60) billto_phonenumber Optional String (15) ** Optional for follow-on credits 62 CyberSource Corporation

71 Appendix D Advanced API Capabilities for Credit Cards Table 13 Credit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length billto_postalcode billto_state Required for U.S. and Canada ** Required for U.S. and Canada ** String (10) String (2) billto_street1 Required ** String (60) billto_street2 Optional String (60) card_accountnumber Customer s credit card number. Required ** String with numbers only (20) card_expirationmonth card_expirationyear cccreditservice_ billpayment Two-digit month (MM - 01 through 12, inclusive) that the credit card expires in. The leading 0 is required. Four-digit year (YYYY) that the credit card expires in. Indicates to Visa if the credit is for a bill that the customer was paying with a Visa card. Currently supported only for Vital. Use one of the following values: N (default): Not a bill payment Y: Bill payment See Indicating a Bill Payment on page 17. Required ** Integer (2) Required ** Integer (4) Optional String (1) cccreditservice_ capturerequestid The requestid returned from a previous request for capture. Creates a follow-on credit by linking the credit to the previous capture. If you send this field, you do not need to send the customer s name, the billing address, or the credit card information. Required for a follow-on credit String (26) ** Optional for follow-on credits Business Center Simple Order API User s Guide May

72 Requesting a Credit Table 13 Credit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length cccreditservice_run item_#_productcode Set to true to include the credit service in your request. For descriptions for all of the item_ #_ fields, see Table 1 on page 17. Required String (5) Optional String (30) item_#_productname Optional String (30) item_#_productsku Optional String (15) item_#_quantity Optional Integer (10) item_#_taxamount Optional String (15) item_#_unitprice Per-item price of the product. You must provide either this field or purchasetotals_ grandtotalamount in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. See description String (15) merchantid merchantreferencecode purchasetotals_currency ** Optional for follow-on credits Your CyberSource merchant ID. You received this in the registration from CyberSource after you registered for a Business Center account. Merchant-generated order reference or tracking number. Use the same value that you used for the authorization and capture. See Order Identifiers on page 29 for more information. Currency used for the order. All orders must use U.S. dollars. Use USD for this field. Required String (30) Required String (50) Required String (5) 64 CyberSource Corporation

73 Appendix D Advanced API Capabilities for Credit Cards Table 13 Credit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length purchasetotals_ freightamount Total freight amount for the order. If you include this field, purchasetotals_ grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Optional String (15) purchasetotals_ grandtotalamount Grand total for the order. You must provide either this field or item_#_ unitprice in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. See description String (15) purchasetotals_ taxamount ** Optional for follow-on credits Total tax for the order. If you include this field, purchasetotals_ grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Optional String (15) Credit Reply Fields Table 14 lists the credit reply fields. Table 14 Credit Reply Fields Field Name Description Datatype and Max Length cccreditreply_amount Total amount of the credit. String (15) cccreditreply_ reasoncode cccreditreply_ reconciliationid Numeric value corresponding to the result of the credit request. See Reason Codes on page 47 for a list of possible values. Reference number that you use to reconcile your CyberSource reports with your processor reports. Integer (5) String (60) Business Center Simple Order API User s Guide May

74 Processing a Sale with the API Table 14 Credit Reply Fields (Continued) Field Name cccreditreply_ requestdatetime decision Description Time when credit is requested. The format is YYYY- MM-DDThh:mm:ssZ. For example, T22:47:57Z is equal to August 11, 2003, at 10:47:57 P.M. The T separates the date and the time, and the Z indicates UTC. Summarizes the result of the overall request. The field can contain one of the following values: ACCEPT: The request succeeded ERROR: There was a system error REJECT: One or more of the services in the request was declined Datatype and Max Length String (20) String (6) invalidfield_0...n Fields in the request that contained invalid data. String (100) merchantreferencecode Order reference or tracking number that you provided in the request. String (50) missingfield_0...n Required fields that were missing from the request. String (100) purchasetotals_ currency reasoncode requestid Currency used for the order. For U.S. dollars, the value will be USD. Numeric value corresponding to the result of the overall request. See Reason Codes on page 47 for a list of possible values. Identifier for the request. Note that this request ID is different from the ones you received for the authorization and capture requests. String (5) Integer (5) String (26) Processing a Sale with the API A sale is a bundled authorization and capture. You might use a sale instead of separate services if there is no delay between when you take the customer s order and when you ship the goods. A typical use for a sale is if you are selling electronic goods or a service that you can turn on immediately. You can process a sale through the API by requesting authorization and capture in the same request. Simply set both ccauthservice_run and cccaptureservice_run to true. Also include in the request all the required fields for each service (see Table 1 on page CyberSource Corporation

75 Appendix D Advanced API Capabilities for Credit Cards and Table 11 on page 58). If the same field is used by both services, you need to include the field in the request only once. The reply you receive contains the reply fields for both services (see Table 2 on page 24 and Table 12 on page 60). Use the decision and reasoncode fields to determine the results of the overall request. Use the ccauthreply_reasoncode field and cccapturereply_ reasoncode fields to determine the result of each individual service. If the authorization is declined, CyberSource will not process the capture. Using Payer Authentication CyberSource supports Verified by Visa SM and MasterCard SecureCode Payer Authentication for these processors: Verified by Visa: FDMS Nashville, FDMS South, Paymentech New Hampshire, and Vital MasterCard SecureCode: FDMS Nashville, FDMS South, and Vital If you are using Payer Authentication, you have additional fields that you must supply when you request an authorization. You receive the values for these fields from the Payer Authentication services when you check a cardmember s enrollment in the program and validate the cardmember s authentication. For more information about Payer Authentication, see the Payer Authentication Implementation Guide, available on the Developer Center. Table 15 lists the additional fields to use with the authorization. Table 15 Additional Authorization Fields for Payer Authentication Field Name Description Used By (Required/ Optiona) Datatype and Max Length ccauthservice_cavv Transaction identifier generated by the issuing bank for Verified by Visa transactions. Must be 28-character base64 or 40-character hex binary. Required for Verified by Visa transactions if ccauthservice_ commerceindicator = vbv or vbv_attempted. ccauthservice See field description String (40) Business Center Simple Order API User s Guide May

76 Using Payer Authentication Table 15 Additional Authorization Fields for Payer Authentication (Continued) Field Name Description Used By (Required/ Optiona) Datatype and Max Length ccauthservice_ commerceindicator Type of transaction. Use one of these values for transactions that use Payer Authentication: spa: MasterCard SecureCode transaction. If selected, then ucaf_ collectionindicator is required. If authentication is successful, ucaf_ authenticationdata is also required. vbv: Successful Verified by Visa transaction. If selected, then ccauthservice_cavv and ccauthservice_xid are required. vbv_attempted: Verified by Visa transaction was attempted but not authenticated. If selected, then ccauthservice_cavv is required and ccauthservice_xid is optional. ccauthservice (required for all Payer Authentication transactions) String (13) ccauthservice_xid Transaction identifier value for Verified by Visa transactions, generated during Payer Authentication. Must be 28- character base-64 or 40-character hexbinary. ccauthservice See field description String (40) Required for Verified by Visa transactions if ccauthservice_ commerceindicator = vbv. Optional if ccauthservice_commerceindicator = vbv_attempted. ucaf_authenticationdata MasterCard SecureCode UCAF authentication data. Required for MasterCard SecureCode transactions only if ucaf_ collectionindicator = 2. ccauthservice See field description String (32) 68 CyberSource Corporation

77 Appendix D Advanced API Capabilities for Credit Cards Table 15 Additional Authorization Fields for Payer Authentication (Continued) Field Name Description Used By (Required/ Optiona) Datatype and Max Length ucaf_collectionindicator Indicates whether the MasterCard SecureCode UCAF data is collected. This field can contain one of the following values: 0: UCAF collection is not supported at your Web site. 1: UCAF collection is supported, but UCAF was not populated. 2: UCAF collection is supported, and UCAF was populated. Successful MasterCard SecureCode transaction. ccauthservice (required for MasterCard SecureCode transactions) String with numbers only (1) Required for all MasterCard SecureCode transactions (ccauthservice_commerceindicator = spa). Business Center Simple Order API User s Guide May

78 Using Payer Authentication 70 CyberSource Corporation

79 Appendix E Advanced API Capabilities for Electronic Checks This appendix describes how to use the API to perform electronic check credits. Why Use the API for Credits? The chapter in this guide on processing electronic checks says to use the Business Center to perform electronic check credits. You can, however, perform credits through the API. In general, you would use the API if you want to request credits programmatically instead of through the Business Center. Whether you do this depends on the volume of orders you have and how you have structured your fulfillment system. Requesting a Credit Normally you will process credits through the Business Center. There, you search for the original order, we retrieve the order information from our database, and then you click a button to perform the credit. Or, you can bypass searching for the original debit and just perform a plain credit. In this case you have to provide all of the customer s billing and account information, and any other information the processor requires. These two methods are called follow-on or stand-alone credits. You can process both types of credits through the API. Follow-On Credits This type of credit is called a follow-on credit because you provide the request ID from the debit so that we can locate the original debit information for you, and because you must request the credit within 60 days of when you requested the debit. In the request, include the eccreditservice_debitrequestid field with the value of the requestid that you received in the debit reply. We use this value to retrieve the order information from our database, reducing the amount of information you must supply in the credit request. Business Center Simple Order API User s Guide May

80 Requesting a Credit Stand-Alone Credits With a stand-alone credit, you do not provide the request ID from the previous debit, and you have no limit on the timing of the credit. You must provide CyberSource the customer s name, billing address, and bank account information in the credit request (see Table 16 on page 72). For TeleCheck, you must also provide the request field eccreditservice_ referencenumber with the value that you received in the ecdebitreply_ reconciliationid reply field. TeleCheck uses this value to associate the credit with the associated debit. Reconciliation ID In the electronic check credit reply, you receive a reconciliation ID that is assigned by CyberSource. You use it to reconcile the transactions in your CyberSource reports with the transactions in your processor reports. For credits, this number appears in the eccreditreply_reconciliationid. Payment Events Report The Payment Events Report shows when your credit is processed. For more information about the Payment Events Report, see the Business Center Reporting User s Guide. Credit Request Fields Table 16 lists the fields you use to request an electronic check credit. Table 16 Credit Request Fields Field Name Description Required / Optional Datatype and Max Length billto_city For descriptions for all of the billto_ fields, see Table 3 on page 33. Required ** String (50) billto_country Required ** String (2) billto_dateofbirth NOTE If you use AmeriNet, check with them to see if they require you to provide this field. Used by AmeriNet only ** String (10) billto_ Required ** String (255) ** Field not needed if performing a follow-on credit (which requires eccreditservice_debitrequestid) 72 CyberSource Corporation

81 Appendix E Advanced API Capabilities for Electronic Checks Table 16 Credit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length billto_firstname Required ** String (60) billto_lastname Required ** String (60) billto_phonenumber Required ** String (15) billto_postalcode Required ** String (10) billto_state Required ** String (2) billto_street1 Required ** String (60) billto_street2 Optional ** String (60) check_accountnumber Checking account number. Required ** String with numbers only (17) check_accounttype Checking account type. This field can contain one of the following values: C: Checking S: Savings X: Corporate checking Required ** String (1) check_ banktransitnumber Bank routing number (also known as the transit number ). Required ** String with numbers only (9) check_checknumber Check number. NOTE If you use AmeriNet, check with them to see if they require you to provide this field. Used by AmeriNet only ** (See field description) String with numbers only (8) eccreditservice_ debitrequestid The requestid from the previous debit. Creates a follow-on credit by linking the credit to the previous debit. For a follow-on credit, you do not need to send the customer s name, the billing address, or the bank account information. Required only for a follow-on credit (see Follow-On Credits on page 71) String (26) ** Field not needed if performing a follow-on credit (which requires eccreditservice_debitrequestid) Business Center Simple Order API User s Guide May

82 Requesting a Credit Table 16 Credit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length eccreditservice_ referencenumber For stand-alone credits with TeleCheck, set this field to the value that you received in the ecdebitreply_reconciliationid field in the associated debit s reply. See Stand-Alone Credits on page 72 for more information. Required for CyberSource stand-alone credits with TeleCheck String (60) NOTE The maximum length is 25 for TeleCheck. eccreditservice_run item_#_productcode Set to true to include the credit service in your request. For descriptions of the item_#_ fields, see Table 3 on page 33. Required String (5) Optional String (30) item_#_productname Optional String (30) item_#_productsku Optional String (15) item_#_quantity Optional Integer (10) item_#_taxamount Optional String (15) item_#_unitprice merchantid merchantreferencecode Per-item price of the product. You must provide either this field or purchasetotals_ grandtotalamount in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Your CyberSource merchant ID. You received this in the registration from CyberSource after you registered for a Business Center account. Merchant-generated order reference or tracking number. Use the same value that you used for the authorization and capture. See Order Identifiers on page 29 for more information. See description String (15) Required String (30) Required String (50) ** Field not needed if performing a follow-on credit (which requires eccreditservice_debitrequestid) 74 CyberSource Corporation

83 Appendix E Advanced API Capabilities for Electronic Checks Table 16 Credit Request Fields (Continued) Field Name Description Required / Optional Datatype and Max Length purchasetotals_currency purchasetotals_ freightamount purchasetotals_ grandtotalamount purchasetotals_ taxamount Currency used for the order. All orders must use U.S. dollars. Use USD for this field. Total freight amount for the order. If you include this field, purchasetotals_ grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Grand total for the order. You must provide either this field or item_#_unitprice in your request. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Total tax for the order. If you include this field, purchasetotals_ grandtotalamount is required. See Using a Grand Total, Total Tax, or Total Freight Amount on page 11 for more information. Required String (5) Optional String (15) See description String (15) Optional String (15) ** Field not needed if performing a follow-on credit (which requires eccreditservice_debitrequestid) Business Center Simple Order API User s Guide May

84 Requesting a Credit Credit Reply Fields Table 17 lists the electronic check credit reply fields. Table 17 Credit Reply Fields Field Name cccreditreply_ reasoncode decision Description Numeric value corresponding to the result of the credit request. See Reason Codes for Electronic Check Services on page 50 for a list of possible values. Summarizes the result of the overall request. The field can contain one of the following values: ACCEPT: The request succeeded ERROR: There was a system error REJECT: One or more of the services in the request was declined Datatype and Max Length Integer (5) String (6) eccreditreply_amount Total amount of the credit. String (15) eccreditreply_ processorresponse Result code returned by the payment processor. String (6) eccreditreply_ processortransactionid eccreditreply_ reasoncode eccreditreply_ reconciliationid eccreditreply_ requestdatetime eccreditreply_ settlementmethod Transaction identifier or tracking ID returned by AmeriNet. A numeric value corresponding to the result of the credit request. See Reason Codes for Electronic Check Services on page 50 for a list of possible values. Reference number that you use to reconcile your CyberSource reports with your processor reports. Time when credit is requested. The format is YYYY- MM-DDThh:mm:ssZ. For example, T22:47:57Z is equal to August 11, 2003, at 10:47:57 P.M. The T separates the date and the time, and the Z indicates UTC. Method used to settle the credit. This field will contain B to indicate best possible method (best of either ACH or facsimile). String (87) Integer (5) String (60) String (20) String (1) invalidfield_0...n Fields in the request that contained invalid data. String (100) 76 CyberSource Corporation

85 Appendix E Advanced API Capabilities for Electronic Checks Table 17 Credit Reply Fields (Continued) Field Name merchantreferencecode Description Order reference or tracking number that you provided in the request. Datatype and Max Length String (50) missingfield_0...n Required fields that were missing from the request. String (100) purchasetotals_ currency reasoncode requestid Currency used for the order. For U.S. dollars, the value will be USD. Numeric value corresponding to the result of the overall request. See Reason Codes for Electronic Check Services on page 50 for a list of possible values. Identifier for the request. Note that this request ID is different from the one you received for the debit request. String (5) Integer (5) String (26) Reason Codes You have already seen the list of reason codes that CyberSource returns for electronic check debits (Table 7 on page 51). Note that one of the reason codes in that table is returned only for credits: Table 18 Additional Reason Code for Credits Reason Code Description 241 The request ID is invalid for the follow-on request. This reason code is returned for follow-on credits only. Possible action: Verify the request ID is valid and resend the request. Business Center Simple Order API User s Guide May

86 Reason Codes 78 CyberSource Corporation

87 Appendix F Level III with Vital This appendix covers Visa and MasterCard Level III purchasing card processing with Vital. For example requests, see Example Requests on page 91. About Level III Processing with CyberSource CyberSource supports Level III purchasing card transactions for Visa and MasterCard. American Express Level III purchasing card transactions are not supported. Purchasing cards are special credit cards that an employee uses to make purchases for their company. The merchant provides additional detailed information (the Level III data) about the purchasing card order during the settlement process. The Level III data is forwarded to the company who made the purchase and allows them to manage their purchasing activities. The data consists of order-level information and line-item detail that you supply in addition to Level II data. As with Level II data, you provide Level III data with capture and credit requests. You include the Level III fields discussed in this addendum in addition to the normal fields that you supply for a capture or credit. For information about the non-level III fields required for capture and credit requests, see Appendix D, Advanced API Capabilities for Credit Cards, on page 57. CyberSource functions as a pass-through service for this data; we do not store it. This means that if you request multiple partial captures or credits for a particular order, you must supply the Level III data in each request. Also, we enforce only the minimal level of field validation so that we do not interfere with the business policies between you and any company that purchases your services. Prerequisites Check with Vital to see if you need to add Level III processing to your contract or merchant setup. Before going live with Level III processing with CyberSource, you must obtain approval of your integration from CyberSource Customer Support. At that point CyberSource will enable your account for Level III processing. If you are not yet approved and your account Business Center Simple Order API User s Guide May

88 Processor Specification Used is not yet enabled, and you send Level III requests, your requests will be rejected for invalid data. Even though you may be enabled to process Level III with CyberSource, the processor or card association may reject your transaction at settlement. Having CyberSource approve your Level III integration with CyberSource helps reduce the chances of this happening. Note CyberSource will temporarily disable your account s Level III processing capability and contact you if at any time your Level III transactions produce batching errors when we send the information to the processor. In this case, your request will not be rejected, but you will receive a field in the reply indicating that the Level III information in the request has been ignored and not sent to the processor (see Indicating the Request Is for Level III on page 80). Processor Specification Used For our implementation we used: Vital s EIS 1081, Level III Line Item Processing, version 6.4, dated April 2004 The record referenced is: Transaction Detail Record - Optional Data; Groups 25, 26, and 27 Visa Card Non-T&E and Fleet (Non-fuel) Line Item Detail Record MasterCard Non-T&E and Fleet (Non-fuel) Line Item Detail Record Important This document provides guidelines based on industry information about which fields are needed to obtain the best interchange rate. The card associations may change their requirements at any time; you should contact your acquirer for the latest information. Indicating the Request Is for Level III You must indicate to CyberSource that a request contains Level III information. To do this, you send a specific field in the capture or credit request (see Table 19 below). In the reply, you receive a field indicating whether your account is currently enabled for Level III and if we will send the information to the processor. If your account is not currently enabled for Level III, we will ignore the Level III information and not include it in the request we send to the processor. 80 CyberSource Corporation

89 Chapter F Level III with Vital Table 19 Indicating a Level III Request Field Name Value Field to Use for the Request cccaptureservice_ purchasinglevel (for a capture) or cccreditservice_ purchasinglevel (for a credit) You must set to 3 to indicate a Level III request. Field You Receive in the Reply cccapturereply_ purchasinglevel3enabled (for a capture) or cccreditreply_ purchasinglevel3enabled (for a credit) Possible values: Y: Account enabled for Level III; information will be sent to processor N: Account not enabled for Level III; information will be ignored and not sent to processor with the request Level II Fields Needed for Level III When you send Level III information, you must also send any Level II fields in the request. To avoid the request being rejected, you should send the Level II fields invoiceheader_userpo and item_#_taxamount (which is also a Level III field). For best processing, CyberSource recommends that you do not populate invoiceheader_userpo with all zeros or nines. Field to Send with the Authorization You provide Level III data with the capture or credit request, but not with the authorization. When you send the capture or credit request, you must send a total amount that you want captured or credited for the order (in addition to the individual line item amounts). CyberSource recommends that for Level III transactions you also send that total order amount with the authorization request, even though it is not required. This will ensure that CyberSource uses your total order amount and that the capture or credit request total amount will match the original authorization total amount. The additional field we suggest you use in the authorization is purchasetotals_grandtotalamount. The field is described in Table 20 on page 83. Business Center Simple Order API User s Guide May

90 About Using Decimals and Strings About Using Decimals and Strings Including a Decimal Point for Amounts and Rates CyberSource uses decimal points in all amount and tax rate fields; we do not use implied decimal points. For example, if the amount of the product being purchased is $29.95, you set that field to For tax rates used with Level III transactions, we expect you to provide a decimal point in the value. For example, if a particular tax rate is 1%, you should set that field to 0.01 and not 1. Using Strings for Numeric Values The tables below list datatypes for each field. The fields for amounts and tax rates use a string datatype. Although these fields use a string datatype, you should only include numbers and a decimal point in those fields. String Lengths For many of the fields listed in the tables below, Visa and MasterCard have different allowed lengths for alphanumeric (string) input. CyberSource will accept any length you provide. If the value you provide is longer than allowed, we truncate it, fitting the leftmost portion into the processor s field. If the value is shorter than required, we pad the field as needed before sending it to the processor. Level III Fields Table 20 lists the order-level fields used for a Level III capture or credit request. Table 21 lists the item-level fields. Important Remember that when you send a Level III capture or credit request, you must also provide the basic fields required for every capture or credit request. For a list of those fields, see Appendix D, Advanced API Capabilities for Credit Cards, on page CyberSource Corporation

91 Chapter F Level III with Vital Order-Level Fields Table 20 Level III Order-Level Fields CyberSource Field Name Vital Field Name Description Visa Req/Opt MC Req/Opt Datatype and Max Length cccaptureservice_ purchasinglevel No corresponding Vital field Indicates the capture request is for Level III processing. Set to 3. Also see Field to Send with the Authorization on page 81. Required for a capture request Required for a capture request String (1) cccreditservice_ purchasinglevel No corresponding Vital field Indicates the credit request is for Level III processing. Set to 3. Required for a credit request Required for a credit request String (1) Also see Field to Send with the Authorization on page 81. invoiceheader_ merchantvat RegistrationNumber Merchant VAT Registration Number (used for Visa only) Merchant s government-assigned tax identification number. Optional N/A String (20) invoiceheader_ purchaserorderdate Order Date (used for Visa only) Purchase order date. Use format YYMMDD. Optional N/A String (6) invoiceheader_ purchaservat RegistrationNumber Customer VAT Registration Number (used for Visa only) Customer s government-assigned tax identification number. Optional N/A String (13) invoiceheader_ summarycommodity Code Summary Commodity Code (used for Visa only) International description code of the overall order s goods or services. Contact your acquirer or Vital for a list of codes. Optional N/A String (4) Business Center Simple Order API User s Guide May

92 Level III Fields Table 20 Level III Order-Level Fields (Continued) CyberSource Field Name Vital Field Name Description Visa Req/Opt MC Req/Opt Datatype and Max Length invoiceheader_ userpo Purchase Order Number/ Customer Reference ID Level II field that is required for Level III processing. Customer s purchase order number. Required Required String (17) Recommended to not set to all zeros or nines. invoiceheader_ vatinvoicerefnumber Unique VAT Invoice Reference Number Invoice number associated with the VAT invoice. Optional N/A String (15) (used for Visa only) othertax_ alternatetaxamount Alternate Tax Amount (used for MC only) Total amount of alternate tax for the order. Example: N/A Optional String (10) only include numbers and decimal point othertax_ alternatetaxindicator Alternate Tax Amount Indicator (used for MC only) Whether an alternate tax amount is included in the order total. Valid values: Y: Alternate tax is included N: Alternate tax not included N/A Optional String (1) othertax_ localtaxamount Local Tax (same for Visa and MC) Sales tax for the order. Example: Optional Optional String (13) only include numbers and decimal point 84 CyberSource Corporation

93 Chapter F Level III with Vital Table 20 Level III Order-Level Fields (Continued) CyberSource Field Name Vital Field Name Description Visa Req/Opt MC Req/Opt Datatype and Max Length othertax_ localtaxindicator Local Tax Included Flag (same for Visa and MC) Whether local sales tax is included in the order total. Valid values: 0: Local sales tax not included 1: Local sales tax included 2: Tax exempt order See description See description String (1) Optional. If you do not provide a value, CyberSource sets this field to 1 if you set Local Tax > 0, and to 0 if you set Local Tax = 0 or do not provide a Local Tax. othertax_ nationaltaxamount National Tax Amount (same for Visa and MC) National tax for the order. Example: Optional Optional String (13) only include numbers and decimal point othertax_ nationaltaxindicator National Tax Included Flag (same for Visa and MC) Whether a national tax is included in the order total. Valid values: 0: National tax not included 1: National tax included See description See description String (1) Optional. CyberSource sets this field to 1 if you provide a National Tax Amount greater than 0. othertax_ vattaxamount VAT/Tax Amount (used for Visa only) Total amount of VAT or other tax included in the order. Example: Optional N/A String (13) only include numbers and decimal point Business Center Simple Order API User s Guide May

94 Level III Fields Table 20 Level III Order-Level Fields (Continued) CyberSource Field Name Vital Field Name Description Visa Req/Opt MC Req/Opt Datatype and Max Length othertax_vattaxrate VAT/Tax Rate (used for Visa only) Rate of VAT or other tax for the order. Used for Visa only. Acceptable range: to (0.01% to 99.99%) Optional N/A String (6) only include numbers and decimal point purchasetotals_ discountamount Discount Amount (used for Visa only) Total amount of discount applied to the order by the merchant. For example: a $20 discount off the entire order total. Used for Visa only. Optional N/A String (13) only include numbers and decimal point Example: purchasetotals_ dutyamount Duty Amount (same for Visa and MC) Total charges for any import and/or export duties for the order. Example: Optional Optional String (13) only include numbers and decimal point purchasetotals_ freightamount Freight Amount (same for Visa and MC) Total freight or shipping and handling charges for the order. Example: Optional Optional String (13) only include numbers and decimal point purchasetotals_ grandtotalamount No corresponding Vital field Grand total for the entire capture or credit request. Example: Required Required String (15) only include numbers and decimal point Also see Field to Send with the Authorization on page 81. shipfrom_postalcode Ship From Postal/ZIP Code ZIP/postal code of location from which the goods are shipped. Optional Recommended for best rate. String (10) (same for Visa and MC) Recommended to not use all zeros or nines. 86 CyberSource Corporation

95 Chapter F Level III with Vital Table 20 Level III Order-Level Fields (Continued) CyberSource Field Name Vital Field Name Description Visa Req/Opt MC Req/Opt Datatype and Max Length shipto_country Destination Country Code (same for Visa and MC) Two-character ISO country code of the country to where the goods are shipped (see the Support Center for a list of codes). Recommended for best rate Optional but recommended String (2) shipto_postalcode Destination Postal/ZIP Code (same for Visa and MC) ZIP/postal code of the location to which the goods are shipped. This is equal to the ship from ZIP/postal code when the customer takes possession of the items at the merchant s site. Recommended for best rate Recommended for best rate. Recommended to not use all zeros or nines. String (10) Item-Level Fields Table 21 Level III Item-Detail Fields CyberSource Field Name Vital Field Name Description Visa Req/Opt MC Req/Opt Datatype and Max Length item_#_ alternatetaxid Alternate Tax Identifier (used for MC only) Merchant s tax ID number to use for the alternate tax amount. Provide this field if you include Alternate Tax Amount in the request. N/A See description String (15) You may send this field without sending Alternate Tax Amount. item_#_ commoditycode Item Commodity Code (used for Visa only) International description code used to classify the item. Contact your acquirer or Vital for a list of codes. Optional N/A String (12) Business Center Simple Order API User s Guide May

96 Level III Fields Table 21 Level III Item-Detail Fields (Continued) CyberSource Field Name Vital Field Name Description Visa Req/Opt MC Req/Opt Datatype and Max Length item_#_ discountamount Visa: Discount Per Line Item MC: Discount Amount Total amount of discount applied to the line item. Example: 5.00 Optional Optional String (13) only include numbers and decimal point item_#_ discountindicator Discount Indicator (used for MC only) Whether the amount is discounted. Used for MasterCard only. Valid values: Y: Amount is discounted N: Amount is not discounted N/A See description String (1) Optional. If you do not provide a value but you set Discount Amount to a value greater than zero, CyberSource sets this field to Y. item_#_ discountrate Item Discount Rate Rate the item is discounted. N/A Optional String (6) (used for MC only) Example: 5.25 (=5.25%) item_#_ grossnetindicator Net/Gross Indicator (used for MC only) Whether tax amount is included in the Line Item Total. Valid values: Y: Item amount includes tax amount N: Item amount does not include tax amount N/A Required String (1) item_#_ productcode Product Code (same for Visa and MC) Product code of the item. If you do not provide a value, CyberSource uses default. Optional Recommended for best rate. Recommended to not use all zeros or spaces. String (12) 88 CyberSource Corporation

97 Chapter F Level III with Vital Table 21 Level III Item-Detail Fields (Continued) CyberSource Field Name Vital Field Name Description Visa Req/Opt MC Req/Opt Datatype and Max Length item_#_ productname Visa: Item Descriptor MC: Item Description Text description of the item. Optional Required. Recommended to not use all zeros or spaces. String (35) item_#_quantity Visa: Quantity MC: Item Quantity Number of units of the item. Must be a whole number. If you do not provide a value, CyberSource uses 1. Recommended for best rate. Recommended for best rate. Recommended to not use all zeros or spaces. Integer (12) item_#_taxamount Visa: VAT/Tax Amount MC: Tax Amount Total amount of tax for the item. Note that this is not the per-item tax amount. For example, if the quantity is 4, and the amount of tax per item is $0.25, then set this field to The value can be zero. Required Required String (13) only include numbers and decimal point Example: item_#_taxrate Visa: VAT/Tax Rate MC: Tax Rate Applied Tax rate applied to the item. Acceptable range is to (0.01% to 99.99%). The value can also be zero. Optional Required String (6) only include numbers and decimal point item_#_ taxtypeapplied Tax Type Applied (used for MC only) Type of tax being applied to the item. Used only for MasterCard. N/A Optional String (4) Business Center Simple Order API User s Guide May

98 Level III Fields Table 21 Level III Item-Detail Fields (Continued) CyberSource Field Name Vital Field Name Description Visa Req/Opt MC Req/Opt Datatype and Max Length item_#_totalamount Visa: Line Item Total MC: Extended Item Amount Total purchase amount for the item. Normally calculated as the unit price x quantity. Example: Required Required. Recommended to not use all zeros or spaces. String Visa: 13 MC: 10 only include numbers and decimal point item_#_ unitofmeasure Visa: Unit of Measure/Code MC: Item Unit of Measure Unit of measure, or unit of measure code for the item. Optional Required. Recommended to not use all zeros or spaces. String (12) item_#_unitprice Unit Cost (used for Visa only) Unit cost of the item. Example: 9.95 Required Required by CyberSource even though not used by MasterCard. String (11) only include numbers and decimal point 90 CyberSource Corporation

99 Chapter F Level III with Vital Example Requests The following examples show a capture request with Level III fields for Visa. The examples show both name-value pairs and XML. Example Level III Capture Request for Visa: Name-Value Pairs merchantid=infodev cccaptureservice_run=true cccaptureservice_purchasinglevel=3 merchantreferencecode=r98tv09en200w purchasetotals_currency=usd cccaptureservice_authrequestid= invoiceheader_userpo= shipto_country=us shipto_postalcode=94043 item_0_unitprice=59.95 item_0_quantity=10 item_0_productname=file Cabinet item_0_taxamount=49.46 item_0_totalamount= item_1_unitprice=4.99 item_1_quantity=50 item_1_productname=file Folders item_1_productname=20.58 item_1_totalamount= purchasetotals_grandtotalamount= Business Center Simple Order API User s Guide May

100 Example Requests Example Level III Capture Request for MasterCard: XML <requestmessage xmlns="urn:schemas-cybersource-com:transaction-data- 1.14"> <merchantid>infodev</merchantid> <merchantreferencecode>r98tv09en200w</merchantreferencecode> <invoiceheader> <userpo> </userpo> </invoiceheader> <shipto> <postalcode>94041</postalcode> <country>us</country> </shipto> <shipfrom> <postalcode>42651</postalcode> </shipfrom> <item id="0"> <unitprice>59.95</unitprice> <quantity>10</quantity> <productname>file Cabinet</productName> <taxamount>49.46</taxamount> <unitofmeasure>each</unitofmeasure> <taxrate>0.0825</taxrate> <totalamount>648.96</totalamount> <grossnetindicator>y</grossnetindicator> </item> <item id="1"> <unitprice>4.99</unitprice> <quantity>50</quantity> <productname>file Folders</productName> <taxamount>20.58</taxamount> <unitofmeasure>each</unitofmeasure> <taxrate>0.0825</taxrate> <totalamount>270.08</totalamount> <grossnetindicator>y</grossnetindicator> </item> <purchasetotals> 92 CyberSource Corporation

101 Chapter F Level III with Vital <currency>usd</currency> <grandtotalamount>919.04</grandtotalamount> </purchasetotals> <cccaptureservice run="true"> <authrequestid> </authrequestid> <purchasinglevel>3</purchasinglevel> </cccaptureservice> </requestmessage> Business Center Simple Order API User s Guide May

102 Example Requests 94 CyberSource Corporation

103 Appendix G Using the XML API For merchants with more advanced programming skills and experience with XML, CyberSource offers an XML API to use instead of the Simple Order API. This appendix discusses how to get started and how to translate the Simple Order API information in this guide into the corresponding XML API information that you need. Downloading a Client If you plan to use the XML API, the first thing you need to do is pick one of our clients: Java.NET ASP PHP Perl You can download your chosen client and its related documentation from the Developer Center. About the XML API To use the API, you create an XML message that contains the information for calling the ICS services you want to use (in this case, credit card authorization). The client digitally signs and sends your request. You only need to create the request XML message and parse the XML reply message. See page 99 and page 100 for an example XML request and reply. Constructing Requests The schema for the XML API is located at Business Center Simple Order API User s Guide May

104 About the XML API In general, the schema s structure is separated into a request message and a reply message. Inside the request message are elements for the basic invoice information, tender information, and then service-specific information. The element that contains the servicespecific information for a credit card authorization is <ccauthservice>. When you construct a request, you need to indicate the correct namespace for the elements. You can do so in one of two ways: In the <requestmessage> element or one of its parent elements, you can define a namespace prefix, such as xyz: and use the prefix with each element, for example: <xyz:requestmessage xmlns:xyz="urn:schemas-cybersourcecom:transaction-data-1.14"> <xyz:merchantid>example</xyz:merchantid> <xyz:merchantreferencecode>123</xyz:merchantreferencecode> </xyz:requestmessage> In the <requestmessage> element, you can define a default namespace for the child elements and not use a prefix, for example: <requestmessage xmlns="urn:schemas-cybersource-com:transaction-data- 1.14"> <merchantid>example</merchantid> <merchantreferencecode>123</merchantreferencecode> </requestmessage> To indicate in the request that you want to run a service, set the run attribute for the service s element to "true". For example, to request credit card authorization, set the run attribute for the <ccauthservice> element to "true". You can send either live or test transactions. For live transactions, you send your request to where the XML schema is located. For test transactions, you send your requests to commerce/1.x/transactionprocessor. Parsing Replies The reply message includes general information for the entire request, and then information relevant to the results of each service you requested. For example, the reply information relevant to the credit card authorization is in the <ccauthreply> element. XML replies from CyberSource always contain the namespace prefix c:. You need to use an XML parser that supports namespaces. 96 CyberSource Corporation

105 Appendix G Using the XML API Correlating Fields Names The main chapters of this guide discuss using the Simple Order API, which uses namevalue pairs. The name-value pair field names correlate directly to element names in the XML API. The relationship between the XML element names and the Simple Order API field names is as follows: Each Simple Order API field name matches the corresponding XML element name. The Simple Order API indicates XML schema hierarchy with an underscore ( _ ) separating the name of the parent element from the name of the child element. For example, the XML schema has a <card> element with several child elements. Table 22 shows the <card> child element names in the XML schema, and the corresponding Simple Order API field names. Table 22 Example of Schema Names and Simple Order API Names Schema Names <card> <accountnumber> <expirationmonth> <expirationyear> </card> Corresponding Simple Order API Names card_accountnumber card_expirationmonth card_expirationyear The same convention is used for reply fields. Requesting Credit Card Authorization To indicate in the request that you want to run credit card authorization, set the run attribute for the <ccauthservice> element to "true". Numbering Items The XML schema includes an <item> element that you use to describe a single item that the customer is purchasing. If the customer s order contains more than one item, you number the items, starting with 0. The XML schema uses an id attribute in the item s opening tag to indicate the number. For example: <item id="0"> Business Center Simple Order API User s Guide May

106 Numbering Items In the Simple Order API field names, this is represented as item_0. Note that in this situation, the underscore before the number does not indicate hierarchy in the XML schema. The item fields are generically referred to as item_#_<element name> in the documentation. Table 23 shows an example of the numbered <item> element and the corresponding Simple API field names. Table 23 Numbered Items Schema Names <item id="0"> <unitprice> <quantity> </item> <item id="1"> <unitprice> <quantity> </item> Corresponding Simple Order API Names item_0_unitprice item_0_quantity item_1_unitprice item_1_quantity 98 CyberSource Corporation

107 Appendix G Using the XML API Example Authorization Request <requestmessage xmlns="urn:schemas-cybersource-com:transaction-data- 1.14"> <merchantid>infodev</merchantid> <merchantreferencecode>482046c3a7e94f5</merchantreferencecode> <billto> <firstname>john</firstname> <lastname>doe</lastname> <street1>1295 Charleston Rd.</street1> <city>mountain View</city> <state>ca</state> <postalcode>94043</postalcode> <country>us</country> <phonenumber> </phonenumber> < >[email protected]</ > </billto> <item id="0"> <unitprice>49.95</unitprice> <quantity>1</quantity> </item> <purchasetotals> <currency>usd</currency> </purchasetotals> <card> <accountnumber> </accountnumber> <expirationmonth>12</expirationmonth> <expirationyear>2015</expirationyear> </card> <ccauthservice run="true"/> </requestmessage> Business Center Simple Order API User s Guide May

108 Example Authorization Reply Example Authorization Reply For information about why each element in the reply contains c: at the beginning (for example, <c:requestid>), see the information about namespaces in Constructing Requests and Parsing Replies on page 96. <c:replymessage xmlns:c="urn:schemas-cybersource-com:transaction-data- 1.14"> <c:merchantreferencecode>482046c3a7e94f5</c:merchantreferencecode> <c:requestid> </c:requestid> <c:decision>accept</c:decision> <c:reasoncode>100</c:reasoncode> <c:purchasetotals> <c:currency>usd</c:currency> </c:purchasetotals> <c:ccauthreply> <c:reasoncode>100</c:reasoncode> <c:amount>49.95</c:amount> <c:authorizationcode>123456</c:authorizationcode> <c:avscode>y</c:avscode> <c:avscoderaw>yyy</c:avscoderaw> <c:authorizeddatetime> t23:44:27z</c:authorizeddatetime> <c:processorresponse>a</c:processorresponse> </c:ccauthreply> </c:replymessage> 100 CyberSource Corporation

109 Appendix H Using the Testing Simulator To facilitate your testing, CyberSource has created a simulator that allows you to send test authorization requests with specific amounts or other values that trigger specific responses. This appendix lists the specific triggers and responses for each processor. When using the simulator: Make sure your client is configured to send requests to the test server and not the production server. See the documentation for your client for information about how to do this. Make sure to use the test credit card numbers listed in Testing Your Implementation on page 25. In your results, the ccauthreply_authorizationcode for the transactions will typically be on the test server. This appendix includes this information: Table 24 Summary of Testing Information All Processors General testing triggers page 102 FDMS Nashville Error triggers page 103 AVS triggers page 107 CVV triggers page 110 FDMS South Error triggers page 112 Visa AVS triggers page 119 MasterCard AVS triggers page 122 American Express AVS triggers page 124 Discover AVS triggers page 126 CVV triggers page 128 Business Center Simple Order API User s Guide May

110 General Testing Information Table 24 Summary of Testing Information (Continued) Paymentech Error triggers page 129 AVS triggers page 136 CVV triggers page 140 Vital Error triggers page 142 AVS triggers page 147 CVV triggers page 150 General Testing Information These input values work no matter which processor you are using. Table 25 General Testing Information Specific Values for the Input amount = 1 amount = -1 amount = card_accountnumber = (empty credit card number) card_accountnumber = card_accountnumber = card_expirationmonth = 13 card_expirationyear = 1998 Expected Response decision=accept decision=reject reasoncode=102 decision=reject reasoncode=102 decision=reject reasoncode=101 decision=reject reasoncode=231 decision=reject reasoncode=231 decision=reject reasoncode=102 decision=reject reasoncode= CyberSource Corporation

111 Appendix H Using the Testing Simulator FDMS Nashville Testing Information This section includes: FDMS Nashville General Error Triggers FDMS Nashville AVS Triggers FDMS Nashville CVV Triggers FDMS Nashville General Error Triggers Table 26 FDMS Nashville Error Triggers Amount to Use 1500 ($1000 amount < $2000) Expected Response decision=reject reasoncode=203 ccauthreply_processorresponse=d 2001 decision=error reasoncode=150 ccauthreply_processorresponse=e decision=reject reasoncode=234 ccauthreply_processorresponse=e decision=reject reasoncode=234 ccauthreply_processorresponse=e decision=reject reasoncode=231 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e06 Business Center Simple Order API User s Guide May

112 FDMS Nashville Testing Information Table 26 FDMS Nashville Error Triggers (Continued) Amount to Use Expected Response 2007 decision=reject reasoncode=233 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e CyberSource Corporation

113 Appendix H Using the Testing Simulator Table 26 FDMS Nashville Error Triggers (Continued) Amount to Use Expected Response 2017 decision=error reasoncode=150 ccauthreply_processorresponse=e decision=reject reasoncode=233 ccauthreply_processorresponse=e decision=reject reasoncode=234 ccauthreply_processorresponse=e decision=reject reasoncode=234 ccauthreply_processorresponse=e decision=reject reasoncode=234 ccauthreply_processorresponse=e decision=reject reasoncode=234 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e43 Business Center Simple Order API User s Guide May

114 FDMS Nashville Testing Information Table 26 FDMS Nashville Error Triggers (Continued) Amount to Use Expected Response 2051 decision=reject reasoncode=234 ccauthreply_processorresponse=e decision=reject reasoncode=233 ccauthreply_processorresponse=e decision=reject reasoncode=234 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=reject reasoncode=233 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=error reasoncode=150 ccauthreply_processorresponse=e decision=reject reasoncode=201 ccauthreply_processorresponse=r 106 CyberSource Corporation

115 Appendix H Using the Testing Simulator Table 26 FDMS Nashville Error Triggers (Continued) Amount to Use 2950 ($2000 amount < $3000 ) Expected Response decision=error reasoncode=150 ccauthreply_processorresponse=e FDMS Nashville AVS Triggers Table 27 FDMS Nashville AVS Triggers Amount to Use Expected Response 3000 decision=reject reasoncode=200 ccauthreply_processorresponse=a ccauthreply_avscode=n ccauthreply_avscoderaw=nnn 3001 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=x ccauthreply_avscoderaw=yyx 3002 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=w ccauthreply_avscoderaw=nyw 3003 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=y ccauthreply_avscoderaw=yyy Business Center Simple Order API User s Guide May

116 FDMS Nashville Testing Information Table 27 FDMS Nashville AVS Triggers (Continued) Amount to Use Expected Response 3004 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=u ccauthreply_avscoderaw=xxu 3005 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=a ccauthreply_avscoderaw=yna 3006 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=s ccauthreply_avscoderaw=xxs 3007 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=r ccauthreply_avscoderaw=xxr 3008 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=z ccauthreply_avscoderaw=nyz 3009 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=x ccauthreply_avscoderaw=xxx 108 CyberSource Corporation

117 Appendix H Using the Testing Simulator Table 27 FDMS Nashville AVS Triggers (Continued) Amount to Use Expected Response 3010 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=e ccauthreply_avscoderaw=xxe 3011 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=g ccauthreply_avscoderaw=xxg 3012 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=b ccauthreply_avscoderaw=ynb 3013 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=c ccauthreply_avscoderaw=nnc 3014 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=d ccauthreply_avscoderaw=yyd 3015 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=i ccauthreply_avscoderaw=nni Business Center Simple Order API User s Guide May

118 FDMS Nashville Testing Information Table 27 FDMS Nashville AVS Triggers (Continued) Amount to Use Expected Response 3016 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=m ccauthreply_avscoderaw=yym 3017 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=p ccauthreply_avscoderaw=nyp 3018 decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=2 ccauthreply_avscoderaw=xy& 3000 and card_accountnumber = decision=accept ccauthreply_processorresponse=a ccauthreply_avscode=1 ccauthreply_avscoderaw= 6 FDMS Nashville CVV Triggers Table 28 FDMS Nashville CVV Triggers Amount to Use 2100 and card_cvnumber = 1111 Expected Response decision=accept ccauthreply_processorresponse=a ccauthreply_cvcode=m ccauthreply_cvcoderaw=m 110 CyberSource Corporation

119 Appendix H Using the Testing Simulator Table 28 FDMS Nashville CVV Triggers (Continued) Amount to Use 2100 and card_cvnumber = and card_cvnumber = and card_cvnumber = and card_cvnumber = and card_cvnumber = and card_cvnumber = 7777 Expected Response decision=reject reasoncode=230 ccauthreply_processorresponse=a ccauthreply_cvcode=n ccauthreply_cvcoderaw=n decision=accept ccauthreply_processorresponse=a ccauthreply_cvcode=p ccauthreply_cvcoderaw=p decision=accept ccauthreply_processorresponse=a ccauthreply_cvcode=s ccauthreply_cvcoderaw=s decision=accept ccauthreply_processorresponse=a ccauthreply_cvcode=u ccauthreply_cvcoderaw=u decision=accept ccauthreply_processorresponse=a ccauthreply_cvcode=i ccauthreply_cvcoderaw=i decision=accept ccauthreply_processorresponse=a ccauthreply_cvcode=2 ccauthreply_cvcoderaw=& Business Center Simple Order API User s Guide May

120 FDMS South Testing Information FDMS South Testing Information This section includes: FDMS South Error Triggers FDMS South Visa AVS Triggers FDMS South MasterCard AVS Triggers FDMS South American Express AVS Triggers FDMS South Discover AVS Triggers FDMS South CVV Triggers FDMS South Error Triggers Table 29 FDMS South Error Triggers Amount to Use Expected Response 2409 decision=reject reasoncode=202 ccauthreply_processorresponse=4**09nr 2401 decision=reject reasoncode=201 ccauthreply_processorresponse=4**01nr 2402 decision=reject reasoncode=201 ccauthreply_processorresponse=4**02nr 2403 decision=reject reasoncode=201 ccauthreply_processorresponse=4**03nr 2404 decision=reject reasoncode=201 ccauthreply_processorresponse=4**04nr 2405 decision=reject reasoncode=201 ccauthreply_processorresponse=4**05nr 112 CyberSource Corporation

121 Appendix H Using the Testing Simulator Table 29 FDMS South Error Triggers (Continued) Amount to Use Expected Response 2406 decision=reject reasoncode=201 ccauthreply_processorresponse=4**06nr 2407 decision=reject reasoncode=201 ccauthreply_processorresponse=4**07nr 2408 decision=reject reasoncode=201 ccauthreply_processorresponse=4**08nr 2410 decision=reject reasoncode=201 ccauthreply_processorresponse=4**10nr 2411 decision=reject reasoncode=201 ccauthreply_processorresponse=4**11nr 2412 decision=reject reasoncode=201 ccauthreply_processorresponse=4**12nr 2413 decision=reject reasoncode=201 ccauthreply_processorresponse=4**13nr 2414 decision=reject reasoncode=201 ccauthreply_processorresponse=4**14nr 2415 decision=reject reasoncode=201 ccauthreply_processorresponse=4**15nr 2416 decision=reject reasoncode=201 ccauthreply_processorresponse=4**16nr Business Center Simple Order API User s Guide May

122 FDMS South Testing Information Table 29 FDMS South Error Triggers (Continued) Amount to Use Expected Response 2417 decision=reject reasoncode=201 ccauthreply_processorresponse=4**17nr 2418 decision=reject reasoncode=201 ccauthreply_processorresponse=4**18nr 2419 decision=reject reasoncode=201 ccauthreply_processorresponse=4**19nr 2420 decision=reject reasoncode=201 ccauthreply_processorresponse=4**20nr 2421 decision=reject reasoncode=201 ccauthreply_processorresponse=4**21nr 2497 decision=reject reasoncode=201 ccauthreply_processorresponse=4**97nr 2499 decision=reject reasoncode=201 ccauthreply_processorresponse=4**99nr 2601 decision=reject reasoncode=201 ccauthreply_processorresponse=6**01ns 2602 decision=reject reasoncode=201 ccauthreply_processorresponse=6**02ns 2603 decision=reject reasoncode=201 ccauthreply_processorresponse=6**03ns 114 CyberSource Corporation

123 Appendix H Using the Testing Simulator Table 29 FDMS South Error Triggers (Continued) Amount to Use Expected Response 2604 decision=reject reasoncode=201 ccauthreply_processorresponse=6**04ns 2605 decision=reject reasoncode=201 ccauthreply_processorresponse=6**05ns 2606 decision=reject reasoncode=201 ccauthreply_processorresponse=6**06ns 2607 decision=reject reasoncode=201 ccauthreply_processorresponse=6**07ns 2608 decision=reject reasoncode=201 ccauthreply_processorresponse=6**08ns 2609 decision=reject reasoncode=201 ccauthreply_processorresponse=6**09ns 2610 decision=reject reasoncode=201 ccauthreply_processorresponse=6**10ns 2611 decision=reject reasoncode=201 ccauthreply_processorresponse=6**11ns 2612 decision=reject reasoncode=201 ccauthreply_processorresponse=6**12ns 2613 decision=reject reasoncode=201 ccauthreply_processorresponse=6**13ns Business Center Simple Order API User s Guide May

124 FDMS South Testing Information Table 29 FDMS South Error Triggers (Continued) Amount to Use Expected Response 2614 decision=reject reasoncode=201 ccauthreply_processorresponse=6**14ns 2615 decision=reject reasoncode=201 ccauthreply_processorresponse=6**15ns 2616 decision=reject reasoncode=201 ccauthreply_processorresponse=6**16ns 2617 decision=reject reasoncode=201 ccauthreply_processorresponse=6**17ns 2681 decision=reject reasoncode=201 ccauthreply_processorresponse=6**01ne 2687 decision=reject reasoncode=201 ccauthreply_processorresponse=6**07ne 2697 decision=reject reasoncode=201 ccauthreply_processorresponse=6**97ns 2699 decision=reject reasoncode=201 ccauthreply_processorresponse=6**99ns 2501 decision=reject reasoncode=203 ccauthreply_processorresponse=5**01nc 2502 decision=reject reasoncode=203 ccauthreply_processorresponse=5**02nc 116 CyberSource Corporation

125 Appendix H Using the Testing Simulator Table 29 FDMS South Error Triggers (Continued) Amount to Use Expected Response 2503 decision=reject reasoncode=203 ccauthreply_processorresponse=5**03nc 2504 decision=reject reasoncode=203 ccauthreply_processorresponse=5**04nc 2582 decision=reject reasoncode=203 ccauthreply_processorresponse=5**02f decision=reject reasoncode=203 ccauthreply_processorresponse=5**03f decision=reject reasoncode=203 ccauthreply_processorresponse=5**07f decision=reject reasoncode=203 ccauthreply_processorresponse=5**97nc 2599 decision=reject reasoncode=203 ccauthreply_processorresponse=5**99nc 2701 decision=reject reasoncode=203 ccauthreply_processorresponse=7**01nd 2702 decision=reject reasoncode=203 ccauthreply_processorresponse=7**02nd 2703 decision=reject reasoncode=203 ccauthreply_processorresponse=7**04nd Business Center Simple Order API User s Guide May

126 FDMS South Testing Information Table 29 FDMS South Error Triggers (Continued) Amount to Use Expected Response 2704 decision=reject reasoncode=203 ccauthreply_processorresponse=7**04nd 2705 decision=reject reasoncode=203 ccauthreply_processorresponse=7**05nd 2706 decision=reject reasoncode=203 ccauthreply_processorresponse=7**06nd 2707 decision=reject reasoncode=203 ccauthreply_processorresponse=7**07nd 2708 decision=reject reasoncode=203 ccauthreply_processorresponse=7**08nd 2709 decision=reject reasoncode=203 ccauthreply_processorresponse=7**09nd 2710 decision=reject reasoncode=203 ccauthreply_processorresponse=7**10nd 2711 decision=reject reasoncode=203 ccauthreply_processorresponse=7**11nd 2715 decision=reject reasoncode=203 ccauthreply_processorresponse=7**15nd 2797 decision=reject reasoncode=203 ccauthreply_processorresponse=7**97nd 118 CyberSource Corporation

127 Appendix H Using the Testing Simulator Table 29 FDMS South Error Triggers (Continued) Amount to Use Expected Response 2799 decision=reject reasoncode=203 ccauthreply_processorresponse=7**99nd FDMS South Visa AVS Triggers Table 30 FDMS South Visa AVS Triggers Amount to Use Expected Response 2200 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=s ccauthreply_avscoderaw= decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=y ccauthreply_avscoderaw=y 2202 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=a ccauthreply_avscoderaw=a 2203 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=z ccauthreply_avscoderaw=z Business Center Simple Order API User s Guide May

128 FDMS South Testing Information Table 30 FDMS South Visa AVS Triggers (Continued) Amount to Use Expected Response 2204 decision=reject reasoncode=200 ccauthreply_processorresponse=0 ccauthreply_avscode=n ccauthreply_avscoderaw=n 2205 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw= decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=e ccauthreply_avscoderaw=e 2207 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=r ccauthreply_avscoderaw=r 2208 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw=u 2209 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=y ccauthreply_avscoderaw=y 120 CyberSource Corporation

129 Appendix H Using the Testing Simulator Table 30 FDMS South Visa AVS Triggers (Continued) Amount to Use Expected Response 2240 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=b ccauthreply_avscoderaw=b 2241 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=c ccauthreply_avscoderaw=c 2242 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=d ccauthreply_avscoderaw=d 2243 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=i ccauthreply_avscoderaw=i 2244 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=m ccauthreply_avscoderaw=m 2245 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=p ccauthreply_avscoderaw=p Business Center Simple Order API User s Guide May

130 FDMS South Testing Information Table 30 FDMS South Visa AVS Triggers (Continued) Amount to Use Expected Response 2246 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=2 ccauthreply_avscoderaw=& 2247 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=d ccauthreply_avscoderaw=f FDMS South MasterCard AVS Triggers Table 31 FDMS South MasterCard AVS Triggers Amount to Use Expected Response 2210 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=s ccauthreply_avscoderaw= decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=x ccauthreply_avscoderaw=x 2212 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=y ccauthreply_avscoderaw=y 122 CyberSource Corporation

131 Appendix H Using the Testing Simulator Table 31 FDMS South MasterCard AVS Triggers (Continued) Amount to Use Expected Response 2213 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=z ccauthreply_avscoderaw=z 2214 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=w ccauthreply_avscoderaw=w 2215 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw= decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=z ccauthreply_avscoderaw=z 2217 decision=reject reasoncode=200 ccauthreply_processorresponse=0 ccauthreply_avscode=n ccauthreply_avscoderaw=n 2218 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw=u Business Center Simple Order API User s Guide May

132 FDMS South Testing Information Table 31 FDMS South MasterCard AVS Triggers (Continued) Amount to Use Expected Response 2219 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw= decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=r ccauthreply_avscoderaw=r 2221 decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=s ccauthreply_avscoderaw=s FDMS South American Express AVS Triggers Table 32 FDMS South American Express AVS Triggers Amount to Use Expected Response decision=accept ccauthreply_processorresponse=0 ccauthreply_avscode=y ccauthreply_avscoderaw=y 2223 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=n ccauthreply_avscoderaw=n 124 CyberSource Corporation

133 Appendix H Using the Testing Simulator Table 32 FDMS South American Express AVS Triggers (Continued) Amount to Use Expected Response 2224 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=a ccauthreply_avscoderaw=a 2225 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw= decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=z ccauthreply_avscoderaw=z 2227 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=r ccauthreply_avscoderaw=r 2228 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw=u 2229 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw=9 Business Center Simple Order API User s Guide May

134 FDMS South Testing Information Table 32 FDMS South American Express AVS Triggers (Continued) Amount to Use Expected Response 2230 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=s ccauthreply_avscoderaw=s FDMS South Discover AVS Triggers Table 33 FDMS South Discover AVS Triggers Amount to Use Expected Response 2231 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=y ccauthreply_avscoderaw=a 2232 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=a ccauthreply_avscoderaw=y 2233 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=z ccauthreply_avscoderaw=z 2234 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=n ccauthreply_avscoderaw=n 126 CyberSource Corporation

135 Appendix H Using the Testing Simulator Table 33 FDMS South Discover AVS Triggers (Continued) Amount to Use Expected Response 2235 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw= decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw=g 2237 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw=w 2238 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw=u 2239 decision=reject reasoncode=520 ccauthreply_processorresponse=0 ccauthreply_avscode=u ccauthreply_avscoderaw=9 Business Center Simple Order API User s Guide May

136 FDMS South Testing Information FDMS South CVV Triggers Table 34 FDMS South CVV Triggers Amount to Use 2100 and card_cvnumber = and card_cvnumber = and card_cvnumber = and card_cvnumber = and card_cvnumber = 5555 Expected Response decision=accept ccauthreply_processorresponse=0 ccauthreply_cvcode=m ccauthreply_cvcoderaw=m decision=reject reasoncode=230 ccauthreply_processorresponse=0 ccauthreply_cvcode=n ccauthreply_cvcoderaw=n decision=accept ccauthreply_processorresponse=0 ccauthreply_cvcode=p ccauthreply_cvcoderaw=p decision=accept ccauthreply_processorresponse=0 ccauthreply_cvcode=u ccauthreply_cvcoderaw=u decision=accept ccauthreply_processorresponse=0 ccauthreply_cvcode=s ccauthreply_cvcoderaw=s 128 CyberSource Corporation

137 Appendix H Using the Testing Simulator Table 34 FDMS South CVV Triggers (Continued) Amount to Use 2100 and card_cvnumber = and card_cvnumber = 7777 Expected Response decision=accept ccauthreply_processorresponse=0 ccauthreply_cvcode=i ccauthreply_cvcoderaw=i decision=accept ccauthreply_processorresponse=0 ccauthreply_cvcode=2 ccauthreply_cvcoderaw=& Paymentech Testing Information This section includes: Paymentech Error Triggers Paymentech AVS Triggers Paymentech CVV Triggers Paymentech Error Triggers Table 35 Paymentech Error Triggers Amount to Use 1 and any amount not listed in this table 1500 ($1001 amount < $2000) Expected Response decision=accept ccauthreply_processorresponse=100 decision=reject reasoncode=203 ccauthreply_processorresponse=303 Business Center Simple Order API User s Guide May

138 Paymentech Testing Information Table 35 Paymentech Error Triggers (Continued) Amount to Use Expected Response 2000 decision=error reasoncode=150 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=234 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= CyberSource Corporation

139 Appendix H Using the Testing Simulator Table 35 Paymentech Error Triggers (Continued) Amount to Use Expected Response 2234 decision=reject reasoncode=233 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=234 ccauthreply_processorresponse= decision=reject reasoncode=234 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=234 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse=251 Business Center Simple Order API User s Guide May

140 Paymentech Testing Information Table 35 Paymentech Error Triggers (Continued) Amount to Use Expected Response 2252 decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= decision=reject reasoncode=210 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= decision=reject reasoncode=201 ccauthreply_processorresponse= decision=reject reasoncode=201 ccauthreply_processorresponse= decision=reject reasoncode=205 ccauthreply_processorresponse= CyberSource Corporation

141 Appendix H Using the Testing Simulator Table 35 Paymentech Error Triggers (Continued) Amount to Use Expected Response 2502 decision=reject reasoncode=205 ccauthreply_processorresponse= decision=reject reasoncode=209 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=204 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=204 ccauthreply_processorresponse= decision=reject reasoncode=202 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=211 ccauthreply_processorresponse=531 Business Center Simple Order API User s Guide May

142 Paymentech Testing Information Table 35 Paymentech Error Triggers (Continued) Amount to Use Expected Response 2570 decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=208 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= CyberSource Corporation

143 Appendix H Using the Testing Simulator Table 35 Paymentech Error Triggers (Continued) Amount to Use Expected Response 2802 decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=209 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= decision=reject reasoncode=234 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse=904 Business Center Simple Order API User s Guide May

144 Paymentech Testing Information Paymentech AVS Triggers Table 36 Paymentech AVS Triggers Amount to Use Expected Response 2835 decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=e ccauthreply_avscoderaw=ie ccauthreply_authorizationcode= decision=reject reasoncode=200 ccauthreply_processorresponse=100 ccauthreply_avscode=n ccauthreply_avscoderaw=i8 ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=r ccauthreply_avscoderaw=is ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=u ccauthreply_avscoderaw=iu ccauthreply_authorizationcode= CyberSource Corporation

145 Appendix H Using the Testing Simulator Table 36 Paymentech AVS Triggers (Continued) Amount to Use Expected Response 2839 decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=u ccauthreply_avscoderaw=id ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=w ccauthreply_avscoderaw=i2 ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=y ccauthreply_avscoderaw=i3 ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=z ccauthreply_avscoderaw=i4 ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=a ccauthreply_avscoderaw=i5 ccauthreply_authorizationcode= Business Center Simple Order API User s Guide May

146 Paymentech Testing Information Table 36 Paymentech AVS Triggers (Continued) Amount to Use Expected Response 2844 decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=g ccauthreply_avscoderaw=ig ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=2 ccauthreply_avscoderaw=xx ccauthreply_authorizationcode= decision=reject reasoncode=200 ccauthreply_processorresponse=100 ccauthreply_avscode=n ccauthreply_avscoderaw=i6 ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=a ccauthreply_avscoderaw=i7 ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=u ccauthreply_avscoderaw=n1 ccauthreply_authorizationcode= CyberSource Corporation

147 Appendix H Using the Testing Simulator Table 36 Paymentech AVS Triggers (Continued) Amount to Use Expected Response 2849 decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=e ccauthreply_avscoderaw=n2 ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=d ccauthreply_avscoderaw=ia ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=b ccauthreply_avscoderaw=ib ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=c ccauthreply_avscoderaw=ic ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=p ccauthreply_avscoderaw=ip ccauthreply_authorizationcode= Business Center Simple Order API User s Guide May

148 Paymentech Testing Information Table 36 Paymentech AVS Triggers (Continued) Amount to Use Expected Response 2860 decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=x ccauthreply_avscoderaw=i1 ccauthreply_authorizationcode= and billto_country=fr decision=accept ccauthreply_processorresponse=100 ccauthreply_avscode=1 ccauthreply_avscoderaw= ccauthreply_authorizationcode= Paymentech CVV Triggers Table 37 Paymentech CVV Triggers Amount to Use 1 and card_cvnumber = and card_cvnumber = 2222 Expected Response decision=accept ccauthreply_processorresponse=100 ccauthreply_cvcode=m ccauthreply_cvcoderaw=m ccauthreply_authorizationcode= decision=reject reasoncode=230 ccauthreply_processorresponse=100 ccauthreply_cvcode=n ccauthreply_cvcoderaw=n ccauthreply_authorizationcode= CyberSource Corporation

149 Appendix H Using the Testing Simulator Table 37 Paymentech CVV Triggers (Continued) Amount to Use 1 and card_cvnumber = and card_cvnumber = and card_cvnumber = and card_cvnumber = and card_cvnumber = 7777 Expected Response decision=accept ccauthreply_processorresponse=100 ccauthreply_cvcode=p ccauthreply_cvcoderaw=p ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_cvcode=s ccauthreply_cvcoderaw=s ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_cvcode=u ccauthreply_cvcoderaw=u ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_cvcode=i ccauthreply_cvcoderaw=i ccauthreply_authorizationcode= decision=accept ccauthreply_processorresponse=100 ccauthreply_cvcode=2 ccauthreply_cvcoderaw=& ccauthreply_authorizationcode= Business Center Simple Order API User s Guide May

150 Vital Testing Information Vital Testing Information This section includes: Vital Error Triggers Vital AVS Triggers Vital CVV Triggers Vital Error Triggers Table 38 Vital Error Triggers Amount to Use 1000 ($1 αmount < $1001) 1500 ($1001 amount < $2000) Expected Response decision=accept ccauthreply_processorresponse=00 decision=reject reasoncode=203 ccauthreply_processorresponse= decision=error reasoncode=250 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= CyberSource Corporation

151 Appendix H Using the Testing Simulator Table 38 Vital Error Triggers (Continued) Amount to Use Expected Response 2051 decision=reject reasoncode=204 ccauthreply_processorresponse= decision=reject reasoncode=201 ccauthreply_processorresponse= decision=reject reasoncode=201 ccauthreply_processorresponse= decision=reject reasoncode=234 ccauthreply_processorresponse= decision=reject reasoncode=205 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=205 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=205 ccauthreply_processorresponse= decision=reject reasoncode=205 ccauthreply_processorresponse=43 Business Center Simple Order API User s Guide May

152 Vital Testing Information Table 38 Vital Error Triggers (Continued) Amount to Use Expected Response 2079 decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=202 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= CyberSource Corporation

153 Appendix H Using the Testing Simulator Table 38 Vital Error Triggers (Continued) Amount to Use Expected Response 2076 decision=error reasoncode=150 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=233 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse=53 Business Center Simple Order API User s Guide May

154 Vital Testing Information Table 38 Vital Error Triggers (Continued) Amount to Use Expected Response 2075 decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=236 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=reject reasoncode=203 ccauthreply_processorresponse= decision=error reasoncode=150 ccauthreply_processorresponse= decision=reject reasoncode=231 ccauthreply_processorresponse= decision=reject reasoncode=204 ccauthreply_processorresponse=n decision=reject reasoncode=203 ccauthreply_processorresponse=n decision=reject reasoncode=211 ccauthreply_processorresponse=n7 146 CyberSource Corporation

155 Appendix H Using the Testing Simulator Table 38 Vital Error Triggers (Continued) Amount to Use Expected Response 2089 decision=reject reasoncode=233 ccauthreply_processorresponse=ea 2090 decision=reject reasoncode=233 ccauthreply_processorresponse=eb 2098 decision=reject reasoncode=233 ccauthreply_processorresponse=ec Vital AVS Triggers Table 39 Vital AVS Triggers Amount to Use Expected Response 2101 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=x ccauthreply_avscoderaw=x 2102 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=y ccauthreply_avscoderaw=y 2103 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=a ccauthreply_avscoderaw=a Business Center Simple Order API User s Guide May

156 Vital Testing Information Table 39 Vital AVS Triggers (Continued) Amount to Use Expected Response 2104 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=w ccauthreply_avscoderaw=w 2105 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=z ccauthreply_avscoderaw=z 2106 decision=reject reasoncode=200 ccauthreply_processorresponse=00 ccauthreply_avscode=n ccauthreply_avscoderaw=n 2107 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=u ccauthreply_avscoderaw=u 2108 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=r ccauthreply_avscoderaw=r 2109 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=e ccauthreply_avscoderaw=e 148 CyberSource Corporation

157 Appendix H Using the Testing Simulator Table 39 Vital AVS Triggers (Continued) Amount to Use Expected Response 2110 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=s ccauthreply_avscoderaw=s 2111 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=g ccauthreply_avscoderaw=g 2112 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=b ccauthreply_avscoderaw=b 2113 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=c ccauthreply_avscoderaw=c 2114 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=d ccauthreply_avscoderaw=d 2115 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=i ccauthreply_avscoderaw=i Business Center Simple Order API User s Guide May

158 Vital Testing Information Table 39 Vital AVS Triggers (Continued) Amount to Use Expected Response 2116 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=m ccauthreply_avscoderaw=m 2117 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=p ccauthreply_avscoderaw=p 2118 decision=accept ccauthreply_processorresponse=00 ccauthreply_avscode=2 ccauthreply_avscoderaw=& Vital CVV Triggers Table 40 Vital CVV Triggers Amount to Use 2100 and card_cvnumber = and card_cvnumber = 2222 Expected Response decision=accept ccauthreply_processorresponse=00 ccauthreply_cvcode=m ccauthreply_cvcoderaw=m decision=reject reasoncode=230 ccauthreply_processorresponse=100 ccauthreply_cvcode=n ccauthreply_cvcoderaw=n 150 CyberSource Corporation

159 Appendix H Using the Testing Simulator Table 40 Vital CVV Triggers (Continued) Amount to Use 2100 and card_cvnumber = and card_cvnumber = and card_cvnumber = and card_cvnumber = and card_cvnumber = 7777 Expected Response decision=accept ccauthreply_processorresponse=00 ccauthreply_cvcode=p ccauthreply_cvcoderaw=p decision=accept ccauthreply_processorresponse=00 ccauthreply_cvcode=u ccauthreply_cvcoderaw=u decision=accept ccauthreply_processorresponse=00 ccauthreply_cvcode=s ccauthreply_cvcoderaw=s decision=accept ccauthreply_processorresponse=00 ccauthreply_cvcode=i ccauthreply_cvcoderaw=i decision=accept ccauthreply_processorresponse=00 ccauthreply_cvcode=2 ccauthreply_cvcoderaw=& Business Center Simple Order API User s Guide May

160 Vital Testing Information 152 CyberSource Corporation

161 Index Symbols $0 authorization 6 A ACCEPT decision 13 American Express 4 authorizations described 2 for $0 6 reply fields 23 request fields 17 requesting 15 AVS API for 15 codes 53 described 4 B bill payment 17, 62 C capture with verbal auth 16 captures described 2 in Business Center 26 reply fields 60 request fields 58 through API 57 card verification number API for 15 described 4 changes to document vii check authorization consent 31 checks. See electronic checks clients 9 Concord EFS 4 consent statement 31 credits in Business Center 27 through API 61 D decisions 13 declines 6 Developer Center 9 Diners Club 3, 4 Discover 4 E electronic checks 31 corporate checks 32 credits through API 71 example request and reply 43 payments 31 refunds in Business Center 41 ERROR decision 13 errors, described 13 examples replies 14 request 12 F FDMS Nashville 4, 5 FDMS South 4, 5, 6 forced capture 16 Business Center Simple Order API User s Guide May

162 G V fraud 4 freight amount 11 G going live 27 grand total amount 11 H Hosted Order Page 1 I ignoring AVS and CV 66 invalid fields 29 items described 10 numbering in XML API 97 L Level II 81 Level III 79 M MasterCard 3, 4, 79 MasterCard SecureCode 67 missing fields 29 N numbered items in XML API 97 O order identifiers 29 order number 29 P payer authentication 67 Payment Events Report 41 Paymentech 4, 5 product codes 45 R reason codes 50 described 13 listed 47 reconciliation ID 29 reconciling orders 29 refunds in Business Center 27 through API 61 REJECT decision 13 replies described 10 example 14 request ID 29 requests described 10 example 12 returned check fees table 31 S sale, processing through API 66 Smart Authorization API for 16 described 5 result codes 55 settings 4 special characters in fields 11 SSL 1, 9 state returned check fees table 31 syntax of fields 11 T tax amount for order 11 testing 25 total tax amount 11 U USA PATRIOT Act compliance 6 V verbal authorization 57 Verified by Visa 67 Virtual Terminal CyberSource Corporation

163 Index Visa 4, 17, 53, 62, 67, 79 Vital 4, 5, 6 W Web Services API 10 X XML API 1, 95 Z zero-dollar authorization 6 Business Center Simple Order API User s Guide May

164 Z Z 156 CyberSource Corporation