Batch Processing. Specification. Version SIX Payment Services

Transcription

1 Batch Processing Specification Version SIX Payment Services

2 Contents 1 Introduction Requirements Security and PCI DSS Other Information Supported Payment Means Format Information Conventions File Names CustomerID File Identifier (FileID) File Transfer Input File Format Input File Parameters and Descriptions Parameter Description TERMINALID ORDERID PAN DOCREDIT TIMEDATE Card Security Number D Secure Parameters ECI, XID, CAVV Recurring MANDATEID IBAN Example for payment record sets Identifying Duplicate Entries Output file Processed Record Set Incorrect entry in the output file RESULT values Sample output file Output file if Batch Processing is processed automatically Automation Upload Download Examples Upload via HTML Form Download via HTML Form Upload via Visual Basic Script Download via Visual Basic Script Contact Saferpay Integration Team Saferpay Support Team Saferpay Batch Processing Page 2

3 1 Introduction This document describes the Saferpay Batch Processing, a service allowing the processing of credit card and German electronic direct debit (ELV) payments via a batch file. 1.1 Requirements The following conditions must be fulfilled to use the batch processing: A corresponding license and with that an existing Saferpay account with login and password At least one active Saferpay terminal via which payments can be processed. The corresponding TERMINALID respectively the ACCOUNTID must be available. The format of the Data Set and the name of the input file must correspond to the format described in this document 1.2 Security and PCI DSS Although the Saferpay system meets the PCI DSS (Payment Card Industry Data Security Standard) requirements and is inspected regularly to verify compliance, you are encouraged to apply the following rules when using Saferpay Batch Processing. When using Saferpay Batch Processing, credit card data is entered in the input file and uploaded from your system to Saferpay. You should ensure that you comply with the security requirements of your card-accepting bank (acquirer) concerning the handling of credit card data. We recommend you use the Saferpay Secure Card Data Service in combination with Saferpay Batch Processing in order to significantly reduce the expense for the PCI DSS review of the merchant system. This service allows you to process transmit and store the credit card data directly in the secure Saferpay computer centre and no longer on the merchant system. For more information, please contact the Saferpay technical support team or customer service department. Processing of the card security number (also called CVC2, CVV2, CID or 4DBC) is optional. Please note, that according to PCI DSS regulation, the card security number is part of the confidential card data that may only be stored temporarily. Due to PCI DSS regulation the processing of magnetic stripe data is no longer possible via Batch Processing. If you have any questions regarding PCI DSS, please contact your acquirer or a qualified security provider (see Saferpay Batch Processing Page 3

4 1.3 Other Information Please note the following points: Uploaded files are processed within one day (24 hours) for the card companies. The Saferpay Batch Processing is designed for not time critical payments and not for online authorizations in real time or seconds. For time critical authorizations we recommend the use of the Saferpay Client API. In order to ensure a smooth processing we recommend to process not more than 500 transactions per file. Since acquires reject non-authorized transactions all transactions are authorized in a first step before being transmitted for further processing. 1.4 Supported Payment Means The Saferpay Batch Processing currently allows the processing of transactions for the following payment means: Visa MasterCard American Express Diners Club J.C.B. ELV electronic direct debit (Germany only) 1.5 Format Information The following abbreviations for format information are used in this document: a letters (a - z, A - Z) n numeric characters (0-9) an alphanumeric characters (a - z, A - Z, 0-9) s special characters (:?,-(+.)/ and space) ans alphanumeric and special characters Saferpay Batch Processing Page 4

5 2 Conventions 2.1 File Names The name of the file to be processed starts with the Saferpay CustomerID followed by a dash and the unique file identifier and ends with the file extension.in. Syntax: CustomerID-FileID.IN 2.2 CustomerID Die CustomerID currently consists of 5 or 6 digits. This could change in the future. 2.3 File Identifier (FileID) The File identifier has to be unique and is defined as follows: length: variable 1-40 characters permitted characters: 0-9, A-Z, a-z, - (dash), _ (underscore) no distinction is made between uppercase and lowercase Examples (FileID in italics): IN IN abcd5523.IN CA4DD53A-C1BB-4378-A7EB-4AB7AA6729D9.IN 2.4 File Transfer The files are transferred between the sender and the Saferpay system via a secure SSL connection (https) from the Saferpay Backoffice. An address can be stored to get a message when the file processing is finished. Saferpay Batch Processing Page 5

6 2.5 Input File Format The information required for uploading is saved in a text file. The following rules are to be respected in this context: Parameters are separated by a comma (ASCII 0x44) each line must terminate with a line separator CR or CRLF Incorrectly formatted lines are rejected with the error code ICCTERR in the output file. It is the responsibility of the sender to correct the format and resubmit the file. Saferpay Batch Processing Page 6

7 3 Input File 3.1 Parameters and Descriptions If not marked as Optional all parameters are mandatory. Position Parameter Format Description 1 RECORDTYPE an[7] File record type, must always be ICCT100 2 TERMINALID n[8] Saferpay Terminal ID to be used for the transaction. The Terminal ID is assigned by the Saferpay system and is part of the Saferpay Account ID 3 ORDERID an[..30] Optional Sender s reference number. Processing-specific restrictions exist (see 3.2.2) 4 PAN ans [..50] Optional The card number (primary account number), see separate format description (3.2.3) for use of the card reference number via the Secure Card Data service. Cannot used together with IBAN. For card reference number: CARDREFID:nnnn 5 EXPMONTH n[..2] Optional, if CARDREFID is set Card expiry month. {1, 2,., 12} or {01, 02,., 12} 6 EXPYEAR n[2] or n[4] Optional, if CARDREFID is set Card expiry year. {00, 01,.., 11} oder {2000, 2001,.., 2011} 7 CARDDATA a[1] Optional A = Card was read by a reader (card number only is read) M = Card number was entered manually 8 AMOUNT n[..12] Amount in the smallest currency unit. Only digits (integer) and no decimal points (12, ) are allowed. 9 CURRENCY a[3] Currency in ISO 4217 code. (EUR, CHF, USD,...) 10 AUTHCODE an[..50] Reserved Field Authorization code: no longer required since now all transactions are authorized. 11 DOCREDIT n[1] 0 = Debit (amount is charged to the cardholder) 1 = Credit (amount is refunded to the cardholder refund not possible for german direct debit) 12 DOAUTHOR n[1] Carry out authorization; Since all transactions are authorized first before being entered the value must always be 1. Saferpay Batch Processing Page 7

8 Position Parameter Format Beschreibung 13 TIMEDATE n[12] n[14] 14 CVC n[3] or n[4] Optional 1 Date and time of booking with format YYYYMMDDhhmm or YYYYMMDDhhmmss. If the seconds (ss) are not entered, Batch Processing sets ss = 00. TIMEDATE is only evaluated internally by Batch Processing 3- or 4-digit card security number, also known as: CID/4DBC (American Express) CVC (MasterCard) CVV2 (Visa) CAV (JCB) 15 ECI n[1] Optional Electronic Commerce Indicator Required to identify 3-D Secure transactions ( Verified by Visa, MasterCard SecureCode, American Express SafeKey ): 0 = Internet payment without liability shift 1 = 3-D Secure payment with authentication 16 CAVV ans[28] Optional 17 XID ans[28] Optional 18 RECURRING a[1] Optional 19 REFID ans[28] Optional 20 MANDATEID ans[..35] Optional 21 IBAN an[22] Optional 2 = 3-D Secure payment, card does not participate in the procedure Authentication code for 3-D Secure transaction, as supplied by Merchant Plug In (MPI) ID for 3-D Secure transaction, as supplied by Merchant Plug In (MPI) Tagging for recurring transactions. Possible value is R to tag the transaction as recurring, e.g. for subscription. Transaction identifier ID of the initial payment for recurring payments. Mandate reference for German direct debit (ELV) payments. IBAN for German direct debit (ELV) payments. Cannot used together with PAN. 1 The acquirer may require the presence of a card security number Saferpay Batch Processing Page 8

9 3.2 Parameter Description TERMINALID The Saferpay TERMINALID represents a Saferpay terminal. You will find the Saferpay TERMINALID in the Saferpay Backoffice under Administration Accounts. A Saferpay ACCOUNTID consists of the customer ID, dash (-) and TERMINALID; e.g , where is the customer ID and the TERMINALID ORDERID The order ID serves to identify payments in order to enable the merchant to assign the transactions to the correct orders at a later time. The ORDERID is forwarded to the card processor (merchant bank) and is generally listed in the merchants settlement note. Only numbers (ASCII 0x30...0x39), uppercase letters (0x41...0x5A), lowercase letters (0x61...0x7A) and - and _ (0x2D and 0x5F) are accepted. Correct processing cannot be guaranteed if other characters are transmitted. The maximum number of digits varies from processor to processor. In most cases 12 digits has proven to be a good value PAN This field contains the card number, bank details or other identification number for a payment request. Credit card: For credit cards, the manually entered card number must be stated. The card expiry date is to be transmitted with the fields EXPMONTH and EXPYEAR. If a card reference number (CARDREFID) is to be processed, the text CARDREFID: (complete with colon) must precede the card reference number. Examples: Data Visa credit card Card reference number = Value of PAN CARDREFID: DOCREDIT Specifies whether the customer is to be debited (= 0 for booking) or credited (= 1 for refund). Refunds are only possible for credit card transactions TIMEDATE This field contains the time of booking in the format YYYYMMDDhhmmss (14 digits), where YYYY = {2000,, 2999} MM = {01, 02,, 12} DD = {01, 02,, 31} hh = {00, 01,, 24} mm = {00, 01,, 59} ss = {00, 01,., 59} Alternatively the format YYYYMMDDhhmm with 12 digits is also valid and can be used. Internally the Batch Processing then sets the seconds as ss = 00. Saferpay Batch Processing Page 9

10 3.2.6 Card Security Number According to the rules of the credit card organizations, the card security number (CVC, CVV2, CID, 4DBC) is to be kept strictly confidential. You are advised to always respect this concerning security requirements. For more information please contact your acquirer D Secure Parameters ECI, XID, CAVV In Accordance with your acquirer it might be possible to process 3-D Secure payments via the Saferpay Batch Processing. Such payments are only possible with cards which have previously had successful ecommerce transactions processed in the merchant s webshop. In addition to the card data the 3-D Secure parameters ECI, XID and CAVV of the previous payment are required Recurring With these fields transactions can be tagged with value R as recurring payments. The consecutive payment additionally references to the transaction identifier (ID) of the initial payment by using parameter REFID. Please contact your acquirer for information if recurring transactions must be tagged or not MANDATEID This field contains the SEPA mandate reference of a German direct debit (ELV) payment IBAN This field contains the International Bank Account Number. Saferpay Batch Processing Page 10

11 3.3 Example for payment record sets ICCT100, ,TEST1, ,12,15,M,1000,EUR,,0,1, ICCT100, ,TEST2, ,12,15,M,550,EUR,,0,1, ,442 ICCT100, ,TEST3, ,12,15,M,105.00,EUR,,0,1, ICCT100, ,TEST4, ,12,2015,M,1050,EUR,,1,1, ICCT100, ,TEST5, ,12,2015,M,1120,EUR,,0,1, ,,1,AA ABCEkCYQABA314UQJhAAAAAAA=,DmZAXgVCNWAOAQN3AwAFWgN9CQM= ICCT100, ,TEST6, ,12,10,M,1000,EUR,,0,1, ICCT100, ,TEST7,CARDREFID: ,02,15,M,670,EUR,,0,1, ICCT100, ,TEST8,,,M,1009,EUR,,0,1, ,,,,,,MyMandateID,DE Explanation: Line 1: Authorization and booking. Line 2: Authorization, booking, card data with card security number. Line 3: Incorrect, the amount must be entered without a decimal point. Line 4: Credit (refund to cardholder). Line 5: MasterCard SecureCode payment with ECI=1, CAVV and XID. Line 6: Incorrect, card already expired. Line 7: Booking, card reference number (CARDREFID) is used. Line 8: Booking, payment by direct debit. 3.4 Identifying Duplicate Entries The Batch Processing checks the transactions for duplicate entries. If an input transaction has the same values for TERMINALID, ORDERID, PAN, EXPMONTH, EXPYEAR, AMOUNT, CURRENCY, DOCREDIT and TIMEDATE as an already processed transaction, it is identified as a duplicate and returned with the following error text: Double Transaction - Transaction in LineNumber x has already been processed. To ensure that transactions are distinct at least within one field, TIMEDATE may optionally be stated down to the second (14 digits, the year always has four digits). If no seconds are stated, File Import sets the seconds to 00. TIMEDATE is only used internally by the batch import. It is recommended to assure the distinctness of transactions via the use of a unique timestamp for each transaction SIX Payment Services

12 4 Output file For each file uploaded the sender receives an output file with the same file name as the input file but suffixed with the file ID.OUT Every data record is checked for format correctness. If the format check succeeds the record is processed and the.out file entry will contain RECORDTYPE ICCT101. If the check fails the corresponding entry will contain RECORDTYPE ICCTERR. 4.1 Processed Record Set For each processed record set of the input file (ICCT100) the output file contains a corresponding response record set (ICCT101) with result and transaction identifier. Position Parameter Format Description 1 RECORDTYPE an[7] Always contains the value ICCT TERMINALID n[8] Saferpay terminal ID of the transaction. 3 ORDERID an[..30] Optional Sender reference number if stated in the input file. 4 RESULT n[3] = 0 Transaction successful. 0 Error code. 5 ID ans[50] Transaction ID in Saferpay: 6 AUTHCODE an[..50] Optional currently limited to max. 50 characters. Authorization code of the processor. 7 TIMEDATE n[12] Date and time of authorization with format YYYYMMDDhhmm 8 AUTHRESULT n[2] Optional 9 MANDATEID ans[..35] Optional Processor reply code; only returned if RESULT contains the value 65. The reply codes may have different meanings, depending on the processor. Mandate reference for German direct debit (ELV) payments.. Saferpay Batch Processing Page 12

13 4.2 Incorrect entry in the output file If a data record in the input file fails the format verification check, the output file contains an ICCTERR message in the corresponding line of the output file. Position Parameter Format Description 1 RECORDTYPE an[7] Always contains the value ICCTERR. 2 TERMINALID n[8] Saferpay Terminal ID of the transaction. 3 ORDERID an[..30] Optional Sender reference number if stated in the input file. 4 TIMEDATE n[12] Timestamp of the format check. Format: YYYYMMDDhhmm 5 FIELDINDEX n[2] Position of the incorrect field in the record of the input file. 6 FIELDNAME a[ ] Name of the incorrect field in the record of the input file. 7 MESSAGE ans[ ] Optional Additional description. Sample error entries: ICCTERR, ,test11, ,1,RecordType,Double Transaction - Transaction in LineNumber 1 has already processed ICCTERR, ,test12, ,13,TimeDate,DateTime length is wrong: 0 ICCTERR, ,test13, ,8,Amount,Amount is not numeric ICCTERR, ,test14, ,2,TerminalID,User has no access for TerminalId: ICCTERR, ,test15, ,5,ExpMonth,ExpMonth is out of range ICCTERR, ,test16, ,6,ExpYear,Card is expired:1204 ICCTERR, ,test17, ,4,CardNumber, No CardNumber found for this CardRefId. ICCTERR, ,test18, ,13,TimeDate,DateTime length is wrong: 13 Saferpay Batch Processing Page 13

14 4.3 RESULT values A transaction has only been processed successfully when RESULT=0 is returned. Any different return value for RESULT indicates an error. Value Message Description 61 Invalid card The card is invalid (plausibility check). 62 Invalid date The expiry date is invalid. 63 Card expired The card has expired; Is no longer valid. 64 Unknown card The card is unknown; the card could not be assigned to a card type. 65 Authorization declined The card processor has rejected the transaction. The AUTHRESULT field contains processor-specific details explaining the reasons. 67 No contract available There is no active contract for the concerned payment mean or currency for the terminal. 83 Invalid currency Invalid currency code. 84 Invalid amount The amount is invalid. 104 PAN blacklist Card is blacklisted by Saferpay Risk Management. 105 Card country not white listed Card issuer country is not included in the Saferpay Risk Management white list. 114 CVC mandatory The card security number must be entered 4.4 Sample output file ICCT101, ,TEST1,0,6bf9e707a9e64938b7e4612b2bcb,074869, ICCT101, ,TEST2,0,9bd5f26175a14cd1bd839dc81fa3,862777, ICCTERR, ,TEST3, ,8,Amount,Amount is not numeric: ICCT101, ,TEST4,0,682dab8de6614ae4bb15d83e94bc,, ICCT101, ,TEST5,0,12d693de415f425a919ba4aea4f3,124865, ICCTERR, ,TEST6, ,6,ExpYear,Card is expired: 1204 ICCT101, ,TEST7,0,96c0fe28e09d40b3b98248a4ac54,395000, ICCT101, ,TEST8,67,74301cbe-87ca-4e3c-aeb0-3223c9f69210,, Explanation: Line 1: Authorization and booking, successfully processed and stored. Line 2: Authorization and booking, successfully processed and stored. Line 3: Transaction rejected by Batch Processing, with error code. Line 4: Refund (credit), successfully processed. Line 5: Transaction with reference number, successfully processed. Line 6: Transaction rejected by Batch Processing, with error code. Line 7: Authorization and booking with use of CARDREFID, successful. Line 8: Request rejected, reply code 67 (no contract available). Saferpay Batch Processing Page 14

15 4.5 Output file if Batch Processing is processed automatically If Batch Processing is processed automatically via upload or download (cf. chapter 3) an additional result line appears at the end of the output file. In case of successful processing the result line looks like: ResultCode: 200 OK If the access is not granted because of an invalid user name the message ResultCode = 401 Unauthorized is returned: SIX Payment Services

16 5 Automation File Import can be automated via the Saferpay website. Uploading and downloading are SSL encrypted with https. For the automated use of the Saferpay Batch Processing a login and password are required. According to the PCI DSS security regulations the upload and download files must be transmitted by POST. The GET method is not permitted! 5.1 Upload The file to be uploaded must be sent to the following Saferpay URL: The login data is transferred within hidden fields using the parameters spusername, sppassword and UAFState and CustomerID. Name Wert spusername contains the user ID, e.g. e sppassword UAFState contains the password associated with the user ID must always contain the value login CustomerID contains the customerid, e.g Download Output files can be downloaded from the following Saferpay URL: The login data is transferred within hidden fields using the parameters spusername, sppassword and UAFState and CustomerID. The filename is transmitted with the parameter Sequence. Name Wert spusername contains the user ID, e.g. e sppassword UAFState contains the password associated with the user ID. must always contain the value login CustomerID contains the customerid, e.g Sequence contains the filename Saferpay Batch Processing Page 16

17 6 Examples 6.1 Upload via HTML Form <html> <head><title>upload Example for Saferpay File Import</title></head> <body> <h2>upload Example for Saferpay File Import</h2> <form enctype="multipart/form-data" action=" method="post"> <input type="hidden" name="spusername" value="xxxxxxxxx"> <input type="hidden" name="sppassword" value="xxxxxxxxx"> <input type="hidden" name="uafstate" value="login"> <input type="hidden" name="customerid" value="xxxxxxxxx"> <h3><p>select file to upload:<br> <input type="file" size="50"</p></h3> <input type="submit" value="file Import"> </form> </body> </html> 6.2 Download via HTML Form <html> <head><title>download Example for Saferpay File Import</title></head> <body> <h2>download Example for Saferpay File Import</h2> <form enctype="multipart/form-data" action=" method="post"> <input type="hidden" name="spusername" value="xxxxxxxxx"> <input type="hidden" name="sppassword" value="xxxxxxxxx"> <input type="hidden" name="customerid" value="xxxxxxxxx"> <h3><p>file name:<br> <input type="text" length="30" name="sequence" value=""></p></h3> <input type="hidden" name="uafstate" value="login"> <input type="submit" value="download"> </form> </body> </html> Saferpay Batch Processing Page 17

18 6.3 Upload via Visual Basic Script 'Upload of file File = "xxxxxx" :Username = "xxxxxx" : Password = "xxxxxx" : CustomerID _ = "xxxxxx" : UAFState = "login" 'read file data Set fs = WScript.CreateObject("Scripting.FileSystemObject") Set rd = fs.opentextfile(file) : Content = "" do while rd.atendofstream <> true: Content = Content & rd.readline &_ vbcrlf : loop rd.close 'URL to Server URL = " 'needed for file upload Boundary = " xahbfgehj65jk7" ScriptBoundary = "--" & Boundary Set http = WScript.CreateObject("Microsoft.XMLHTTP") http.open "POST", URL, false http.setrequestheader "Content-Type", "multipart/form-data; boundary=" &_ Boundary 'send file content within boundary PostFieldsBody = ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""spusername"""& vbcrlf &_ vbcrlf & Username & vbcrlf & ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""sppassword"""& vbcrlf &_ vbcrlf & Password & vbcrlf & ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""customerid"""& vbcrlf &_ vbcrlf & CustomerID & vbcrlf & ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""uafstate"""& vbcrlf &_ vbcrlf & UAFState & vbcrlf & ScriptBoundary PostFileBody = vbcrlf & _ "Content-Disposition: form-data; name=""f1""; filename=""" & File &_ """" & vbcrlf & "Content-Type: text/plain" & vbcrlf & vbcrlf & _ Content & ScriptBoundary & "--" & vbcrlf http.send PostFieldsBody & PostFileBody 'wait until http received all data do while http.readystate <> 4 : DoEvents : loop 'clean objects Set rd = nothing Set fs = nothing Set http = nothing Saferpay Batch Processing Page 18

19 6.4 Download via Visual Basic Script 'download of file number FileNr = "xxxxxx" : Path = "xxxxxx" : Username = "xxxxxx" : Password =_ "xxxxxx" : CustomerID = "xxxxxx" : UAFState = "login" 'prepare url for download incl. login URL = " 'download file content Boundary = " xahbfgehj65jk7" ScriptBoundary = "--" & Boundary Set http = WScript.CreateObject("Microsoft.XMLHTTP") http.open "POST", URL, false http.setrequestheader "Content-Type", "multipart/form-data; boundary=" &_ Boundary 'send file content within boundary PostFieldsBody = ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""spusername"""& vbcrlf &_ vbcrlf & Username & vbcrlf & ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""sppassword"""& vbcrlf &_ vbcrlf & Password & vbcrlf & ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""customerid"""& vbcrlf &_ vbcrlf & CustomerID & vbcrlf & ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""uafstate"""& vbcrlf & vbcrlf &_ UAFState & vbcrlf & ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""sequence"""& vbcrlf & vbcrlf &_ FileNr & vbcrlf & ScriptBoundary & vbcrlf &_ "Content-Disposition: form-data; name=""path"""& vbcrlf & vbcrlf &_ Path & vbcrlf & ScriptBoundary http.send PostFieldsBody 'wait until http received all data do while http.readystate <> 4: DoEvents: loop 'write content to file Set fs = WScript.CreateObject("Scripting.FileSystemObject") Set wr = fs.createtextfile(path & CustomerID & "-" & FileNr &".out") wr.write http.responsetext wr.close 'clean objects Set wr = nothing Set fs = nothing Set http = nothing Saferpay Batch Processing Page 19

20 7 Contact 7.1 Saferpay Integration Team Do you have questions about this document or problems with the integration of Saferpay or do you need assistance? Then please contact our integration team: Saferpay Switzerland SIX Payment Services AG Hardturmstrasse Zürich Saferpay Europe SIX Payment Services (Germany) GmbH Langenhorner Chaussee Hamburg Saferpay Support Team Do you have questions about error messages or do you encounter problems with your running system? Then please contact our support team: Saferpay Switzerland SIX Payment Services AG Hardturmstrasse Zürich Saferpay Europe SIX Payment Services (Germany) GmbH Langenhorner Chaussee Hamburg The Saferpay team wishes you every success with your Saferpay e-payment solution! Saferpay Batch Processing Page 20