A typical 3D Secure transaction using TrustMarque s hosted MPI

Transcription

1 A typical 3D Secure transaction using Trustarque s hosted PI 1- Customer confirms his purchase. A form is posted to the merchant s commerce application (php, asp, jsp, cold fusion etc.) 2- erchant application requests via STLink for 3D Secure enrolment verification. (RequesType V) Customer's Bank Customer Browser INTERNET 1 STLink 2 erchant Commerce Application a. If enrolment response is successful (CHEnrolled = Y). See Step 3.

2 b. If enrolment verification failed based on the 3D Secure CHEnrolled value, the merchant sends an authorization as follows. CHEnrolled VISA astercard N U N/A erchant sends authorization request with 3D Secure fields. ECI: 06 CAV: N/A. SecureId: SecureId submitted to PI during enrolment verification. erchant sends authorization request with 3D Secure fields. ECI: 07 CAV: N/A. SecureId: SecureId submitted to PI during enrolment verification. erchant can decide to send authorization request with 3D Secure fields. ECI: 07 CAV: N/A. SecureId: SecureId submitted to PI during enrolment verification. erchant sends authorization request with 3D Secure fields. ECI: N/A CAV: N/A. SecureId: SecureId submitted to PI during enrolment verification. erchant sends authorization request with 3D Secure fields. ECI: N/A CAV: N/A. SecureId: SecureId submitted to PI during enrolment verification. erchant can decide to send authorization request with 3D Secure fields. ECI: N/A CAV: N/A. SecureId: SecureId submitted to PI during enrolment verification.

3 3- Enrolment response contains customers issuing bank URL. The merchant application instructs customer s browser to redirect to the provided URL. Note 1: This is typically done through hidden form fields and JavaScript that automatically posts the form to the bank URL. Note 2: The merchant session is reestablished as follows. When the merchant application instructs the browser to redirect, there are 2 hidden form fields TermUrl and D (erchant Data). The TermUrl tells the issuing bank where to PST back the results. The D field may contain any value the merchant may require to establish back the session. Before placing any sensitive data in the D field it must be encrypted. Customer's Bank Customer Browser INTERNET 1 3 STLink 2 erchant Commerce Application See Step 4.

4 4- Browser redirects to customer s issuing bank URL including the TermUrl and D fields. Customers attempt to authenticate themselves by answering their challenge question or entering their pin. Customer's Bank 4 Customer Browser INTERNET 1 3 STLink 2 erchant Commerce Application See Step 5.

5 5- Authentication result is posted back to merchant s commerce application. Note 1: In Step 3, one of the hidden form fields (TermUrl) contains a merchant assigned URL that is used to receive the authentication response. Note 2: The D field will also be posted back as a hidden form field. This is the data the merchant opted to include during Step 3. Customer's Bank 4 Customer Browser INTERNET STLink 2 erchant Commerce Application See Step 6.

6 6- erchant s application requests via STLink for validity of the authentication response. (RequesType A) a. If authentication succeeded (customer answered challenge correctly). See Step 7. b. If authentication failed based on the 3D Secure TXStatus value, the merchant may be able to send an authorization. Customer's Bank 4 Customer Browser INTERNET STLink 2 6 erchant Commerce Application

7 TXStatus VISA astercard N A U N/A erchant must not send authorization and decline customer s purchase. erchant sends authorization request with 3D Secure fields. ECI: 06 CAV: Send if available. SecureId: SecureId submitted to PI during enrolment verification. erchant can decide to send authorization. ECI: 07 CAV: N/A. SecureId: SecureId submitted to PI during enrolment verification. erchant must not send authorization and decline customer s purchase. erchant must not send authorization and decline customer s purchase. erchant sends authorization request with 3D Secure fields. ECI: 01 CAV: Send if available. SecureId: SecureId submitted to PI during enrolment verification. erchant can decide to send authorization. ECI: N/A CAV: N/A. SecureId: SecureId submitted to PI during enrolment verification. erchant must not send authorization and decline customer s purchase.

8 7- erchant s application prepares a standard auth/sale with provided 3D Secure fields: ECI, CAV, SecureId and sends a request to STLink. Customer's Bank 4 Customer Browser INTERNET STLink erchant Commerce Application TXStatus VISA astercard Y erchant sends authorization request with 3D Secure fields. ECI: 05 CAV: Send if available. SecureId: SecureId submitted to PI during enrolment verification. erchant sends authorization request with 3D Secure fields. ECI: 02 CAV: Send if available. SecureId: SecureId submitted to PI during enrolment verification.

9 8- A receipt page is returned to the customer with accepted or declined message. Customer's Bank 4 Customer Browser INTERNET STLink erchant Commerce Application From dev guide 3D Secure Verify Enrolment Request (3D)(V) Field Name Data Type Data Size Description =andatory Fields =ptional Fields StringIn= N/A N/A ust be at beginning of all strings. Capitals must be used as shown. Note: Not required for XL batch requests. VersionUsed Alphanumeric 4 Version Used specific to Transaction Type. Note: ust evaluate to numeric value for 3D Secure. Example 1 for 3D erchantid Numeric N/A Permanent erchant ID assigned by Trustarque Example UserName Alphanumeric 15 UserName assigned by Trustarque Example ariah UserPassword Alphanumeric 15 UserPassword assigned by Trustarque Example rr87uy TransactionType Alphanumeric 2 Transaction Type, 3D for 3D Secure. IsTest Numeric 1 ''1 for "Test", 0 for "Live", Note: Defaults to 0 if left blank. Timeut Numeric N/A Indicates the maximum time the merchant allows for the transaction, in milliseconds. Recommendation 60000

10 Field Name Data Type Data Size Description =andatory Fields =ptional Fields StoreID Alphanumeric 10 For use to differentiate between erchants or Stores. Permanent Store ID assigned by Trustarque or erchant if left blank Example RequestType Alphanumeric 1 V Verify Enrolment Specific rder number submitted by the erchant for tracking purposes. rdernumber Alphanumeric 35 Example Note: If no order number is submitted the system will generate one for the merchant at the time of the transaction. AcctNumber Numeric N/A Credit card number. Example ExpDate Numeric N/A Expiry date for credit card in YYYY format. Example CurrencyId Numeric N/A IS standard numeric ids Example 840 = USD, 124 = CAD, 826 = GBP Note: erchant default value is used as setup within the Trustarque PI. Note: Please see Appendix B for complete list of values. Amount Numeric N/A Transaction amount. Up to 4 decimals maximum. Decimal varies based on CurrencyId. Example 840 = 56.78, 392 = 99, 048 = A statistically unique transaction identifier. Later required for payment requests: Auth, Forced Auth, Sale and SecureId Alphanumeric 20 Forced Sale. Example 1AWH234KI56LI789LYGR PurchaseDesc Alphanumeric 125 Note: Data size must be exactly 20. Note: Known as the 3D Secure XID. Note: If no SecureId is submitted the system will generate one for the merchant at the time of the transaction. A brief description of items purchased. Example A pair of pants Sample Input String:

11 StringIn=VersionUsedˆ1 erchantidˆ UserNameˆariah UserPasswordˆrr87uy TransactionTypeˆ3 D IsTestˆ1 Timeutˆ60000 RequestTypeˆV AcctNumberˆ ExpDateˆ Amountˆ STLink will return the following items for a 3D Secure Verify Enrolment Request (3D)(V) Field Name Data Type Data Size Description erchantid Numeric N/A Permanent erchant ID assigned by Trustarque. Example TransactionType Alpha 2 Transaction Type, 3D for 3D Secure. rdernumber Alphanumeric 35 rder number submitted by the erchant or a number generated by Trustarque if order number was not specified. Example StrId Numeric N/A Reference Number from STLink. SVID Numeric N/A Reference Number from 3D Secure system generated with Verify Enrolment response. Example RequestType Alpha 1 'V' Verify Enrolment. SecureId Alphanumeric 20 SecureId submitted by the erchant or a number generated by Trustarque if SecureId was not specified. Example 1AWH234KI56LI789LYGR Enrolment status used to determine liability shift. CHEnrolled Alpha 1 Y = Authentication Available. Cardholder Enrolled. URL of Issuer ACS is included in response. N = Cardholder Not Participating. Cardholder Not Enrolled. U = Unable to Authenticate. PaReq Alphanumeric 800 ACSURL Alphanumeric 255 essagecode Numeric N/A essage Alphanumeric 60 Base64 encoded message from the Trustarque PI. ust be sent to the cardholder s issuer Access Control Server. Fully qualified URL of cardholder s issuer Access Control Server. Note: This is the location where cardholders must be redirected to authenticate themselves. Example DmjUAAAA0 Indicates whether cardholder is enrolled (4050) or not enrolled (4200) Example 4050 Note: Please See Appendix C for complete list of Results Example Cardholder enrolled Note: Please See Appendix C for complete list of Response essages Sample Response: erchantidˆ TransactionTypeˆ3D rdernumberˆ StrIdˆ SVIDˆ RequestTypeˆV SecureIdˆ1AWH234KI56LI789LYGR0 CHEnrolledˆY PaReqˆ

12 ejxvususmzaq/bwke9cdxxrxwfveic+mdgjrirhbvsyzupgidbyxx/jhmyi03tp1prj+bxlc/eq9b906q VTwLse0KVbdWoeuUfis27hf/IoDhqIbJvohy0YLATfc9r4TXVyt/zr+JESIQJjugiTGhKUhqmKQEP8QkjK4jn0 G+7WtYzApSsUUEAztC11eeTKDl6f02ZxGhYRQDmiBIobcZu5HJwyLFU/pg+JSsEL0xpsbAbpxULaD vrccjgamge+oudjemwcj3p56du+eukzfqgbcuc5nka3mbady7qbbuxqdiu2f7z7edzax3vsg+x3fulyz /L6HxXgFyFVBxIxjFGUJB6Jl+FiiUNANx64dHwFAcY2w3vCDonsp5TLvvA9Z6bS8zbzIjEGPXKjs7s3 b+jaesfcmewtknrmivbtuqd6y8ywg9rfp0yrleguvhepo9qs1pzfnhv/n9ry5+btl5ffjb54a8fzm1xrmz4uqm 5wAg1wZNF0bT77DRf7/mD/8CyVE= ACSURLˆ essagecodeˆ4050 essage Cardh older enrolled 3D Secure Authenticate Request (3D)(A) Field Name Data Type Data Size Description =andatory Fields =ptional Fields StringIn= N/A N/A ust be at beginning of all strings. Capitals must be used as shown. Note: Not required for XL batch requests. VersionUsed Alphanumeric 4 Version Used specific to Transaction Type. Note: ust evaluate to numeric value for 3D Secure. Example 1 for 3D erchantid Numeric N/A Permanent erchant ID assigned by Trustarque Example UserName Alphanumeric 15 UserName assigned by Trustarque Example ariah UserPassword Alphanumeric 15 UserPassword assigned by Trustarque Example rr87uy TransactionType Alphanumeric 2 Transaction Type, 3D for 3D Secure. IsTest Numeric 1 ''1 for "Test", 0 for "Live", Note: Defaults to 0 if left blank. Timeut Numeric N/A Indicates the maximum time the merchant allows for the transaction, in milliseconds. Recommendation StoreID Alphanumeric 10 For use to differentiate between erchants or Stores. Permanent Store ID assigned by Trustarque or erchant if left blank Example RequestType Alphanumeric 1 A Authenticate Specific rder number submitted by the erchant for tracking purposes. rdernumber Alphanumeric 35 Example Note: If no order number is submitted the system will generate one for the merchant at the time of the transaction. A digitally signed message received from the cardholder s issuer Access Control PaRes Alphanumeric 3000 Server. ust be sent to the Trustarque PI to verify whether the cardholder authentication was successful or not. Sample Input String:

13 StringIn=VersionUsedˆ1 erchantidˆ UserNameˆariah UserPasswordˆrr87uy TransactionTypeˆ3 D IsTestˆ1 Timeutˆ60000 RequestTypeˆA PaResˆ ejytv9m2osgs/rvw9andxsco1k4vjiiqikykr4hiikijg199ezzll160e7sclmwhezsiinzue s+jlgipm6f8v4zsdyvv5uyglwduxtweez5kkcxlc0trktdlmgzoesxrmnizfjdimg/tlk1lq EeGNg2Llyp1X31ZKsNvETWZGqQ3QQyDHW3ipkrKYkt+IbxSHf0zRohc/9op6ynn+mVe1KU1SQ5rh 8Pcpl4cXVZw+jKPxhCXe/36afxH/Prajyq0kTYJptBS75poU9o9YqAodfCuk1rq0ysLvHF478EF Xh1KYIYERQ5xkjmzn+Tkw4/GHnTj0cysrwmYJguDwVwuHSnYJC7+bEsRh3/uLA9lUWIPNAm P8cc/i5k1diZdnCSRa2/lr2Uq5P8p6RG3+khhz/sXFV79bWauhz+PuJ873abohrzPB2R0swB jye19eeg3+zdhqv9zeqgwvw/jyiqreulqe8t/wpbg7vu8efzz1yzhivalflilv5vlrvx+k6pn3h 8aZpvjXDb+UlwlHCBE6wHIIqiT67cszKgzU4lBcEryiLxvSy5ezVqwzruAywzwV/BWkZPSqJ G5LwFcF+9Um6+NpbiCHJIHz816Av6f6TVX5/FJ5X6vYI/sFfgKackZ4CPs2h5htqG9ffvsbyotJ FFb1f5PFRwavCB94jpddw+nQ0U8zv+DvwXK9Cl2DJXzpsrXz8aZ6+4h7enL4Z9rve/royuf+no6H 604Iuy7HGZJhD4tRtti4CyBAUV7tpQYKQLiUA+aQ5CeYsA1U1lRnHtSyG1ikkQ/oUThAh2ywjcb Nl3d8Y9nix2VixV463hlTktBIzdqbbH7Kk43waN4Y6kiDov4r3DtIq8kpnuz0l7LxqfcB+u5 5tRjeRyvmdNAsp0VeegCcVHtPPvtpTnvu1yE3XNXW4ZgRa/2niPzuk9Dv9Y8dHoE7Y2kxkh/iG/k 79jKfltzAwvt8QPKzR/k9del6PjiibLN7LirD7HTtNy1sL81jG28bLeVXgDNof/DP9YTwgv dxjareqsalvvbfjbafqxgublqasqcm2tzh82zakrdxe+khdqfp1oessr4pmkeplci4yig2jj6gg 3Yri2CD8ZHmIARLJJgs6HhrP3QIT+C37qbN/Lu0hoB4BrVQtofZcZ87DDTKRgau6j6Qmpnii3P mp3guwkbainbrhvaomdknmqvx/bqguxpqnhnuv0qz6luy1sprtoz8whjdib7m6zerdhcp8wlld NBhkbqKNmq+zUBr7vVGLZVamB4bzYKkJhoeVNxWuIP5E8i1wHHmQCNqZtEj1Vq2NVu60eYTbFk IEeRQ82qfnXxDrRnkG/xmcbsZCYLLcmEPHhmH5QfJxuCGzfWHcoaE30hN0iUlNPXcE3tpt55S3 0fo6fQaCFs7R2K4TEVCnQLVfnQ11Awz7Kp7oeiLvFAR2eZljUgCjyW6As+0oXBQDpsS2PSZalW njalhc8k6dzxxyie+2x7xq2uzte9r63rvv2fjnvwr7wfvdgqnqnbvgok7amib47o/wzh81f/cw uyndhi0o2xsggqe0pola7ikrlnyugzqu0kxy+zlkuno/nvbflppz4vzztv4m2kptltmtle1 y7vdrhti5kgchrzqclqav/skn8ueq/dpon2d24fampylsxwlxlyz5myn80usoa6gesnymnquut D3chThyV8fI/XNi/hUvsf+UmH/FS+wfE5NWde/uDGnn7uKXFgQ2fjsa+/sl5ZneXzEmEuanfAPF TQRHoI0TtgwUo1klk5tzzCzdNuZ2woqINoQ9nFNLAlGnGb7Yn7by83tlW/LXuwvQiGZQ9Gu+0u z6qdvd6wzt/gmxtj9hwegvr/v+a8ryfrrc+kma87isggqu7ezvxhxrudyv2woec1mjyijqwgjz srvt0xhdysz3tc2/cg86khuws7vz9lql/xw2hivteqy1c/0x0mrqvczv0rh7vz0sxvusdmzvcg 9LWTRqxnUekYoqXNhkvotuBSHWRnFzvo5ye8Dq13uNvsVDeNz6erZSQVLji3GtiBNAN/JTl+V 8lfSKazuiLLh5k6/6SnvTwcz/ExkdmGQXSZ0DkB1CvGkF/EExGjDnHUtyIe8+2cTDtZU7Q3Wm 3YKtUaqzIN7Lzh3qk74QfZAiNTsr3BjX3fbYyilwn0QrLUx6ZVrH64FyjCzFL4Kz9/pzkfPsYdi 8fRWtJDZkjp0SWRjBLarxt1E+2vzyE2P/r7dAfQux/fzvw/oecYn/QU6ICUIoExK47Y65ZJzjD 42prrAKtVtKyyJuebEvR6zpDExnYxLLonJyvHVFSPkYV+nFcH5drPldW871Wj7NXYsu3K 5YGdgwiVGsjp+g5YCKqH2omNLiEagTYF66cEIJ8DkgHeAkgiFRzyxNx0jc8b5Z7PT8tF/w6AGq3 ce2wgcup3wk4fh/bn2qc/lva3ywtcrc8n8k1q6x0j6qk8vkwn93cnqajk52eqlgzwzunsxa oy/pfgvi7tgivbsqlzvn/w9mgvyed+fht8q/hrb8xxuh/7z2/lgqpt6khl9y/t3+9qvvxz4l iiq=

14 STLink will return the following items for a 3D Secure Authenticate Request (3D)(A) Field Name Data Type Data Size Description erchantid Numeric N/A Permanent erchant ID assigned by Trustarque. Example TransactionType Alpha 2 Transaction Type, 3D for 3D Secure. rdernumber Alphanumeric 35 rder number submitted by the erchant or a number generated by Trustarque if order number was not specified. Example StrId Numeric N/A Reference Number from STLink. SVID Numeric N/A Reference Number from 3D Secure system generated with Verify Enrolment response. Example RequestType Alpha 1 'A' Authenticate Enrolment. Authentication status used to determine liability shift. Y = Authentication Successful. TXStatus Alpha 1 N = Authentication Failed. U = Authentication Could Not Be Performed. ECI Numeric 2 CAV Alphanumeric 50 essagecode Numeric N/A essage Alphanumeric 60 A = Attempts Processing Performed. Electronic Commerce Indicator as returned from the Trustarque PI. Later required for payment requests: Auth, Forced Auth, Sale and Forced Sale. Example 02 Cardholder Authentication Value as returned from the Trustarque PI. Later required for payment requests: Auth, Forced Auth, Sale and Forced Sale. Example AAA9BVY0FVJAAAAAA12BAAAAAAA= Indicates whether cardholder is authenticated (4100) or not authenticated (4220) Example 4100 Note: Please See Appendix C for complete list of Results Example Cardholder authenticated Note: Please See Appendix C for complete list of Response essages Sample Response: erchantidˆ TransactionTypeˆ3D rdernumberˆ StrIdˆ SVIDˆ RequestTypeˆA TXStatusˆY ECIˆ02 CAVˆAAA9BVY0FVJAAAAAA12BAAAAAAA= essagecodeˆ4100 essageˆcardholder authenticated

15 PaymentTrust Forced Authorization Request (PT)(A) Field Name Data Type Data Size Description =andatory Fields =ptional Fields StringIn= N/A N/A ust be at beginning of all strings. Capitals must be used as shown. Note: Not required for XL batch requests. VersionUsed Alphanumeric 4 Version Used specific to Transaction Type. Note: ust evaluate to numeric value for PT. Example 2 for PT erchantid Numeric N/A Permanent erchant ID assigned by Trustarque Example UserName Alphanumeric 15 UserName assigned by Trustarque Example ariah UserPassword Alphanumeric 15 UserPassword assigned by Trustarque Example rr87uy TransactionType Alphanumeric 2 Transaction Type, PT for PaymentTrust IsTest Numeric ''1' for "Test", '0' for "Live", 1 Note: Defaults to 0 if left blank Indicates the maximum time the merchant Timeut Numeric N/A allows for the transaction, in milliseconds Recommendation RequestType Alphanumeric 1 A Authorization StoreID Alphanumeric 10 For use to differentiate between Stores. Permanent Store ID assigned by Trustarque or erchant if left blank Example P Alpha 2 Account type. CC - Visa & astercard debit & credit cards, Carte Bancaire, Carte Bleue DS - Switch/Solo debit cards CQ - Cheques EC - Electronic cheques or credit DC - Debit Card PIN enabled cards PC - Purchasing cards NT - Net Teller P2 Pay 2 Example: CC Indicates the method used to receive the CreditCard information. TRXSource Numeric N/A 1 - Swiped with a Card Present 2 - Keyed by merchant with a Card present 3 - ail rder Telephone rder T (Card Not Present) 4 - Web orders (Card not present) 5 Web orders (Card not present, not present) 9 Integrated Circuit Card Note: Defaults to the erchant default value during set-up. Note: andatory for ICC

16 Field Name Data Type Data Size Description =andatory Fields =ptional Fields Indicates swipe information from the Track2data of the Card when the TRXSource is 1 (Swiped with a Card Present) Track2Data Alphanumeric 100 Example: ; = ? Note: This becomes a mandatory field when TRXSource =1 or TRXSource = 9 for a down graded ICC transaction. Specific rder number submitted by the erchant for tracking purposes. Example rdernumber Alphanumeric 35 Note: For Carte Bancaire and Carte Bleue cards rdernumber must reference a previously submitted authorization/sale that returned a referral response. Note: If no order number is submitted the system will generate one for the merchant at the time of the transaction. AcctName Alphanumeric 60 Account holder name on card or account Example John Smith 3 rd Note: andatory for Carte Bancaire and Carte Bleue cards. AcctNumber Numeric N/A Credit card number, Debit Card number, Purchase Card number, Bank account number, or any other applicable Bank Identifier. Example Note: This field is not required when TRXSource is 1 ExpDate Numeric N/A Expiry date for credit card in YYYY format Example Note: andatory for CC, PC and DS P types. IssueNumber Numeric N/A Submit for Switch/Solo cards if available. Example 5 StartDate Numeric N/A Submit for Switch/Solo cards if available. Example CurrencyId Numeric N/A IS standard numeric ids Example 840 = USD, 124 = CAD, 826 = GBP Note: Please see Appendix B for complete list of values. FXID Numeric N/A ID of precalculated Foreign Exchange rate. Note: andatory for FX transactions Amount Numeric N/A Transaction amount. Up to 4 decimals maximum. Decimal varies based on CurrencyId. Example 840 = 56.78, 392 = 99, 048 = Title Alphanumeric 20 Billing contact Title Example Sir

17 Field Name Data Type Data Size Description =andatory Fields =ptional Fields Company Alphanumeric 60 Billing contact company Example Trustarque FirstName Alphanumeric 60 Billing contact First Name Example John iddlename Alphanumeric 60 Billing contact iddle Name LastName Alphanumeric 60 Billing contact Last Name Example Smith Suffix Alphanumeric 20 Billing contact suffix Example 3 rd Address1 Alphanumeric 60 Billing contact Address line 1 Example 2130 Gold Note: Required for AVS Address2 Alphanumeric 60 Billing contact Address line 2 Example Suite101 Address3 Alphanumeric 60 Billing contact Address line 3 City Alphanumeric 60 Billing contact City Example New York Note: Required for AVS StateCode Alphanumeric 60 The billing information state based on the two-character long IS codes. This is a mandatory field for North America only. The remaining world regions /Provinces may use this as an ptional field. Example NY Note: Required for AVS Note: Please See Appendix E for complete list of values ZipCode Alphanumeric 30 Billing contact ZIP / Postal Code Example Note: Required for AVS CountryCode Alpha 2 Billing contact IS Country Code Example US Note: Required for AVS Note: Please See Appendix D for complete list of values PhoneNumber Alphanumeric 30 Billing contact Phone Number, only digits, no parentheses Example PhoneExtension Alphanumeric 10 Billing contact Phone Extension Example Alphanumeric 50 Billing contact address Example johns@aol.com ShipToTitle Alphanumeric 20 Ship to contact Title Example Sir ShipToCompany Alphanumeric 60 Ship to contact company Example Trustarque ShipToFirstName Alphanumeric 60 Ship to contact First Name Example John ShipToiddleName Alphanumeric 60 Ship to contact iddle Name ShipToLastName Alphanumeric 60 Ship to contact Last Name Example Smith ShipToSuffix Alphanumeric 20 Ship to contact suffix Example 3 rd

18 Field Name Data Type Data Size Description =andatory Fields =ptional Fields ShipToAddress1 Alphanumeric 60 Ship to contact Address line 1 Example 2130 Gold ShipToAddress2 Alphanumeric 60 Ship to contact Address line 2 Example Suite101 ShipToAddress3 Alphanumeric 60 Ship to contact Address line 3 ShipToCity Alphanumeric 60 Ship to contact City Example New York ShipToStateCode Alphanumeric 30 Ship to contact state code, two-character long IS code required for North America. Remaining Region and Provinces may use free form field or leave it blank. Example NY Note: Please See Appendix E for complete list of values ShipToZipCode Alphanumeric 30 Ship to contact ZIP / Postal Code Example ShipToCountryCode Alpha 2 Ship to contact IS Country Code, list will be provided by Trustarque Example US Note: Please See Appendix D for complete list of values ShipToPhoneNumber Alphanumeric 30 Ship to contact Phone Number, only digits, no parentheses Example ShipToPhoneExtension Alphanumeric 10 Ship to contact Phone Extension Example 5654 AuthCode Alphanumeric 30 Approved sale and authorization transactions receive a numeric or alphanumeric authorization code referencing the transaction for processing purposes. Generated by financial institution and given to merchant by phone or other method. Example P24586DE Note: ptional when TRXSource = 9 and ICCCryptogramType = 40. ECI Numeric 2 Electronic Commerce Indicator as returned from the 3D Secure PI response. Note: Forwarded to acquirer. SecureId Alphanumeric 20 The specific transaction identifier that was submitted to the PI during 3D Secure authentication. Note: Forwarded to acquirer. CAV Alphanumeric 50 Cardholder Authentication Value as returned from the 3D Secure PI response. Note: Forwarded to acquirer. ICCAppVersionNumber Alphanumeric 4 Terminal Application Versions Number Example FF1C Note: andatory when TRXSource = 9.

19 Field Name Data Type Data Size Description ICCTerminalCapabilit ies Alphanumeric 6 ICCTerminalCountryCode Alpha 2 ICCTerminalResult Alphanumeric 10 ICCTerminalDatetime AlphaNumeri c 20 ICCAppId Alphanumeric 32 ICCAppUsageControl Alphanumeric 4 ICCAppProfile Alphanumeric 4 EV tag 9F 33. Example 1C2A6D Note: andatory when TRXSource is 9. Terminal IS Country Code Example US Terminal Verification Result. A hexadecimal value that indicates the code values recording the results of the tests the terminal carried out during the EV process. Example 1C2E9A6D1F Note: andatory when TRXSource is 9. Date and Time the rate expires (YYYYDDHHSS). Example Note: Time is in military format. Note: andatory when TRXSource is 9. Application Identifier. A hexadecimal identifying within the IC, the card application provider and the business function. Example FF1C2DEE3B9A6D1FD1FC2DF1EE3B9A 6F Application Usage Control. A hexadecimal value that indicates the IC equivalent of the service code found on track 2 of the magnetic stripe. Example FF1C Application Interchange Profile. A hexadecimal value that specifies the application functions that are supported by the application in the IC. Example FF1C Note: andatory when TRXSource = 9. =andatory Fields =ptional Fields

20 Field Name Data Type Data Size Description ICCCryptogramInformation Alphanumeric 2 ICCCryptogramType Numeric 2 ICCCryptogram Alphanumeric 16 ICCAppTrxCounter Alphanumeric 4 ICCIssuerActionCode Alphanumeric 30 ICCIssuerAppData Alphanumeric 64 Cryptogram Information Data. Indicates the type of cryptogram. 40 (TC) Transaction Certificate. 80 (ARQC) Authorization Request Cryptogram. Example 40 Note: andatory when TRXSource is 9. Note: All other values are treated as an ARQC request. Cryptogram Transaction Type. Specifies the types of transactions the IC shall perform. Example 40 Note: andatory when TRXSource = 9. Cryptogram data as a hexadecimal value. ust either be the TC or ARQC pending what ICCCryptogramInformation is submitted. Example FF1C2DEE3B9A6D1F Note: andatory when TRXSource = 9. Application Transaction Counter. A hexadecimal value that indicates the device for monitoring card usage. Example FF1C Note: andatory when TRXSource = 9. Issuer Action Code. A hexadecimal value that indicates a series of values optionally encoded in an IC that indicates the card issuers preferred actions for this transaction. Example 1C2DEE3B9A6D1FD1FC2DF1EE3B9A2A Issuer Application Data. A hexadecimal value that indicates additional, undefined, data sent by the card issuer to enable authentication of the card. Example FF1C2DEE3B9A6D1FD1FC2DF1EE3B9A 6F3BFC2DEE3B9A6D1FD1FC2DF1EEA6 D1 Note: andatory when TRXSource = 9. =andatory Fields =ptional Fields

21 Field Name Data Type Data Size Description =andatory Fields =ptional Fields The PAN sequence number as provided by the IC. ICCPANSequenceNu Example 05 Numeric 2 mber Note: Provide if available. ICCTrxStatus Alphanumeric 4 Transaction Status Information. EV tag 9B. Example FF1C ICCVerificationType Numeric 1 Card Verification ethod Type. 1 - Customer Present, Signature 2 - Customer Present, PIN 3 - Customer Present, Alternate CV 4 - Customer Present, UPT, No CV 5 - Customer Present, UPT, PIN 6 - Customer Present, UPT, Alternate CV 7 - Customer Not Present 8 - No Verification ICCVerificationResult Alphanumeric 6 Card Verification ethod Results. A hexadecimal value that indicates the results of the cardholder verification method performed in this transaction. Example 1C2A6D Note: andatory when TRXSource = 9. ICCUnpredictableNumber Alphanumeric 8 Unpredictable Number. A hexadecimal value to provide variability and uniqueness to the generation of the application cryptogram. Example 1C2A6D1F Note: andatory when TRXSource = 9. NarrativeStatement1 Alphanumeric 50 Short description appearing on shopper s credit card statement. (Line 1) Example nline clothing store. Note: Size varies depending on financial institution. NarrativeStatement2 Alphanumeric 50 Short description appearing on shopper s credit card statement. (Line 2) Example Jean pants. Note: Size varies depending on financial institution. Sample Input String: StringIn=VersionUsedˆ1 erchantidˆ UserNameˆariah UserPasswordˆariah TransactionTypeˆ PT IsTestˆ1 Timeutˆ60000 RequestTypeˆA PˆCC AcctNumberˆ ExpDateˆ CurrencyIdˆ840 Amountˆ56.78 AuthCodeˆP24586DE

22 STLink will return the following items for a PaymentTrust Forced Authorization Request (PT)(A) Field Name Data Type Data Size Description erchantid Numeric N/A Permanent erchant ID assigned by Trustarque Example TransactionType Alpha 2 Transaction Type, PT for PaymentTrust rdernumber Alphanumeric 35 rder number submitted by the erchant or a number generated by Trustarque if order number was not specified. Example StrId Numeric N/A Reference Number from STLink PTTID or PTID Numeric N/A Reference Number from PaymentTrust system generated with Auth response Example Note: If the version is less than 2.0, PTTID is returned. If not PTID is returned. P Alpha 2 Account type. CC - Visa & astercard debit & credit cards, Carte Bancaire, Carte Bleue DS - Switch/Solo debit cards CQ - Cheques EC - Electronic cheques or credit DC - Debit Card PIN enabled cards PC - Purchasing cards NT - Net Teller P2 Pay 2 Example: CC CurrencyId Numeric N/A IS standard numeric ids Example 840 = USD, 124 = CAD, 826 = GBP Note: Please see Appendix B for complete list of values. Amount Numeric N/A Transaction amount. Up to 4 decimals maximum. Decimal varies based on CurrencyId. Example 840 = 56.78, 392 = 99, 048 = RequestType Alpha 1 'A' Authorization essagecode Numeric N/A Example 2100 Note: Please See Appendix C for complete list of Results essage Alphanumeric 60 Note: Please See Appendix C for complete list of Response essages FXID Numeric N/A Reference Number from Foreign Exchange system. Example Note: nly returned when transaction is associated with FX transaction. FXRate Numeric N/A The current foreign exchange rate. Decimal length varies. Example Note: nly returned when transaction is associated with FX transaction. FXessageCode Numeric N/A Example 3050 Note: nly returned when transaction is associated with FX transaction. Note: Please See Appendix C for complete list of Results Note: nly returned when transaction is associated with FX FXessage Alphanumeric 60 transaction. Note: Please See Appendix C for complete list of Response essages

23

24