Ogone : Parameter Cookbook

Ogone : Parameter Cookbook The Parameter Cookbook gives a technical overview of all parameters used in the e-commerce module. It lists the field format and length, states if the parameter described is an input or return parameter and gives additional technical details for certain fields. Field Name Details Input Output Format Max Length Example AAVADDRESS AAVCHECK AAVZIP ACCEPTANCE ACCEPTURL ADDMATCH Indicates the AAV result for the address (see also AAVCHECK) Result of the automatic address verification. This verification is not supported by all credit card acquirers. Possible values: KO: The address has been sent but the acquirer has given a negative response for the address check, i.e. the address is wrong. OK: The address has been sent and the acquirer has returned a positive response for the address check, i.e. the address is correct OR The acquirer sent an authorisation code but did not return a specific response for the address check. NO: All other cases. For instance, no address transmitted; the acquirer has replied that an address check was not possible; the acquirer declined the authorisation but did not provide a specific result for the address check, Indicates the AAV result for the zip code (see also AAVCHECK) Acquirer's acceptance (authorisation) code. The acquirer sends back this code to confirm the amount of the transaction has been blocked on the card of the customer. The acceptance code is not unique. URL of the web page to show the customer when the payment is authorised. Indicates whether we consider the billing and shipping address to be identical 1=yes 0=no - V AN 2 OK - V AN 2 NO - V AN 2 KO - V AN 16 04306B V - AN 200 http://www.myshop.com/accept.html V - AN 1 1 ADDRMATCH see ADDMATCH V - AN 1 1 AIACTIONNUMBER Action Number V - AN 17 AIAGIATA IATA Number of agency V - AN 8 AIAIRNAME Airline Name V - AN 20 Brussels Airlines AIAIRTAX Airport Taxes V - AN 11 AIBOOKIND*XX* Booking Indicator V - AN 2 AICARRIER*XX* Carrier code V - AN 4 SN AICHDET Charge Details V - AN 49 AICLASS*XX* Airline Class V - AN 15 AICONJTI Conjunction Ticket V - AN 3 AIDEPTCODE DBI field Department Code V - AN 17 AIDESTCITY*XX* Arrival airport (short) V - AN 5 BLQ AIDESTCITYL*XX* Arrival airport (long) V - AN 20 Guglielmo Marconi AIEXTRAPASNAME*XX* Extra Passenger name V - AN 49 AIEYCD Destination area code V - AN 3 AIFLDATE*XX* Flight Date V - YYYYMMDD 20 20120504 AIFLNUM*XX* Flight number V - AN 4 1234 AIGLNUM DBI field Account Number V - AN 17

AIINVOICE Delivery note/invoice number V - AN 17 AIIRST Destination area code type V - AN 1 AIORCITY*XX* Departure Airport (short) V - AN 5 BRU AIORCITYL*XX* Departure Airport (Long) V - AN 20 Brussels AIPASNAME Passenger Name V - AN 49 AIPROJNUM DBI field Project Number V - AN 17 AISTOPOV*XX* Stopover V - AN 1 AITIDATE Ticket issue date V - Date/Time 20 15/04/2012 13:14:56 AITINUM Ticket Number V - AN 20 123 AITINUML*XX* Ticket Number V - AN 20 123 AITYPCH Type of Charge V - AN 2 AIVATAMNT VAT Amount V - AN 11 AIVATAPPL VAT Applicable V - AN 1 ALIAS ALIASOPERATION ALIASUSAGE AMOUNT Alias name. After the Alias has been created you can use this Alias to replace the card number in transaction requests. Avoid using spaces and special characters in the Alias. Indicates who decide/set the Alias name, the merchant or our system. Possible values: BYMERCHANT or BYPSP Short explanation for the customer on why you suggest the creation of an Alias. The text will be shown to the customer in e-commerce mode. Amount of the transaction. When the amount is sent as input, it has to be multiplied by 100 to avoid decimal separator problems. In general, the acquirer accepts up to 2 decimals, depending on the currency. V V AN 50 9897B5BB-4981-4633-BF46-40DCD6DFAB1F V - AN 10 BYPSP V - AN 255 Monthly subscription to Golf World. V V N 15 Sent: 12995 Returned: 129.95 AUTHORIZATION CODE (* 100 to avoid decimals). V - AN 10 A437956 AUTHORIZATION DATE See Authorization code. The date/time you received the authorization code. V - MM/DD/YY HH:MM:SS 17 03/15/08 16:07:12 AUTHORIZATION MODE BACKURL BGCOLOR BIN BRAND See Authorization code. The way you received the authorization code. Possible value: TEL for telephone URL of the web page to display to the customer when he clicks the back button on our secure payment page. Background colour on the payment page. First 6 digits of a credit card number. Can be used to identify the brand and issuing bank. Brand of a credit/debit /purchasing card. You can consult a list of BRAND values on the Payment Methods Processing/Procedure page V - AN 3 TEL V - AN 200 http://www.myshop.com/selectpm.html V - AN N/A Blue #0000FF - V N 6 444444 V V AN 25 VISA If you send the BRAND field without sending a value in the PM field ( CreditCard or Purchasing Card ), the BRAND value will not be taken into account.

BUTTONBGCOLOR BUTTONTXTCOLOR CANCELURL CARDNO Button background colour on the payment page. Button text colour on the payment page. URL of the web page to show the customer when he cancels the payment. Card number or account number. The rules on how our system has to mask credit card numbers - in any output, display or email - are set by PCI. V - AN N/A Black #000000 V - AN N/A White #FFFFFF V - AN 200 http://www.myshop.com/cancel.html V V AN 21 XXXXXXXXXXXX1111 For VISA, VISA PC, MASTERCARD, MASTERCARD PC and MASTERCARD PC CM CIC the 4 last digits will be visible. For all other brands/payment methods the part that is masked depends on the length of the card number or account number: If the number is longer than 15 digits: the 6 first and 2 last digits are visible, with xxxxxxxx (8x) in the middle. If the number is from 12 to 15 digits long: the first 4 and last 2 digits are visible, with xxxxxx (6x) in the middle. If the number is from 8 to 11 digits long: the first 2 and last 2 digits are visible, with xxxx (4x) in the middle. If the number is from 4 to 7 digits long: the first and last digit is visible, with xx (2x) in the middle. If the number is less than 4 digits long, the whole number will be masked. The account number will never be visible for offline bank transfer and Payment on Delivery. The account number for Direct Debits transactions will be masked when the transaction is in status 4 order stored, if the buyer has to send a signed fax to confirm the payment. CATALOGURL Merchant s catalog URL. V - AN 200 http://www.myshop.com/shop.html CAVV_3D as returned by ACS V - AN 300 CAVVALGORITHM_3D as returned by ACS V - N 1 CCCTY CIVILITY CN Country where the card was issued, in ISO 3166-1- alpha-2 code values (http://www.iso.org /iso/country_codes /iso_3166_code_lists.htm). If this parameter is not available, 99 will be returned in the response. This credit card country check is based on externally provided listings, so there is a slight risk since we rely on the correctness of this list. The check gives positive results in 94% of all cases. Civility of the customer (Mr., Mrs, Miss, Herr, etc.) Card holder (customer) name. Special characters are allowed, but quotes must be avoided. Most acquirers don t check the customer name since names can be written - V AN 2 US V - AN 10 Mr. V V AN 35 John Doe

COM COMPLUS in different ways. Order description The com field is sometimes transmitted to the acquirer (depending on the acquirer), in order to be shown on the account statements of the merchant or the customer. Field to submit a value you wish to receive back in the post sale request or output. COMPLUS is different from com in the sense that the COMPLUS field is longer, however, the COMPLUS info will not be shown in the back-office. Can be used to get back session info, order content or user info after the transaction. V - AN 100 Three telephone cards V V AN 1000 Three telephone cards CUID Social security number / Company registration number V - AN 50 2011041512366 CUID CURRENCY The Client Unique Identifier (CUI) is an identifier allocated by the merchant to his customer. It can be a name, client number, e-mail address etc. Currency of the transaction. Currency of the amount in alphabetic ISO code as can be found on http://www.currency-iso.org /iso_index/iso_tables /iso_tables_a1.htm V - AN 50 V V AN 3 EUR The possible currencies on our platform are: AED, ANG, ARS, AUD, AWG, BGN, BRL, BYR, CAD, CHF, CNY, CZK, DKK, EEK, EGP, EUR, GBP, GEL, HKD, HRK, HUF, ILS, ISK, JPY, KRW, LTL, LVL, MAD, MXN, NOK, NZD, PLN, RON, RUB, SEK, SGD, SKK, THB, TRY, UAH, USD, XAF, XOF, XPF and ZAR If a merchant wants to accept payments in a currency that is not in our list, he can ask us to add the currency. The currencies a merchant can accept payments in depend on the contract with his acquirer. If the merchant wants to accept a currency that is not supported by his acquirer, we can set a dynamic currency conversion on our side (this is a paying option). CVC Card Validation Code. This verification code is an authentication code uniquely linked to the card number, but is not part of the card number itself. Depending on the brand, this code has a different name (CVC2 or Card Validation Code for MasterCard, CVV2 or Card Verification Value for VISA, CID or Card Identification Number for American Express). However, the code is generally referred to as CVC. Depending on the card brand, the verification code will be a 3 or 4 digit code on the front or rear of the card, an issue number, a start V - N 5 758

date or a date of birth: VISA and MasterCard: 3 digit code on the rear of the card on the signature strip (after the full customer account number or after the last 4 digits of the customer account number). American Express: 4 digit code above the account number on the front of the card. CVCCHECK Aurora, Aurore and Cofinoga: birth date (DD/MM/YYYY or DDMMYYYY). Result of the card verification code check. Only a few acquirers return specific CVC check results. For most acquirers, the CVC is assumed to be correct if the transaction is succesfully authorised. Possible values: - V AN 2 OK DATATYPE KO: The CVC has been sent but the acquirer has given a negative response to the CVC check, i.e. the CVC is wrong. OK: The CVC has been sent and the acquirer has given a positive response to the CVC check, i.e. the CVC is correct OR The acquirer sent an authorisation code, but did not return a specific result for the CVC check. NO: All other cases. For instance, no CVC transmitted, the acquirer has replied that a CVC check was not possible, the acquirer declined the authorisation but did not provide a specific result for the CVC check, The value is TRAVEL if you provide travel data to our system and is a mandatory field V - AN 6 TRAVEL DATEIN check-in date V - dd/mm/yyyy 10 40658 DATEOUT check-out date V - dd/mm/yyyy 10 40659 DCC_COMMPERCENTAGE edcc commission percentage - V N DCC_CONVAMOUNT edcc converted amount - V N DCC_CONVCCY edcc destination currency - V AN 3 EUR DCC_EXCHRATE edcc exchange rate - V N DCC_EXCHRATESOURCE DCC_EXCHRATETS edcc source of conversion rate edcc timestamp of the conversion rate - V N 50 - V N DCC_INDICATOR edcc indicator - V N DCC_MARGINPERCENTAGE edcc margin percentage - V N DCC_VALIDHOURS DECLINEURL DEVICE edcc validity (in hours) of the conversion rate, starting from the date/time defined in DCC_EXCHRATETS URL of the web page to show the customer when the acquirer rejects the authorisation more than the maximum of authorised tries (10 by default, but can be changed in the technical information page). In order to display a payment page adapted for mobile devices, send the value "mobile". only works with Paypal & - V N V - AN 200 http://www.myshop.com/decline.html V - AN 6 mobile

DIGESTCARDNO ECI Postfinance Payment methods SHA digest of the card number used during transaction Electronic Commerce Indicator. The ECI indicates the security level at which the payment information is processed between the cardholder and merchant. A default ECI value can be set in the Technical Information page. An ECI value sent along in the transaction, will overwrite the default ECI value. - V AN 128 68BFB396F35AF3876FC509665B3DC23A0930AAB1 V - N 2 4 It is the merchant's responsibility to give correct ECI values for the transactions. For e-commerce, our system sets ECI value 5, 6 or 7 depending on the 3-D Secure authentication result. Possible values: 0 - Swiped The merchant took the customer's credit card and swiped it through a machine that read the magnetic strip data of the card. 1 - Manually keyed (MOTO) (card not present) The merchant received the customer's financial details over the phone or via fax/mail, but does not have the customer's card at hand. 2 - Recurring (from MOTO) The customer's first transaction was a Mail Order / Telephone Order transaction, i.e. the customer gave his financial details over the phone or via mail/fax to the merchant. The merchant either stored the details himself or had these details stored in our system using an Alias and is performing another transaction for the same customer (recurring transaction). 3 - Installment payments Partial payment of goods/services that have already been delivered, but will be paid for in several spread payments. 4 - Manually keyed, card present The customer is physically present in front of the merchant. The merchant has the customer's card at hand. The card details are manually entered, the card is not swiped through a machine. 5 - Cardholder identification successful The cardholder's 3-D Secure identification was successful, i.e. there was a full authentication. (Full thumbs up) 6 - Merchant supports

identification but not cardholder, The merchant has a 3-D Secure contract, but the cardholder's card is not 3-D Secure or is 3-D Secure but the cardholder is not yet in possession of the PIN (Half thumbs up). Conditional payment guarantee rules apply. 7 - E-commerce with SSL encryption The merchant received the customer's financial details via a secure (SSL encrypted) website (either the merchant's website or our secure platform). 9 - Recurring (from e-commerce) ECI_3D The customer's first transaction was an e-commerce transaction, i.e. the customer entered his financial details himself on a secure website (either the merchant's website or our secure platform). The merchant either stored the details himself or had these details stored in our system using an Alias and is now performing another transaction for the same customer (recurring transaction), using the Alias details. 5: cardholder identification successful 6: proof of authentication attempt 12: issuer is not enrolled 91: cardholder identification failed, but continue anyway 92: ACS page temporarily unavailable, but continue anyway V - N 2 5 ECOM_BILLTO_POSTAL_CITY Invoicing City V - AN 25 Brussels ECOM_BILLTO_POSTAL_COUNTRYCODE Invoicing Country V - AN 2 BE ECOM_BILLTO_POSTAL_NAME_FIRST ECOM_BILLTO_POSTAL_NAME_LAST First name of the billed customer Last name of the billed customer V - AN 50 Bill V - AN 35 Smith ECOM_BILLTO_POSTAL_POSTALCODE Invoicing Postal Code V - AN 10 1200 ECOM_BILLTO_POSTAL_STREET_LINE1 Billing address, first line V - AN 35 Billing Street ECOM_BILLTO_POSTAL_STREET_LINE2 Billing address, second line V - AN 35 Building 123 ECOM_BILLTO_POSTAL_STREET_NUMBER House number of invoicing address V - AN 10 1 ECOM_CONSUMER_GENDER Gender V - AN (M or F) 1 F ECOM_CONSUMERID Customer identification on the merchant's system. V - AN 50 Customer1 ECOM_PAYMENT_CARD_VERIFICATION See 'CVC'. V - N 5 758 ECOM_SHIPTO_DOB Date of Birth V - dd/mm/yyyy 10 14893 ECOM_SHIPTO_ONLINE_EMAIL E-mail address V - AN 50 bill@smith.com ECOM_SHIPTO_POSTAL_CITY Shipping city V - AN 25 Brussels ECOM_SHIPTO_POSTAL_COUNTRYCODE Shipping Country code V - AN 2 BE ECOM_SHIPTO_POSTAL_NAME_FIRST ECOM_SHIPTO_POSTAL_NAME_LAST ECOM_SHIPTO_POSTAL_NAME_PREFIX First name of shipped customer Last name of shipped customer Prefix of the Shipped customer V - AN 50 Bill V - AN 50 Smith V - AN 10 Mr. ECOM_SHIPTO_POSTAL_POSTALCODE Shipment postal code V - AN 10 1200 ECOM_SHIPTO_POSTAL_STREET_LINE1 Shipping address, first line V - AN 35 Ship street ECOM_SHIPTO_POSTAL_STREET_LINE2 Shipping address, second line V - AN 35 Building 2

ECOM_SHIPTO_POSTAL_STREET_NUMBER ECOM_SHIPTO_TELECOM_FAX_NUMBER ECOM_SHIPTO_TELECOM_PHONE_NUMBER House number of shipping address Fax Number of shipping address Phone Number of shipping address V - AN 10 2 V - AN 20 +32 2 123 4567 V - AN 20 +32 2 123 456 ED Expiry date. This date must not be in the past, compared to the date the transaction is processed in our system. When there is no expiry date available (e.g. for bank transfers) the value 9999 is used. V V Input: MM/YY or MMYY Output: MMYY 7 41164 EMAIL Customer s email address. V - AN 50 John.Doe@test.com EXCEPTIONURL URL of the web page to show the customer when the payment result is uncertain. V - AN 200 http://www.myshop.com/exception.html EXCLPMLIST List of Payment methods that should NOT be displayed on the payment page V - AN 200 VISA;MasterCard;American Express FLAG3D FONTTYPE GLOBORDERID Fixed value: 'Y' Instructs our system to perform 3-D Secure identification if necessary. Font type/family used on the payment page. Global order reference grouping several orders together, allows you to request a maintenance operation on these transactions together later on. V - AN 1 Y V - AN N/A Arial V - AN 15 neworders15 HOMEURL Merchant s homepage URL. V - AN 200 http://www.myshop.com HTML_ANSWER BASE64 encoded html code to be added in the html page returned to the customer. This tag is added as a child of the global tag XML. The field HTML_ANSWER contains HTML code that has to be added in the html page returned to the browser s client. This code will automatically load the issuer bank identification page in a pop-up the main window, depending on the WIN3DS parameter value. To avoid any interference between the html tags included in the content of the XML tag HTML_ANSWER, with the rest of the XML returned as a response to the DirectLink request, the HTML_ANSWER content is BASE64 encoded by our system before returning the response. Consequently, this must be BASE64 Decoded before including it in the html page sent to the cardholder. - V AN N/A HTTP_ACCEPT The Accept request-header field in the cardholder browser, used to specify certain media types which are acceptable for the response. This value is used by the issuer to check if the cardholder browser is compatible with the issuer identification system. V - AN 500 Accept: */* HTTP_USER_AGENT The User-Agent requestheader field in the cardholder browser, containing information about the user agent originating the request. This value is used by the issuer to check if the cardholder browser is compatible with the issuer identification system. V - AN 255 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

IPCTY Originating country of the IP address in ISO 3166-1- alpha-2 code values (http://www.iso.org /iso/country_codes /iso_3166_code_lists.htm). If this parameter is not available, 99 will be returned in the response. There are 4 specific IP codes which refer to IP addresses for which the country of origin is uncertain: - V AN 2 UK A1: Anonymous proxy. Anonymous proxies are Internet access providers that allow Internet users to hide their IP address. AP: Asian Pacific region EU: European network A2: Satellite providers ITEMATTRIBUTES*XX* ITEMCATEGORY*XX* ITEMCOMMENTS*XX* ITEMDESC*XX* ITEMDISCOUNT*XX* ITEMID*XX* ITEMNAME*XX* ITEMPRICE*XX* ITEMQUANT*XX* The IP check is based on externally provided IP listings, so there is a slight risk since we rely on the correctness of this list. The check gives positive results in 94% of all cases. Item Attributes Item Category Item Comments Item Description Item Discount Item Identifier Item Name Item Price Item Quantity V - AN 50 V - AN 50 V - AN 255 V - AN 16 V - N V - AN 15 V - AN 40 V - N V - N ITEMQUANTORIG*XX* Maximum quantity per item V - N ITEMUNITOFMEASURE*XX* Item Unit of measure (to be used in conjunction with ITEMWEIGHT*XX*) V - AN 50 ITEMVAT*XX* Item VAT Amount V - N ITEMVATCODE*XX* Item VAT Code V - N ITEMWEIGHT*XX* Item Weight V - N LANGUAGE The payment page languages currently offered to the buyer (card holder / account holder). V - AN 5 fr_fr The format is "language_country". The language value is based on ISO 639-1. The country value is based on ISO 3166-1. Default language used if no language value or if an invalid language value is

sent: en_us (English) LOGO NCERROR NCERRORPLUS NCSTATUS OPERATION Other available languages are: ar_ar (Arabic) cs_cz (Czech) dk_dk (Danish) de_de (German) el_gr (Greek) es_es (Spanish) fi_fi (Finnish) fr_fr (French) he_il (Hebrew) hu_(hu hungarian) it_it (Italian) ja_jp (Japanese) ko_kr (Korean) nl_be (Flemish) nl_nl (Dutch) no_no (Norwegian) pl_pl (Polish) pt_pt (Portugese) ru_ru (Russian) se_se (Swedish) sk_sk (Slovak) tr_tr (Turkish) zh_cn (Simplified Chinese) Logo to display on the payment page. Error code. A list with error codes is available here The value of this parameter is 0 or empty if not applicable. Error description of the NCERROR code. A list with descriptions is available here The value of this parameter is 0 or empty if not applicable. Error status. In general this is the first digit of the NCERROR. The operation defines the type of requested transaction. The payment procedure configured in the Technical Information page will define the default transaction operation for a new order. An operation value sent along in the transaction, will overwrite the default value. Possible values for new orders: V - AN N/A myshoplogo.gif or https://www.myshop.com/myshoplogo.gif - V AN 8 30141001 - V AN 255 Invalid card number - V AN 4 3 V - A 3 RFD RES: request for authorisation. SAL: request for direct sale (payment), i.e. an authorisation automatically followed by a payment. RFD: refund, not linked to a previous payment, so not a maintenance operation on an existing transaction. (you cannot use this operation without specific permission from your acquirer) The possible values for maintenance operations are: REN: renewal of authorisation, if the original authorisation is no longer valid. DEL: delete authorisation, leaving the transaction open for possible further maintenance operations. DES: delete authorisation, closing the transaction after this operation. SAL: partial data capture (payment), leaving the

transaction open for a possible other data capture. SAS: (last) partial or full data capture (payment), closing the transaction (for further data captures) after this data capture. RFD: partial refund (on a paid order), leaving the transaction open for a possible other refund. RFS: (last) partial or full refund (on a paid order), closing the transaction after this refund. ORDERID Last (or only) operations change the global transaction status, whereas partial operations do not. Your order number (merchant reference). This reference is generally used by the merchant to look up his transaction in the back office. For online, 3-tiers mode, the system also uses this reference to check if a payment is not requested twice for the same order. On request of the merchant the period of this check can be shortened or the check can be disabled. V V 30 AB5456CB896 If the acquirer is technically able to process the transaction, and if there s no special configuration in the account, this orderid will be sent to the acquirer as reference (ref2) for the transaction. In this case the merchant will receive this ref2 field on his account statements, helping him reconcile his transactions. Although our system can accept up to 30 characters, the norm for most acquirers is 10 or 12. The exact accepted length and data validation format depend on the acquirer/bank.if the orderid does not comply to the ref2 rules set by the acquirer, we ll send our PAYID as ref2 to the acquirer instead. Avoid using spaces or special characters in the orderid. OWNERADDRESS Customer s address. V - AN 35 102 First Avenue OWNERCTY Customer s country. Country in ISO 3166-1- alpha-2 code as can be found on http://www.iso.org /iso/country_codes /iso_3166_code_lists.htm V - AN 2 BE OWNERTELNO Customer s phone number. Special characters (+ or/ for instance) are allowed in this field. It s best to be consistent in the way you send the phone numbers. V - AN 30 Batch:20 3222869611 OWNERTOWN Customer s town. V - AN 40 Brussels OWNERZIP Customer s ZIP code. V - AN 10 1000 PARAMPLUS Field to submit some parameters and their values you wish to receive back in the post sale request or final redirection. Cfr. Advanced e-commerce V V AN 1000 SessionID=126548354&ShopperID=73541312 Structure : paramname=paramvalue& paramname=paramvalue&

PARAMVAR PAYID PAYIDSUB PM The variable part to include in the URL's used for post sale and/or Cancel-Deny requests. PARAMVAR is case sensitive and requires at least 2 chars. Our system s unique transaction reference. The PAYID currently consists of 9 digits, but it s an increasing number. In the test environment the PAYID currently holds 7 digits. History number of the operation on the PAYID. You can perform several financial operations (authorisation, payment, refund, etc.) on the same order (PAYID). Each financial operation is identified by the PAYID/PAYIDSUB. Payment Method. You can consult a list of PM values on the Payment Methods Processing/Procedure page V - AN 50 webshop1 V V N N/A 21946537 V V N N/A 1 V V AN 25 CreditCard PMLIST List of selected payment methods and/or card brands to show on the payment page. Separated by a semi-colon. You can consult a list of PM and BRAND values on the Payment Methods Processing/Procedure page V - AN 200 VISA;MasterCard;American Express PMLISTTYPE PSPID PSWD Way to list the payment method icons on the payment page. Your affiliation name in our system, chosen by yourself when opening your account with us. This is a unique identifier and can t ever be changed. Password for the PSPID (default user) or a specific UserID. V - N N/A 2 V - AN 30 JDoeSHOP V - AN N/A BluEPr1nT8? REMOTE_ADDR IP address of the customer (only for Fraud Detection Module). For interfaces where our system handles the dialog with the customer (e.g. e-commerce) the REMOTE_ADDR is directly captured by us. For other interfaces, the merchant needs to send the customer's IP address with the transaction details. V - AN N/A 212.23.45.96 RTIMEOUT SCO_CATEGORY If the country check of the IP address is not necessary, send value 'NONE'. Request timeout for a transaction, in seconds. The value should be between 30 and 90. The default value is 90. When using http components for interfases such as DirectLink the merchant needs to make sure the timeout of the http component is longer than the value he sets as RTIMEOUT for the transaction. Scoring categories. See the Advanced Fraud Detection Module: Scoring documentation. Possible values: G (green), O V - N 2 45 - V AN 1 G

SCORING SHASIGN STATUS (orange), R (red). Final score of a transaction. See the Advanced Fraud Detection Module: Scoring documentation. String hashed using the Secure Hash Algorithm. The SHASIGN in the hidden fields is for the SHA-in signature (data check before the payment). The merchant gets a SHASIGN as return in case he uses a SHA-out signature (origin check of the return). Status of the payment. 0 Incomplete or invalid 1 Cancelled by client 2 Authorisation refused 4 Order stored 41 Waiting client payment 5 Authorised 51 Authorisation waiting 52 Authorisation not known 59 Author. to get manually 6 Authorised and canceled 61 Author. deletion waiting 62 Author. deletion uncertain 63 Author. deletion refused 7 Payment deleted 71 Payment deletion pending 72 Payment deletion uncertain 73 Payment deletion refused 74 Payment deleted (not accepted) 75 Deletion processed by merchant 8 Refund 81 Refund pending 82 Refund uncertain 83 Refund refused 84 Payment declined by the acquirer (will be debited) 85 Refund processed by merchant 9 Payment requested 91 Payment processing 92 Payment uncertain 93 Payment refused 94 Refund declined by the acquirer 95 Payment processed by merchant 97-99 Being processed (intermediate technical status) - V N 4 17 V V AN 128 172386BFF99BC8F899035E356497D4334958F2D4 - V N 2 9 The table above summarises the possible statuses of the payments. Statuses in 1 digit are 'normal' statuses: 0 means the payment is invalid (e.g. data validation error) or the processing is not complete either because it is still underway, or because the transaction was interrupted. If the cause is a validation error, an additional error code (*) (NCERROR) identifies the error. 1 means the

customer cancelled the transaction. 2 means the acquirer did not authorise the payment. 5 means the acquirer authorised the payment. 9 means the payment was captured. Statuses in 2 digits correspond either to 'intermediary' situations or to abnormal events. When the second digit is: 1, this means the payment processing is on hold. 2, this means an unrecoverable error occurred during the communication with the acquirer. The result is therefore not determined. You must therefore call the acquirer's helpdesk to find out the actual result of this transaction. 3, this means the payment processing (capture or cancellation) was refused by the acquirer whilst the payment had been authorised beforehand. It can be due to a technical error or to the expiration of the authorisation. You must therefore call the acquirer's helpdesk to find out the actual result of this transaction. 4, this means our system has been notified the transaction was rejected well after the transaction was sent to your acquirer. 5, this means our system hasn t sent the requested transaction to the acquirer since the merchant will send the transaction to the acquirer himself, like he specified in his configuration. STATUS_3D N: identification failed Y: identification successful A: proof of authentication attempt U: directory server unavailable V - AN 1 N SUB_AM Subscription amount V - N N/A 100 SUB_AMOUNT Subscription amount V - N N/A 100 SUB_COM order description V - AN 100 One telephone card SUB_COMMENT subscription comment V - AN 200 Monthly subscription to Golf World. SUB_CUR subscription currency V - AN 3 EUR SUB_ENDDATE subscription end date V - yyyy-mm-dd 10 40676 SUB_ORDERID order ID of the subscription V - AN 40 order 123 SUB_PERIOD_MOMENT SUB_PERIOD_NUMBER moment of a subscription payment, depending on sub_period_unit interval between each occurrence of subscription payment V - N N/A 1 V - N N/A 15

SUB_PERIOD_UNIT unit of interval between each occurrence of subscription payment V - AN 2 d SUB_STARTDATE start date of a subscription V - yyyy-mm-dd 10 40676 SUB_STATUS status of a subscription V - AN 1 0 SUBSCRIPTION_ID TBLBGCOLOR TBLTXTCOLOR Unique identifier of a subscription. Table background colour on the payment page. Table text colour on the payment page. V V AN 50 subscription1 V - AN N/A LightYellow #FFFFE0 V - AN N/A Blue #0000FF TITLE Title on the payment page. V - AN N/A John's bait shop TP Template URL/name. When we proposed to host the merchant s template on our server, the merchant only needs to enter his filename in the tp field instead of the whole URL, that way the merchant s URL will become a static URL on our side. V - AN N/A http://www.myshop.com/template.html TRXDATE Transaction date. - V MM/DD/YY N/A 12/25/10 TXTCOLOR Text colour on the payment page. V - AN N/A DarkGreen #006400 USERID Username as specified in the account s user management page. V - AN Min.2 Max.20 JohnD The default UserID for an account is the same as the account s PSPID. If the UserID field is left empty when making a payment request via e-commerce or when logging in, we ll take the PSPID field value as value for the UserID. Avoid using spaces and special characters in the USERID. VC Virtual Card type. Virtual cards are in general virtual, single-use credit card numbers, which can only be used on one predefined online shop. - V AN 3 NO WIN3DS Way to show the identification page for 3-D Secure or for the KBC, CBC, Dexia and ING paybuttons to the customer. V - AN 6 MAINW Possible values : MAINW, POPUP, POPIX (DirectLink only)