Professional Documents
Culture Documents
Table Of Contents
Introduction ................................................................................................................. 5
What is XML Direct? .............................................................................................................. 5
3D Secure Page 2 of 59
Appendices ............................................................................................................... 33
Payment Method Codes ...................................................................................................... 33 ISO Currency Codes............................................................................................................ 36 Acquirer Response Codes ................................................................................................... 38 ISO Country Codes.............................................................................................................. 41 CVC/CVV Checks and Responses ...................................................................................... 56 XML Error Codes ................................................................................................................. 57
3D Secure Page 3 of 59
History
Change description New cardholder authentication response Payment Page updates WorldPay rebrand Date October 2011 Affected Pages 21-22
Copyright
WorldPay Limited While every effort has been made to ensure the accuracy of the information contained in this publication, the information is supplied without representation or warranty of any kind, is subject to change without notice and does not represent a commitment on the part of WorldPay Limited. WorldPay Limited, therefore, assumes no responsibility and shall have no liability, consequential or otherwise, of any kind arising from this material or any part thereof, or any supplementary materials subsequently issued by WorldPay Limited. WorldPay Limited has made every effort to ensure the accuracy of this material.
3D Secure Page 4 of 59
Introduction
What is XML Direct?
Merchants who collect and store their shoppers' payment details on their own platform can use the XML Direct model as an effective payment-processing gateway. With this model, the merchant collects both order and payment details and then communicates the relevant payment details on a per order basis with WorldPay, for processing. The XML Direct model only allows for using a select number of on-line payment methods, where no consumer interaction is involved. In view of the cost involved in establishing appropriate security measures this model only applies for merchants with established high transaction volumes.
Security
A core issue associated with using the XML Direct model is security. The collection and storage of payment information, such as, card numbers and cardholder names must take place in a secure environment. Payment Card Industry Data Security Standard (PCI DSS) PCI DSS is a global Card Scheme initiative that aims to ensure that every entity that handles, stores or processes cardholder data does so in a secure manner. MasterCard and Visa have combined their own security standards for cardholder data creating an aligned program, which is now endorsed by American Express, JCB and Diners. Much of PCI DSS relates to the technology involved in capturing and processing card data and this is particularly relevant to those merchants who process and capture cardholder data on their own systems rather than those who use the secure WorldPay payment pages. For more information, please refer to PCI DSS and to the PCI Security Standards Council at: www.pcisecuritystandards.org. If you want any help to gain compliance this site also lists PCI approved Quality Security Assessors (QSA') who can provide technical advice (chargeable).
3D Secure Page 5 of 59
The benefits of the 3-D Secure process are the enhanced security available when performing an authenticated transaction as well as the shift of liability in the event of fraudulent transactions. Authentication should strengthen your existing anti-fraud strategy and help protect your business, but bear in mind that coverage of authentication programmes is currently limited to Internet transactions. This means that authentication programmes do not cover fax, mail, or phone orders, nor do they cover all card types. For further details about authentication, refer to the Cardholder Authentication guide
3D Secure Page 6 of 59
account settings: before sending test orders to the Payment Service check and, if necessary, update settings that control aspects of how the service works. For example, setting a delay between authorisation and capture. order submission: setting up an HTTP(S) connection between your system and ours and automating the sending of XML orders over that connection. This topic is covered in this guide. testing the connection: you are able to test the connection using the Test environment before using the Production environment.
Account Settings
A number of the settings that affect the way the service works, can only be modified via our online administration tool, the Merchant Interface. Note to remember: you have a separate Merchant Interface for your Production environment and for your Test environment. You can login to both via: www.worldpay.com/admin
3D Secure Page 7 of 59
3D Secure Page 8 of 59
Name Tokens
An XML name token consists of alphanumeric and/or ideographic characters and the punctuation marks [_], [-], [.], and [:]. No other characters are allowed. An XML name token may not contain white spaces. If an attribute is declared to contain a name token or list of name tokens, the values of these attributes must be legal XML name tokens. Below you can find an example of this: <!ELEMENT amount EMPTY> <!ATTLIST amount value NMTOKEN #REQUIRED currencyCode NMTOKEN #REQUIRED exponent (0 | 2 | 3 ) #REQUIRED debitCreditIndicator (debit | credit ) 'credit' > A valid instance of an amount element looks like this: <amount value="4938" currencyCode="SEK" exponent="2" />
PCDATA
In a PCDATA (Parsed Character DATA) block in the XML message the following special characters should not be included: [&], [<], [>] and ["]. If you need to use these characters within a PCDATA block you should specify them as follows: & = & > = > < = < " = " For example, for the description element which is declared to contain PCDATA <!ELEMENT description (#PCDATA )> a valid example would be:
3D Secure Page 9 of 59
CDATA
In a CDATA (Character DATA) block it is allowed to include any data / characters as long as it adheres to the specified encoding and does not contain the character sequence: ]]>. A CDATA block must be enclosed between the start tag <[CDATA[ and the end tag ]]>. For example: <[CDATA[This text has not been parsed & still can be used]]>
3D Secure Page 10 of 59
Order Content
The third child element of the order element is orderContent. You can deliver the order content in HTML format. When supplying HTML order content the only HTML tags allowed are the tags permitted between the <body> and </body> tags of a valid HTML document! No form of scripting is allowed in the order content. The order content must be less than 10 kilobytes and should always be included in a CDATA section to avoid parsing problems. <orderContent> <![CDATA[content here]]> </orderContent>
3D Secure Page 11 of 59
shopper billing address shopper shipping address contact details merchant the fact that WorldPay processes the payment the fact that the name WorldPay may appear on the shopper's bank or credit card statements.
An example of the paymentDetails for a VISA payment, where VISA-SSL is the payment method code, is: <paymentDetails> <VISA-SSL> <cardNumber>4444333322221111</cardNumber> <expiryDate> <date month="09" year="2009"/> </expiryDate> <cardHolderName>J. Shopper</cardHolderName> <cvc>123</cvc> <cardAddress> <address> <firstName>John</firstName> <lastName>Shopper</lastName> <address1>27b ParkView Mansions</address1> <address2>47 Queensbridge Rd</address2> <address3>Chesterton</address3> <postalCode>CB94BQ</postalCode> <countryCode>GB</countryCode> <telephoneNumber>0123456789</telephoneNumber> 3D Secure Page 12 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide </address> </cardAddress> </VISA-SSL> <session shopperIPAddress="123.123.123.123" id="02l5ui8ib1"/> </paymentDetails>
Note that the payment method code VISA-SSL should be used for both Visa credit and Visa debit card payments.
Note that the cvc element contains the Card Verification Code. For details please refer to the appendix CVC/CVV Checks And Responses. Also note that the numeric parts (if there are any) of the street element are used in the AVS check. The non-numeric parts are ignored.
For the Solo (SOLO_GB-SSL) payment method either the issue number or the start date must be included in the paymentDetails, depending on the issuer policy. Please note that the issue number can be up to three digits, including possible zeros in front. This example shows paymentDetails for SOLO_GB-SSL: <paymentDetails> <SOLO_GB-SSL> <cardNumber>6333333333333333336</cardNumber> <expiryDate><date month="05" year="2009"></expiryDate> <cardHolderName>J. Shopper</cardHolderName> <issueNumber>07</issueNumber> </SOLO_GB-SSL> </paymentDetails>
Shopper Information
You can provide extra information about the shopper in an XML order by using the order child element shopper. Its shopperEmailAddress element is used by WorldPay to identify possible fraudulent transactions, or to send an email to the shopper when the payment is authorised or refused. <shopper> <shopperEmailAddress>jshopper@myprovider.int</shopperEmail Address> </shopper>
3D Secure Page 13 of 59
is the MYMERCHANT Webshop with merchant code MYMERCHANT, the shopper is Mr. J. Shopper and the used payment method is VISA. Please note that a browser-view picture of the order is shown below the XML code. <?xml version="1.0"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay/DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="MYMERCHANT"> <submit> <order orderCode="T0211010"> <description>20 Tulip Bulbs from MYMERCHANT Webshops</description> <amount value="2600" currencyCode="EUR" exponent="2"/> <orderContent> <![CDATA[ <center><table> <tr><td bgcolor="#ffff00">Your Internet Order:</td><td colspan="2" bgcolor="#ffff00" align="right">T0211010</td></tr> <tr><td bgcolor="#ffff00">Description:</td><td>20 Tulip Bulbs</td><td align="right">1,00</td></tr> <tr><td colspan="2">Subtotal:</td><td align="right">10,00</td></tr> <tr><td colspan="2">VAT: 15%</td><td align="right">3</td></tr> <tr><td colspan="2">Shipping and Handling:</td><td align="right">3</td></tr> <tr><td colspan="2" bgcolor="#c0c0c0">Total cost:</td><td bgcolor="#c0c0c0" align="right">EUR 26,00</td></tr> <tr><td colspan="3"> </td></tr> <tr><td bgcolor="#ffff00" colspan="3">Your billing address:</td></tr> <tr><td colspan="3">Mr. J. Shopper<br>27b ParkView Mansions<br>47 Queensbridge Road<br>Chesterton<br>Cambridge<br>CB9 4BQ<br>United Kingdom</td></tr> <tr><td colspan="3"> </td></tr> <tr><td bgcolor="#ffff00" colspan="3">Your shipping address:</td></tr> <tr><td colspan="3">Mr.J. Shopper<br> 47A Queensbridge Road<br>Cambridge<br>CB9 4BQ<br>UK</td></tr> <tr><td colspan="3"> </td></tr> <tr><td bgcolor="#ffff00" colspan="3">Our contact
3D Secure Page 14 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide information:</td></tr> <tr><td colspan="3">MYMERCHANT Webshops International<br>461 Merchant Street<br>1256 Merchant Town<br>Netherlands <br><br>mymerchant@webshops.int<br>1234 567890</td></tr> <tr><td colspan="3"> </td></tr> <tr><td bgcolor="#c0c0c0" colspan="3">Billing notice:</td></tr> <tr><td colspan="3">Your payment will be handled by WorldPay Payments Services<br>This name may appear on your bank statement<br>http://www.worldpay.com</td></tr> </table></center> ]]> </orderContent> <paymentDetails> <VISA-SSL> <cardNumber>4444333322221111</cardNumber> <expiryDate> <date month="09" year="2007"/> </expiryDate> <cardHolderName>J. Shopper</cardHolderName> <cvc>123</cvc> <cardAddress> <address> <firstName>John</firstName> <lastName>Shopper</lastName> <address1>27b ParkView Mansions</address1> <address2>47 Queensbridge Rd</address2> <address3>Chesterton</address3> <postalCode>CB94BQ</postalCode> <city>Cambridge</city> <countryCode>GB</countryCode> <telephoneNumber>01234567890</telephoneNumber> </address> </cardAddress> </VISA-SSL> <session shopperIPAddress="123.123.123.123" id="0215ui8ib1" /> </paymentDetails> <shopper> <shopperEmailAddress>jshopper@myprovider.int</shopperEmailAd dress> </shopper> <shippingAddress> <address> <firstName>John</firstName> <lastName>Shopper</lastName>
3D Secure Page 15 of 59
<address1>27b ParkView Mansions</address1> <address2>47 Queensbridge Rd</address2> <address3>Chesterton</address3> <postalCode>CB94BQ</postalCode> <city>Cambridge</city> <countryCode>GB</countryCode> <telephoneNumber>01234567890</telephoneNumber> </address> </shippingAddress> </order> </submit> </paymentService>
The CDATA section in the orderContent element contains a complete invoice in HTML. The image below shows what this order content looks like when viewed with a web browser.
3D Secure Page 16 of 59
Your Internet Order: Description Subtotal: VAT: 15% Shipping and Handling: Total cost: 20 Tulip Bulbs
Your billing address: Mr J. Shopper 27b ParkView Mansions 47 Queensbridge Road Chesterton Cambridge CB9 4BQ United Kingdom
Your shipping address: Mr J. Shopper 27b ParkView Mansions 47 Queensbridge Road Chesterton Cambridge CB9 4BQ United Kingdom
Our contact information MYMERCHANT Webshops International 461 Merchant Street 1256 Merchant Town Netherlands mymerchant@webshops.int 1234 567890
Billing notice: Figure 1: Example HTML order content as viewed with a browser.
3D Secure Page 17 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide </orderStatus> </reply> </paymentService>
In the reply, the payment element holds the relevant payment details and status information. Its child elements paymentMethod and amount contain the payment method used and the amount, including the currency, its exponent and the debitCreditIndicator that indicates the amount is positive. The payment status is specified by the lastEvent element. A CVC result description is reported through the CVCResultCode element. The balance element reports on the balance in the IN_PROCESS_AUTHORISED account. For credit card payments the first and last four digits of the card number are returned in the cardNumber element. Always refer to the WorldPay DTD for an up-to-date list of child elements and attributes of the reply element.
3D Secure Page 19 of 59
test.worldpay.com/jsp/merchant/xml/paymentService.jsp
Production/Live environment: https://secure.worldpay.com/jsp/merchant/xml/paymentService.jsp
3D Secure Page 20 of 59
3D
The payment card is participating in 3-D Secure. The Simulator will be initiated, where further options can be selected. The payment card is not participating in 3-D Secure. The Simulator will not be initiated and the 3DS Result will be Authentication Offered but not Used. The payment card is participating but simulates a system/connectivity issue that occurs before the cardholder is asked to authenticate. The Simulator page will not be initiated and the 3DS Result will be Authentication Unavailable. It is a normal e-commerce transaction with no 3DS initiated.
NO3D
3DVEERROR
You can use the value of the paResponse element to manipulate the outcome of the payer authentication. Using the dummy issuer site, the following options can be selected from the drop-down list: paResponse value
IDENTIFIED NOT_IDENTIFIED
Meaning
Cardholder Authenticated Authentication Offered but not Used Cardholder Failed Authentication. The order does not proceed to authorisation.
UNKNOWN_IDENTITY
3D Secure Page 21 of 59
paResponse value
Meaning
Cardholder Failed Authentication. The order does not proceed to authorisation. Response failed validation checks. The order does not proceed to authorisation. Authentication Unavailable. The error code is valid. It is acceptable to proceed to authorisation. Response failed validation checks. The order does not proceed to authorisation.
CANCELLED_BY_SHOPPER
ERROR
ERROR 3DS_VALID_ERROR_CODE
ERROR 3DS_INVALID_ERROR_CODE
Note that in the Production environment, the length of the paResponse element can be up to 4.7KB. However, in the Test Environment you should use considerably shorter lengths, such as those shown above, otherwise a parse error will be generated.
Testing Transactions
A number of different cases can be tested by entering the following values as the card/accountholder name (<cardHolderName>) in the order:
REFUSED &; will simulate a refused payment REFERRED - will simulate a refusal with the refusal reason &rsquoreferred' FRAUD - will simulate a refusal with the refusal reason &rsquofraud suspicion' ERROR - will simulate a payment that ends in error.
All other card/accountholder names will simulate an authorised payment. For test purposes we have provided a set of test credit and debit card numbers, these are listed below in the Test Card Numbers section. Captures and refunds can be simulated through the Merchant Interface. Use the "Capture" or "Refund" button in the Payment and Order Details page. Alternatively, you can send an XML capture or refund order modification to the Test environment.
3D Secure Page 22 of 59
4484070000000000
16
5100080000000000
16
4406080400000000
16
4462030000000000
16
4911830000000 4917610000000000
13 16
0 0
370000200000000
15
36700102000000 3528000700000000
14 16
0 0
4917300800000000
16
6334580500000000 63347306000000000 0
16
Solo
18
Discover card
6011000400000000
16
Laser
63049506000000000 0 57000000000000000 00
18
Maestro
19
Note that Visa Purchasing transactions are treated as Visa credit card transactions.
3D Secure Page 23 of 59
German ELV
To test German ELV payments in the Test environment a correctly formatted account number (Kontonummer) and valid bank code (Bankleitzahl) should be used, for example: Account number: 12345678 Bank code: 10000000 Bank name: Bundesbank Bank residence: Berlin card type bank code account number
92441196 122108525 5929120
Please note that ELV must be activated in the Production environment for merchants who would like to test ELV transactions.
3D Secure Page 24 of 59
1. The shopper places an order in the merchant's online store. 2. The merchant's system sends an XML message with the order and payment information to our system. (Please refer to the Submitting Transactions in the Direct Model for further details on constructing and submitting this XML message). Refer to Initial Order Message (arrow 2). 3. WorldPay verifies that the cardholder is participating in the 3-D Secure programme and a reply message is sent back to the merchant's system to request payer authentication, refer to Initial Order Reply Message (arrow 3). 4. The merchant's system redirects the shopper to the issuer site for authentication using information in the reply message, please refer to Redirect the Shopper to Issuer (arrow 4). 5. The authentication response is sent to the shopper, and the payer authentication response is then posted to the merchant's site.
3D Secure Page 25 of 59
6. The merchant includes the authentication response in the original XML order message and sends it to WorldPay, please refer to Second Order Message (arrow 6). 7. If the authentication response shows that the shopper failed to authenticate themselves, then one of two things will occur depending on the configuration of the merchants WorldPay account as outlined below: if the merchants WorldPay account doesnt have the Risk Management Module (RMM) activated, the WorldPay system will respond with the reply message detailed in step 4 again. This provides the merchants system with the opportunity to request for the shopper to go though the payer authentication process again If the merchants WorldPay account has the RMM activated then the merchants system will receive a REFUSED message from WorldPay. 8. If the authentication response shows that the shopper was authenticated then we verify that the authentication response belongs to the authentication request and proceed with authorisation exchange with the acquirer, including the 3-D Security Authentication information. 9. After receiving the response from the acquirer, WorldPay send an authorisation response to the merchant, please refer to Second Order
Submitting Transactions in the XML Direct Model with 3D Secure Guide <paymentService merchantCode="MYMERCHANT" version="1.4"> <submit> <order orderCode="merchantGeneratedOrderCode"> <description>Description</description> <amount currencyCode="EUR" exponent="2" value="5000"/> <orderContent>Default Order Content</orderContent> <paymentDetails> <VISA-SSL> <cardNumber>4111111111111111</cardNumber> <expiryDate> <date month="02" year="2008"/> </expiryDate> <cardHolderName>3D</cardHolderName> </VISA-SSL> <session shopperIPAddress="123.123.123.123" id="112233"/> </paymentDetails> <shopper> <browser> <acceptHeader>text/html</acceptHeader> <userAgentHeader>Mozilla/5.0 ...</userAgentHeader> </browser> </shopper> </order> </submit> </paymentService>
The new elements are browser, acceptHeader and userAgentHeader. These elements are used to redirect the shopper to the correct issuer site for authentication. The acceptHeader element should contain the exact content of the HTTP accept header as sent to the merchant from the shopper's user agent.
The userAgentHeader element should contain the exact content of the HTTP user-agent header as sent to the merchant from the shopper's user agent. The session element must be supplied for a 3-D Secure transaction.
Please note, when using the Test environment, the cardHolderName element must contain '3D' as the cardholder name.
3D Secure Page 27 of 59
The element paRequest contains data that was received from the 3-D Security Directory. This data must be supplied as-is in the redirect message to the shopper's issuer site. The issuerURL element contains the actual URL to which the shopper must be redirected. This is shopper's Issuer site where the shopper should authenticate themselves with the 3-D Secure mechanism. An extra element echoData is added, which is used by our software to process the subsequent messages belonging to the same transaction more efficiently. This element must be supplied in all subsequent messages as-is.
3D Secure Page 28 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide The value for the "TermUrl" attribute is a URL pointing to the merchant's site. It specifies the service to which the shopper is redirected from the issuer's site. The merchant is responsible for supplying a correct value. The "MD" attribute can contain any data and will be supplied as-is in the final post when the shopper is redirected from the Issuer's site to the merchant's site (the value of the TermUrl attribute). This attribute can be used by the merchant to handle the session state between the original shopping session and the final post after the shopper has been authenticated. This HTML example page redirects the shopper to the Issuer's site: <html> <head> <title>3-D Secure helper page</title> </head> <body OnLoad="OnLoadEvent();"> This page should forward you to your own card issuer for identification. If your browser does not start loading the page, press the button you see. <br/> After you successfully identify yourself you will be sent back to this site where the payment process will continue as if nothing had happened.<br/> implemented... <form name="theForm" method="POST" action="value of the issuerUrl element" > <input type="hidden" name="PaReq" value="value of the paRequest element" /> <input type="hidden" name="TermUrl" value="url of merchant site" /> <input type="hidden" name="MD" value="merchant supplied data" /> <input type="submit" name="Identify yourself" /> </form> <script language="Javascript"> <!-function OnLoadEvent() { // Make the form post as soon as it has been loaded. document.theForm.submit(); } // --> </script> </body> </html>
3D Secure Page 29 of 59
When the shopper has enabled Javascript in the browser, the shopper will automatically forwarded to the Issuer's site. If Javascript has been disabled, the shopper must press the submit button in order to continue.
The info3DSecure element contains the payer authentication response data received by the shopper/merchant from the issuer.
3D Secure Page 30 of 59
Please note: we use a farm of web servers to serve requests and as such the WorldPay system needs to ensure that the first and second orders are processed by the same web servers. In order to facilitate this, you need to extract the session cookie that is passed back in the HTTP header of the XML message (the response from the Payment Service with the issuerURL) and return it in the HTTP header of the second XML order, which includes the payer authentication response data. The session cookie can be captured in ASP using xmlhttp.getResponseHeader("SetCookie"). Once you have redirected your shopper and received the PaRes from the card issuers site your system will then need to set the session cookie in the HTTP header of the second XML order that is sent to WorldPay, again this can be done using xmlhttp.setRequestHeader "Cookie", VALUE OF COOKIE Equivalent functions for PHP using Curl would be as follows: 1st CURL submission needs a parameter of: curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookie.cookie"); 2nd CURL submission needs a parameter of: curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookie.cookie"); Please Note: that the above methods of capturing the session cookie are provided as examples only and as such are not supported by WorldPay.
<paymentMethod>VISA-SSL</paymentMethod> <amount currencyCode="EUR" debitCreditIndicator="credit" exponent="2" value="10000"/> <lastEvent>AUTHORISED</lastEvent> <balance accountType="IN_PROCESS"> <amount currencyCode="EUR" debitCreditIndicator="credit" exponent="2" value="10000"/> </balance> <balance accountType="AUTHORISED"> <amount currencyCode="EUR" debitCreditIndicator="debit" exponent="2" value="10000"/> </balance> <cardNumber>4111********1111</cardNumber> </payment> </orderStatus> </reply> </paymentService>
3D Secure Page 32 of 59
Appendices
Payment Method Codes
The child elements below are used to define the card type that is used by the shopper. name payment method code
AMEX-SSL
area
remarks
International
VISA-SSL ECMC-SSL
International International
CB-SSL
France
France
JCB-SSL
DANKORT-SSL
name
area
remarks
Rabobank DirectBetalen
Netherlands
For Rabobank shoppers only. Shopper is redirected to Rabobank server. For ING shoppers only.
ING Homepay
HOMEPAY-SSL
Belgium
3D Secure Page 33 of 59
name
area
remarks
Shopper needs to have a ING Homepay account at his bank. Solo SOLO_GB-SSL UK Depending upon the issuer policy, either the issuer number or the start date must be included in the paymentDetails. Depending upon the issuer policy, either the issuer number or the start date may need to be included in the paymentDetails. Internet voucher, will be discontinued.
Maestro
MAESTRO-SSL
UK
WWW-Bon
ICCHEQUE-SSL
Netherlands
Nordea Bank
Finland, Sweden
Paybox
Elektronisches Lastschriftverfahren
ELV-SSL
area
Netherlands, Belgium, Germany, Finland, France, Italy, Spain, UK,
remarks
Shopper transfers the money using a bank transfer, either manually or
3D Secure Page 34 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide name payment method code
TRANSFER_SE-BANK TRANSFER_AT-BANK TRANSFER_LU-BANK TRANSFER_CH-BANK TRANSFER_DK-BANK TRANSFER_GR-BANK TRANSFER_NO-BANK
area
Sweden, Austria, Luxemburg, Switzerland, Denmark, Greece, Norway
remarks
through an electronic banking system. If bank transfers are used for internationa l payments, the shopper may be presented with extra charges (cross border fees) from the banks. For ING shoppers only. Shopper needs to have a ING Homepay account at his bank. Regular cheque payments. Forms have to be printed, signed and sent to WorldPay
Cheque
CHEQUE-BANK
Belgium
Cheque
CHEQUE_GB-BANK
UK
Direct Debit
INCASSO_NL-FAX INCASSO_DE-FAX
CASH-DELIVERY
Germany
3D Secure Page 35 of 59
name
area
Germany
remarks
The Netherlands
Merchant has to use the 'reference id' as payment reference to be printed on the accept giro forms.
name
Nuevo Argentine Peso Australian Dollar Brazilian
exponent
2
AUD
BRL
3D Secure Page 36 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide code name
Real CAD CHF CLP CNY Canadian Dollar Swiss Franc Chilean Peso Yuan Renminbi Colombian Peso Czech Koruna Danish Krone Euro Pound Sterling Hong Kong Dollar Hungarian Forint Indonesian Rupiah Iceland Krona Japanese Yen Kenyan Shilling SouthKorean Won Mexican Peso Malaysian Ringgit Norwegian Krone 2 2 2 2
exponent
COP
CZK DKK
2 2
EUR GBP
2 2
HKD
HUF IDR
2 0
ISK
JPY KES
2 2
KRW
MXP MYR
2 2
NOK
3D Secure Page 37 of 59
code
NZD
name
New Zealand Dollar Philippine Peso New Polish Zloty Portugese Escudo Swedish Krone Singapore Dollar Slovak Koruna Thai Baht New Taiwan Dollar US Dollars Vietnamese New Dong South African Rand
exponent
2
PHP
PLN
PTE SEK
2 2
SGD
2 2 2 2 2 2
status
AUTHORISED REFUSED
3D Secure Page 38 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide code message value
4 HOLD CARD 5 REFUSED 8 APPROVE AFTER IDENTIFICATION 13 INVALID AMOUNT 15 INVALID CARD ISSUER 17 ANNULATION BY CLIENT 28 ACCESS DENIED 29 IMPOSSIBLE REFERENCE NUMBER 33 CARD EXPIRED 34 FRAUD SUSPICION 38 SECURITY CODE EXPIRED 41 LOST CARD 43 STOLEN CARD, PICK UP 51 LIMIT EXCEEDED 55 INVALID SECURITY CODE 56 UNKNOWN CARD 57 ILLEGAL TRANSACTION 62 RESTRICTED CARD 63 SECURITY RULES VIOLATED
status
REFUSED REFUSED REFUSED
REFUSED REFUSED
REFUSED
REFUSED REFUSED
REFUSED REFUSED
REFUSED REFUSED
REFUSED REFUSED
REFUSED REFUSED
3D Secure Page 39 of 59
status
REFUSED
REFUSED REFUSED
REFUSED
ERROR ERROR
ERROR ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
3D Secure Page 40 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide code message value
31 UNKNOWN ACQUIRER ACCOUNT CODE 40 REQUESTED FUNCTION NOT SUPPORTED 58 TRANSACTION NOT PERMITTED 64 AMOUNT HIGHER THAN PREVIOUS TRANSACTION AMOUNT 68 TRANSACTION TIMED OUT 80 AMOUNT NO LONGER AVAILABLE, AUTHORISATION EXPIRED 92 CREDITCARD TYPE NOT PROCESSED BY ACQUIRER 94 DUPLICATE REQUEST ERROR
status
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
3D Secure Page 41 of 59
AD AO AI AQ AG
AR AM AW AU AT AZ BS
3D Secure Page 42 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide <countryCode> country name or country parameter value
BAHRAIN BANGLADESH BARBADOS BELARUS BELGIUM BELIZE BENIN BERMUDA BHUTAN BOLIVIA BOSNIA AND HERZEGOVINA BOTSWANA BOUVET ISLAND BRAZIL BRITISH INDIAN OCEAN TERRITORY BRUNEI DARUSSALAM BULGARIA BURKINA FASO BH BD BB BY BE BZ BJ BM BT BO BA
BW BV BR IO
BN
BG BF
3D Secure Page 43 of 59
CF
TD CL CN CX
CC
CO KM CG CD
3D Secure Page 44 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide <countryCode> country name or country parameter value
COOK ISLANDS COSTA RICA CTE D'IVOIRE CROATIA CUBA CYPRUS CZECH REPUBLIC DENMARK DJIBOUTI DOMINICA DOMINICAN REPUBLIC ECUADOR EGYPT EL SALVADOR EQUATORIAL GUINEA ERITREA ESTONIA ETHIOPIA FALKLAND CK CR CI HR CU CY CZ
DK DJ DM DO
EC EG SV GQ
ER EE ET FK
3D Secure Page 45 of 59
TF
GA GM GE DE GH GI GR GL GD GP
3D Secure Page 46 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide <countryCode> country name or country parameter value
GUAM GUATEMALA GUERNSEY GUINEA GUINEA-BISSAU GUYANA HAITI HEARD ISLAND AND MCDONALD ISLANDS HOLY SEE (VATICAN CITY STATE) HONDURAS HONG KONG HUNGARY ICELAND INDIA INDONESIA IRAN, ISLAMIC REPUBLIC OF IRAQ IRELAND GU GT GG GN GW GY HT HM
VA
HN HK HU IS IN ID IR
IQ IE
3D Secure Page 47 of 59
KR
KW KG LA
LV LB LS
3D Secure Page 48 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide <countryCode> country name or country parameter value
LIBERIA LIBYAN ARAB JAMAHIRIYA LIECHTENSTEIN LITHUANIA LUXEMBOURG MACAO MACEDONIA, THE FORMER YUGOSLAV REPUBLIC OF MADAGASCAR MALAWI MALAYSIA MALDIVES MALI MALTA MARSHALL ISLANDS MARTINIQUE MAURITANIA MAURITIUS MAYOTTE LR LY
LI LT LU MO MK
MG MW MY MV ML MT MH
MQ MR MU YT
3D Secure Page 49 of 59
MD
MC MN MS MA MZ MM NA NR NP NL AN
NC NZ NI NE
3D Secure Page 50 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide <countryCode> country name or country parameter value
NIGERIA NIUE NORFOLK ISLAND NORTHERN MARIANA ISLANDS NORWAY OMAN PAKISTAN PALAU PALESTINIAN TERRITORY, OCCUPIED PANAMA PAPUA NEW GUINEA PARAGUAY PERU PHILIPPINES PITCAIRN POLAND PORTUGAL NG NU NF
MP
NO OM PK PW PS
PA PG
PY PE PH PN PL PT
3D Secure Page 51 of 59
RW BL
SH KN
LC PM
VC
WS SM ST
SA
3D Secure Page 52 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide <countryCode> country name or country parameter value
SENEGAL SERBIA AND MONTENEGRO SEYCHELLES SIERRA LEONE SINGAPORE SLOVAKIA SLOVENIA SOLOMON ISLANDS SOMALIA SOUTH AFRICA SOUTH GEORGIA AND THE SOUTH SANDWICH ISLANDS SPAIN SRI LANKA SUDAN SURINAME SVALBARD AND JAN MAYEN SWAZILAND SN CS
SC SL SG SK SI SB
SO ZA GS
ES LK SD SR SJ
SZ
3D Secure Page 53 of 59
TW
TJ TZ
TH TL TG TK TO TT
TN TR TM TC
3D Secure Page 54 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide <countryCode> country name or country parameter value
TUVALU UGANDA UKRAINE UNITED ARAB EMIRATES UNITED KINGDOM UNITED STATES UNITED STATES MINOR OUTLYING ISLANDS URUGUAY UZBEKISTAN VANUATU Vatican City State - refer to HOLY SEE VENEZUELA VIET NAM VIRGIN ISLANDS, BRITISH VIRGIN ISLANDS, U.S. WALLIS AND FUTUNA TV UG UA AE
GB
US UM
UY UZ VU VA
VE VN VG
VI
WF
3D Secure Page 55 of 59
YE ZM ZW
Testing
The following CVC/CVV scenarios can be tested using the codes listed below. CVC/CVV code simulated situation numeric respons e
B
Left blank
111
3D Secure Page 56 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide numeric respons e
CVC/CVV code
simulated situation
ACQUIRER 222 NO RESPONSE FROM ACQUIRER NOT CHECKED BY ACQUIRER FAILED APPROVED C
C D A
http://dtd.worldpay.com/paymentService_v1.dtd
Examples
The following are some examples for these error codes. Error Code 2 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"> <paymentService version="1.3" merchantCode="MYCO"> <reply> <error code="2"><![CDATA[Invalid bankAccount details : Invalid payment details : Account and bankcode combination is incorrect]]></error> </reply> </paymentService> 3D Secure Page 57 of 59
Error Code 4 <?xml version="1.0"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"> <paymentService merchantCode="MYCO" version="1.3"> <reply> <error code="4"><![CDATA[IP check failed. Access denied.]]></error> </reply> </paymentService> Error Code 5 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"> <paymentService version="1.3" merchantCode="MYCO"> <reply> <orderStatus orderCode="12234"> <error code="5"><![CDATA[Cannot book payment to CANCELLED if paymentstatus is not AUTHORISED but : REFUSED]]></error> </orderStatus> </reply> </paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN""http://dtd.worldpay.com/paymentService_v1.dtd"> <paymentService version="1.3" merchantCode="MYCO"> <reply> <error code="5"><![CDATA[Duplicate Order]]></error> </reply> </paymentService>
<?xml version="1.0"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN""http://dtd.worldpay.com/paymentService_v1.dtd"><paym entService merchantCode="MYCO" version="1.4"> <reply> <orderStatus orderCode="11223"> 3D Secure Page 58 of 59
Submitting Transactions in the XML Direct Model with 3D Secure Guide <error code="5"><![CDATA[Requested capture amount (EUR 125,50) exceeds the authorised balance for this payment (EUR 115,50)]]></error> </orderStatus> </reply> </paymentService> Error Code 7 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"><paymentServ ice version="1.3" merchantCode="MYCO"> <reply> <orderStatus orderCode="1112"> <error code="7"><![CDATA[Invalid payment details : Expiry date = 012002]]></error> </orderStatus> </reply> </paymentService>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd"> <paymentService version="1.4" merchantCode="MYCO"> <reply> <orderStatus orderCode="11223"> <error code="7"><![CDATA[Gateway error]]></error> </orderStatus> </reply> </paymentService>
3D Secure Page 59 of 59