Title Page Card-Present Processing Using the SCMP API Supplement to Credit Card Services Using the SCMP API March 2015 CyberSource Corporation HQ | P.O. Box 8999 | San Francisco, CA 94128-8999 | Phone: 800-530-9095 CyberSource Contact Information For general information about our company, products, and services, go to http://www.cybersource.com. For sales questions about any CyberSource Service, email sales@cybersource.com or call 650-432-7350 or 888-330-2300 (toll free in the United States). For support information about any CyberSource Service, visit the Support Center at http://www.cybersource.com/support. Copyright © 2015 CyberSource Corporation. All rights reserved. CyberSource Corporation ("CyberSource") furnishes this document and the software described in this document under the applicable agreement between the reader of this document ("You") and CyberSource ("Agreement"). You may use this document and/or software only in accordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the information contained in this document is subject to change without notice and therefore should not be interpreted in any way as a guarantee or warranty by CyberSource. CyberSource assumes no responsibility or liability for any errors that may appear in this document. The copyrighted software that accompanies this document is licensed to You for use only in strict accordance with the Agreement. You should read the Agreement carefully before using the software. Except as permitted by the Agreement, You may not reproduce any part of this document, store this document in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written consent of CyberSource. Restricted Rights Legends For Government or defense agencies. Use, duplication, or disclosure by the Government or defense agencies is subject to restrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and in similar clauses in the FAR and NASA FAR Supplement. For civilian agencies. Use, reproduction, or disclosure is subject to restrictions set forth in subparagraphs (a) through (d) of the Commercial Computer Software Restricted Rights clause at 52.227-19 and the limitations set forth in CyberSource Corporation's standard commercial agreement for this software. Unpublished rights reserved under the copyright laws of the United States. Trademarks CyberSource, The Power of Payment, CyberSource Payment Manager, CyberSource Risk Manager, CyberSource Decision Manager, CyberSource Connect, Authorize.Net, and eCheck.net are trademarks and/or service marks of CyberSource Corporation. All other brands and product names are trademarks or registered trademarks of their respective owners. 2 CONTENTS Contents Recent Revisions to This Document About This Guide 6 Audience and Purpose Conventions 6 6 Related Documentation Customer Support Chapter 1 7 7 Introduction to Card-Present Transactions Supported Processors Prerequisites Chapter 2 5 8 9 Optional Features Encryption 10 10 Payment Network Tokenization Appendix A API Fields 12 13 Formatting Restrictions Data Type Definitions 13 14 P2PE Request-Level Fields (Recommended) Clear Text Request-Level Fields 15 16 General Card-Present Request-Level Fields General Card-Present Offer-Level Fields Reply Field 8 17 30 31 Card-Present Processing Using the SCMP API | March 2015 3 Contents Appendix B Examples 32 Sale Using Swiped Track Data Sale Using Keyed Data 32 33 Authorization Using Point-to-Point Encryption Card-Present Processing Using the SCMP API | March 2015 34 4 REVISIONS Recent Revisions to This Document Release Changes March 2015 All processors that support encryption: December 2014 Updated Table 4, "Card Readers and Device Reader Data," on page 11. Updated the description of the pos_encoding_method field in "P2PE Request-Level Fields (Recommended)," page 15. All processors: changed the retail and retail POS terminology to card present. All processors that support encryption: Added a transaction flow diagram. See "Encryption," page 10. Updated Table 4, "Card Readers and Device Reader Data," on page 11. Added P2PE examples. See "Authorization Using Point-to-Point Encryption," page 34. JCN Gateway: added sales_slip_number reply field in Table 9, "Reply Field," on page 31. May 2014 CyberSource through VisaNet: added new possible values for the MasterCard payment initiation channel. See payment_initiation_channel in "General Card-Present Request-Level Fields," page 17. FDC Nashville Global: updated the terminal_id field and added the terminal_ id_alternate field. See "General Card-Present Request-Level Fields," page 17. April 2014 All processors: moved the optional features into a new chapter. See Chapter 2, "Optional Features," on page 10. February 2014 Chase Paymentech Solutions: January 2014 The terminal_capability field is required. See "General Card-Present Request-Level Fields," page 17. When the terminal_id field is included in the request, the cat_level field is required. See "General Card-Present Request-Level Fields," page 17. CyberSource through VisaNet: Removed the dynamic MCC field from this guide and added it to Credit Card Services Using the SCMP API. Card-Present Processing Using the SCMP API | March 2015 5 ABOUT GUIDE About This Guide Audience and Purpose This guide is written for application developers who want to use the CyberSource SCMP API to integrate credit card processing with card-present data into their order management system. Implementing the CyberSource credit card services requires software development skills. You must write code that uses the API request and reply fields to integrate the credit card services into your existing order management system. Conventions The following special statements are used in this document: A Note contains helpful suggestions or references to material not contained in this document. Note An Important statement contains information essential to successfully completing a task or learning a concept. Important The following text conventions are used in this document: Table 1 Text Conventions Convention Meaning boldface API field names API service names Graphical user interface elements that you must act upon monospace Code in examples or possible values for API fields Card-Present Processing Using the SCMP API | March 2015 6 About This Guide Related Documentation Getting Started with CyberSource Advanced for the SCMP API (PDF | HTML) describes how to get started using the SCMP API. Credit Card Services Using the SCMP API (PDF | HTML) describes how to integrate CyberSource payment processing services into your business. Refer to the Support Center for complete CyberSource technical documentation: http://www.cybersource.com/support_center/support_documentation Customer Support For support information about any CyberSource service, visit the Support Center: http://www.cybersource.com/support Card-Present Processing Using the SCMP API | March 2015 7 CHAPTER Introduction to Card-Present Transactions 1 This addendum to Credit Card Services Using the SCMP API describes card-present processing with CyberSource. Supported Processors CyberSource supports card-present credit card transactions for the processors shown in the following table. Table 2 Processors that CyberSource Supports for Card-Present Transactions Processor EMV Magnetic Stripe American Express Direct—supports cardpresent processing only for merchants in the U.S. who are doing business in U.S. dollars. No Yes Chase Paymentech Solutions No Yes CyberSource through VisaNet No Yes FDC Nashville Global No Yes FDMS Nashville No Yes GPN No Yes Litle No Yes RBS WorldPay Atlanta No Yes TSYS Acquiring Solutions No Yes Card-Present Processing Using the SCMP API | March 2015 8 Chapter 1 Introduction to Card-Present Transactions Prerequisites Before you start your implementation: Contact your acquirer to find out whether you are allowed to process card-present transactions. Find out from your acquirer and CyberSource Customer Support whether you must have a separate CyberSource merchant ID for your card-present transactions. Contact CyberSource Customer Support to have your account configured to process card-present transactions. For point-to-point encryption (P2PE), you must use an approved device. See Table 4, "Card Readers and Device Reader Data," on page 11. Make sure that you are familiar with the CyberSource SCMP API for processing e-commerce and mail order/telephone order (MOTO) transactions as described in Credit Card Services Using the SCMP API. The request and reply fields for cardpresent transactions are very similar to the request and reply fields for e-commerce/ MOTO transactions. Table 3 Card-Present Fields in Service Requests and Replies Service Request Description Authorization request A card-present authorization request includes additional fields and several existing authorization request fields have different requirements when the request is for a card-present transaction. Authorization reply A card-present authorization reply includes the same fields that are included for an e-commerce/MOTO transaction. Capture request For all processors except CyberSource through VisaNet, a cardpresent capture request includes the same fields that are included for an e-commerce/MOTO transaction. For CyberSource through VisaNet: Capture reply A card-present capture request for a restaurant transaction requires additional fields. See the tables of request-level fields in Appendix A, "API Fields," on page 13. For non-restaurant transactions, a card-present capture request includes the same fields that are included for an e-commerce/MOTO transaction. A card-present capture reply includes the same fields that are included for an e-commerce/MOTO transaction. Card-Present Processing Using the SCMP API | March 2015 9 CHAPTER Optional Features 2 Encryption Services: Authorization Processor: All processors that are supported for card-present transactions The following diagram illustrates the steps in a transaction that uses encryption. 1 You send authentication data to your mobile device management (MDM) application to ensure that the user and the device have the required permissions. Your MDM application sends authentication credentials to the device. 2 The card is keyed, swiped, or read. The device generates an encrypted payload and sends it to your server along with the authentication credentials that were created in Step 1. 3 Your server creates a request message and uses the CyberSource API to send the message to CyberSource. Card-Present Processing Using the SCMP API | March 2015 10 Chapter 2 Optional Features 4 CyberSource sends a reply message to your server. The message indicates whether the request succeeded or failed. 5 Your server processes the information in the reply message. The device displays information about the status of the transaction. CyberSource provides Derived Unique Key Per Transaction (DUKPT) keys to device manufacturers which they inject into their card readers. To encrypt sensitive transaction data, the read heads on a CyberSource-supported card reader use DUKPT for key management along with the Triple Data Encryption Standard (3DES or TDES) algorithm for data encryption. When you use a card reader that encrypts sensitive transaction data, you can securely send transactions to CyberSource for decryption and processing. You can reduce your PCI scope with encryption that is implemented correctly. CyberSource supports the card readers that are listed in the following table. Table 4 Card Readers and Device Reader Data Device Base64 Value for pos_device_ reader_data Hex Value for pos_device_reader_ data IDTech (Shuttle, UniMag II, M100, M130) RklEPUlEVEVDSC5VbmlNYWcuQW 5kcm9pZC5TZGt2MQ== 4649443d4944544543482e556e694d616 72e416e64726f69642e53646b7631 Infinite Peripherals (Linea Pro 5, Infinea Tab M, Infinea Tab 4) RklEPUNPTU1PTi5FbmNyeXB0ZW RUcmFja3MuU2RrdjE= 4649443d434f4d4d4f4e2e456e63727970 746564547261636b732e53646b7631 Ingenico (ISC250) RklEPUNPTU1PTi5FbmNyeXB0ZW RUcmFja3MuU2RrdjE= 4649443d434f4d4d4f4e2e456e63727970 746564547261636b732e53646b7631 You must use hardware injected with Visa Inc. cryptography keys. If you have a specific device that you want to use and it is not in the table of supported devices, contact CyberSource Customer Support to learn whether your desired device can be injected with Visa Inc. cryptography keys and certified for use. Visa Inc. cryptography services work with DUKPT key management and 3DES encryption technologies. For security reasons, you cannot store CyberSource transaction credentials on a mobile device. You can store CyberSource transaction credentials in a secure manner on a file server or a workstation. CyberSource transaction credentials include your merchant ID, transaction security keys, and CyberSource certificates. For information about certificates and security keys, see Creating and Using Security Keys. To support this security requirement, point-of-sale (POS) devices that use the card encryption capabilities supported by CyberSource do not transact directly with CyberSource. Instead, POS devices use an application, an intermediate server, or device management software that transacts directly with CyberSource. Card-Present Processing Using the SCMP API | March 2015 11 Chapter 2 Optional Features For a transaction that uses encryption, use the fields documented in "P2PE Request-Level Fields (Recommended)," page 15. The following fields are specifically for encryption: pos_device_reader_data pos_encoding_method pos_encryption_algorithm pos_payment_data For examples of P2PE requests and replies, see "Authorization Using Point-to-Point Encryption," page 34. Payment Network Tokenization Payment network tokenization enables you to request a credit card authorization with a token instead of a primary account number (PAN). For information about adding payment network tokenization functionality to an order management system that already uses CyberSource credit card services, see Payment Network Tokenization Using the SCMP API. Card-Present Processing Using the SCMP API | March 2015 12 APPENDIX API Fields Important A When you send an authorization or capture request that includes card-present data, you must include the basic fields required for every authorization or capture request. For information about card-not-present fields required for these requests, see Credit Card Services Using the SCMP API. Formatting Restrictions Unless otherwise noted, all fields are order and case insensitive and the fields accept special characters such as @, #, and %. Note Values for request-level and offer-level fields must not contain carets (^) or colons (:). However, they can contain embedded spaces and any other printable characters. When you use more than one consecutive space, CyberSource removes the extra spaces. Card-Present Processing Using the SCMP API | March 2015 13 Appendix A API Fields Data Type Definitions Data Type Description Date and time Format is YYYY-MM-DDThhmmssZ, where: T separates the date and the time Z indicates Coordinated Universal Time (UTC), which is also known as Greenwich Mean Time Example: 2012-08-11T224757Z equals 10:47:57 P.M. on August 11, 2012 Decimal Number that includes a decimal point Examples: 23.45, -0.1, 4.0, 90809.0468 Integer Whole number {..., -3, -2, -1, 0, 1, 2, 3, ...} Nonnegative integer Whole number greater than or equal to zero {0, 1, 2, 3, ...} Positive integer Whole number greater than zero {1, 2, 3, ...} String Sequence of letters, numbers, spaces, and special characters Card-Present Processing Using the SCMP API | March 2015 14 Appendix A API Fields P2PE Request-Level Fields (Recommended) Table 5 P2PE Request-Level Fields (Recommended) Field Description Used By: Required (R) or Optional (O) Data Type & Length pos_device_reader_ data Data that identifies the card reader. This data enables CyberSource to parse the data that is in the pos_payment_data field. For the possible values, see Table 4, "Card Readers and Device Reader Data," on page 11. ics_auth (O) String (512) pos_encoding_method Encoding method that was applied to the data in the pos_device_reader_data and pos_ payment_data fields. When sensitive data must be included in the authorization reply message that CyberSource sends you, CyberSource uses this encoding method to encrypt the sensitive data. Possible values: ics_auth (O) String (6) Base64 Hex pos_encryption_ algorithm Encryption algorithm that was used to encrypt the data in the pos_payment_data field. Set this field to TDES. See "Encryption," page 10. ics_auth (O) String (4) pos_payment_data Encrypted payment data from a card reader. See "Encryption," page 10. ics_auth (O) String (2048) Card-Present Processing Using the SCMP API | March 2015 15 Appendix A API Fields Clear Text Request-Level Fields Table 6 Clear Text Request-Level Fields Field Description Used By: Required (R) or Optional (O) Data Type & Length pos_service_code MasterCard service code that is included in the track data. You can extract the service code from the track data and provide it in this API field. ics_auth (O) String (3) ics_auth (Required if pos_entry_ mode=swiped; otherwise, not used) String (119) track_data This field is supported only for MasterCard and only for CyberSource through VisaNet. Card’s track 1 and 2 data. For all processors except FDMS Nashville, this value consists of one of the following: Track 1 data Track 2 data Data for both tracks 1 and 2 For FDMS Nashville, this value consists of one of the following: Track 1 data Data for both tracks 1 and 2 Example: %B4111111111111111^SMITH/ JOHN ^1612101976110000868000000?;41 11111111111111=16121019761186800000? Card-Present Processing Using the SCMP API | March 2015 16 Appendix A API Fields General Card-Present Request-Level Fields Table 7 General Card-Present Request-Level Fields Field Description Used By: Required (R) or Optional (O) Data Type & Length bill_address1 Credit card billing street address as it appears in credit card issuer’s records. ics_auth: FDMS Nashville: String (20) FDMS Nashville: When the street name is numeric, it must be sent in numeric format. For example, if the address is One First Street, it must be sent as 1 1st Street. bill_address2 Used for additional address information. For example: Attention: Accounts Payable FDMS Nashville: Required if keyed; Not used if swiped. TSYS Acquiring Solutions: Required when bill_ payment=true and pos_entry_ mode=keyed. All other processors: Optional ics_auth (O) Credit card billing city. Card-Present Processing Using the SCMP API | March 2015 FDMS Nashville: String (20) All other processors: String (60) FDMS Nashville: bill_address1 and bill_address2 together cannot exceed 20 characters. bill_city All other processors: String (60) ics_auth: Chase Paymentech Solutions: Optional. Litle: Optional. TSYS Acquiring Solutions: Required when bill_ payment=true and pos_entry_ mode=keyed. All other processors: Not used. String (50) 17 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length bill_country Credit card billing country. Use the ISO Standard Country Codes. ics_auth: String (2) Chase Paymentech Solutions: Optional. Litle: Optional. TSYS Acquiring Solutions: Required when bill_ payment=true and pos_entry_ mode=keyed. All other processors: Not used. ics_auth (O) String (5) ics_auth: String (2) bill_payment Indicates payment for bill or payment towards existing contractual loan. For information about Visa Bill Payments and Visa Debt Repayments, see Credit Card Services Using the SCMP API. Possible values: bill_state false (default): Not a bill payment or loan payment. true: Bill payment or loan payment. Credit card billing state or province. Use the State, Province, and Territory Codes for the United States and Canada. Card-Present Processing Using the SCMP API | March 2015 Chase Paymentech Solutions: Optional. Litle: Optional. TSYS Acquiring Solutions: Required when bill_ payment=true and pos_entry_ mode=keyed. All other processors: Not used. 18 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length bill_zip Postal code for billing address. Postal code must consist of 5 to 9 digits. ics_auth: String (10) FDMS Nashville: Required if pos_ entry_ mode=keyed and the address is in the U.S. or Canada. Optional if pos_ entry_mode= keyed and the address is not in the U.S. or Canada. Not used if swiped. RBS WorldPay Atlanta: For best card-present keyed rates, send the postal code if pos_entry_ mode=keyed. TSYS Acquiring Solutions: Required when bill_ payment=true and pos_entry_ mode=keyed. All other processors: Optional. When the billing country is the U.S., the 9-digit postal code must follow this format: [5 digits][dash][4 digits] Example: 12345-6789 When the billing country is Canada, the 6-digit postal code must follow this format: [alpha][numeric][alpha][space][numeric][alpha] [numeric] Example: A1B 2C3 card_present Indicates whether the card is present at the time of the card-present transaction. Possible values: N: Card is not present. Y: Card is present. Card-Present Processing Using the SCMP API | March 2015 ics_auth: FDMS Nashville: Not used. All other processors: Required. String (1) 19 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length card_type Type of card to authorize. Possible values: String (3) cat_level currency customer_cc_cv_ indicator 001: Visa 002: MasterCard 003: American Express ics_auth (Required for Carte Blanche and JCB. Optional for other card types.) 004: Discover Important 005: Diners Club 006: Carte Blanche 007: JCB Type of cardholder activated terminal. Possible values: 1: Automated dispensing machine 2: Self-service terminal 3: Limited amount terminal 4: In-flight commerce (IFC) terminal 5: Radio frequency device 6: Mobile acceptance terminal Some processors do not support all possible values. Currency used for order. For possible values, see the ISO Standard Currency Codes. Indicates whether a CVN code was sent. Possible values: CyberSource strongly recommends that you send the card type even when it is optional for your processor and card type. Omitting the card type can cause the transaction to be processed with the wrong card type. ics_auth: Chase Paymentech Solutions: Required if terminal_id is included in the request. Otherwise, optional. CyberSource through VisaNet: Optional. All other processors: Not used. ics_auth (R) String (5) ics_auth: Nonnegative integer (1) FDMS Nashville: Required for American Express cards. Otherwise, optional. TSYS Acquiring Solutions: Optional if pos_entry_ mode=keyed. Otherwise, not used. All other processors: Optional. 0 (default): CVN service not requested. CyberSource uses this default when you do not include customer_cc_cv_number in the request. 1 (default): CVN service requested and supported. CyberSource uses this default when you include customer_cc_cv_ number in the request. 2: CVN on credit card is illegible. 9: CVN not imprinted on credit card. Card-Present Processing Using the SCMP API | March 2015 Nonnegative integer (1) 20 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length customer_cc_cv_ number CVN. See the CVN information in Credit Card Services Using the SCMP API. ics_auth: Nonnegative integer (4) customer_cc_expmo customer_cc_expyr customer_cc_number Two-digit month in which credit card expires. Format: MM. Possible values: 01 through 12. Leading 0 is required. Four-digit year in which credit card expires. Format: YYYY. Customer’s credit card number. Card-Present Processing Using the SCMP API | March 2015 FDMS Nashville: Required for American Express or if swiped. Otherwise, optional. TSYS Acquiring Solutions: Optional if pos_entry_ mode=keyed. Otherwise, not used. All other processors: Optional. ics_auth: FDMS Nashville: Required. All other processors: Required if pos_ entry_ mode=keyed. ics_auth: FDMS Nashville: Required. All other processors: Required if pos_ entry_ mode=keyed. ics_auth: FDMS Nashville: Required. All other processors: Required if pos_ entry_ mode=keyed. String (2) Nonnegative integer (4) FDMS Nashville: Nonnegative integer (19) All other processors: Nonnegative integer (20) 21 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length customer_email Customer’s email address, including full domain name. Format: name@host.domain ics_auth: String (255) Chase Paymentech Solutions: Optional. Litle: Optional. TSYS Acquiring Solutions: Required when bill_ payment=true and pos_entry_ mode=keyed. All other processors: Not used. ics_auth: customer_firstname Customer’s first name. Value should match value on card. Chase Paymentech Solutions: Optional. Litle: Optional. TSYS Acquiring Solutions: Required when bill_ payment=true and pos_entry_ mode=keyed. All other processors: Not used. ics_auth: String (60) customer_lastname Customer’s last name. Value should match value on card. Card-Present Processing Using the SCMP API | March 2015 Chase Paymentech Solutions: Optional. Litle: Optional. RBS WorldPay Atlanta: Optional. TSYS Acquiring Solutions: Required when bill_ payment=true and pos_entry_ mode=keyed. All other processors: Not used. String (60) 22 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length customer_phone Customer’s phone number. CyberSource recommends that you include the country code when order is from outside the U.S. ics_auth: String (15) Chase Paymentech Solutions: Optional. Litle: Optional. TSYS Acquiring Solutions: Optional. All other processors: Not used. ics_auth (R) String (13) ics_auth (O) String (2) ics_auth (See description) String (15) ics_bill (O) Numeric (12) ics_auth (R) String (255) e_commerce_indicator extended_credit_total_ count grand_total_amount gratuity_amount Type of transaction. For a card-present transaction, you must set this field to retail. Number of months the cardholder can use to pay for the purchase. You can use this field when offering extended credit to a cardholder at a retail location. The cardholder provides this value. The issuer pays you for the purchase in one payment, and then the cardholder pays the issuer in the number of monthly payments specified by this value. This field is supported only for acquirers in South Africa and only for CyberSource through VisaNet. Grand total for the order. You must include either this field or offer0 and the offer-level field amount. For information about offers and grand totals, see Getting Started with CyberSource Advanced for the SCMP API. Gratuity or tip amount for restaurants when the card is present. Allowed only when industry_ datatype=restaurant. When your customer uses a debit card or prepaid card, and you receive a partial authorization, the payment networks recommend that you do not submit a capture amount that is higher than the authorized amount. When the capture amount exceeds the partial amount that was approved, the issuer has chargeback rights for the excess amount. For information about partial authorizations, see Credit Card Services Using the SCMP API. Restaurant data is supported only for CyberSource through VisaNet. ics_applications CyberSource services to process for the request. Card-Present Processing Using the SCMP API | March 2015 23 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length industry_datatype Indicates whether the transaction includes restaurant data. You must set this field to restaurant in order for restaurant data to be sent to the processor. ics_bill (Required for restaurant transactions.) String (10) ics_auth (R) ics_auth (R) String (30) String (50) When this field is not set to restaurant or is not included in the request, CyberSource does not send restaurant data to the processor. Restaurant data is supported only for CyberSource through VisaNet. merchant_id merchant_ref_number Your CyberSource merchant ID. Merchant-generated order reference or tracking number. CyberSource recommends that you send a unique value for each transaction so that you can perform meaningful searches for the transaction. For information about tracking orders, see Getting Started with CyberSource Advanced for the SCMP API. FDC Nashville Global: The value for this field must be numeric and must be less than 9 digits. When you do not send a valid value, CyberSource creates one for you. However, the value is not returned to you, so you cannot use the merchant reference number to track the order. Card-Present Processing Using the SCMP API | March 2015 24 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length payment_initiation_ channel MasterCard-defined code that indicates how the account information was obtained. Possible values: ics_auth (O) String (2) 00 (default): Card 01: Removable secure element that is personalized for use with a mobile phone and controlled by the wireless service provider; examples: subscriber identity module (SIM), universal integrated circuit card (UICC) 02: Key fob 03: Watch 04: Mobile tag 05: Wristband 06: Mobile phone case or sleeve 07: Mobile phone with a non-removable, secure element that is controlled by the wireless service provider 08: Removable secure element that is personalized for use with a mobile phone and not controlled by the wireless service provider; example: memory card 09: Mobile phone with a non-removable, secure element that is not controlled by the wireless service provider 10: Removable secure element that is personalized for use with a tablet or e-book and is controlled by the wireless service provider; examples: subscriber identity module (SIM), universal integrated circuit card (UICC) 11: Tablet or e-book with a non-removable, secure element that is controlled by the wireless service provider 12: Removable secure element that is personalized for use with a tablet or e-book and is not controlled by the wireless service provider 13: Tablet or e-book with a non-removable, secure element that is not controlled by the wireless service provider This field is supported only for MasterCard and only for CyberSource through VisaNet. Card-Present Processing Using the SCMP API | March 2015 25 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length pos_entry_mode Method of entering credit card information into the POS terminal. Possible values: ics_auth (R) String (11) ics_auth (Required if any shipping address information is included in the request. Otherwise, optional.) ics_auth (O) ics_auth (Required if any shipping address information is included in the request and shipping to the U.S. or Canada. Otherwise, optional.) ics_auth (Required if any shipping address information is included in the request. Otherwise, optional.) ics_auth (O) String (60) keyed: Manually keyed into POS terminal. swiped: Read from credit card magnetic ship_to_address1 stripe. First line of shipping address. ship_to_address2 ship_to_city Second line of shipping address. City of shipping address. ship_to_country Country of shipping address. Use the ISO Standard Country Codes. ship_to_firstname First name of the person receiving the shipment. Last name of the person receiving the shipment. State or province to ship the product to. Use the State, Province, and Territory Codes for the United States and Canada. ship_to_lastname ship_to_state Card-Present Processing Using the SCMP API | March 2015 String (60) String (50) String (2) String (60) ics_auth (O) String (60) ics_auth (Required if any shipping address information is included in the request and shipping to the U.S. or Canada. Otherwise, optional.) String (2) 26 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length ship_to_zip Postal code for the shipping address. The postal code must consist of 5 to 9 digits. ics_auth (Required if any shipping address information is included in the request and shipping to the U.S. or Canada. Otherwise, optional.) String (10) ics_auth: Integer (1) When the shipping country is the U.S., the 9-digit postal code must follow this format: [5 digits][dash][4 digits] Example: 12345-6789 terminal_capability When the shipping country is Canada, the 6-digit postal code must follow this format: [alpha][numeric][alpha][space][numeric][alpha] [numeric] Example: A1B 2C3 POS terminal’s capability. Possible values: 1: Terminal has a magnetic stripe reader only. American Express Direct: Required. 2: Terminal has a magnetic stripe reader and manual entry capability. Chase Paymentech Solutions: Required. 3: Terminal has manual entry capability only. CyberSource through VisaNet: Optional. FDC Nashville Global: Required. FDMS Nashville: Required. GPN: Not used. Litle: Required. RBS WorldPay Atlanta: Optional. TSYS Acquiring Solutions: Optional. Card-Present Processing Using the SCMP API | March 2015 27 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length terminal_id Identifier for the terminal at your retail location. You can define this value yourself, but consult the processor for requirements. ics_auth: String (8) CyberSource through VisaNet A list of all possible values is stored in your CyberSource account and the value you send for this field is validated against the list each time you include the field in your request. When you do not include this field in your request, CyberSource uses the default value that is defined in your CyberSource account. FDC Nashville Global To have your account configured to support this field, contact CyberSource Customer Support. This value must be a value that FDC Nashville Global issued to you. Card-Present Processing Using the SCMP API | March 2015 American Express Direct: Optional. If not provided, CyberSource uses the value in your CyberSource account. Chase Paymentech Solutions: Optional. If you include this field in your request, you must also include cat_level. CyberSource through VisaNet: Optional. FDC Nashville Global: Optional. If not provided, CyberSource uses the value in your CyberSource account. FDMS Nashville: CyberSource uses the value in your CyberSource account. GPN: Not used. Litle: Not used. RBS WorldPay Atlanta: Not used. TSYS Acquiring Solutions: Not used. 28 Appendix A Table 7 API Fields General Card-Present Request-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length terminal_id_alternate Identifier for an alternate terminal at your retail location. You define the value for this field. ics_auth: String (8) This field is supported only for MasterCard transactions on FDC Nashville Global. Use the terminal_id field to identify the main terminal at your retail location. If your retail location has multiple terminals, use this terminal_id_ alternate field to identify the terminal used for the transaction. transaction_local_date_ time This field is a pass-through, which means that CyberSource does not check the value or modify the value in any way before sending it to the processor. Date and time at your physical location. FDC Nashville Global: Optional for MasterCard transactions. Otherwise, not used. All other processors: Not used. ics_auth (O) String (14) Format: YYYYMMDDhhmmss, where: YYYY = year MM = month DD = day hh = hour mm = minutes ss = seconds Card-Present Processing Using the SCMP API | March 2015 29 Appendix A API Fields General Card-Present Offer-Level Fields Table 8 General Card-Present Offer-Level Fields Field Description Used By: Required (R) or Optional (O) Data Type & Length amount Per-item price of the product. You must include either offer0 and this field or the request-level field grand_total_amount in your request. The value for this field cannot be negative. For information about offers and grand totals, see Getting Started with CyberSource Advanced for the SCMP API. ics_auth (See description) For GPN: Decimal (10) All other processors: Decimal (15) You can include a decimal point (.) in the value for this field, but you cannot include any other special characters. CyberSource truncates the amount to the correct number of decimal places. merchant_product_ sku Product identifier code. Required when product_code is not default or one of the values related to shipping and/or handling. ics_auth (See description) String (15) product_code Type of product. The value for this field is used to identify the product category (electronic, handling, physical, service, or shipping). The default value is default. For a list of valid values, see the information about product codes in Credit Card Services Using the SCMP API. ics_auth (O) String (30) ics_auth (See description) String (30) When the value for this field is not default or one of the values related to shipping and/or handling, the quantity, product_name, and merchant_product_sku fields are required. For information about offers and grand totals, see Getting Started with CyberSource Advanced for the SCMP API. product_name Required when product_code is not default or one of the values related to shipping and/or handling. Card-Present Processing Using the SCMP API | March 2015 30 Appendix A Table 8 API Fields General Card-Present Offer-Level Fields (Continued) Field Description Used By: Required (R) or Optional (O) Data Type & Length quantity Default is 1. Required when product_code is not default or one of the values related to shipping and/or handling. ics_auth (See description) Nonnegativ e integer (10) tax_amount Total tax to apply to the product. This value cannot be negative. The tax amount and the offer amount must be in the same currency. ics_auth (O) Decimal (15) The tax amount field is additive. The following example uses a two-exponent currency such as USD: 1 You include the following offer lines in your request: offer0=amount:10.00^quantity: 1^tax_amount:0.80 offer1=amount:20.00^quantity: 1^tax_amount:1.60 2 The total amount authorized will be 32.40, not 30.00 with 2.40 of tax included. If you want to include tax_amount and also request the ics_tax service, see Tax Calculation Service Using the SCMP API. Reply Field Table 9 Reply Field Field Description Returned By Data Type & Length sales_slip_number Transaction identifier that CyberSource generates. You have the option of printing the sales slip number on the receipt. ics_auth Integer (5) This field is supported only for JCN Gateway. Card-Present Processing Using the SCMP API | March 2015 31 APPENDIX B Examples Sale Using Swiped Track Data Example 1 Request Message: Sale Using Swiped Track Data merchant_id=JanesPlants merchant_ref_number=ABC123 currency=usd grand_total_amount=75.00 pos_entry_mode=swiped card_present=Y terminal_capability=2 track_data=%B4111111111111111^SMITH/BETTY^16121200123456789012**XXX*** ***?*;4111111111111111=16121200XXXX00000000?* ics_applications=ics_auth,ics_bill e_commerce_indicator=retail Example 2 Reply Message: Sale Using Swiped Track Data merchant_ref_number=ABC123 request_id=0305782650000167905080 ics_rcode=100 ics_rflag=SOK ics_rmsg=Request was processed successfully. currency=usd auth_rcode=100 auth_rflag=SOK auth_rmsg=Request was processed successfully. auth_auth_amount=75.00 auth_auth_code=831000 auth_auth_avs=2 auth_auth_response=00 auth_trans_ref_no=1094820975023470 auth_payment_network_transaction_id=0412MCCNYJPWY auth_card_category=J1 auth_card_group=0 bill_rcode=100 bill_rflag=SOK bill_rmsg=Request was processed successfully. bill_bill_amount=75.00 bill_trans_ref_no=1094820975023470 receipt_number=260371 Card-Present Processing Using the SCMP API | March 2015 32 Appendix B Examples Sale Using Keyed Data Example 3 Request Message: Sale Using Keyed Data merchant_id=JanesPlants merchant_ref_number=ABC123 currency=usd grand_total_amount=75.00 pos_entry_mode=keyed card_present=Y terminal_capability=2 customer_cc_number=4111111111111111 customer_cc_expmo=12 customer_cc_expyr=2016 card_type=001 ics_applications=ics_auth,ics_bill e_commerce_indicator=retail Example 4 Reply Message: Sale Using Keyed Data merchant_ref_number=ABC123 request_id=0305782650000167905080 ics_rcode=100 ics_rflag=SOK ics_rmsg=Request was processed successfully. currency=usd auth_rcode=100 auth_rflag=SOK auth_rmsg=Request was processed successfully. auth_auth_amount=75.00 auth_auth_code=831000 auth_auth_avs=2 auth_auth_response=00 auth_trans_ref_no=1094820975023470 auth_payment_network_transaction_id=0412MCCNYJPWY auth_card_category=J1 auth_card_group=0 bill_rcode=100 bill_rflag=SOK bill_rmsg=Request was processed successfully. bill_bill_amount=75.00 bill_trans_ref_no=1094820975023470 receipt_number=260371 Card-Present Processing Using the SCMP API | March 2015 33 Appendix B Examples Authorization Using Point-to-Point Encryption Example 5 Request Message: Authorization Using Point-to-Point Encryption e_commerce_indicator=retail ics_applications=ics_auth merchant_id=myMerchantID123 merchant_ref_number=9876 card_present=y pos_device_reader_data=4649443D4944544543482E556E694D61672E416E64726F 69642E53646B7631 pos_encoding_method=Hex pos_encryption_algorithm=TDES pos_entry_mode=swiped pos_payment_data=02d700801f3c20008383252a363031312a2a2a2a2a2a2a2a303030 395e46444d53202020202020202020202020202020202020202020205e323231322a 2a2a2a2a2a2a2a3f2a3b363031312a2a2a2a2a2a2a2a303030393d323231322a2a2a 2a2a2a2a2a3f2a7a75ad15d25217290c54b3d9d1c3868602136c68d339d52d984233 91f3e631511d548fff08b414feac9ff6c6dede8fb09bae870e4e32f6f462d6a75fa0 a178c3bd18d0d3ade21bc7a0ea687a2eef64551751e502d97cb98dc53ea55162cdfa 395431323439323830303762994901000001a000731a8003 terminal_capability=2 currency=USD grand_total_amount=30.00 Example 6 Reply Message: Authorization Using Point-to-Point Encryption ics_rcode=100 ics_rflag=SOK ics_rmsg=Request was processed successfully. auth_rcode=100 auth_rflag=SOK auth_rmsg=Request was processed successfully. auth_auth_amount=30.00 auth_auth_code=888888 auth_auth_avs=1 auth_auth_response=100 auth_trans_ref_no=64709061YTHMP2LF merchant_ref_number=9876 currency=USD request_id=3965463790780176056470 Card-Present Processing Using the SCMP API | March 2015 34
© Copyright 2024