MyCheckOut (redirect)
Contents
1. INTESA SNNPAOLO CARD MyCheckOut redirect User manual PBZ Card Croatia Company of INTESA 0 10 User manual MyCheckOut redirect Version 1 6 fr Author Kristijan Ple e DI SCLAI MER This Manual is the confidential unpublished property of Intesa Sanpaolo Card and no ownership rights are hereby transferred Receipt or possession of this Manual does not convey rights neither to recipient nor possessor to divulge reproduce alter the contents of the Manual use or allow others to use it and therefore no part of the Manual shall be used reproduced translated converted adapted amended communicated or transmitted by any means for any commercial purpose including without limitation sale resale or license without the prior written consent of Intesa Sanpaolo Card except as expressly provided in the agreement between user and Intesa Sanpaolo Card This Manual should be used as a guide only Intesa Sanpaolo Card reserves its exclusive right to independently and in any time alter the content of this Manual and users must be aware that updates and amendments will be made from time to time to the Manual without notice Intesa Sanpaolo Card will not be liable in any way for any possible consequences of such changes Intesa Sanpaolo Card does not make any representations warranties or guarantees express or implied as to the full and error free accuracy or completeness of the Manual Neither In2. 50 alphanumeric Cardholder surname is used for address control only English alphabet letters are used diacritic signs are not allowed customer address Cardholder address 200 alphanumeric Cardholder address is used for address control only English alphabet letters are used diacritic signs are not allowed 17 User manual MyCheckOut redirect Version 1 6 pm CARD Author Kristijan Plese customer_country Cardholder country 30 alphanumeric Cardholder country is used for address control only English alphabet letters are used diacritic signs are not allowed customer_city Cardholder city 50 alphanumeric Cardholder city is used for address control only English alphabet letters are used diacritic signs are not allowed customer zip Cardholder ZI P code 8 alphanumeric Cardholder zip code used for address control customer phone Cardholder phone number 20 alphanumeric Represents the cardholders telephone number customer email Cardholder email 50 alphanumeric Represents cardholders e mail address response result Response result response code Identifies the response suggested for this transaction from the authorizer side It is needed only in response messages Response code must be used when processing the response to recognize if the request was accepted or declined Response code Description 000 Approved Accepted 1
3. purchase descripti on order number merchant id request hash customer lang customer name customer surname customer address customer country customer city customer zip customer phone customer email response result masked pan response random _ number response appcode response message response hash M M Table 3 List of defined parameter presence 274 part 15 User manual MyCheckOut redirect Version 1 6 CARD Author Kristijan Ple e 2 3 3 PARAMETER DESCRIPTION submit type MyCheckOut Submit Mode 4 alphanumeric cust customer is redirected to MyCheckOut payment page auto MyCheckOut form is automatically delivered and redirected to the next step 3 D Secure trantype Transaction type 20 alphanumeric Represents transaction type Values Transaction type Description auth Authorization Purchase option in one step authresp Authorization response Authorization response Purchase option in two steps in case the merchant preauth Preauthorization must confirm the order before payment preauthresp Preauthorization response Preauthorization response Table 4 Possible values for transactions types request type MyCheckOut request type 16 alphanumeric Values Transaction type Description transaction Original transact
4. input merchant id T00000001 typez hidden input response appcode valuez 1238456 typez hidden input request hash valuez f8e37b4a35b1f3695b38bc60daf2f7d666cb60b4 typez hidden lt form gt Refund request response lt form method post action chart result php name MyCheckOut resp lt input name request_type value refundresp type hidden gt lt input name response_result value 000 type hidden gt lt input name response_random_number value 12345 type hidden gt lt input name response_message value Refund accepted type hidden gt lt input name order_number value OR_20081110_6 type hidden gt lt input name response_hash value 9b553e3a63852 168c64fa26c4 1ce9393d5f72ad0 type hidden gt lt form gt 3 5 AUTHORIZATION STATUS CHECK REQUEST Authorization status check request CHECKAUTH Authorization status check request lt form method post action http hostname MyCheckOut confirmpurchase jsp gt lt input name submit_type value auto typez hidden lt input name request_type value checkauth typez hidden lt input name purchase_amount value 123 12 type hidden gt input name purchase_currency value 191 type h idden gt lt input name order_number value OR_20081110_6 type hidden gt input name merchant_id value 7O00000001 type hidden gt lt input name response
5. value Accepted type hidden input order number value OR_20081110_5 type hidden gt input response hash value 9b553e3a63852 168c64fa26c4 1ce9393d5f72ad0 type hidden lt form gt 3 4 AUTHORIZATION WITHOUT COMPLETION WITH CASH REFUND Authorization without completion request AUTH Authorization without completion request lt form method post action http hostname My CheckOut confirmpurchase jsp name MyCheckOut gt lt input name submit_type value cust type hidden gt input name trantype value auth type hidden gt input name request_type value transaction type hidden gt lt input name purchase_amount value 123 12 type hidden gt input name purchase_currency value 191 type hidden gt lt input name purchase_description value Shop 1 type hidden gt lt input name order_number value OR_20081110_2 type hidden gt input name merchant_id value 7O00000001 type hidden gt input name request_hash value f8e37b4a35b1f3695b38bc60daf2f7d666cb60b4 type hidden gt input name customer_lang value en type hidden gt input name customer_name value John type hidden gt lt input name customer_surname value Smith type hidden gt input name customer_address value Topolovecka 13 type hidden gt lt input name customer_country value Croatia type hidden gt input name customer_city value Zagreb type hid
6. CANCELLATION enne 22 3 4 AUTHORIZATION WITHOUT COMPLETI ON WITH CASH 2 23 3 5 AUTHORLIZATION STATUS CHECK REQUEST tet te Inn nent er hex en Exe 24 3 6 AUTHORIZATION COMPLETION CHECK REQUEST 255 5 ene nnn nnmero 25 4 REVISION HISTORY i baia OU RH PELLE UE UAR nice 26 nan INTESA SNNDAOLO User manual MyCheckOut redirect Version 1 6 CARD Author Kristijan Ple e 1 SOLLUTI ON DESCRIPTION 1 1 INTERNET PAYMENT The system provides support for every internet payment element with authorization in real time and integrated support for advanced authentication systems such as Verified by Visa program MasterCard SecureCode and other advanced authentication programs The infrastructure of the presented system is shown in Figure 1 Tunneled connection e commerce Connection with 3D Secure Issuer Directory ACS Internet Server Authorization and connection Settlement connections Authorization and Settlement connections Acquirer systems Figure 1 Internet payment system includes several business parties A buyer who uses an internet browser as a place for ordering and paying for products and services A merchant who provides a web application for an online shop WEB shop which enables a buyer to search and choose a product or service and optionally provides an interfac
7. added to the response if the transaction is approved For completion cancellation and refund it has to be sent if available or else the field has to remain empty Approval authorization code cannot be used to decide if the transaction is approved or not For this purpose response code should be used response message Response message 200 alphanumeric Information is shown to the buyer optionally according to the response code It is needed only in response messages If the field is not present or empty nothing specific is shown to the buyer Additional codes can appear in it code Description C101 Missing not correctly captured transaction amounte purchase amount C113 Missing not correctly captured order number order number Table 7 Possible results for C codes response hash Response hash 40 alphanumeric 5 1 hash is created from merchant id order number response random number and merchant sec key field e g merchant id 1000000001 order number 12345678 response random number 123456 merchant sec key secret response hash SHA1 1000000010R_12345678123456secret response hash 9b553e3a63852168c64fa26c41ce9393d5f72ad0 19 User manual MyCheckOut redirect Version 1 6 INTESA SNNPAOLO Author Kristijan Plese 3 EXAMPLES 3 1 PREAUTHORI ZATI ON WI TH COMPLETI ON Preauthorization PREAUTH Preauthorization request lt form method post act
8. is not possible to reverse but is necessary to make a refund This transaction can be made through MyCheckOut administration interface 11 User manual MyCheckOut redirect Version 1 6 CARD Author Kristijan Ple e 2 2 2 AUTHORIZATION WITHOUT COMPLETION PURCHASE IN ONE STEP Authorization without completion Purchase in one step When authorization without completion occurs WEB shop sends an authorization request with transaction type auth authorization without completion After request approval there is on need for sending additional messages to MyCheckOut service the payment will automatically be included into the next settlement Authorization cancellation Authorization can be cancelled only in case of authorization response time out After this period authorization cannot be cancelled but it is possible to make a cash refund to the buyer look at transaction types refund Authorization cancellation occurs through MyCheckOut administration interface Pairing up transaction refund with an original authorization Refund request has to contain the same order number as an original authorization request It is mandatory for a WEB shop to send merchant ID approval code and original amount in the refund message It is not necessary to send card PAN and expiry date in the completion request so it is not necessary and is strongly recommended to avoid keeping this information on a WEB shop Refund can be mad
9. 00 Declined 101 Card expired 104 Card restricted 106 Attempts to input PIN 107 Refferal 109 Invalid establishment of service 111 Card not present 115 Requested function is not supported 117 Wrong PIN 121 Exceeded limit 400 Accepted cancellation 903 Re enter transaction 909 Technical mistake it is not possible to process the request 912 Link towards the host is not established 930 Transaction is not found 931 Transaction is cancelled Table 6 Possible response codes 18 User manual MyCheckOut redirect Version 1 6 Mj CARD Author Kristijan Ple e because it regards internet selling response should be presented as declined Nom these response codes should not be treated as declined when the information is presented to the end user These responses mean it is impossible to process the request these response codes mean that the system cannot process the request at this moment Request should be made later it can be returned only in case of authorization response or completion response masked pan Masked card number 19 numeric Masked card number first 6 and last 4 digits are seen response random number Random number for hash 10 numeric Random number used for creating hash response values response appcode Approval authorization response 6 alphanumeric It represents approval code for this transaction assigned by the authorization institution It must be
10. A SNNDAOLO User manual MyCheckOut redirect Version 1 6 CARD Author Kristijan Ple e 2 E COMMERCE SYSTEM INTEGRATI ON 2 1 REQUIREMENTS For web merchant to be able to accept banks cards as way of payment in MyCheckOut service first he needs to test if all requirements are fulfilled After all testing is successfully done then he can begin with exchange of production data The information that web merchant must send for testing production is 1 IP address DNS name of the server 2 contact mobile phone number to which will be send data with CONFIDENTIAL label 3 e mail address to which will be sent information about approved orders Then PBZ Card will send following information to the web merchant for MyCheckOut administration interface 1 Merchantid Merchantid CONFI DENTI AL 2 Username Username CONFIDENTIAL 3 Password Password CONFIDENTIAL located at URL https mycheckout pbzcard hr shopadmin index html for MyCheckOut web page 1 Merchantid Merchantid CONFI DENTIAL same as Merchantl D for MyCheckOut administration interface located at URL https mycheckout pbzcard hr icheckout Examples of the authorization messages are shown at the end of this document In addition PBZ Card sent following information to the web merchant MycheckOut redirect user manual this document MyCheckOut Administration application for web merchants user manual atest script with test cases for fi
11. N REQUEST WITH 3 D SECURE AUTENTI CATI ON JSSUER SI DE ene sa adea nen MUR SR NR MUR FR SERRE Res EE REUS 9 2 SYSTEM INTEGRATION ees EIER 10 2 1 REQUIREMENTS 2 2 eda abet eres patet PR Tia URN a RR 10 2 2 TRANSACTION TYPES temet tmt tentem reni gne ta ern dii Fa im nance ae Ra Eie 11 2 2 1 PREAUTHORIZATION WITH SUBSEQUENT COMPLETI ON TWO STEPS itin eese bes 11 2 2 2 AUTHORIZATION WITHOUT COMPLETION PURCHASE IN ONE 12 2 2 3 MERCHANT SECURITY KEY enenatis rni kieres me ne ees ke e paren Re 12 2 3 MYCHECKOUT MESSAGES 5 ex ea EAI RUE XR 13 2 3 1 FORM PARAMETERS ir eas e e nn e E TERRI ERI AUDREY ER EROR 13 2 3 2 MYCHECKOUT REDIRECT CUSTOMER SUBMIT 14 2 3 3 PARAMETER DESCRIPTION ro ht ER ER dn PER ER FER ARD 16 LES 0611782 20 3 1 PREAUTHORIZATION WITH nennen 20 3 2 AUTHORIZATION WITHOUT COMPLET ON eene er red rhe nen rnt nn eh ene 21 3 3 AUTHORIZATION WITH
12. _appcode value 123456 type hidden gt input name request_hash value f8e37b4a35b1f3695b38bc60daf2f7d666cb60b4 typez hidden lt form gt Authorization status check request response lt form method post action chart result php name MyCheckOut_resp gt input name request_type value checkauthresp type hidden input response result valuez 000 typez hidden input response random number valuez 12345 typez hidden input response message value ODOBRENO type hidden input order number 20081110 6 types hidden input response hash value 9b553e3a63852 168c64fa26c4 1ce9393d5f72ad0 typez hidden form 24 User manual MyCheckOut redirect Version 1 6 INTES4 SNNPAOLO CARD Author Kristijan Plese 3 6 AUTHORIZATI ON COMPLETI ON CHECK REQUEST Authorization completion check request CHECKCOMPLETI ON Authorization completion check request lt form method post actionz http hostname MyCheckOut confirmpurchase jsp MyCheckOut input namez submit type auto typez hidden input name request type value checkcompletion type hidden input request type value checkcompletion type hidden input namez purchase amount value 123 12 typez hidden input purchase currency value 191 type h idden gt input or
13. ayment and in this step WEB shop redirects the buyer through a tunneled connection to the provided MyCheckOut service in which the buyer captures data about the credit card Step 03 MyCheckOut service forms an authorization request and forwards it to the iPayGate system Step 04 In case the issuer is PBZ Card the system forwards the authorization request to PBZ Card Step 05 case the issuer is not PBZ Card Legacy authorization system forwards the authorization request to the network WEB front end Checkout service 3D Secure Client Tunneled connection e commerce Issuer ACS Ea Internet and connection Settlement connections 5 B Authorization and Settlement connections Acquirer systems Figure 2 nm INTESA SNNPAOLO User manual MyCheckOut redirect Version 1 6 Author Kristijan Ple e 1 3 AUTHORIZATION RESPONSE PROCESSI NG If the authorization request is formatted for a credit card for which the issuer is not PBZ Card or any local authorization host processing continues with an authorization response which arrives from the network Figure 3 Step 06 The network returns an authorization response if an authorization request has been sent to the network Step 07 The response is forwarded to iPayGate where appropriate business logic in applied on the response Step 08 Adequately formatted response is forwarded to MyCheckOut service Step 09 MyCheckOu
14. customer country value Croatia type hidden input customer city Zagreb typez hidden input customer zip 10040 typez hidden input customer phone valuez 38512912096 type hidden gt input email valuez john smith Qzmsinfo hr typez hidden form Authorization without completion response lt form method post chart result php name MyCheckOut _resp gt input name trantype value authresp typez hidden input response result valuez 000 typez hidden input response random number 12345 hidden input response appcode valuez 1238456 type hidden input response message value Approved hidden input number value OR_20081110_2 type hidden gt input response hash value 9b553e3a63852 1 68c64fa26c4 1ce9393d5f72ad0 typez hidden form 21 User manual MyCheckOut redirect Version 1 6 INTESA SNNPAOLO Author Kristijan Plese 3 3 AUTHORIZATION WI TH CANCELLATION Authorization AUTH Authorization request lt form method post action http hostname My CheckOut confirmpurchase jsp MyCheckOut gt input submit type cust type hidden input trantype valuez auth type hidden input purchase a
15. den gt lt input name customer_zip value 10040 type hidden lt input name customer_phone value 385129 12096 type hidden gt lt input name customer_email value john smith zmsinfo hr type hidden gt lt form gt Authorization without completion response lt form method post action chart result php name MyCheckOut _resp gt lt input name trantype value authresp type hidden gt lt input name response_result value 000 type hidden gt lt input name response_random_number value 12345 type hidden gt lt input name response_appcode value 123456 type hidden lt input name response_message value Approved type hidden lt input name order_number value OR_20081110_2 type hidden gt input name response_hash value 9b553e3a63852 1 68c64fa26c4 1ce9393d5f72ad0 typez hidden lt form gt 23 User manual MyCheckOut redirect Version 1 6 INTESA SNNPAOLO Author Kristijan Plese Refund request REFUND Refund request lt form method post action http hostname MyCheckOut confirmpurchase jsp MyCheckOut gt input submit type valuez auto typez hidden input request type valuez refund type hidden input namez purchase amount value 123 12 typez hidden input purchase currency valuez 191 type hidden gt input order number 20081110 6 types hidden
16. der number 20081110 6 types hidden input merchant id T00000001 typez hidden input response appcode valuez 128456 typez hidden input request hash value f3e37b4a35b 113695b38bc60daf2f7d666cb60b4 hidden lt form gt Authorization completion check request response lt form method post action chart result php name MyCheckOut_resp gt lt input name request_type value checkcompletionresp type hidden lt input name response_result value 000 type hidden gt lt input name response_random_number value 12345 type hidden gt lt input name response_message value KOMPLETIRANO type hidden gt lt input name order_number value OR_20081110_6 type hidden gt lt input name response_hash value 9b553e3a63852 168c64fa26c4 1ce9393d5f72ad0 type hidden gt lt form gt 25 INTESA SNNPAOLO CARD 4 REVISION HISTORY Author Kristijan Plese User manual MyCheckOut redirect Version 1 6 Document integration Deleted chapter Call back Description Pages Issue date Author version 1 3 upale June 2010 Kristijan Ple e New visual layout 1 4 Document update June 2010 Kristijan Ple e 1 5 Added Declaimer 2 August 2010 Matija Kostelac Added new chapter 10 2 1 Requirements Deleted chapter MyCheckOut Kristijan Ple e 1 6 service and e commerce Jan
17. done in an WEB shop system provided either by the same bank either by the other acquirers In this scheme processing is a little bit different from previously described models Specific part of processing is done on the acquirer s side following rules of 3 D Secure standard Next steps are included in this process Figure 6 Step O1 First contact with 3 D Secure authorization is the request which arrives from DS Directory Server on issuer ACS Access Control Server who decides which card participates in 3 D Secure program ACS returns a response with card status and URL on which buyer authentication is done Step 02 If a card participates in 3 D Secure program acquirers system will redirect the buyer s web browser to an URL received in the previous step URL is on the issuers ACS and represents a form for authentication data entry Step 03 During data entry ACS contacts the authentication system where it checks the accuracy of the data entered Step 04 Legacy system accepts the authorization request from the network expanded with a returned XID and CAVV AAV values which are filled after 3 D Secure check WEB front end Checkout service 3D Secure Client Internet connection iPayGate Connection with X Authorization and 3D Secure Settlement Directory connections gt Authorization and Authentication system Settlement E g OTP server connections Legacy authorization system Figure 6 nan INTES
18. e for payment data capture This segment is usually on the payment gateway side of the process but there is a possibility of support for payment data capture in merchant website as well as support for already existing solutions Acquirer who uses two elements o MyCheckOut service represents an interface between an internet merchant and Legacy authentication and authorization system which as well provides support for 3 D Secure program o Legacy Transaction Switch or authorization system Card scheme network American Express MasterCard Visa Diners which represents a link between the acquirer and issuer or direct host to host link between the same parties nm INTESA SNNPAOLO User manual MyCheckOut redirect Version 1 6 Author Kristijan Ple e DS Directory Server MasterCard Visa which contains records on cards which participate in 3 D Secure authentication program and is included in the process of buyer authentication Issuer who authorizes the request for purchase The following describes the flow of business events in several typical examples of internet purchase 1 2 AUTHORIZATI ON REQUEST PROCESSI NG In a typical internet purchase process without merchant participation in 3 D Secure program a buyer initiates a purchase on a merchants website following these steps Figure 2 Step 01 The buyer chooses one or more products or services Step 02 The buyer checks selected items and chooses credit card p
19. e through MyCheckOut administration interface 2 2 3 MERCHANT SECURITY KEY Merchant security key is a key used for creating SHA1 hash for request and response Every merchant receives an own security key which has to be kept and secured by the merchant in a protected and safe place e g encrypted field in a base 12 User manual MyCheckOut redirect Version 1 6 pm CARD Author Kristijan Plese 2 3 MYCHECKOUT MESSAGES Message exchange between WEB shop and MyCheckOut service is achieved by using HTTP 1 1 protocol The merchant application prepares a HTML form which will be sent by POST method to MyCheckOut mount point At the end of authorization MyCheckOut sends the form back to the merchants URL for answers 2 3 1 FORM PARAMETERS Table 1 displays a list of parameters used for sending requests and responses Format length and description are presented as Length is a maximum length of the field which the value cannot override in any case because the field will be rejected as invalid Format defines allowed symbols in the field numeric can contain only digits alphanumeric can contain all symbols with hex codes from hex 20 Parameter name Parameter description Value format submit type MyCheckOut mode AN 4 trantype Transaction type AN 20 request type Request type AN 15 purchase amount Transaction amount AN 13 purcha
20. ion Denote the original transaction completion Completion Transaction completion second step in a purchase option with two steps completionresp Completion response Response to completion reversal Technical reversal Cancellation of preauthorization before completion or technical reversal reversalresp Response to technical reversal Response to technical reversal refund Refund Money refund refundresp Refund response Response to money refund checkauth Authorisation check If authorization status isn t known it s used for checking checkauthresp abel Response to check of authorization status response checkcompletion Completion check If completion status isn t known it s used for checking checkcompletion Completion check response Response to check of completion status Table 5 Possible values for transactions types purchase_amount Transaction amount 13 alphanumeric It represents a transaction amount in format 12 2 Dot is a decimal sign of separation purchase currency Transaction currency 3 alphanumeric It identifies a currency and decimal value following ISO 4217 codes 16 INTESA SNNPAOLO User manual MyCheckOut redirect Version 1 6 CARD Author Kristijan Ple e Note for Croatia WEB shops HRK currency it s only possible The Alternative currency box on MyCheckOut payment page is only for info
21. ion http hostname My CheckOut confirmpurchase jsp MyCheckOut gt input submit type value cust type hidden input namez trantype valuez preauth hidden input namez purchase amount value 123 12 typez hidden input purchase currency 191 typez hidden input namez purchase description value Shop 1 type hidden gt input order number 20081110 1 typez hidden input merchant id valuez T00000001 typez hidden input request hash valuez f8e37b4a35b1f3695b38bc60daf2f7d666cb60b4 typez hidden input customer lang valuez en type hidden input customer name John typez hidden input namez customer surname valuez Smith typez hidden input namez customer address value Topolovecka 13 hidden input namez customer country valuez Croatia type hidden input customer city Zagreb type hidden input customer zip valuez 10040 type hidden input customer phone valuez2 38512912096 type hidden input customer email valuez john smith Qzmsinfo hr hidden lt form gt Preauthorization response lt form method post action chart result php name MyCheckOut _resp gt lt input name trantype value preauthresp type hidden gt lt in
22. letion Resp submit_type cust cust auto trantype auth preauth request_type transaction transaction completion purchase_amount M M M purchase_currency purchase_installment M M M purchase_diferperiod purchase_description order_number merchant_id request_hash customer_lang customer_name customer_surname customer_address customer_country customer_city customer_zip customer_phone customer email xo xo response result masked pan response random number response appcode response message lt lt 0 lt response hash M lt lt lt lt Table 2 List of defined parameter presence 1 14 t INTESA SNNPAOLO CARD Author Kristijan Plese User manual MyCheckOut redirect Version 1 6 MyCheckOut redirect customer submit mode Parameter name Reversal Req Reversal Resp Refund Req Refund Resp Checkauth Checkcompletion Req Checkauth Checkcompletion Resp submit_type auto auto auto trantype request_type reversal refund checkauth checkcompletion purchase_amount M M M purchase_currency M M M purchase istallmen ts purchase differperi od
23. mount value 123 12 typez hidden input purchase currency 191 typez hidden input purchase description Shop 1 type hidden gt input order number value OR_20081110_2 type hidden gt input merchant id T00000001 typez hidden input request hash valuez f8e37b4a35b1f3695b38bc60daf2f7d666cb60b4 typez hidden input customer lang valuez en type hidden input customer name John typez hidden input customer surname valuez Smith typez hidden input namez customer address value Topolovecka 13 type hidden gt input customer country valuez Croatia type hidden input namez customer city valuez Zagreb type hidden input customer zip 10040 typez hidden input customer phone valuez 38512912096 typez hidden input email valuez john smith Qzmsinfo hr typez hidden form Authorization response lt form method post chart result php MyCheckOut gt input namez trantype value authresp typez hidden input namez response result valuez 000 type hidden input response random number valuez 12345 hidden input response appcode valuez 1238456 type hidden input resp
24. nal testing password protected record of the acceptance test card CONFIDENTIAL refers to the password Before beginning of the testing web merchants needs to enter change following parameters in MyCheckOut Administration application 1 Secure key SecureKey CONFIDENTIAL before sending the test production authorization messages web merchant needs to change it in the MyCheckOut Administration application 2 Response URL for approved authorizations 3 Response URL for rejected authorizations For detailed explanation of how to enter change parameters see user manual for MyCheckOut Administration application Note For production response URL web pages it is recommended to use HTTPS protocol with SSL certificate issued by certified institutions e g Verisign Thawte Trustwave Comodo 10 User manual MyCheckOut redirect Version 1 6 fr Author Kristijan Ple e 2 2 TRANSACTION TYPES When WEB shop processes an order it sends authorization to MyCheckOut service MyCheckOut can accept two types of authorization requests a Preauthorization with subsequent completion purchase in two steps This form of authorization request expects from WEB shop to confirm the authorization to MyCheckOut service when the order is filled this request is called completion request It is suitable for selling goods which require physical delivery meaning when a merchant wants to be sure that he can deliver the go
25. ods before charging the buyer The payment will not be present in the settlement until the completion message is not received Completion message is possible to send within a period of 28 days from the preauthorization request approval b Authorization without completion purchase in one step This form of authorization request does not expect from WEB shop sending any further reports to MyCheckOut service Authorization without completion is suitable when there is no need to check goods and services availability meaning when dealing with a type of electronic product Payment will be included into the first settlement that occurs after receiving authorization 2 2 1 PREAUTHORIZATI ON WITH SUBSEQUENT COMPLETION PURCHASE IN TWO STEPS Preauthorization with completion Purchase in two steps When authorization with subsequent completion occurs WEB shop sends an authorization request with transaction type preauth preauthorization with subsequent completion After request approval and when the merchant is convinced that he can fill an order preauthorization completion is sent transaction type compl After the request is completed MyCheckOut will include this payment into the next settlement Pairing up completion with an original preauthorization Completion request has to contain the same order number as the original preauthorization request It is mandatory for a WEB shop to include Merchant ID approval code and completion amount com
26. onse message value Approved type hidden input order number 20081110 2 types hidden input response hash value 9b553e3a63852 1 68c64fa26c4 1ce9393d5f72ad0 typez hidden form Technical reversal REVERSAL Transaction technical reversal request lt form method post action http hostname My CheckOut confirmpurchase jsp MyCheckOut gt input submit type valuez auto typez hidden input request type valuez reversal hidden input namez purchase amount value 123 12 type hidden gt input namez purchase currency valuez 191 typez hidden input order number 20081110 5 types hidden input namez merchant id 700000001 hidden input response appcode valuez 123456 type hidden input request hash value f3e37b4a35b 113695b38bc60daf2f7d666cb60b4 hidden lt form gt 22 User manual MyCheckOut redirect Version 1 6 INTESA SNNPAOLO Author Kristijan Plese Transaction technical reversal response lt form method post action chart result php name MyCheckOut resp input request type valuez reversalresp type hidden input response result value 000 typez hidden input namez response random number valuez 12345 typez hidden input response message
27. pletion message It is not necessary to send card PAN and expiry date in the completion request so they are not necessary and is strictly forbidden keeping this information on a WEB shop Completion request has to be sent within 28 days from the original preauthorization and once reversed preauthorization is not possible to complete This transaction can be made through MyCheckOut administration interface Partial completion It is possible to complete an original preauthorization partially in case when only part of the order can be filled To complete a preauthorization partially it is sufficient to send the wanted completion amount in the request Partial completion request has to be sent within 28 days from the original preauthorization and once reversed preauthorization it cannot be partially completed This transaction can be processed through MyCheckOut administration interface Pairing up transaction reversal void with an original preauthorization Reversal void request has to contain the same order number as an original preauthorization request It is mandatory for a WEB shop to send merchant ID approval code and original amount in the reversal message It is not necessary to send card PAN and expiry date in the completion request so it is not necessary and is strongly recommended to avoid keeping this information on a WEB shop Reversal has to be sent within 28 days from the original preauthorization and once completed preauthorization
28. put name response_result value 000 type hidden gt lt input name response_random_number value 12345 type hidden gt lt input name response_appcode value 123456 type hidden lt input name response_message value Approved type hidden gt lt input name order_number value OR_20081110_1 type hidden gt lt input name response_hash value 9b553e3a63852 1 68c64fa26c4 1ce9393d5f72ad0 typez hidden lt form gt Completion COMPL Completion request lt form method post action http hostname My CheckOut confirmpurchase jsp name MyCheckOut gt lt input name submit_type value auto type hidden S input name trantype value completion typez hidden lt input name purchase_amount value 123 12 type hidden gt lt input name purchase_currency value 191 type hidden gt input name order_number value OR_20081110_3 type hidden gt input name merchant_id value 7O0000001 type hidden gt input name response_appcode value 123456 type hidden gt lt input name request_hash value f8e37b4a35b1f3695b38bc60daf2f7d666cb60b4 type hidden gt lt form gt 20 User manual MyCheckOut redirect Version 1 6 INTESA SNNPAOLO Author Kristijan Plese Completion request response lt form method post action chart result php name MyCheckOut resp input name trantype completionresp type hidden input response result val
29. rmation 191 HRK Croatian kuna purchase installments Number of installments 2 numeric This field represents the number of installments purchase differperiod Payment delay period 3 numeric Differ period period when the real payment will be made purchase description Bought products description 200 alphanumeric It is a description of the bought products order number Order number 50 alphanumeric Unique WEB shop generated string merchant id Merchant ID 50 alphanumeric Merchant ID is a unique merchant identifier which is issued by the bank request hash Request hash 40 alphanumeric Request hash 5 1 hash is created from merchant id purchase amount order number merchant sec key e g merchant id 100000001 purchase amount 123 12 order number 12345678 merchant sec key secret request hash SHA1 100000001123 12O0R 12345678secret request hash f3e37b4a35b1f3695b38bc60daf2f7d666cb60b4 customer lang Preferred language 2 alphanumeric Two letter ISO 639 code which represents a code for preferred language for MyCheckOut forms If the requested language is not supported or didn t defined in request MyCheckOut system will set English instead hr Croatian en English customer name Cardholder name 50 alphanumeric Cardholder name is used for address control only English alphabet letters are used diacritic signs are not allowed customer surname Cardholder surname
30. rs web browser is redirected to authentication URL redirecting is shown with a dashed line in the figure Issuer Tunneled connection ACS Internet Connection with Authorization and connection DA Settlement iPayGate L J connections i 4 VISA T gt Authorization and Settlement connections Acquirer systems Issuer ACS Figure 4 nan INTESA SNNDAOLO User manual MyCheckOut redirect Version 1 6 CARD Author Kristijan Ple e 1 4 1 3 D SECURE WINDOW 3 D Secure window must be large enough to show the whole 500 pixels high and 400 pixels wide authentication page without scrolling down in standard web browser resolution range At the opening of 3 D Secure window should be opened in the same browser window rather than in a new pop up window In My CheckOut that is done by default An example and a proscribed layout of the issuer s authentication page Added Protection Please submit your Verified by Visa password am not enrolled in Verified by Visa Blacknight 1 654 45 24 04 07 5495 Forgot your password _Submit Ed Heb Figure 5 User manual MyCheckOut redirect Version 1 6 pm CARD Author Kristijan Ple e 1 5 PROCESSING OF AUTHORIZATION REQUEST WI TH 3 D SECURE AUTENTICATI ON ISSUER SI DE When processing a 3 D Secure request on the issuer side it implies internet purchases
31. se currency Transaction currency AN 3 purchase description Order description AN 200 order number Order number AN 50 merehant Merchant identification AN 16 number request hash Request hash AN 40 customer lang Preferred language AN 2 customer name Cardholders name AN 50 customer surname Cardholder surname AN 50 customer address Cardholders address AN 200 customer country Cardholders country AN 30 customer city Cardholders city AN 50 customer zip Cardholders zip code AN 8 customer phone Cardholders phone number AN 20 customer email Cardholders email AN 50 response result Response result N 3 masked pan Masked card number N 19 response random number 4 Iur N 10 response appcode Approved authorization AN 6 number response message Response message AN 200 response hash Response hash AN 40 Table 1 List of parameters 13 INTESA SNNPAOLO CARD Author Kristijan Plese User manual MyCheckOut redirect Version 1 6 2 3 2 MYCHECKOUT REDIRECT CUSTOMER SUBMIT MODE Table 2 contains definitions and parameters present in redirect customer submit mode Presence is defined as M mandatory message must contain a field O optional message contains a field if information is available C conditional message contains a field in specific cases MyCheckOut redirect customer submit mode Parameter name Auth Req Auth Resp Preauth Req Preauth Res Completion Req Comp
32. t service returns a https response to the WEB shop system Step 10 WEB shop will notify the buyer about the authorization result purchase status WEB front end Checkout service 3D Secure Client e commerce q iPayGate ssuer ACS lt lt Internet Authorization and connection Settlement connections visa H eg Authorization and Settlement connections Acquirer systems Figure 3 nan INTESA SNNPAOLO User manual MyCheckOut redirect Version 1 6 CARD Author Kristijan Ple e 1 4 PROCESSI OF AUTHORIZATION REQUEST WITH 3 D SECURE AUTENTICATI ON ACQUI RER SI DE When a merchant participates in 3 D Secure program MasterCard SecureCode Verified by Visa a typical purchase process is expanded with a buyer authentication which is processed on the issuers ACS Figure 4 MyCheckOut service checks the merchant s participation in 3 D Secure program when the request is received and if necessary sends a query to the DS Directory Server of the appropriate card network o 3 Secure client executes a query to the DS Directory Server o DS Directory Server checks issuer s participation in 3 D Secure program and if necessary executes a query towards issuers ACS Access Control Server o Issuer ACS checks card participation 3 D Secure program and returns participation data and an URL on which the buyer will make an authentication When a card participates 3 D Secure program the buye
33. tesa Sanpaolo Card nor any of its directors officers employees or agents shall be liable in any manner whatsoever to any entity and or person for any loss damage injury liability cost or expense of any nature including without limitation incidental special direct or consequential damages arising out of or in connection with the use of the Manual If you find any problems in this Manual please report them to Intesa Sanpaolo Card in writing Intesa Sanpaolo Card reserves all its copyrights trademarks and other intellectual property rights arising out of and or connected to this Manual exclusive of other products and company names contained herein which are trademarks and other intellectual property of their respective owners OM CARD INTESA SNNPAOLO User manual MyCheckOut redirect Version 1 6 Author Kristijan Ple e TABLE OF CONTENT 1 SOLLUTION DESCRIPTION tea a iaai RIS ER EM S X REESE KE 4 LED INTERNET PAYMENT S E dE 4 1 2 AUTHORIZATION REQUEST PROCESSING ich pudet rx eer mex exa Ene 5 1 3 AUTHORIZATION RESPONSE PROCESSING 2 2 EE m XP M E a ERR 6 1 4 PROCESSING OF AUTHORIZATION REQUEST WITH 3 D SECURE AUTENTI CATI ON ACQUIRER 8 1 5 7 1 4 1 3 D SECURE WINDOW iscri iei ER E ERR EEEO RE n E Re ERE 8 1 5 PROCESSING OF AUTHORIZATIO
34. uary 2011 Matija Kostelac component integration 26
35. ue 000 typez hidden input response random number valuez 12345 typez hidden input response message value Authorization completed type hidden input order number value OR_20081110_3 type hidden gt input response hash value 9b553e3a63852 168c64fa26c4 1ce9393d5f72ad0 type hidden lt form gt 3 2 AUTHORIZATION WITHOUT COMPLETION Authorization without completion request AUTH Authorization without completion request lt form method post action http hostname My CheckOut confirmpurchase jsp name MyCheckOut gt input name submit_type value cust type hidden gt input trantype valuez auth type hidden input namez purchase amount value 123 12 typez hidden input purchase currency 191 typez hidden input description Shop 1 hidden input order number value OR_20081110_2 type hidden gt input merchant id T00000001 typez hidden input request hash valuez f8e37b4a35b1f3695b38bc60daf2f7d666cb60b4 typez hidden input customer lang valuez en type hidden input customer name John typez hidden input customer surname valuez Smith typez hidden input namez customer address value Topolovecka 13 hidden input
Download Pdf Manuals
Related Search