TxShield
Overview
TxShield is a comprehensive, payment specific fraud and risk engine that allows for the structure and setup of fraud monitoring controls:
- per site;
- per merchant;
- or per payment method.
Further we can assign payment methods, nominate the available regions and add fraud settings. Our monitoring happens in real time and we can respond accordingly to breaches of program rules as they happen.
For any fraud management plan to be effective it is important to ensure that the appropriate reporting is being continually monitored and adjusted to stay ahead of potential threats.
Features
- Set transaction limit controls
- Set min and max transaction limits
- Allow/disallow repeat transactions
- Transaction velocity checking
- Geo IP Checking
- White listing, black listing, grey listing
- Reverse lookup testing (address, email and IP)
- Card bin lookup
- Receive card scheme alerts and respond
- Card registration for 3D Secure V1 and V2.0/2.1
- Chargeback listing by type
- Historical transaction checks - declines per account, card number etc
- Address verification
- Phone and SMS verification
- Dispute management and follow up
- Merchant ticket support management
Benefits
- Configurable to suit regional fraud requirements allowing greater flexibility for global merchants
- Added peace of mind for merchants and consumers
Transaction Types
TxShield can process different types of transactions.
- Payment transactions are instant and require a Visa and/or Mastercard to make the payment.
- Preauth transactions are used to authorise a transaction without settling it. These transactions can be settled either manually or using a postback from the gateway side.
- Credit transactions are transactions in which funds are credited to a recipients credit card. They are not instant transactions.
- Void transactions.
- Refund transactions.
- Rebilling transactions.
The card_type/payby parameter and the corresponding payment fields sent, will change depending on the type of transaction. In some cases, depending on the gateway integration methods, the payment transactions that use Visa and Mastercard are treated as preauth
transactions in TxShield.
Below listed are the integration methods available for payment. Contact support for integration details for other transactions.
Integration Methods
SOAP
SOAP is a server-to-server API used for payment methods that can be used without user interaction. It is not useful for any payment method that requires user interaction. This method is for specific use cases, it is recommended that developers make use of the TxHandler or hosted payment page.
For more information click the following link: Make Payment using SOAP
Single Transaction API (TxHandler)
The TxHandler is used to send single transactions through form post
.
After the transaction, the user can be redirected to a user defined location and also the result of the transaction can be received as postback
to a user defined script/page.
For more information click the following link: Make Payment using TxHandler.
Parameter Definitions
Name | Required | Description |
---|---|---|
sid |
Y | Site id (unique identifier for the web site) |
tid |
N | Merchant Reference |
postback_url |
Y | The URL of the page used to receive the TxHandler postback. The response can be read from $_POST array. |
redirect_url |
N | The URL of the page TxHandler will redirect to after processing. The response can be read as GET parameters. If there is no redirect_url, the result will be a json string |
hash |
Y | md5 hash of sid+timestamp+amounttotal+currency+rcode ie: md5('22'.'1234568995265421'.'17.00'.'USD'.'222b6c') |
timestamp |
Y | Timestamp value used in the hash ie: 1234568995265421 |
card_type |
Y | Please ask your support contact for your complete list. Each pay method will require different fields and currencies to be entered. |
card_name |
Y | Card holder name |
card_no |
Y | No spaces or dashes allowed |
card_ccv |
Y | Card CCV |
card_exp_month |
Y | 2 digits |
card_exp_year |
Y | 4 digits |
institution_number |
N | The institution number, used for bank transfers |
routing_no |
N | The routing or transit number, used for bank transfers |
account_no |
N | The account number, used for bank transfers |
firstname |
N | First name of the customer |
lastname |
N | Last name of the customer |
phone |
N | Customer phone number |
email |
Y | Customer email |
mobile |
N | Customer mobile number |
address |
N | Customer address |
suburb_city |
N | Customer suburb or city |
state |
N | Customer state, 2 digit code for US/Canada |
postcode |
N | Customer postcode/zipcode |
country |
Y | Customer country, ISO 3166 2 digit code |
shipping_firstname |
N | First name of the customer |
shipping_lastname |
N | Last name of the customer |
shipping_address |
N | Customer address |
shipping_suburb_city |
N | Customer suburb or city |
shipping_state |
N | Customer state, 2 digit code for US/Canada |
shipping_postcode |
N | Customer postcode/zipcode |
shipping_country |
N | Customer country, ISO 3166 2 digit code |
currency |
Y | Transaction currency [currency in which the gateway is setup], ISO 3 letter code |
amount_shipping |
Y | Transaction shipping amount |
amount_coupon |
Y | Coupon amount |
amount_tax |
Y | Transaction tax amount |
item_quantity[] |
Y | An array with the quantity of each cart item |
item_name[] |
Y | An array of article names for each cart item |
item_no[] |
Y | An array of article numbers for each cart item |
item_desc[] |
Y | An array with descriptions for each cart item |
item_amount_unit[] |
Y | An array that defines the price per unit for each cart item |
threeDSecure |
N | json string of the 3d2.0 params eg, {"eci":"05", "cavv":"MPUAANABhSD54fFQJTIm+Vq+zPY=", "xid":"1b5705e7-70da-4a63-9693-bba49da82066", "status":"Y", "protocolVersion":"2.1.0", "authenticationValue":"MPUAANABhSD54fFQJTIm+Vq+zPY=", "dsTransactionId":"1b5705e7-70da-4a63-9693-bba49da82066"} |
campaignid[] |
N | This is a campaign code as provided by the associated affiliate system. please only use if information is provided. |
affiliateid |
N | The affiliate id provided by the affiliate system |
ref1 |
N | Merchant reference field |
ref2 |
N | Merchant reference field |
ref3 |
N | Merchant reference field |
ref4 |
N | Merchant reference field |
tx_action |
N | FRAUDCHECK |
Responses
To Redirect Page and to Postback Url
The response from the server is an array. If the status has the value "OK
" the transaction has been successfully processed.
The response array has the following structure:
Name | Data Type | Description |
---|---|---|
sid |
String | Has the sid where transaction was processed |
status |
String | Has the value "OK " for a successful transaction, or "EXC " for a failed fraudcheck |
parent_txid |
String | Parent transaction id |
txid |
String | The transaction ID |
tx_action |
String | FRAUDCHECK |
amount |
String | The amount processed. The gateway currency amount |
currency |
String | The currency in which the transaction was processed |
tid |
String | From the original transaction |
ref1 |
String | From the original transaction |
ref2 |
String | From the original transaction |
ref3 |
String | From the original transaction |
ref4 |
String | From the original transaction |
vrfy |
String | This is a sha 256 hash so the data can be verified. To generate hash with sha256 the string of sid;rcode;txid;status;amount;currency;txaction |
error |
If an error has occurred, then the status value will equal "EXC" and these parameters will be sent as well | |
error_type |
String | The error type |
error_sys |
String | The system that caused the error (client or server) |
error_msg |
String | The error message |
error_info |
String | Error information that contains the bank message and bank code |
No Redirect URL
In case of no redirect url, the response will be a json string of the above mentioned array. This will be useful if you are using CURL
post instead of FORM
post.
The status field will have one of the following values:
OK
The transaction was successful.
PEND
The transaction is pending and there will be a follow-up message.
EXC
The transaction is declined. The response should include information about the reason or exception encountered.
PAYG_ERROR
This is a rare response, indicating a problem with communicating with the processor.
Sample Code
Sample form post (HTML)
Please note that the sid and hash value used in this sample will not work for actual testing. You will need to replace those values when testing.
<form action="http://{shield_url}/secure/txHandler.php" method="post">
sid: <input type="text" name="sid" value="19"><br>
tid: <input type="text" name="tid" value="5678">br>
postback_url: <input type="text" name="postback_url" value="http://mysite.com/postback.php"><br>
redirect_url: <input type="text" name="redirect_url" value="http://mysite.com/redirect.php"><br>
timestamp: <input type="text" name="timestamp" value="1234568995265421"><br>
hash: <input type="text" name="hash" value="08ff1b1b14a09acfd67560baae229c4e"><br>
firstname: <input type="text" name="firstname" value="Jack"><br>
lastname: <input type="text" name="lastname" value="Tester"><br>
phone: <input type="text" name="phone" value="1234567"><br>
email: <input type="text" name="email" value="test@example.com"><br>
address: <input type="text" name="address" value="12 Test Lane"><br>
suburb_city: <input type="text" name="suburb_city" value="TestCity"><br>
state: <input type="text" name="state" value="CA-ON"><br>
postcode: <input type="text" name="postcode" value="41010"><br>
country: <input type="text" name="country" value="CA"><br>
ship_firstname: <input type="text" name="ship_firstname" value="Julie"><br>
ship_lastname: <input type="text" name="ship_lastname" value="Tester"><br>
ship_address: <input type="text" name="ship_address" value="13 Test Lane"><br>
ship_suburb_city: <input type="text" name="ship_suburb_city" value="TestCity"><br>
ship_state: <input type="text" name="ship_state" value="CA-ON"><br>
ship_postcode: <input type="text" name="ship_postcode" value="41010"><br>
ship_country: <input type="text" name="ship_country" value="CA"><br>
currency_code: <input type="text" name="currency" value="USD"><br>
amount_shipping: <input type="text" name="amount_shipping" value="0.30"><br>
amount_tax: <input type="text" name="amount_tax" value="0.00"><br>
amount_coupon: <input type="text" name="amount_coupon" value="0.00"><br>
card_type: <input type="text" name="card_type" value="visa"><br>
card_no: <input type="text" name="card_no" value="41111111111111"><br>
card_name: <input type="text" name="card_name" value="J Citizen"><br>
card_cvv: <input type="text" name="card_cvv" value="123"><br>
card_exp_month: <input type="text" name="card_exp_month" value="2014"><br>
card_exp_year: <input type="text" name="card_exp_year" value="09"><br>
tx_action: <input type="text" name="tx_action" value="FRAUDCHECK"><br>
ref1: <input type="text" name="ref1" value=""><br>
ref2: <input type="text" name="ref2" value=""><br>
ref3: <input type="text" name="ref3" value=""><br>
ref4: <input type="text" name="ref4" value=""><br>
<table>
<tr>
<td>
item_quantity: <input type="text" name="item_quantity[]" value="2">
item_name: <input type="text" name="item_name[]" value="apple">
item_no: <input type="text" name="item_no[]" value="a234">
item_desc: <input type="text" name="item_desc[]" value="juicy green apple">
item_amount_unit: <input type="text" name="item_amount_unit[]" value="0.59">
</td>
</tr>
<tr>
<td>
item_quantity: <input type="text" name="item_quantity[]" value="1">
item_name: <input type="text" name="item_name[]" value="pear">
item_no: <input type="text" name="item_no[]" value="p567">
item_desc: <input type="text" name="item_desc[]" value="fresh green pear">
item_amount_unit: <input type="text" name="item_amount_unit[]" value="0.68">
</td>
</tr>
</table>
<input type="submit" value="Submit">
</form>
Secure Hosted Payment Page
Secure hosted payment page allows the merchant to use our facilities for their payment interface. Users are redirected to the secure hosted payment page from the merchant site, from there the user can choose their country, payment options and payment information.
Make Payment using Secure Hosted Payment Page
Rest API
Rest implementation of TxHandler allows you to send single transaction in xml
, json
or form url
encoded format. It is not useful for any payment method that requires user interaction. Click REST API to see the rest api endpoints that are available.
Parameter Definitions
Name | Type | Required | Description |
---|---|---|---|
sid |
number | Y | Site id (unique identifier for the web site) |
tid |
String | N | Merchant Reference |
rcode |
alphanumeric | Y | rcode of the sid |
timestamp |
numeric | Y | timestamp value used in the hash ie: 1234568995265421 |
firstname |
String | Y | First name of the customer |
lastname |
String | Y | Last name of the customer |
email |
String | Y | Customer email address |
phone |
String | Y | Customer phone number |
mobile |
String | N | Customer mobile number |
address |
String | Y | Customer address |
suburb_city |
String | Y | Customer suburb or city |
state |
String | Y | Customer state, 2 digit code for US/Canada |
postcode |
String | Y | Customer postcode/ zipcode |
country |
String | Y | Customer country, ISO 3166 2 digit code |
ship_firstname |
String | N | Shipping first name |
ship_lastname |
String | N | Shipping last name |
ship_address |
String | N | Shipping address |
ship_suburb_city |
String | N | Shipping suburb or city |
ship_state |
String | N | Shipping state, 2 digit code for US/Canada |
ship_postcode |
String | N | Shipping postcode/ zipcode |
ship_country |
String | N | Shipping country, ISO 3166 2 digit code |
ship_address |
String | N | Shipping address |
card_type |
String | Y | Payment Type (eg. Visa, Mastercard, ach, etc...). A list of field types allowed is provided to each merchant. |
card_name |
String | N | Card holder name |
card_no |
String (16) | N | No spaces or dashes allowed |
card_cvv |
String (3) | N | 3 digits |
card_exp_month |
String (2) | N | 2 digits |
card_exp_year |
String (4) | N | 4 digits |
currency |
String | Y | Transaction currency, ISO 3 letter code |
amount_shipping |
float | Y | Transaction shipping amount. 2 decimal places |
amount_tax |
float | Y | Sales Tax amount. 2 decimal places |
amount_coupon |
float | Y | Coupon amount. 2 decimal places |
item_quantity[] |
numeric | Y | An array with the quantity of each cart item |
item_name[] |
String | Y | An array of article names for each cart item |
item_no[] |
String | Y | An array of article numbers for each cart item |
item_desc[] |
String | Y | An array with descriptions for each cart item |
item_amount_unit[] |
float | Y | An array that defines the price per unit for each cart item |
campaignid[] |
String | N | This is a campaign code as provided by the associated affiliate system. please only use if information is provided. |
Gateway Emulators
There are gateway emulators that can be used without much changes to the code you already have.
Fraud Integration/Check
3DS Integration
Integrate with TxShield for 3DS2 Authentication using our 3DS JS SDK. The following section and the 3DS DOM elements describe how to connect to the 3DS JS SDK and the options available.
We also have a demo payment page that shows how simple it is to integrate. Instructions for the demo payment page are in the 3DS Demo Payment Page section.
Implementation Guidelines
Example of the HTML form
<html>
<body>
<div class="your-page-content">
<form id="billing-form" action="" method="post">
</form>
</div> <!-- End of page -->
<script src="{txshield_3ds_url}/js/3d2integrator.v3.dist.js"></script>
<script>
let options = {
showChallenge: true,
showChallengePopup: true
}
let threeD2 = new ThreeDS2( "<insert-form-id-here>", "<txshield_3ds_sid>", "<amounttotal>","<hash>","<txshield_3ds_url>","<merchantreference>","this", "<options>");
document.getElementById('billing-form').addEventListener('submit', function (e) {
threeD2.do3D(fnresponse);
})
</script>
</body>
</html>
Before you begin impementation you will need to have the following settings. They will be issued by txShield when you begin integration:
txshield_3ds_url
txshield_3ds_sid
txshield_3ds_rcode
There are 7 steps to complete the 3DS JS SDK integration. Only the first 5 are mandatory if you are doing your Authorization (payment) processing through a different provider.
Most steps should see you only having to update your current payment page / check out page:
- Add the 3DS JS SDK
- Add data-threeds attributes
- Initialize the 3DS JS SDK
- call do3D()
- handle authorisation result
- Check the added input fields. only if Authorization Processing with TxShield
- Submit the form for payment process. only if Authorization Processing with TxShield
1. Add the TxShield 3DS2 Javascript Library to the payment page.
Include JS SDK into a page <script src="{txshield_3ds_url}/js/3d2integrator.v3.dist.js"></script>
* {txshield_3ds_url}
is the TxShield server url that you are integrating with. This will be given to you at time of onboarding.
2. Add "data-threeds" attributes to form elements.
To the elements in the form that contain information relevant to 3DS Authentication, add the data-threeds attribute. The 3DS SDK will search for all elements marked with a data-threeds attribute. The value for the attribute tells the script what data this field contains. Example is below.
The pan, month and year elements are mandatory.
Add "data-threeds" Attributes to elements
<input name='creditCardNumber' id='creditCardNumber' data-threeds='pan'>
<input name='cardMonth' id='cardMonth' data-threeds='month'>
<input name='cardYear' id='cardYear' data-threeds='year'>
A full list of fields and the data-threeds tags is available in the 3DS Dom elements table below. The more fields, the higher the chance of a successful and accurate 3DS result.
3. Initialize the ThreeDS2 object.
Initialize the ThreeDS2 object.
let my3ds2 = new ThreeDS2('{formId}',
'{txshield_3ds_sid}',
'{amounttotal}',
'{hash}',
'{txshield_3ds_url}',
'{merchantreference}',
'{global window scope}',
'{options}'
)
Intialize / Instantiate the 3DS SDK. This should be done on page load, as there are several network calls that are done. If this is done on page load, these network calls can be done in the background while the user is completing the payment form.
formid
: Is the id attribute of your<form>
tag in your checkout page. This form should be your billing form that contains the data-threeds attributes detailed later. e.g. for<form id='billing-form'>
the formid is 'billing-form' The form must have an id tag.txshield_3ds_sid
: this will be given to you at time of onboarding.amounttotal
: total amount to charge the customer in decimals. e.g. 10.00 12.34hash
: md5 of txshield_3ds_sid, amount, rcode e.g. in phpmd5(txshield_3ds_sid.amount.rcode)
txshield_3ds_url
: is the TxShield server url that you are integrating too. This will be given to you at time of onboarding.merchantreference
: merchants reference for this transaction. The reference here should be the same one for the payment transaction. for 3ds 1 this has a max length 20 characters. If the length is over 20 characters reference will be auotmatically trimmed.global window scope
: this is the scope, for the window in which the billing form is in. For most integrations it will simply bethis
.options
: options should be a java object that contains the different options available to configure the SDK.
3DS JS SDK Options
let options = {
showChallenge: true,
showChallengePopup: true,
rebilling: true,
rebillingData: {
rebillingExpiry: "20231231",
rebillingFrequency : 28
}
}
3DS JS SDK Options
option | description | format | default | Required | version |
---|---|---|---|---|---|
showChallenge | If the 3DS authentication requires a challenge, whether to show the challenge or not. If false, and a chllenge is requested, the authentication will result in a status of N or C. The default value is set at sign up time. This can be sent in to override the default. | boolean | true | v2: Y v3: N | 2, 3 |
showChallengePopup | Whether to display the challenge at the bottom of the form, or in a popup window. | boolean | true | N | 2 |
rebilling | If this is a recurring billing authentication. If set to true the rebillingData object must be set. | boolean | false | N | 2 |
rebillingData | Contains the rebilling options. | object | - | only if rebilling is to true | 2 |
rebillingData.rebillingExpiry | The date that the recurring billing will expire. e.g. for a 12 month magazine subscriotion, it should be set to the last month that a transaction will occur. | string formatted Date. YYYYMMDD | - | Y | 2 |
rebillingData.rebillingFrequency | The least number of days between a rebilling cycle. If the rebilling is monthly this should be 28 (for February). If a weekly rebill, 7 days. | integer | - | Y | 2 |
addrMatch | Set to true, the shipping address matches the billing address, and does not need to be set. | boolean | false | N | 3 |
4. Call the do3D() method.
Call do3D()
my3ds2.do3D(function (data)) {
//my callback
});
When the user has finished entering their card details and all other data-threeds tagged fields with data, you should start the 3DS work flow by calling the do3D() method. This would commonly be done when the user has submitted the payment form.
callback function
: Callback function that gets called when the authentication has been completed.
We would recommend calling the do3D() method after doing your initial data validation (making sure that the fields are filled out, and in the correct format etc.) This should avoid extra 3ds transactions and costs by sending empty fields.
5. Handle 3DS Result
In step 4, a callback function was provided to do3D(). When Authentication is completed, the callback function will be called.
Authentication is considered complete when the user has ended their interaction with the 3DS servers. Refer to the 3DS Response section to learn more details about the returned response and what it means.
Once the callback has been called, you can now submit your payment form for payment processing.
If you are doing your payment processing with us, you do not have to do anything else with this data, other than decide if you want to continue based on the transStatus.
If you are doing your payment processing with another provider, you can use this callback to format the data for your provider.
6. Added Input Fields
If the above steps are done correctly, the DOM will have upto two new input fields created, threeDSecure and addinfo. If payment processing with us, these fields must exist, and must be included in the final form submission. Do not remove them.
Extra fields added to the form
<input class="threeDSecure" type="hidden" name="threeDSecure" value="">
<input class="addinfo" type="hidden" name="addinfo" value="" data-threeds="id">
Make sure that threeDSecure element is not empty before submitting the form for 'tx_action=FRAUDCHECK'
7. Submit the form
Include the threeDSecure parameter in the final form submission. See the example on the right hand section.
3DS Response
The following covers the 3DS response fields and their values / meanings. There is also a translation of the TxShield response to 3DS1 naming conventions, as the TxShield response matches 3DS2 naming conventions.
Response Object
Json Response
{
"threeDSIntegratorOid": "12345",
"threeDSRequestorOrderID": "9566261c-a4b3-4e40-ac7b-6145e8096e71",
"threeDSRequestorData": "eyJtZXJjaGFudF9yZWYiOiJNZXJjaFJlZjE2MjI3NjQ1NzI1ODkifQ==",
"threeDSRequestorID": "123MCTMyMidHere1235678",
"threeDSServerTransID": "68d3fda2-e997-4772-b211-fd2073524278",
"acsTransID": "61e1585c-3ab4-4bab-adb9-d72d07a1b1f7",
"dsTransID": "74E3ECFA-86D1-4561-ACC1-32F532144824",
"transStatus": "Y",
"transStatusReason": "",
"authenticationValue": "AAUBASOWNkVIc2RRBJY2AAAAAAA=",
"authenticationAlgorithm": "",
"eci": "05",
"version": "2.1.0",
"errCode": "4001",
"errMsg": ""
}
An example response object is on the right.
field | Description | Format | Mandatory |
---|---|---|---|
threeDSIntegratorOid | The 3DS Integrators Reference | String | Y |
threeDSRequestorOrderID | The TxShield 3DS Reference | UUID | Y |
threeDSRequestorData | Base 64 Encoded Transacion Data | String (2048) | N |
threeDSRequestorID | 3DS Requestor ID | String (35) | N |
threeDSServerTransID | 3DSServer Trans Id | String (36) | N |
acsTransID | ACS Transaction ID | String (36) | N |
dsTransID | DS Transaction ID | String (36) | N |
transStatus | 3DS Transaction Status. See below transStatus section for explanation. | String (1) | Y |
transStatusReason | 3DS Transaction Status Reason (if supplied). See below transStatusReason section for explanation. | String | N |
authenticationValue | Authentication Value | String (28) | N |
authenticationAlgorithm | Authentication Alogrithm, Required for 3DS 1 | String (1) | N |
eci | Electronic Commerce Indicator. Combined with transStatus to determine liability shift. | String (2) | N |
version | 3DS Version used. Should be 2.x.x or 1.x.x | String (8) | N |
errCode | Error Code if supplied | String (4) | N |
errMsg | Detailed Error Message if supplied | String (2048) | N |
TransStatus
The values in the transStatus field along with the eci field indicated whether a liability shift has occured. If the value is Y, U, A
you can attempt the authorization (payment) transaction. If the value is N, C, R
we recommend not attempting the authorization transaction, however it is at the merchants Discretion if they wish to proceed.
Only a status of Y
guarantees a full liability shift.
A transStatus of C
should only be returned by the 3DS SDk if challenges are turned off. This turns the 3DS SDK into a frictionless workflow. If you receieve a transStatus of C
the frictionless transaction has not authenticated. The ACS server (the card issuer) requested the Challenge work flow, and in a forced frictionless scenario this means the Authentication has failed. You should not proceed to payment. The 3DS SDK returns the transStatus of C
so that the merchant can keep statistics and track how many potential authentications failed because the ACS requested a challenge, and you may want to use that to inform your decision to turn challenges on later, or keep them turned off.
transStatus value | Description | Continue to Payment |
---|---|---|
Y | Authentication Successful | Y |
N | Not Authenticated, Transaction denied | N |
U | Authentication/ Account Verification Could Not Be Performed | Y |
A | Not Authenticated, but a proof of attempted authentication is provided | Y |
C | Challenge Required; Additional authentication is required. Only returned if challenge disabled (frictionless) | N |
R | Authentication Rejected; Issuer is rejecting authenticatio and request that authorisation not be attempted. | N |
TransStatusReason
The values in the transStatusReason field can be mapped to these reasons. The full text should already be in the msg field, in the response data so you don't need to map this yourself.
transStatusReason value | Meaning |
---|---|
01 | Card authentication failed |
02 | Unknown Device |
03 | Unsupported Device |
04 | Exceeds authentication frequency limit |
05 | Expired card |
06 | Invalid card number |
07 | Invalid transaction |
08 | No Card record |
09 | Security failure |
10 | Stolen card |
11 | Suspected fraud |
12 | Transaction not permitted to cardholder |
13 | Cardholder not enrolled in service |
14 | Transaction timed out at the ACS |
15 | Low confidence |
16 | Medium confidence |
17 | High confidence |
18 | Very High confidence |
19 | Exceeds ACS maximum challenges |
20 | Non-Payment transaction not supported |
21 | 3RI transaction not supported |
TxShield (3DS2) fields to 3DS1 translation
TxShield Field (3DS2) | 3DS1 Name | Description |
---|---|---|
acsTransId | - | ACS servers reference |
authenticationValue | cavv | |
dsTransId | xid | Director servers reference |
eci | eci | Ecommer Indiciator |
protocolVersion | - | |
transStatus | transStatus / status | Depends on the processor as to which they use. |
authenticationAlgorithm | authenticationAlgorithm | Alorithm Identifier. 3DS1 Only |
3DS DOM elements
Below is a list of all DOM elements you can tag with data-threeds
attributes so the SDK can pick it up:
3DS DOM Elements | Description | Format | Required | Version |
---|---|---|---|---|
pan |
Credit Card | String | Y | 2, 3 |
month |
Expiration Month | String - Two digits only | Y | 2, 3 |
year |
Expiration Year | String - Two digits only | Y | 2, 3 |
shippingLine1 |
First line of cardholder street address | String | Amex only (recommended if applicable) | 2, 3 |
shippingLine2 |
Second line of cardholder street address | String | Amex only (recommended if applicable) | 2, 3 |
shippingLine3 |
Third line of cardholder street address | String | Amex only (recommended if applicable) | 2, 3 |
shippingPostCode |
Zip Code / Postal Code | String | Amex only (recommended if applicable) | 2, 3 |
shippingCity |
City of cardholder address | String | Amex only (recommended if applicable) | 2, 3 |
shippingState |
State of cardholder address | String | Amex only (recommended if applicable) | 2, 3 |
shippingCountry |
Country of cardholder address | String | Amex only (recommended if applicable) | 2, 3 |
billingLine1 |
First line of cardholder street address | String | No (strongly recommended) | 2, 3 |
billingLine2 |
Second line of cardholder street address | String | No (strongly recommended) | 2, 3 |
billingLine3 |
Third line of cardholder street address | String | No (strongly recommended) | 2, 3 |
billingPostCode |
Zip Code / Postal Code | String | No (strongly recommended) | 2, 3 |
billingCity |
City of cardholder address | String | No (strongly recommended) | 2, 3 |
billingState |
State of cardholder address | String | No (strongly recommended) | 2, 3 |
billingCountry |
Country of cardholder address | String | No (strongly recommended) | 2, 3 |
email |
String | No | 2, 3 | |
cardHolderName |
First name + Last Name | String | Discover only (strongly recommended) | 2, 3 |
currency |
ISO 4217 three-digit currency code. Only set to override API Key default in Dashboard. |
String | No | 2 |
transType |
Type of product being transacted: * 01 = Goods / Service Purchase (default) * 03 = Check Acceptance * 10 = Account Funding * 11 = Quasi-Cash Transaction * 28 = Prepaid Activation and Load |
String | No | 2 |
shipIndicator |
Shipping method used to deliver goods: * 01 = Ship to cardholder’s billing address * 02 = Ship to another verified address on file with merchant * 03 = Ship to address that is different than the cardholder’s billing address * 04 = “Ship to Store” / Pick-up at local store (Store address shall be populated in shipping address fields) * 05 = Digital goods (includes online services, electronic gift cards and redemption codes) * 06 = Travel and Event tickets, not shipped * 07 = Other (for example, Gaming, digital services not shipped, e-media subscriptions, etc.) |
String | Amex only | 2 |
deliveryTimeFrame |
When would the goods be delivered: * 01 = Electronic Delivery * 02 = Same day shipping * 03 = Overnight shipping * 04 = Two-day or more shipping |
String | Amex only | 2 |
reorderItemsInd |
Is the order new for the customer or it has been ordered before: * 01 = First time ordered * 02 = Reordered |
String | Amex only | 2 |
3DS Demo Payment Page
The demo payment page files can be downloaded here.
Files
There are 2 files included:
- 3ds2DemoPaymentPage.html: Is an example payment / check out page, giving an example of how to integrate with the TxShield 3DS JS SDK. It is not intended to be a live payment page as it has no validation on the users input, and exposes your rcode to anyone who uses the page, which you should not do.
- md5.js: is a third party javascript file used to create the hash, which is used in the validation and authorization of your calls to the 3DS JS SDK.
Installation
These files are intended for you to copy into the same directory on your webserver and be able to run directly from there.
Configuration
Once on the webserver all you have to do is update the 3ds2DemoPaymentPage.html
file with the configuration values that we will supply to you. The variables in the demo pament page are surrounded with {{ variable }} and both the name and {{}} should be replaced, as per below.
{{txshield_3ds_url}}
: this is the url of the server you will connnect to, to do your 3ds2 authorization. It needs to be updated in 2 places. If the url we provide is "https://myauthserver.com";<script src="{{txshield_3ds_url}}/js/3d2integrator.v3.dist.js"></script>
should be updated to:<script src="https://myauthserver.com/js/3d2integrator.v3.dist.js"></script>
let shieldUrl = '{{txshield_3ds_url}}';
should be updated to:let shieldUrl = 'https://myauthserver.com';
{{txshield_3ds_sid}}
: this is the sid we provide to you. This is the equivalent of a username. If we provide you a sid of 808let shield3dsSid = '{{txshield_3ds_sid}}'
should be updated to:let shield3dsSid = '808'
{{txshield_3ds_rcode}}
: this is the rcode we provide to you. This is the equivalent of your password. In a production environment this should never be exposed to the public. If we provide you a rcode of '598950057acc2dd9df729a5ed4b9750a7c03bbec'let shield3dsRcode = '{{txshield_3ds_rcode}}';
should be updated to:let shield3dsRcode = '598950057acc2dd9df729a5ed4b9750a7c03bbec';
You should now be able to run the demo payment page file. For details of test cards please contact support and we will provide you with the details of test cards that can be used for your solution.
Fraud check API Integration
For fraud integrations only, where payment processing is not required. Transaction can be sent to {URL}/api/v1/index.php/{SID}/fraudcheck
.
The URL, SID and RCODE will be provided during onboarding process. The RCODE will be used in the FraudCheck API to create the hash string.
Fraudcheck Submission
var json3D2data = $('form#billing-form .threeDSecure').val();
var settings = {
"url": "{url}/api/v1/index.php/{sid}/fraudcheck",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/x-www-form-urlencoded",
"data": {
"timestamp": "",
"tid": "",
"card_type": "",
"card_no": "",
"card_exp_month": "",
"card_exp_year": "",
"card_name": "",
"firstname": "",
"lastname": "",
"email": "”,
"phone": "",
"address": "",
"suburb_city": "",
"state": "",
"country": "",
"postcode": "",
"shipping_address": "",
"shipping_suburb_city": "",
"shipping_state": "",
"shipping_country": "",
"shipping_postcode": "",
"amount": "",
"currency": "",
"threeDSecure": json3D2data,
"hash": "42aceec719591670d4491780d2187527"
},
“success”:function (response) {
console.log(response);
}
};
$.ajax(settings);
Parameters
Name | Type | Required | Description |
---|---|---|---|
sid |
integer | Y | ID of site |
hash |
string | Y | md5 hash of sid+timestamp+amounttotal+currency+rcode e.g. md5('22'.'1234568995265421'.'17.00'.'USD'.'222b6c') |
timestamp |
string | Y | Timestamp value used in the hash e.g. 1234568995265421 |
tid |
string | N | Merchant reference |
card_type |
string | Y | Type of card(visa/mastercard) |
card_no |
integer | Y | The card number |
card_cvv |
integer | Y | The card 3/4 digit verification code |
card_exp_month |
string | Y | 2 digit for the month. Please have leading zeroes e.g. 05 |
card_exp_year |
string | Y | 4 digit year i.e. 2016 |
card_name |
string | Y | The name printed on the card |
threeDSecure |
string | N | json string containing 3ds2 check values |
firstname |
string | Y | First name of the customer |
lastname |
string | Y | Last name of the customer |
email |
string | Y | Email of the customer |
phone |
string | N | Phone of the customer |
address |
string | N | Billing street address |
suburb_city |
string | N | Billing suburb or city |
state |
string | N | Billing state, 2 letter code for US/Canada. Australia should use 2/3 letter codes. |
country |
string | N | Billing country, ISO 3166 2 digit code. |
postcode |
string | N | Billing postcode/zipcode. |
shipping_address |
string | N | Shipping street address |
shipping_suburb_city |
string | N | Shipping suburb or city |
shipping_state |
string | N | Shipping state, 2 letter code for US/Canada. Australia should use 2/3 letter codes |
shipping_country |
string | N | Shipping country, ISO 3166 2 digit code |
shipping_postcode |
string | N | Shipping postcode/zipcode |
amount |
number | Y | Amount, needs to be in 2 decimals |
currency |
string | Y | Transaction currency, ISO 3 letter code |
Responses
200 Response
{
"sid": 0,
"status": "string"
"parent_txid": 0,
"txid": 0,
"tx_action": "string",
"amount": 0,
"currency": "string",
"tid": "string",
"comment": "string",
"error_info": "string",
"vrfy": "string"
}
Parameters | Description |
---|---|
sid |
sid where the fraudcheck is done |
status |
Status of fraudcheck (EXC or OK ) |
parent_txid |
Parent_txid which is used for reference |
txid |
ID of the fraudcheck |
tx_action |
FRAUDCHECK |
amount |
Amount |
currency |
Currency |
tid |
Merchant reference |
comment |
Any additional info |
error_info |
Info about fraudcheck error |
vrfy |
This is a sha256 hash so the data can be verified. Generate sha256 hash of the string of sid;rcode;txid;amount;currency;txaction |
Responses
To Redirect Page and to Postback URL
The response from the server is an array. If the status has the value "OK
" the transaction step has been successfully processed. The response array has the following structure:
Name | Data Type | Description |
---|---|---|
sid |
String | Has the sid where transaction was processed |
status |
String | Has the value OK for a successful transaction step, or EXC for a failed transaction step |
parent\_txid |
String | Parent transaction id |
txid |
String | The transaction ID |
tx\_action |
String | The state change txaction, e.g. PAYMENT , SETTLEMENT', 'PREAUTH' and 'FRAUDCHECK |
amount |
String | The amount processed. The gateway currency amount |
currency |
String | The currency in which the transaction was processed |
comment |
String | Response from the gateway |
rebillkey |
String | Rebillkey for the transaction. if rebill is enabled |
tid |
String | From the original transaction |
ref1 |
String | From the original transaction |
ref2 |
String | From the original transaction |
ref3 |
String | From the original transaction |
ref4 |
String | From the original transaction |
descriptor |
String | Gateway descriptor name |
vrfy |
String | This is a sha 256 hash so the data can be verified. To generate hash with sha256 the string of sid;rcode;txid;status;amount;currency;txaction |
*postcurrencyreceive |
String | Transaction amount in the currency posted |
*postcurrency |
String | Original cart currency posted |
+settlementcurrency |
String | Currency in which the merchant will be settled |
+settlementamount |
String | Amount settled to the merchant |
#paymentinfo |
json encoded string | Contains billercode, reference and instruction |
error |
String | If an error has occurred, then the status value will equal EXC and these parameters will be sent as well |
error_type |
String | The error type |
error_sys |
String | The system that caused the error (client or server) |
error_msg |
String | The error message |
error_info |
String | Error information that contains the bank message and bank code |
error_code |
String | TxProcess UAT error code |
No Redirect URL
In case of no redirect URL, the response will be a JSON string of the above mentioned array. This will be useful if you are using CURL post instead of FORM post.
The tx_action
field will have one of the following values:
- PAYMENT
A PAYMENT is a transaction that is processed synchronously and the transaction's final funding status is known. The status will indicate if the transaction is successful or unsuccessful.
- PREAUTH
A PREAUTH is an asynchronous transactions where the final funding state of the transaction hasn't yet been determined. Once the transaction has been completed this will be followed with a second post-back with a SETTLEMENT message. Some payment methods will reserve the funds at this point in the transaction process.
- AUTH
The AUTH transaction is a variant of the PREAUTH action; In this state, the amount is not deducted from the card.
- CAPTURE
The CAPTURE transaction is a variant of the SETTLEMENT action; In this state, the amount is deducted from the card used in the AUTH transaction.
- SETTLEMENT
A SETTLEMENT is the second part of a PREAUTH transaction, indicating that we now know the final funding state of the transaction. The status will indicate if the transaction is successful or unsuccessful.
- REFUND
A REFUND transaction happens when a merchant returns the funds to the customer. The status will indicate if the transaction is successful or unsuccessful.
- CHARGEBACK
A CHARGEBACK transaction happens when a customer disputes the transaction and has initiated the dispute process for that payment option. The status will indicate if the transaction is successful or unsuccessful.
The status field will have one of the following values:
- OK
The transaction was successful.
- PEND
The transaction is pending and there will be a follow-up message.
- EXC
The transaction is declined. The response should include information about the reason or exception encountered.
- PAYG_ERROR
This is a rare response, indicating a problem with communicating with the processor.
Getting Payment Method Options
FeeAPI and RawFeeAPI
FeeAPI and RawFeeAPI provides a way to get a list of payment methods and information for a given sid. These request should only be used server-to-server as they use the rcode.
General Information
Interface Location
The Fee API located at: https://txprocess.uat.ipayoptions.com/soap/feeapi.php
The RawFeeAPI located at: https://txprocess.uat.ipayoptions.com/soap/rawfeeapi.php
It will only be accessible from your domain when data has been sent via HTTP POST towards it.
FeeAPI will give you the cart converted to the currency of the payment method.
FeeAPI and RawFeeAPI will both give you the list of payment methods and the fields. Fields section in the response will have the input requirement for sending the transaction to the gateway.
FeeAPI Parameter Definitions
Name | Type | Required | Description |
---|---|---|---|
sid |
String | Y | Site id (unique identifier for the web site) |
rcode |
String | Y | Site RCODE |
country |
String | Y | Country of the user - will provide the list of payments available for that country |
addfee |
Boolean | N | This will add the processing fees on top of the amount. |
cart |
Array | Y | Information about the purchase items. This is only compulsory for feeapi, do not sent the cart to rawfeeapi. |
summary |
Array | Y | Contains a summary of cart contents |
amount_purchase |
String | Y | Total amount of purchase |
amount_shipping |
String | Y | Shipping amount |
amount_tax |
String | Y | tax amount |
amount_coupon |
String | Y | Coupon amount |
fxrate_posted |
String | Y | Rate used for conversion of cart currency to gw currency. Enter Buy cart currency Sell Gw currency |
currency_code |
String | Y | 3 digit currency code of the cart currency |
items |
Array | Y | Contains the cart items |
(numerical index) |
Array | Y | Contains information about one item in the cart (Repeat until all cart items are listed) |
name |
String | Y | Category, can be used freely |
quantity |
Integer | Y | Quantity of the item |
amount_unit |
String | Y | Unit price amount (without commas and only 2 decimals places) |
item_no |
String | Y | Article number |
item_desc |
String | Y | Item description |
RawFeeAPI Parameter Definitions
Name | Type | Required | Description |
---|---|---|---|
sid |
String | Y | Site id (unique identifier for the web site) |
rcode |
String | Y | Site RCODE |
country |
String | Y | Country of the user - will provide the list of payments available for that country |
currency |
String | Y | 3 digit currency code. cart currency |
Response - FeeAPI
The FeeAPI will return a JSON response. If addfee option is 0, your Processing Fees will not be there.
[{
"mxsid":"188",
"payby":"visa",
"title":"Visa",
"display_title":"Test",
"description":"\u00a0",
"transfertime":null,
"transferlimit":null,
"currency_code":"USD",
"currency_symbol":"$",
"image":"https://txprocess.uat.ipayoptions.com/secure/dbfile.php?type=pmimg&id=1&nocache=575a36bb51db4",
"fee":12.63,
"cart": {
"summary": {
"quantity":"1",
"amount_purchase":16.36,
"amount_shipping":0,
"amount_tax":0,
"currency_code":"USD",
"amount_shipping_posted":null,
"amount_tax_posted":null,
"amount_coupon_posted":null,
"amount_coupon":0,
"currency_symbol":"$",
"fxrate":0.85846649
},
"items": [{
"quantity":"1",
"name":"Economy single",
"item_no":"e1234",
"item_desc":"Single Economy ticket LHR - ZAR",
"amount_unit":3.73,
"amount_unit_posted":"3.20"
},
{
"name":"Processing Fees",
"quantity":1,
"amount_unit_posted":10.84,
"amount_unit":12.63,
"item_no":"",
"item_desc":"Processing Fees"
}]
},
"fields":
{
"card_name":
{
"description":"",
"type":"text",
"title":"Card Holder Name",
"required":1
},
"card_no":
{
"description":"No spaces or dashes allowed",
"type":"text",
"title":"Card Number",
"required":1,
"pattern":"[0-9] { 13,19 }"
},
"card_cvv":
{
"description":"CVV",
"type":"text",
"title":"CVV",
"required":1,
"pattern":"[0-9]{3,4}"
},
"card_exp_month":
{
"description":"",
"type":"select",
"options":["01","02","03","04","05","06","07","08","09","10","11","12"],
"title":"Card Expiry Month"
},
"card_exp_year":
{
"description":"",
"type":"select",
"options":[2016,2017,2018,2019,2020,2021,2022,2023,2024,2025,2026,2027],
"title":"Card Expiry Year"
}
}
}]
Response - RawFeeAPI
The RawFeeAPI will return a JSON response.
[{
"mxsid":"188",
"payby":"visa",
"title":"Visa",
"display_title":"Test",
"description":"\u00a0",
"transfertime":null,
"transferlimit":null,
"currency_code":"USD",
"currency_symbol":"$",
"image":"https://txprocess.uat.ipayoptions.com/secure/dbfile.php?type=pmimg&id=1&nocache=575a4029d6950",
"fee":{
"exchange_src":"same",
"rate":1,
"commission_src":"same",
"margin":0,
"flatfee":10,
"mdr":3
},
"fields":
{
"card_name":
{
"description":"Card holder name",
"type":"text",
"title":"Card Name",
"required":1
},
"card_no":
{
"description":"No spaces or dashes allowed",
"type":"text",
"title":"Card Number",
"required":1
},
"card_cvv":
{
"description":"Card CVV2",
"type":"text",
"title":"CVV2",
"required":1},
"card_exp_month":
{
"description":"2 digits",
"type":"select",
"options":["01","02","03","04","05","06","07","08","09","10","11","12"],
"title":"Card Expiry Month"
},
"card_exp_year":
{
"description":"4 digits",
"type":"select",
"options":[2016,2017,2018,2019,2020,2021,2022],
"title":"Card Expiry Year"
}
}
}]
Testing
Not all gateways provide a testing environment but we will be able to setup a test gateway for testing.
To test your integration, please contact support and you will be provided with a testing SID. Any transaction processed on the testing SID will only be checked syntactically and semantically by TxProcess UAT. This way you can test if you have sent sufficient and correct data.
The information given below is for testing using our test gateway only. No amount will be deducted from the account. Test responses are simulated based on the amount sent.
When performing credit card type transaction testing with your testing SID, the following card details can be used:
Field | Value |
---|---|
Card Number | 4111111111111111 |
Card Type | visa |
CVV | 123 |
Expiry Date | 01/2022 |
Card name | Tester |
Field | Value |
---|---|
Card Number | 5555555555554444 |
Card Type | mastercard |
CCV | 1234 |
Expiry Date | 01/2022 |
Card name | Tester |
The following transaction amounts can be used to test different transaction results with your testing SID.
Total Amount | Description |
---|---|
$*.01 | Non 3D Secure transactions with Gateway error |
$*.03 | PENDING transaction |
$*.12 | Non 3D Secure transactions with Decline message |
$*.13 | 3D Secure transaction with a Decline message |
$*.15 | 3D Secure transaction with a Gateway Failed message |
any amount between $*.15 and $*.20 | Approved 3D Secure transaction |
You will be able to view the results of your testing transactions in TxProcess UAT by searching for them on the Browse Transactions page with your testing SID as a search item.
Other documentation
Link to old documentation here.