NAV
example

TxShield

Overview

TxShield is a comprehensive, payment specific fraud and risk engine that allows for the structure and setup of fraud monitoring controls:

Further we can assign payment methods, nominate the available regions and add fraud settings. Our monitoring happens in real time and we can respond accordingly to breaches of program rules as they happen.

For any fraud management plan to be effective it is important to ensure that the appropriate reporting is being continually monitored and adjusted to stay ahead of potential threats.

Features

Benefits

Transaction Types

TxShield can process different types of transactions.

The card_type/payby parameter and the corresponding payment fields sent, will change depending on the type of transaction. In some cases, depending on the gateway integration methods, the payment transactions that use Visa and Mastercard are treated as preauth transactions in TxShield.

Below listed are the integration methods available for payment. Contact support for integration details for other transactions.

Integration Methods

SOAP

SOAP is a server-to-server API used for payment methods that can be used without user interaction. It is not useful for any payment method that requires user interaction. This method is for specific use cases, it is recommended that developers make use of the TxHandler or hosted payment page.

For more information click the following link: Make Payment using SOAP

Single Transaction API (TxHandler)

The TxHandler is used to send single transactions through form post.

After the transaction, the user can be redirected to a user defined location and also the result of the transaction can be received as postback to a user defined script/page.

For more information click the following link: Make Payment using TxHandler.

Parameter Definitions

Name Required Description
sid Y Site id (unique identifier for the web site)
tid N Merchant Reference
postback_url Y The URL of the page used to receive the TxHandler postback.
The response can be read from $_POST array.
redirect_url N The URL of the page TxHandler will redirect to after processing.
The response can be read as GET parameters.
If there is no redirect_url, the result will be a json string
hash Y md5 hash of sid+timestamp+amounttotal+currency+rcode
ie: md5('22'.'1234568995265421'.'17.00'.'USD'.'222b6c')
timestamp Y Timestamp value used in the hash ie: 1234568995265421
card_type Y Please ask your support contact for your complete list.
Each pay method will require different fields and currencies to be entered.
card_name Y Card holder name
card_no Y No spaces or dashes allowed
card_ccv Y Card CCV
card_exp_month Y 2 digits
card_exp_year Y 4 digits
institution_number N The institution number, used for bank transfers
routing_no N The routing or transit number, used for bank transfers
account_no N The account number, used for bank transfers
firstname N First name of the customer
lastname N Last name of the customer
phone N Customer phone number
email Y Customer email
mobile N Customer mobile number
address N Customer address
suburb_city N Customer suburb or city
state N Customer state, 2 digit code for US/Canada
postcode N Customer postcode/zipcode
country Y Customer country, ISO 3166 2 digit code
shipping_firstname N First name of the customer
shipping_lastname N Last name of the customer
shipping_address N Customer address
shipping_suburb_city N Customer suburb or city
shipping_state N Customer state, 2 digit code for US/Canada
shipping_postcode N Customer postcode/zipcode
shipping_country N Customer country, ISO 3166 2 digit code
currency Y Transaction currency [currency in which the gateway is setup], ISO 3 letter code
amount_shipping Y Transaction shipping amount
amount_coupon Y Coupon amount
amount_tax Y Transaction tax amount
item_quantity[] Y An array with the quantity of each cart item
item_name[] Y An array of article names for each cart item
item_no[] Y An array of article numbers for each cart item
item_desc[] Y An array with descriptions for each cart item
item_amount_unit[] Y An array that defines the price per unit for each cart item
threeDSecure N json string of the 3d2.0 params eg,
{"eci":"05",
"cavv":"MPUAANABhSD54fFQJTIm+Vq+zPY=",
"xid":"1b5705e7-70da-4a63-9693-bba49da82066",
"status":"Y",
"protocolVersion":"2.1.0",
"authenticationValue":"MPUAANABhSD54fFQJTIm+Vq+zPY=",
"dsTransactionId":"1b5705e7-70da-4a63-9693-bba49da82066"}
campaignid[] N This is a campaign code as provided by the associated affiliate system. please only use if information is provided.
affiliateid N The affiliate id provided by the affiliate system
ref1 N Merchant reference field
ref2 N Merchant reference field
ref3 N Merchant reference field
ref4 N Merchant reference field
tx_action N FRAUDCHECK

Responses

To Redirect Page and to Postback Url

The response from the server is an array. If the status has the value "OK" the transaction has been successfully processed.

The response array has the following structure:

Name Data Type Description
sid String Has the sid where transaction was processed
status String Has the value "OK" for a successful transaction, or "EXC" for a failed fraudcheck
parent_txid String Parent transaction id
txid String The transaction ID
tx_action String FRAUDCHECK
amount String The amount processed. The gateway currency amount
currency String The currency in which the transaction was processed
tid String From the original transaction
ref1 String From the original transaction
ref2 String From the original transaction
ref3 String From the original transaction
ref4 String From the original transaction
vrfy String This is a sha 256 hash so the data can be verified. To generate hash with sha256 the string of sid;rcode;txid;status;amount;currency;txaction
error If an error has occurred, then the status value will equal "EXC" and these parameters will be sent as well
error_type String The error type
error_sys String The system that caused the error (client or server)
error_msg String The error message
error_info String Error information that contains the bank message and bank code

No Redirect URL

In case of no redirect url, the response will be a json string of the above mentioned array. This will be useful if you are using CURL post instead of FORM post. The status field will have one of the following values:

OK
The transaction was successful.

PEND
The transaction is pending and there will be a follow-up message.

EXC
The transaction is declined. The response should include information about the reason or exception encountered.

PAYG_ERROR
This is a rare response, indicating a problem with communicating with the processor.

Sample Code

Sample form post (HTML)

Please note that the sid and hash value used in this sample will not work for actual testing. You will need to replace those values when testing.

<form action="http://{shield_url}/secure/txHandler.php" method="post">
    sid: <input type="text" name="sid" value="19"><br>
    tid: <input type="text" name="tid" value="5678">br>
        postback_url: <input type="text" name="postback_url" value="http://mysite.com/postback.php"><br>
    redirect_url: <input type="text" name="redirect_url" value="http://mysite.com/redirect.php"><br>
        timestamp: <input type="text" name="timestamp" value="1234568995265421"><br>
        hash: <input type="text" name="hash" value="08ff1b1b14a09acfd67560baae229c4e"><br>
    firstname: <input type="text" name="firstname" value="Jack"><br>
    lastname: <input type="text" name="lastname" value="Tester"><br>
    phone: <input type="text" name="phone" value="1234567"><br>
    email: <input type="text" name="email" value="test@example.com"><br>
    address: <input type="text" name="address" value="12 Test Lane"><br>
    suburb_city: <input type="text" name="suburb_city" value="TestCity"><br>
    state: <input type="text" name="state" value="CA-ON"><br>
    postcode: <input type="text" name="postcode" value="41010"><br>
    country: <input type="text" name="country" value="CA"><br>
    ship_firstname: <input type="text" name="ship_firstname" value="Julie"><br>
    ship_lastname: <input type="text" name="ship_lastname" value="Tester"><br>
    ship_address: <input type="text" name="ship_address" value="13 Test Lane"><br>
    ship_suburb_city: <input type="text" name="ship_suburb_city" value="TestCity"><br>
    ship_state: <input type="text" name="ship_state" value="CA-ON"><br>
    ship_postcode: <input type="text" name="ship_postcode" value="41010"><br>
    ship_country: <input type="text" name="ship_country" value="CA"><br>
    currency_code: <input type="text" name="currency" value="USD"><br>
    amount_shipping: <input type="text" name="amount_shipping" value="0.30"><br>
    amount_tax: <input type="text" name="amount_tax" value="0.00"><br>
    amount_coupon: <input type="text" name="amount_coupon" value="0.00"><br>
    card_type: <input type="text" name="card_type" value="visa"><br>
    card_no: <input type="text" name="card_no" value="41111111111111"><br>
    card_name: <input type="text" name="card_name" value="J Citizen"><br>
    card_cvv: <input type="text" name="card_cvv" value="123"><br>
    card_exp_month: <input type="text" name="card_exp_month" value="2014"><br>
    card_exp_year: <input type="text" name="card_exp_year" value="09"><br>
        tx_action: <input type="text" name="tx_action" value="FRAUDCHECK"><br>

    ref1: <input type="text" name="ref1" value=""><br>
    ref2: <input type="text" name="ref2" value=""><br>
    ref3: <input type="text" name="ref3" value=""><br>
    ref4: <input type="text" name="ref4" value=""><br>

    <table>
        <tr>
            <td>
            item_quantity: <input type="text" name="item_quantity[]" value="2">
            item_name: <input type="text" name="item_name[]" value="apple">
            item_no: <input type="text" name="item_no[]" value="a234">
            item_desc: <input type="text" name="item_desc[]" value="juicy green apple">
            item_amount_unit: <input type="text" name="item_amount_unit[]" value="0.59">
            </td>
        </tr>
        <tr>
            <td>
            item_quantity: <input type="text" name="item_quantity[]" value="1">
            item_name: <input type="text" name="item_name[]" value="pear">
            item_no: <input type="text" name="item_no[]" value="p567">
            item_desc: <input type="text" name="item_desc[]" value="fresh green pear">
            item_amount_unit: <input type="text" name="item_amount_unit[]" value="0.68">
            </td>
        </tr>
    </table>
    <input type="submit" value="Submit">
</form>

Secure Hosted Payment Page

Secure hosted payment page allows the merchant to use our facilities for their payment interface. Users are redirected to the secure hosted payment page from the merchant site, from there the user can choose their country, payment options and payment information.

Make Payment using Secure Hosted Payment Page

Rest API

Rest implementation of TxHandler allows you to send single transaction in xml, json or form url encoded format. It is not useful for any payment method that requires user interaction. Click REST API to see the rest api endpoints that are available.

Parameter Definitions

Name Type Required Description
sid number Y Site id (unique identifier for the web site)
tid String N Merchant Reference
rcode alphanumeric Y rcode of the sid
timestamp numeric Y timestamp value used in the hash ie: 1234568995265421
firstname String Y First name of the customer
lastname String Y Last name of the customer
email String Y Customer email address
phone String Y Customer phone number
mobile String N Customer mobile number
address String Y Customer address
suburb_city String Y Customer suburb or city
state String Y Customer state, 2 digit code for US/Canada
postcode String Y Customer postcode/ zipcode
country String Y Customer country, ISO 3166 2 digit code
ship_firstname String N Shipping first name
ship_lastname String N Shipping last name
ship_address String N Shipping address
ship_suburb_city String N Shipping suburb or city
ship_state String N Shipping state, 2 digit code for US/Canada
ship_postcode String N Shipping postcode/ zipcode
ship_country String N Shipping country, ISO 3166 2 digit code
ship_address String N Shipping address
card_type String Y Payment Type (eg. Visa, Mastercard, ach, etc...).
A list of field types allowed is provided to each merchant.
card_name String N Card holder name
card_no String (16) N No spaces or dashes allowed
card_cvv String (3) N 3 digits
card_exp_month String (2) N 2 digits
card_exp_year String (4) N 4 digits
currency String Y Transaction currency, ISO 3 letter code
amount_shipping float Y Transaction shipping amount. 2 decimal places
amount_tax float Y Sales Tax amount. 2 decimal places
amount_coupon float Y Coupon amount. 2 decimal places
item_quantity[] numeric Y An array with the quantity of each cart item
item_name[] String Y An array of article names for each cart item
item_no[] String Y An array of article numbers for each cart item
item_desc[] String Y An array with descriptions for each cart item
item_amount_unit[] float Y An array that defines the price per unit for each cart item
campaignid[] String N This is a campaign code as provided by the associated affiliate system. please only use if information is provided.

Gateway Emulators

There are gateway emulators that can be used without much changes to the code you already have.

Make Payment using Emulator

Fraud Integration/Check

3DS Integration

Integrate with TxShield for 3DS2 Authentication using our 3DS JS SDK. The following section and the 3DS DOM elements describe how to connect to the 3DS JS SDK and the options available.

We also have a demo payment page that shows how simple it is to integrate. Instructions for the demo payment page are in the 3DS Demo Payment Page section.

Implementation Guidelines

Example of the HTML form

<html>
    <body>
        <div class="your-page-content">
        <form id="billing-form" action="" method="post">
        </form>
        </div> <!-- End of page -->
        <script src="{txshield_3ds_url}/js/3d2integrator.v3.dist.js"></script>
        <script>
            let options = {
                showChallenge: true,
                showChallengePopup: true
            }
            let threeD2 = new ThreeDS2( "<insert-form-id-here>", "<txshield_3ds_sid>", "<amounttotal>","<hash>","<txshield_3ds_url>","<merchantreference>","this", "<options>");
            document.getElementById('billing-form').addEventListener('submit', function (e) {
                threeD2.do3D(fnresponse);
            })
        </script>
    </body>
</html>

Before you begin impementation you will need to have the following settings. They will be issued by txShield when you begin integration:

There are 7 steps to complete the 3DS JS SDK integration. Only the first 5 are mandatory if you are doing your Authorization (payment) processing through a different provider.

Most steps should see you only having to update your current payment page / check out page:

  1. Add the 3DS JS SDK
  2. Add data-threeds attributes
  3. Initialize the 3DS JS SDK
  4. call do3D()
  5. handle authorisation result
  6. Check the added input fields. only if Authorization Processing with TxShield
  7. Submit the form for payment process. only if Authorization Processing with TxShield

1. Add the TxShield 3DS2 Javascript Library to the payment page.

Include JS SDK into a page <script src="{txshield_3ds_url}/js/3d2integrator.v3.dist.js"></script> * {txshield_3ds_url} is the TxShield server url that you are integrating with. This will be given to you at time of onboarding.

2. Add "data-threeds" attributes to form elements.

To the elements in the form that contain information relevant to 3DS Authentication, add the data-threeds attribute. The 3DS SDK will search for all elements marked with a data-threeds attribute. The value for the attribute tells the script what data this field contains. Example is below.

The pan, month and year elements are mandatory.

Add "data-threeds" Attributes to elements

<input name='creditCardNumber' id='creditCardNumber' data-threeds='pan'>
<input name='cardMonth' id='cardMonth' data-threeds='month'>
<input name='cardYear' id='cardYear' data-threeds='year'>

A full list of fields and the data-threeds tags is available in the 3DS Dom elements table below. The more fields, the higher the chance of a successful and accurate 3DS result.

3. Initialize the ThreeDS2 object.

Initialize the ThreeDS2 object.

let my3ds2 = new ThreeDS2('{formId}',
    '{txshield_3ds_sid}',
    '{amounttotal}',
    '{hash}',
    '{txshield_3ds_url}',
    '{merchantreference}',
    '{global window scope}',
    '{options}'
)

Intialize / Instantiate the 3DS SDK. This should be done on page load, as there are several network calls that are done. If this is done on page load, these network calls can be done in the background while the user is completing the payment form.

3DS JS SDK Options

let options = {
    showChallenge: true,
    showChallengePopup: true,
    rebilling: true,
    rebillingData: {
        rebillingExpiry: "20231231",
        rebillingFrequency : 28
    }
}

3DS JS SDK Options

option description format default Required version
showChallenge If the 3DS authentication requires a challenge, whether to show the challenge or not. If false, and a chllenge is requested, the authentication will result in a status of N or C. The default value is set at sign up time. This can be sent in to override the default. boolean true v2: Y
v3: N
2, 3
showChallengePopup Whether to display the challenge at the bottom of the form, or in a popup window. boolean true N 2
rebilling If this is a recurring billing authentication. If set to true the rebillingData object must be set. boolean false N 2
rebillingData Contains the rebilling options. object - only if rebilling is to true 2
rebillingData.rebillingExpiry The date that the recurring billing will expire. e.g. for a 12 month magazine subscriotion, it should be set to the last month that a transaction will occur. string formatted Date. YYYYMMDD - Y 2
rebillingData.rebillingFrequency The least number of days between a rebilling cycle. If the rebilling is monthly this should be 28 (for February). If a weekly rebill, 7 days. integer - Y 2
addrMatch Set to true, the shipping address matches the billing address, and does not need to be set. boolean false N 3

4. Call the do3D() method.

Call do3D()

my3ds2.do3D(function (data)) {
    //my callback
});

When the user has finished entering their card details and all other data-threeds tagged fields with data, you should start the 3DS work flow by calling the do3D() method. This would commonly be done when the user has submitted the payment form.

We would recommend calling the do3D() method after doing your initial data validation (making sure that the fields are filled out, and in the correct format etc.) This should avoid extra 3ds transactions and costs by sending empty fields.

5. Handle 3DS Result

In step 4, a callback function was provided to do3D(). When Authentication is completed, the callback function will be called.

Authentication is considered complete when the user has ended their interaction with the 3DS servers. Refer to the 3DS Response section to learn more details about the returned response and what it means.

Once the callback has been called, you can now submit your payment form for payment processing.

If you are doing your payment processing with us, you do not have to do anything else with this data, other than decide if you want to continue based on the transStatus.

If you are doing your payment processing with another provider, you can use this callback to format the data for your provider.

6. Added Input Fields

If the above steps are done correctly, the DOM will have upto two new input fields created, threeDSecure and addinfo. If payment processing with us, these fields must exist, and must be included in the final form submission. Do not remove them.

Extra fields added to the form

<input class="threeDSecure" type="hidden" name="threeDSecure" value="">
<input class="addinfo" type="hidden" name="addinfo" value="" data-threeds="id">

Make sure that threeDSecure element is not empty before submitting the form for 'tx_action=FRAUDCHECK'

7. Submit the form

Include the threeDSecure parameter in the final form submission. See the example on the right hand section.

3DS Response

The following covers the 3DS response fields and their values / meanings. There is also a translation of the TxShield response to 3DS1 naming conventions, as the TxShield response matches 3DS2 naming conventions.

Response Object

Json Response

{
    "threeDSIntegratorOid": "12345",
    "threeDSRequestorOrderID": "9566261c-a4b3-4e40-ac7b-6145e8096e71",
    "threeDSRequestorData": "eyJtZXJjaGFudF9yZWYiOiJNZXJjaFJlZjE2MjI3NjQ1NzI1ODkifQ==",
    "threeDSRequestorID": "123MCTMyMidHere1235678",
    "threeDSServerTransID": "68d3fda2-e997-4772-b211-fd2073524278",
    "acsTransID": "61e1585c-3ab4-4bab-adb9-d72d07a1b1f7",
    "dsTransID": "74E3ECFA-86D1-4561-ACC1-32F532144824",
    "transStatus": "Y",
    "transStatusReason": "",
    "authenticationValue": "AAUBASOWNkVIc2RRBJY2AAAAAAA=",
    "authenticationAlgorithm": "",
    "eci": "05",
    "version": "2.1.0",
    "errCode": "4001",
    "errMsg": ""
}

An example response object is on the right.

field Description Format Mandatory
threeDSIntegratorOid The 3DS Integrators Reference String Y
threeDSRequestorOrderID The TxShield 3DS Reference UUID Y
threeDSRequestorData Base 64 Encoded Transacion Data String (2048) N
threeDSRequestorID 3DS Requestor ID String (35) N
threeDSServerTransID 3DSServer Trans Id String (36) N
acsTransID ACS Transaction ID String (36) N
dsTransID DS Transaction ID String (36) N
transStatus 3DS Transaction Status. See below transStatus section for explanation. String (1) Y
transStatusReason 3DS Transaction Status Reason (if supplied). See below transStatusReason section for explanation. String N
authenticationValue Authentication Value String (28) N
authenticationAlgorithm Authentication Alogrithm, Required for 3DS 1 String (1) N
eci Electronic Commerce Indicator. Combined with transStatus to determine liability shift. String (2) N
version 3DS Version used. Should be 2.x.x or 1.x.x String (8) N
errCode Error Code if supplied String (4) N
errMsg Detailed Error Message if supplied String (2048) N

TransStatus

The values in the transStatus field along with the eci field indicated whether a liability shift has occured. If the value is Y, U, A you can attempt the authorization (payment) transaction. If the value is N, C, R we recommend not attempting the authorization transaction, however it is at the merchants Discretion if they wish to proceed.

Only a status of Y guarantees a full liability shift.

A transStatus of C should only be returned by the 3DS SDk if challenges are turned off. This turns the 3DS SDK into a frictionless workflow. If you receieve a transStatus of C the frictionless transaction has not authenticated. The ACS server (the card issuer) requested the Challenge work flow, and in a forced frictionless scenario this means the Authentication has failed. You should not proceed to payment. The 3DS SDK returns the transStatus of C so that the merchant can keep statistics and track how many potential authentications failed because the ACS requested a challenge, and you may want to use that to inform your decision to turn challenges on later, or keep them turned off.

transStatus value Description Continue to Payment
Y Authentication Successful Y
N Not Authenticated, Transaction denied N
U Authentication/ Account Verification Could Not Be Performed Y
A Not Authenticated, but a proof of attempted authentication is provided Y
C Challenge Required; Additional authentication is required. Only returned if challenge disabled (frictionless) N
R Authentication Rejected; Issuer is rejecting authenticatio and request that authorisation not be attempted. N

TransStatusReason

The values in the transStatusReason field can be mapped to these reasons. The full text should already be in the msg field, in the response data so you don't need to map this yourself.

transStatusReason value Meaning
01 Card authentication failed
02 Unknown Device
03 Unsupported Device
04 Exceeds authentication frequency limit
05 Expired card
06 Invalid card number
07 Invalid transaction
08 No Card record
09 Security failure
10 Stolen card
11 Suspected fraud
12 Transaction not permitted to cardholder
13 Cardholder not enrolled in service
14 Transaction timed out at the ACS
15 Low confidence
16 Medium confidence
17 High confidence
18 Very High confidence
19 Exceeds ACS maximum challenges
20 Non-Payment transaction not supported
21 3RI transaction not supported

TxShield (3DS2) fields to 3DS1 translation

TxShield Field (3DS2) 3DS1 Name Description
acsTransId - ACS servers reference
authenticationValue cavv
dsTransId xid Director servers reference
eci eci Ecommer Indiciator
protocolVersion -
transStatus transStatus / status Depends on the processor as to which they use.
authenticationAlgorithm authenticationAlgorithm Alorithm Identifier. 3DS1 Only

3DS DOM elements

Below is a list of all DOM elements you can tag with data-threeds attributes so the SDK can pick it up:

3DS DOM Elements Description Format Required Version
pan Credit Card String Y 2, 3
month Expiration Month String - Two digits only Y 2, 3
year Expiration Year String - Two digits only Y 2, 3
shippingLine1 First line of cardholder street address String Amex only (recommended if applicable) 2, 3
shippingLine2 Second line of cardholder street address String Amex only (recommended if applicable) 2, 3
shippingLine3 Third line of cardholder street address String Amex only (recommended if applicable) 2, 3
shippingPostCode Zip Code / Postal Code String Amex only (recommended if applicable) 2, 3
shippingCity City of cardholder address String Amex only (recommended if applicable) 2, 3
shippingState State of cardholder address String Amex only (recommended if applicable) 2, 3
shippingCountry Country of cardholder address String Amex only (recommended if applicable) 2, 3
billingLine1 First line of cardholder street address String No (strongly recommended) 2, 3
billingLine2 Second line of cardholder street address String No (strongly recommended) 2, 3
billingLine3 Third line of cardholder street address String No (strongly recommended) 2, 3
billingPostCode Zip Code / Postal Code String No (strongly recommended) 2, 3
billingCity City of cardholder address String No (strongly recommended) 2, 3
billingState State of cardholder address String No (strongly recommended) 2, 3
billingCountry Country of cardholder address String No (strongly recommended) 2, 3
email E-mail String No 2, 3
cardHolderName First name + Last Name String Discover only (strongly recommended) 2, 3
currency ISO 4217 three-digit currency code.
Only set to override API Key default in Dashboard.
String No 2
transType Type of product being transacted:
* 01 = Goods / Service Purchase (default)
* 03 = Check Acceptance
* 10 = Account Funding
* 11 = Quasi-Cash Transaction
* 28 = Prepaid Activation and Load
String No 2
shipIndicator Shipping method used to deliver goods:
* 01 = Ship to cardholder’s billing address
* 02 = Ship to another verified address on file with merchant
* 03 = Ship to address that is different than the cardholder’s billing address
* 04 = “Ship to Store” / Pick-up at local store (Store address shall be populated in shipping address fields)
* 05 = Digital goods (includes online services, electronic gift cards and redemption codes)
* 06 = Travel and Event tickets, not shipped
* 07 = Other (for example, Gaming, digital services not shipped, e-media subscriptions, etc.)
String Amex only 2
deliveryTimeFrame When would the goods be delivered:
* 01 = Electronic Delivery
* 02 = Same day shipping
* 03 = Overnight shipping
* 04 = Two-day or more shipping
String Amex only 2
reorderItemsInd Is the order new for the customer or it has been ordered before:
* 01 = First time ordered
* 02 = Reordered
String Amex only 2

3DS Demo Payment Page

The demo payment page files can be downloaded here.

Files

There are 2 files included:

  1. 3ds2DemoPaymentPage.html: Is an example payment / check out page, giving an example of how to integrate with the TxShield 3DS JS SDK. It is not intended to be a live payment page as it has no validation on the users input, and exposes your rcode to anyone who uses the page, which you should not do.
  2. md5.js: is a third party javascript file used to create the hash, which is used in the validation and authorization of your calls to the 3DS JS SDK.

Installation

These files are intended for you to copy into the same directory on your webserver and be able to run directly from there.

Configuration

Once on the webserver all you have to do is update the 3ds2DemoPaymentPage.html file with the configuration values that we will supply to you. The variables in the demo pament page are surrounded with {{ variable }} and both the name and {{}} should be replaced, as per below.

You should now be able to run the demo payment page file. For details of test cards please contact support and we will provide you with the details of test cards that can be used for your solution.

Fraud check API Integration

For fraud integrations only, where payment processing is not required. Transaction can be sent to {URL}/api/v1/index.php/{SID}/fraudcheck.

The URL, SID and RCODE will be provided during onboarding process. The RCODE will be used in the FraudCheck API to create the hash string.

Fraudcheck Submission

var json3D2data = $('form#billing-form .threeDSecure').val();
var settings = {
    "url": "{url}/api/v1/index.php/{sid}/fraudcheck",
    "method": "POST",
    "timeout": 0,
    "headers": {
    "Content-Type": "application/x-www-form-urlencoded",
    "data": {
        "timestamp": "",
        "tid": "",
        "card_type": "",
        "card_no": "",
        "card_exp_month": "",
        "card_exp_year": "",
        "card_name": "",
        "firstname": "",
        "lastname": "",
        "email": "”,
        "phone": "",
        "address": "",
        "suburb_city": "",
        "state": "",
        "country": "",
        "postcode": "",
        "shipping_address": "",
        "shipping_suburb_city": "",
        "shipping_state": "",
        "shipping_country": "",
        "shipping_postcode": "",
        "amount": "",
        "currency": "",
        "threeDSecure": json3D2data,
        "hash": "42aceec719591670d4491780d2187527"
    },
    “success”:function (response) {
        console.log(response);
    }
};
$.ajax(settings);

Parameters

Name Type Required Description
sid integer Y ID of site
hash string Y md5 hash of sid+timestamp+amounttotal+currency+rcode
e.g. md5('22'.'1234568995265421'.'17.00'.'USD'.'222b6c')
timestamp string Y Timestamp value used in the hash e.g. 1234568995265421
tid string N Merchant reference
card_type string Y Type of card(visa/mastercard)
card_no integer Y The card number
card_cvv integer Y The card 3/4 digit verification code
card_exp_month string Y 2 digit for the month. Please have leading zeroes e.g. 05
card_exp_year string Y 4 digit year i.e. 2016
card_name string Y The name printed on the card
threeDSecure string N json string containing 3ds2 check values
firstname string Y First name of the customer
lastname string Y Last name of the customer
email string Y Email of the customer
phone string N Phone of the customer
address string N Billing street address
suburb_city string N Billing suburb or city
state string N Billing state, 2 letter code for US/Canada.
Australia should use 2/3 letter codes.
country string N Billing country, ISO 3166 2 digit code.
postcode string N Billing postcode/zipcode.
shipping_address string N Shipping street address
shipping_suburb_city string N Shipping suburb or city
shipping_state string N Shipping state, 2 letter code for US/Canada.
Australia should use 2/3 letter codes
shipping_country string N Shipping country, ISO 3166 2 digit code
shipping_postcode string N Shipping postcode/zipcode
amount number Y Amount, needs to be in 2 decimals
currency string Y Transaction currency, ISO 3 letter code

Responses

200 Response

{
  "sid": 0,
  "status": "string"
  "parent_txid": 0,
  "txid": 0,
  "tx_action": "string",
  "amount": 0,
  "currency": "string",
  "tid": "string",
  "comment": "string",
  "error_info": "string",
  "vrfy": "string"
}
Parameters Description
sid sid where the fraudcheck is done
status Status of fraudcheck (EXC or OK)
parent_txid Parent_txid which is used for reference
txid ID of the fraudcheck
tx_action FRAUDCHECK
amount Amount
currency Currency
tid Merchant reference
comment Any additional info
error_info Info about fraudcheck error
vrfy This is a sha256 hash so the data can be verified. Generate sha256 hash of the string of sid;rcode;txid;amount;currency;txaction

Responses

To Redirect Page and to Postback URL

The response from the server is an array. If the status has the value "OK" the transaction step has been successfully processed. The response array has the following structure:

Name Data Type Description
sid String Has the sid where transaction was processed
status String Has the value OK for a successful transaction step, or
EXC for a failed transaction step
parent\_txid String Parent transaction id
txid String The transaction ID
tx\_action String The state change txaction, e.g. PAYMENT, SETTLEMENT', 'PREAUTH' and 'FRAUDCHECK
amount String The amount processed. The gateway currency amount
currency String The currency in which the transaction was processed
comment String Response from the gateway
rebillkey String Rebillkey for the transaction. if rebill is enabled
tid String From the original transaction
ref1 String From the original transaction
ref2 String From the original transaction
ref3 String From the original transaction
ref4 String From the original transaction
descriptor String Gateway descriptor name
vrfy String This is a sha 256 hash so the data can be verified. To generate hash with sha256 the string of sid;rcode;txid;status;amount;currency;txaction
*postcurrencyreceive String Transaction amount in the currency posted
*postcurrency String Original cart currency posted
+settlementcurrency String Currency in which the merchant will be settled
+settlementamount String Amount settled to the merchant
#paymentinfo json encoded string Contains billercode, reference and instruction
error String If an error has occurred, then the status value will equal EXC and these parameters will be sent as well
error_type String The error type
error_sys String The system that caused the error (client or server)
error_msg String The error message
error_info String Error information that contains the bank message and bank code
error_code String TxProcess UAT error code

No Redirect URL

In case of no redirect URL, the response will be a JSON string of the above mentioned array. This will be useful if you are using CURL post instead of FORM post.

The tx_action field will have one of the following values:

A PAYMENT is a transaction that is processed synchronously and the transaction's final funding status is known. The status will indicate if the transaction is successful or unsuccessful.

A PREAUTH is an asynchronous transactions where the final funding state of the transaction hasn't yet been determined. Once the transaction has been completed this will be followed with a second post-back with a SETTLEMENT message. Some payment methods will reserve the funds at this point in the transaction process.

The AUTH transaction is a variant of the PREAUTH action; In this state, the amount is not deducted from the card.

The CAPTURE transaction is a variant of the SETTLEMENT action; In this state, the amount is deducted from the card used in the AUTH transaction.

A SETTLEMENT is the second part of a PREAUTH transaction, indicating that we now know the final funding state of the transaction. The status will indicate if the transaction is successful or unsuccessful.

A REFUND transaction happens when a merchant returns the funds to the customer. The status will indicate if the transaction is successful or unsuccessful.

A CHARGEBACK transaction happens when a customer disputes the transaction and has initiated the dispute process for that payment option. The status will indicate if the transaction is successful or unsuccessful.


The status field will have one of the following values:

The transaction was successful.

The transaction is pending and there will be a follow-up message.

The transaction is declined. The response should include information about the reason or exception encountered.

This is a rare response, indicating a problem with communicating with the processor.

Getting Payment Method Options

FeeAPI and RawFeeAPI

FeeAPI and RawFeeAPI provides a way to get a list of payment methods and information for a given sid. These request should only be used server-to-server as they use the rcode.

General Information

Interface Location

The Fee API located at: https://txprocess.uat.ipayoptions.com/soap/feeapi.php

The RawFeeAPI located at: https://txprocess.uat.ipayoptions.com/soap/rawfeeapi.php

It will only be accessible from your domain when data has been sent via HTTP POST towards it.

FeeAPI will give you the cart converted to the currency of the payment method.

FeeAPI and RawFeeAPI will both give you the list of payment methods and the fields. Fields section in the response will have the input requirement for sending the transaction to the gateway.

FeeAPI Parameter Definitions

Name Type Required Description
sid String Y Site id (unique identifier for the web site)
rcode String Y Site RCODE
country String Y Country of the user - will provide the list of payments available for that country
addfee Boolean N This will add the processing fees on top of the amount.
cart Array Y Information about the purchase items. This is only compulsory for feeapi, do not sent the cart to rawfeeapi.
summary Array Y Contains a summary of cart contents
amount_purchase String Y Total amount of purchase
amount_shipping String Y Shipping amount
amount_tax String Y tax amount
amount_coupon String Y Coupon amount
fxrate_posted String Y Rate used for conversion of cart currency to gw currency. Enter Buy cart currency Sell Gw currency
currency_code String Y 3 digit currency code of the cart currency
items Array Y Contains the cart items
(numerical index) Array Y Contains information about one item in the cart
(Repeat until all cart items are listed)
name String Y Category, can be used freely
quantity Integer Y Quantity of the item
amount_unit String Y Unit price amount (without commas and only 2 decimals places)
item_no String Y Article number
item_desc String Y Item description

RawFeeAPI Parameter Definitions

Name Type Required Description
sid String Y Site id (unique identifier for the web site)
rcode String Y Site RCODE
country String Y Country of the user - will provide the list of payments available for that country
currency String Y 3 digit currency code. cart currency

Response - FeeAPI

The FeeAPI will return a JSON response. If addfee option is 0, your Processing Fees will not be there.

[{
    "mxsid":"188",
    "payby":"visa",
    "title":"Visa",
    "display_title":"Test",
    "description":"\u00a0",
    "transfertime":null,
    "transferlimit":null,
    "currency_code":"USD",
    "currency_symbol":"$",
    "image":"https://txprocess.uat.ipayoptions.com/secure/dbfile.php?type=pmimg&id=1&nocache=575a36bb51db4",
    "fee":12.63,
    "cart": {
        "summary": {
            "quantity":"1",
            "amount_purchase":16.36,
            "amount_shipping":0,
            "amount_tax":0,
            "currency_code":"USD",
            "amount_shipping_posted":null,
            "amount_tax_posted":null,
            "amount_coupon_posted":null,
            "amount_coupon":0,
            "currency_symbol":"$",
            "fxrate":0.85846649
        },
        "items": [{
            "quantity":"1",
            "name":"Economy single",
            "item_no":"e1234",
            "item_desc":"Single Economy ticket LHR - ZAR",
            "amount_unit":3.73,
            "amount_unit_posted":"3.20"
        },
        {
            "name":"Processing Fees",
            "quantity":1,
            "amount_unit_posted":10.84,
            "amount_unit":12.63,
            "item_no":"",
            "item_desc":"Processing Fees"
        }]
    },
    "fields":
    {
        "card_name":
        {
            "description":"",
            "type":"text",
            "title":"Card Holder Name",
            "required":1
        },
        "card_no":
        {
            "description":"No spaces or dashes allowed",
            "type":"text",
            "title":"Card Number",
            "required":1,
            "pattern":"[0-9] { 13,19 }"
        },
        "card_cvv":
        {
            "description":"CVV",
            "type":"text",
            "title":"CVV",
            "required":1,
            "pattern":"[0-9]{3,4}"
        },
        "card_exp_month":
        {
            "description":"",
            "type":"select",
            "options":["01","02","03","04","05","06","07","08","09","10","11","12"],
            "title":"Card Expiry Month"
        },
        "card_exp_year":
        {
            "description":"",
            "type":"select",
            "options":[2016,2017,2018,2019,2020,2021,2022,2023,2024,2025,2026,2027],
            "title":"Card Expiry Year"
        }
    }
}]

Response - RawFeeAPI

The RawFeeAPI will return a JSON response.

[{
    "mxsid":"188",
    "payby":"visa",
    "title":"Visa",
    "display_title":"Test",
    "description":"\u00a0",
    "transfertime":null,
    "transferlimit":null,
    "currency_code":"USD",
    "currency_symbol":"$",
    "image":"https://txprocess.uat.ipayoptions.com/secure/dbfile.php?type=pmimg&id=1&nocache=575a4029d6950",
    "fee":{
        "exchange_src":"same",
        "rate":1,
        "commission_src":"same",
        "margin":0,
        "flatfee":10,
        "mdr":3
    },
    "fields":
    {
        "card_name":
    {
        "description":"Card holder name",
        "type":"text",
        "title":"Card Name",
        "required":1
    },
    "card_no":
    {
        "description":"No spaces or dashes allowed",
        "type":"text",
        "title":"Card Number",
        "required":1
    },
    "card_cvv":
    {
        "description":"Card CVV2",
        "type":"text",
        "title":"CVV2",
        "required":1},
        "card_exp_month":
        {
            "description":"2 digits",
            "type":"select",
            "options":["01","02","03","04","05","06","07","08","09","10","11","12"],
            "title":"Card Expiry Month"
        },
        "card_exp_year":
        {
            "description":"4 digits",
            "type":"select",
            "options":[2016,2017,2018,2019,2020,2021,2022],
            "title":"Card Expiry Year"
        }
    }
}]

Testing

Not all gateways provide a testing environment but we will be able to setup a test gateway for testing.

To test your integration, please contact support and you will be provided with a testing SID. Any transaction processed on the testing SID will only be checked syntactically and semantically by TxProcess UAT. This way you can test if you have sent sufficient and correct data.

The information given below is for testing using our test gateway only. No amount will be deducted from the account. Test responses are simulated based on the amount sent.

When performing credit card type transaction testing with your testing SID, the following card details can be used:

Field Value
Card Number 4111111111111111
Card Type visa
CVV 123
Expiry Date 01/2022
Card name Tester
Field Value
Card Number 5555555555554444
Card Type mastercard
CCV 1234
Expiry Date 01/2022
Card name Tester

The following transaction amounts can be used to test different transaction results with your testing SID.

Total Amount Description
$*.01 Non 3D Secure transactions with Gateway error
$*.03 PENDING transaction
$*.12 Non 3D Secure transactions with Decline message
$*.13 3D Secure transaction with a Decline message
$*.15 3D Secure transaction with a Gateway Failed message
any amount between $*.15 and $*.20 Approved 3D Secure transaction

You will be able to view the results of your testing transactions in TxProcess UAT by searching for them on the Browse Transactions page with your testing SID as a search item.

Other documentation

Link to old documentation here.