Card-Present Processing Using the Simple Order API

(1)

Title Page

Card-Present Processing

Using the Simple Order API

Supplement to Credit Card Services

Using the Simple Order API

(2)

CyberSource Contact Information

For general information about our company, products, and services, go to

http://www.cybersource.com.

For sales questions about any CyberSource Service, email [email protected] or call 650-432-7350 or 888-330-2300 (toll free in the United States).

For support information about any CyberSource Service, visit the Support Center at

http://www.cybersource.com/support.

Copyright

© 2015 CyberSource Corporation. All rights reserved. CyberSource Corporation ("CyberSource") furnishes this document and the software described in this document under the applicable agreement between the reader of this document ("You") and CyberSource ("Agreement"). You may use this document and/or software only in accordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the information contained in this document is subject to change without notice and therefore should not be interpreted in any way as a guarantee or warranty by CyberSource. CyberSource assumes no responsibility or liability for any errors that may appear in this document. The copyrighted software that accompanies this document is licensed to You for use only in strict accordance with the Agreement. You should read the Agreement carefully before using the software. Except as permitted by the Agreement, You may not reproduce any part of this document, store this document in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written consent of CyberSource.

Restricted Rights Legends

For Government or defense agencies. Use, duplication, or disclosure by the Government or defense agencies is subject to restrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and in similar clauses in the FAR and NASA FAR Supplement.

For civilian agencies. Use, reproduction, or disclosure is subject to restrictions set forth in subparagraphs (a) through (d) of the Commercial Computer Software Restricted Rights clause at 52.227-19 and the limitations set forth in CyberSource Corporation's standard commercial agreement for this software. Unpublished rights reserved under the copyright laws of the United States.

Trademarks

CyberSource, The Power of Payment, CyberSource Payment Manager, CyberSource Risk Manager,

CyberSource Decision Manager, CyberSource Connect, Authorize.Net, and eCheck.net are trademarks and/or service marks of CyberSource Corporation. All other brands and product names are trademarks or registered trademarks of their respective owners.

(3)

CONTENTS

Recent Revisions to This Document

5 About This Guide

6

Audience and Purpose 6

Conventions 6

Chapter 1 Introduction to Card-Present Transactions

8

Supported Processors 8

Prerequisites 9

Chapter 2 Optional Features

10

Europay, MasterCard, Visa (EMV) 10

EMV Cards and Cardholder Verification Methods (CVMs) 11

EMV Transactions 11

Encryption 12

Payment Network Tokenization 15

Appendix A

API Fields

16

XML Schema Versions 16

Formatting Restrictions 17

(4)

Contents

Appendix B

Examples

39

Name-Value Pair Examples 39

Sale Using Swiped Track Data 39

Sale Using Keyed Data 40

Sale Using EMV Technology with a Contact Read 41

Sale Using EMV Technology with a Contactless Read 42

Authorization Using Point-to-Point Encryption 43

XML Examples 44

Sale Using Swiped Track Data 44

Sale Using Keyed Data 46

Sale Using EMV Technology with a Contact Read 48

Sale Using EMV Technology with a Contactless Read 50

(5)

RE

VISIONS

Recent Revisions to This

Document

Release Changes

May 2015 All processors that support encryption: updated the information about devices and device reader data values. See "Encryption," page 12.

FDC Nashville Global: added note that forced captures are not supported for EMV transactions. See "Europay, MasterCard, Visa (EMV)," page 10. April 2015 All processors that support encryption: updated the device reader data in

"Encryption," page 12.

FDC Nashville Global: added support for EMV. See "Europay, MasterCard, Visa (EMV)," page 10.

TSYS Acquiring Solutions: added support for the pos_catLevel field for transactions from mobile devices. See "General Card-Present Request Fields," page 23.

March 2015 All processors that support encryption:

 Updated the device reader data in "Encryption," page 12.

 Updated the description of the pos_encodingMethod field in "P2PE Request Fields (Recommended)," page 18.

December 2014 All processors: changed the retail and retail POS terminology to card present. All processors that support encryption:

 Added a transaction flow diagram. See "Encryption," page 12.  Updated the device reader data in "Encryption," page 12.  Added P2PE examples. See "Authorization Using Point-to-Point

Encryption," page 43 (NVP), and "Authorization Using Point-to-Point Encryption," page 52 (XML).

JCN Gateway: added salesSlipNumber reply field in Table 13, "Reply Fields," on page 38.

May 2014 CyberSource through VisaNet: added new possible values for the MasterCard payment initiation channel. See paymentInitiationChannel in "General

(6)

Card-ABOUT GUIDE

About This Guide

Audience and Purpose

This guide is written for application developers who want to use the CyberSource Simple Order API to integrate credit card processing with card-present data into their order management system.

Implementing the CyberSource credit card services requires software development skills. You must write code that uses the API request and reply fields to integrate the credit card services into your existing order management system.

Conventions

The following special statements are used in this document:

The following text conventions are used in this document:

Note

A Note contains helpful suggestions or references to material not contained in this document.

Important

An Important statement contains information essential to successfully completing a task or learning a concept.

Table 1 Text Conventions

Convention Meaning

boldface  API field names  API service names

 Graphical user interface elements that you must act upon

(7)

About This Guide

Customer Support

For support information about any CyberSource service, visit the Support Center:

(8)

CH

APTER

1

Introduction to

Card-Present Transactions

This addendum to Credit Card Services Using the Simple Order API describes card-present processing with CyberSource.

Supported Processors

CyberSource supports card-present credit card transactions for the processors shown in the following table.

Table 2 Processors that CyberSource Supports for Card-Present Transactions

Processor EMV Magnetic

Stripe American Express Direct—supports card-present

processing only for merchants in the U.S. who are doing business in U.S. dollars.

No Yes

Chase Paymentech Solutions No Yes

CyberSource through VisaNet No Yes

FDC Nashville Global Yes Yes

FDMS Nashville No Yes

GPN No Yes

Litle No Yes

RBS WorldPay Atlanta No Yes

(9)

Chapter 1 Introduction to Card-Present Transactions

Prerequisites

Before you start your implementation:

 Contact your acquirer to find out whether you are allowed to process card-present transactions.

 Find out from your acquirer and CyberSource Customer Support whether you must have a separate CyberSource merchant ID for your card-present transactions.

 Contact CyberSource Customer Support to have your account configured to process card-present transactions.

 For point-to-point encryption (P2PE), you must use an approved device. See

"Encryption," page 12.

 Make sure that you are familiar with the CyberSource Simple Order API for processing e-commerce and mail order/telephone order (MOTO) transactions as described in Credit Card Services Using the Simple Order API. The request and reply fields for card-present transactions are very similar to the request and reply fields for e-commerce/MOTO transactions.

Table 3 Card-Present Fields in Service Requests and Replies Service Request Description

Authorization request A card-present authorization request includes additional fields and several existing authorization request fields have different requirements when the request is for a card-present transaction. Authorization reply A card-present authorization reply includes the same fields that

are included for an e-commerce/MOTO transaction.

Capture request For all processors except CyberSource through VisaNet, a card-present capture request includes the same fields that are included for an e-commerce/MOTO transaction. For CyberSource through VisaNet:

 A card-present capture request for a restaurant transaction requires additional fields. See the tables of request fields in

Appendix A, "API Fields," on page 16.

 For non-restaurant transactions, a card-present capture request includes the same fields that are included for an e-commerce/MOTO transaction.

(10)

CH

APTER

2

Optional Features

Europay, MasterCard, Visa (EMV)

Services:  Authorization  Authorization reversal  Capture  Credit Processor:  FDC Nashville Global Card Types:  Contact:  American Express  Diners Club  Discover  JCB  MasterCard  Visa  Contactless:

 American Express ExpressPay

 Diners Club  Discover  JCB  MasterCard PayPass  Visa payWave Note

(11)

Chapter 2 Optional Features

EMV (Europay, MasterCard, Visa) is a global standard for exchanging information between chip cards and POS terminals. A chip card is a credit or debit card with an embedded microchip. A chip card also has a magnetic stripe on the back of the card, which can be used for a back-up transaction when the card’s chip cannot be read. The EMV standards define the protocols for all levels of transmission between chip cards and chip card processing devices: physical, electrical, data, and application.

EMV Cards and Cardholder Verification

Methods (CVMs)

FDC Nashville Global supports EMV cards that are chip-and-signature cards. For these cards, a signature is the only CVM.

EMV Transactions

EMV transactions are more secure from fraud than are magnetic stripe transactions, which require a visual inspection of the card. Chip-and-PIN cards are more secure from fraud than chip-and-signature cards. When an EMV chip card is used in a POS

environment, it generates a cryptogram that changes with each transaction. This dynamic authentication provides an extra layer of security for POS transactions.

For an EMV transaction, use the fields documented in "EMV Request Fields," page 19. The following fields and values are specifically for EMV:

 Request fields:

 emvRequest_cardSequenceNumber

 emvRequest_combinedTags

 Reply field:

 emvReply_combinedTags

 Values for pos_entryMode:

Note

When you use the Simple Order API in XML format, you must use version 1.86 or later of the XML schema to implement EMV.

(12)

Encryption

Services:

 Authorization

Processor:

 All processors that are supported for card-present transactions

The following diagram illustrates the steps in a transaction that uses encryption.

1 You send authentication data to your mobile device management (MDM) application to ensure that the user and the device have the required permissions. Your MDM application sends authentication credentials to the device.

2 The card is keyed, swiped, or read. The device generates an encrypted payload and sends it to your server along with the authentication credentials that were created in Step 1.

3 Your server creates a request message and uses the CyberSource API to send the message to CyberSource.

4 CyberSource sends a reply message to your server. The message indicates whether the request succeeded or failed.

5 Your server processes the information in the reply message. The device displays the status of the transaction.

Note

When you use the Simple Order API in XML format, you must use version 1.86 or later of the XML schema to use encryption.

(13)

CyberSource provides Derived Unique Key Per Transaction (DUKPT) keys to device manufacturers which they inject into their card readers. To encrypt sensitive transaction data, the read heads on a CyberSource-supported card reader use DUKPT for key management along with the Triple Data Encryption Standard (3DES or TDES) algorithm for data encryption. When you use a card reader that encrypts sensitive transaction data, you can securely send transactions to CyberSource for decryption and processing. You can reduce your PCI scope with encryption that is implemented correctly.

CyberSource natively supports encrypted output from ID Tech’s Shuttle, UniMag II, SecureKey M100, SecureKey M130, and SREDKey devices. The following table indicates whether swiped entry and keyed entry are supported for each device.

The following tables provide the device reader data values for swiped and keyed entry for each device.

Table 4 Entry Modes Supported by ID Tech Devices ID Tech Device Swiped Entry Keyed Entry

Shuttle Yes No

UniMag II Yes No

M100 No Yes

M130 Yes Yes

SREDKey Yes Yes

Table 5 Device Reader Data Values for Swiped Entry for ID Tech Devices ID Tech Device Base64 Value for

pos_deviceReaderData

Hex Value for

pos_deviceReaderData Shuttle and UniMag II RklEPUlEVEVDSC5VbmlNYWcuQW5

kcm9pZC5TZGt2MQ==

4649443d4944544543482e556e694d61672e4 16e64726f69642e53646b7631

M130 and SREDKey RklEPUlEVEVDSC5TZWN1cmVLZXk uTVNSLlNka3Yx

4649443D4944544543482E5365637572654B6 5792E4D53522E53646B7631

Table 6 Device Reader Data Values for Keyed Entry for ID Tech Devices ID Tech Device Base64 Value for

Hex Value for

pos_deviceReaderData M100, M130, and SREDKey RklEPUlEVEVDSC5TZWN1cmVLZXk uU2RrdjE= 4649443D4944544543482E5365637572654B6 5792E53646B7631

(14)

Perform the following steps to enable CyberSource to process the native output from ID Tech’s Shuttle, UniMag II, M100, M130, and SREDKey devices:

Step 1 Use the following command to instruct the device to output the data in USB human interface device (HID) mode:

Command 02 53 23 01 30 03 40

The device outputs the data as a hex ByteArray.

Step 2 Convert the hex ByteArray to a string representation of the hex ByteArray.

For example, if a hex byte is A1, converting it to an ASCII string results in the asterisk character (*) but converting it to a string representation of the hex byte results in A1.

Step 3 Set the pos_paymentData field to the string representation of the hex ByteArray.

For all other devices, use the CyberSource Common Track Format ID to send encrypted data to CyberSource. To use the Common Track specification, you must receive track 1 or track 2 data from the device, reformat the data, and add redundancy checks. For a copy of the Common Track specification, contact your CyberSource account representative. The following table provides the device reader data values for the CyberSource Common Track Format ID.

You must use hardware injected with Visa cryptography keys. If you have a specific device that you want to use and it is not in the table of supported devices, contact CyberSource Customer Support to learn whether your desired device can be injected with Visa Inc. cryptography keys and certified for use. Visa Inc. cryptography services work with DUKPT key management and 3DES encryption technologies.

For security reasons, you cannot store CyberSource transaction credentials on a mobile device. You can store CyberSource transaction credentials in a secure manner on a file server or a workstation. CyberSource transaction credentials include your merchant ID, transaction security keys, and CyberSource certificates. For information about certificates and security keys, see Creating and Using Security Keys.

To support this security requirement, point-of-sale (POS) devices that use the card encryption capabilities supported by CyberSource do not transact directly with

CyberSource. Instead, POS devices use an application, an intermediate server, or device management software that transacts directly with CyberSource.

Table 7 Device Reader Data Values for CyberSource Common Track Format ID Format ID Base64 Value for

Hex Value for

Common Track RklEPUNPTU1PTi5FbmNyeXB0ZWR

UcmFja3MuU2RrdjE=

4649443d434f4d4d4f4e2e456e637279707465 64547261636b732e53646b7631

(15)

For a transaction that uses encryption, use the fields documented in "P2PE Request Fields (Recommended)," page 18. The following fields are specifically for encryption:

 pos_deviceReaderData

 pos_encodingMethod

 pos_encryptionAlgorithm

 pos_paymentData

For examples of P2PE requests and replies, see:

 Name-value pair examples: "Authorization Using Point-to-Point Encryption," page 43

 XML examples: "Authorization Using Point-to-Point Encryption," page 52

Payment Network Tokenization

Payment network tokenization enables you to request a credit card authorization with a token instead of a primary account number (PAN). For information about adding payment network tokenization functionality to an order management system that already uses CyberSource credit card services, see the Payment Network Tokenization Using the Simple Order API.

(16)

APP

ENDIX

A

API Fields

XML Schema Versions

For general information about the XML schema versions, see Getting Started with CyberSource Advanced for the Simple Order API.The following table specifies the Simple Order API version to use for each processor for clear-text card-present transactions and card-present transactions that use point-to-point encryption (P2PE).

Important

When you send an authorization, authorization reversal, capture, or credit request that includes card-present data, you must include the basic fields required for every authorization, authorization reversal, capture, or credit request. For information about card-not-present fields required for these requests, see Credit Card Services Using the Simple Order API.

Table 8 Simple Order API XML Schema Versions for Card-Present Transactions

Processor Version for P2PE

Transactions

Version for Clear Text Transactions American Express Direct 1.86 or later 1.27 or later

Chase Paymentech Solutions 1.86 or later 1.25 or later CyberSource through VisaNet 1.86 or later 1.69 or later

FDC Nashville Global 1.86 or later 1.24 or later

FDMS Nashville 1.86 or later 1.29 or later

GPN 1.86 or later 1.26 or later

Litle 1.86 or later 1.58 or later

RBS WorldPay Atlanta 1.86 or later 1.48 or later

(17)

Appendix A API Fields

Formatting Restrictions

Unless otherwise noted, all field names are case sensitive and all fields accept special characters such as @, #, and %.

Data Type Definitions

For more information about these data types, see the World Wide Web Consortium (W3C) XML Schema Part 2: Datatypes specification.

Note

The values of the item_#_ fields must not contain carets (^) or colons (:) because these characters are reserved for use by the CyberSource services. Values for request-level and item-level fields must not contain new lines or carriage returns. However, they can contain embedded spaces and any other printable characters. CyberSource removes all leading and trailing spaces.

Data Type Description

Integer Whole number {..., -3, -2, -1, 0, 1, 2, 3, ...}

(18)

P2PE Request Fields

(Recommended)

Table 9 P2PE Request Fields

Field Description Used By:

Required (R) or Optional (O)

Data Type & Length pos_deviceReaderData Data that identifies the card reader. This data

enables CyberSource to parse the data that is in the pos_paymentData field. For possible values, see "Encryption," page 12.

ccAuthService (O) String (512)

pos_encodingMethod Encoding method that was applied to the data in the pos_deviceReaderData and pos_ paymentData fields. When sensitive data must be included in the authorization reply message that CyberSource sends you, CyberSource uses this encoding method to encrypt the sensitive data. Possible values:

 Base64

 Hex

pos_

encryptionAlgorithm

Encryption algorithm that was used to encrypt the data in the pos_paymentData field. Set this value to TDES. See "Encryption," page 12.

pos_paymentData Encrypted payment data from a card reader. See "Encryption," page 12.

(19)

EMV Request Fields

Table 10 EMV Request Fields

Required (R) or Optional (O) Data Type & Length emvRequest_ cardSequenceNumber

Number assigned to a specific card when two or more cards are associated with the same primary account number. This value enables issuers to distinguish among multiple cards that are linked to the same account. This value can also act as a tracking tool when reissuing cards. When this value is available, it is provided by the chip reader. When the chip reader does not provide this value, do not include this field in your request. See "Europay, MasterCard, Visa (EMV)," page 10.

ccAuthService (O) String with numbers only (3)

(20)

emvRequest_ combinedTags

EMV data that is transmitted from the chip card to the issuer, and from the issuer to the chip card. The EMV data is in the tag-length-value format and includes chip card tags, terminal tags, and transaction detail tags. See

"Europay, MasterCard, Visa (EMV)," page 10. For information about the individual tags, see the “Application Specification” section in the EMV 4.3 Specifications: http://emvco.com

Important The following tags contain sensitive information and must not be included in this field:

 56: Track 1 equivalent data  57: Track 2 equivalent data  5A: Application PAN  5F20: Cardholder name

 5F24: Application expiration date  99: Transaction PIN

 9F0B: Cardholder name (extended)  9F1F: Track 1 discretionary data  9F20: Track 2 discretionary data

For information about the individual tags, see the “Application Specification” section in the EMV 4.3 Specifications: http://emvco.com

For captures, this field is required for contact EMV transactions. Otherwise, it is optional. For credits, this field is required for contact EMV stand-alone credits and contactless EMV stand-alone credits. Otherwise, it is optional.

Important For contact EMV captures, contact EMV stand-alone credits, and

contactless EMV stand-alone credits, you must include the following tags in this field. For all other types of EMV transactions, the following tags are optional.

 95: Terminal verification results  9F10: Issuer application data  9F26: Application cryptogram ccAuthService (O) ccAuthReversalService (O) ccCaptureService (See description) ccCreditService (See description) FDC Nashville Global: String (999) Table 10 EMV Request Fields (Continued)

Data Type & Length

(21)

pos_environment Operating environment. Possible values:  0: No terminal used or unknown

environment.

 1: On merchant premises, attended.  2: On merchant premises, unattended, or

cardholder terminal. Examples: oil, kiosks, self-checkout, home computer, mobile telephone, personal digital assistant (PDA). Cardholder terminal is supported only for MasterCard transactions on CyberSource through VisaNet.

 3: Off merchant premises, attended. Examples: portable POS devices at trade shows, at service calls, or in taxis.  4: Off merchant premises, unattended, or

cardholder terminal. Examples: vending machines, home computer, mobile telephone, PDA. Cardholder terminal is supported only for MasterCard transactions on CyberSource through VisaNet.

 5: On premises of cardholder, unattended.  9: Unknown delivery mode.

 S: Electronic delivery of product. Examples: music, software, or eTickets that are downloaded over the internet.

 T: Physical delivery of product. Examples: music or software that is delivered by mail or by a courier.

This field is supported only for American Express Direct and CyberSource through VisaNet.

CyberSource through VisaNet

For MasterCard transactions, the only valid values are 2 and 4.

ccAuthService (O) String (1) Table 10 EMV Request Fields (Continued)

(22)

Clear Text Request Fields

Table 11 Clear Text Request Fields

Data Type & Length pos_serviceCode MasterCard service code that is included in the

track data. You can extract the service code from the track data and provide it in this API field.

This field is supported only for MasterCard and only on CyberSource through VisaNet.

ics_auth (O) String (3)

pos_trackData Card’s track 1 and 2 data. For all processors except FDMS Nashville, this value consists of one of the following:

 Track 1 data  Track 2 data

 Data for both tracks 1 and 2

For FDMS Nashville, this value consists of one of the following:

 Track 1 data

 Data for both tracks 1 and 2

Example: %B4111111111111111^SMITH/ JOHN ^1612101976110000868000000?;41 11111111111111=16121019761186800000? ccAuthService:  FDC Nashville Global: Required if pos_entryMode= contact, contactless, msd, or swiped; otherwise, not used.  All other processors:

Required if pos_ entryMode=

swiped; otherwise, not used.

(23)

General Card-Present Request

Fields

Table 12 General Card-Present Request Fields

billTo_city Credit card billing city. ccAuthService:

 Chase Paymentech Solutions: Optional.  Litle: Optional.  TSYS Acquiring Solutions: Required when ccAuthService_ billPayment=true and pos_ entryMode=keyed.  All other processors:

Not used.

String (50)

billTo_country Credit card billing country. Use the two-character ISO Standard Country Codes.

ccAuthService:  Chase Paymentech Solutions: Optional.  Litle: Optional.  TSYS Acquiring Solutions: Required when ccAuthService_ billPayment=true and pos_ entryMode=keyed.  All other processors:

Not used.

(24)

billTo_email Customer’s email address, including full domain name. Format: [email protected] ccAuthService:  Chase Paymentech Solutions: Optional.  Litle: Optional.  TSYS Acquiring Solutions: Required when ccAuthService_ billPayment=true and pos_ entryMode=keyed.  All other processors:

Not used.

String (255)

billTo_firstName Customer’s first name. Value should match value on card. ccAuthService:  Chase Paymentech Solutions: Optional.  Litle: Optional.  TSYS Acquiring Solutions: Required when ccAuthService_ billPayment=true and pos_ entryMode=keyed.  All other processors:

Not used.

String (60)

billTo_lastName Customer’s last name. Value should match value on card. ccAuthService:  Chase Paymentech Solutions: Optional.  Litle: Optional.  RBS WorldPay Atlanta: Optional.  TSYS Acquiring Solutions: Required when ccAuthService_ billPayment=true and pos_ entryMode=keyed.  All other processors:

Not used.

String (60) Table 12 General Card-Present Request Fields (Continued)

(25)

billTo_phoneNumber Customer’s phone number. CyberSource recommends that you include the country code when order is from outside the U.S.

ccAuthService:  Chase Paymentech Solutions: Optional.  Litle: Optional.  TSYS Acquiring Solutions: Optional.  All other processors:

Not used.

String (15)

billTo_postalCode Postal code for billing address. Postal code must consist of 5 to 9 digits.

When the billing country is U.S., the 9-digit postal code must follow this format: [5 digits][dash][4 digits]

Example: 12345-6789

When the billing country is Canada, the 6-digit postal code must follow this format:

[alpha][numeric][alpha][space][numeric][alpha] [numeric] Example: A1B 2C3 ccAuthService:  FDMS Nashville: Required if pos_ entryMode=keyed

and the address is in the U.S. or Canada. Optional if pos_ entryMode=keyed

and the address is not in the U.S. or Canada. Not used if swiped.

 RBS WorldPay Atlanta: For best card-present keyed rates, send the postal code if pos_ entryMode=keyed.  TSYS Acquiring Solutions: Required when ccAuthService_ billPayment=true and pos_ entryMode=keyed.  All other processors:

Optional.

(26)

billTo_state Credit card billing state or province. Use State, Province, and Territory Codes for the United States and Canada.

ccAuthService:  Chase Paymentech Solutions: Optional.  Litle: Optional.  TSYS Acquiring Solutions: Required when ccAuthService_ billPayment=true and pos_ entryMode=keyed.  All other processors:

Not used.

String (2)

billTo_street1 Credit card billing street address as it appears in credit card issuer’s records.

FDMS Nashville:

When the street name is numeric, it must be sent in numeric format. For example, if the address is One First Street, it must be sent as 1 1st Street.

ccAuthService:  FDMS Nashville:

Required if keyed; Not used if swiped.  TSYS Acquiring Solutions: Required when ccAuthService_ billPayment=true and pos_ entryMode=keyed.  All other processors:

Optional. FDMS Nashville: String (20) All other processors: String (60)

billTo_street2 Used for additional address information. For example:

Attention: Accounts Payable

FDMS Nashville:

billTo_street1 and billTo_street2 together cannot exceed 20 characters.

ccAuthService (O) FDMS Nashville: String (20) All other processors: String (60) card_accountNumber Customer’s credit card number. ccAuthService:

 FDMS Nashville: Required.

 All other processors: Required if pos_ entryMode=keyed. FDMS Nashville: String with numbers only (19) All other processors: String with numbers only (20) Table 12 General Card-Present Request Fields (Continued)

(27)

card_cardType Type of card to authorize. Possible values:  001: Visa  002: MasterCard  003: American Express  004: Discover  005: Diners Club  006: Carte Blanche  007: JCB ccAuthService (Required for Carte Blanche and JCB. Optional for other card types.)

Important

CyberSource strongly recommends that you send the card type even when it is optional for your processor and card type. Omitting the card type can cause the transaction to be processed with the wrong card type.

String (3)

card_cvIndicator Indicates whether a CVN code was sent. Possible values:

 0 (default): CVN service not requested. CyberSource uses this default when you do not include card_cvNumber in the request.  1 (default): CVN service requested and

supported. CyberSource uses this default when you include card_cvNumber in the request.

 2: CVN on credit card is illegible.  9: CVN not imprinted on credit card.

ccAuthService:  FDMS Nashville: Required for American Express. Otherwise, optional.  TSYS Acquiring Solutions: Optional if pos_entryMode= keyed. Otherwise, not used.

 All other processors: Optional.

String with numbers only (1)

card_cvNumber CVN. See CVN information in Credit Card Services Using the Simple Order API.

ccAuthService:  FDMS Nashville: Required for American Express or if swiped. Otherwise, optional.  TSYS Acquiring Solutions: Optional if String with numbers only (4) Table 12 General Card-Present Request Fields (Continued)

(28)

card_expirationMonth Two-digit month in which credit card expires. Format: MM.

Possible values: 01 through 12. Leading 0 is required.

Required.

 All other processors: Required if pos_ entryMode=keyed.

String (2)

card_expirationYear Four-digit year in which credit card expires. Format: YYYY.

Required.

 All other processors: Required if pos_ entryMode=keyed.

String (4)

ccAuthService_ billPayment

Indicates payment for bill or payment towards existing contractual loan. For information about Visa Bill Payments and Visa Debt

Repayments, see Credit Card Services Using the Simple Order API. Possible values:  true: Bill payment or loan payment.  false (default): Not a bill payment or loan

payment.

ccAuthService_ commerceIndicator

Type of transaction. For a card-present transaction, you must set this field to retail.

ccAuthService (R) String (13) ccAuthService_run Set to true to request credit card

authorization.

ccAuthService (R) String (255)

ccCaptureService_ industryDatatype

Indicates whether the transaction includes restaurant data. You must set this field to

restaurant in order for restaurant data to be sent to the processor.

When this field is not set to restaurant or is not included in the request, CyberSource does not send restaurant data to the processor.

Restaurant data is supported only for CyberSource through VisaNet.

ccCaptureService (Required for restaurant transactions)

(29)

extendedCreditTotal Count

Number of months the cardholder can use to pay for the purchase. You can use this field when offering extended credit to a cardholder at a retail location. The cardholder provides this value. The issuer pays you for the purchase in one payment, and then the cardholder pays the issuer in the number of monthly payments specified by this value.

Note This field is supported only for acquirers in South Africa and only for CyberSource through VisaNet.

gratuityAmount Gratuity or tip amount for restaurants when the card is present. Allowed only when

ccCaptureService_

industryDatatype=restaurant. When your customer uses a debit card or prepaid card, and you receive a partial authorization, the payment networks

recommend that you do not submit a capture amount that is higher than the authorized amount. When the capture amount exceeds the partial amount that was approved, the issuer has chargeback rights for the excess amount. For information about partial

authorizations, see Credit Card Services Using the Simple Order API.

Restaurant data is supported only for CyberSource through VisaNet.

ccCaptureService (O) Numeric (12)

item_#_productCode Type of product. This value is used to identify the product category (electronic, handling, physical, service, or shipping). The default value is default. For a list of valid values, see the information about product codes in

Credit Card Services Using the Simple Order API.

When this field is not set to default or one of the values related to shipping and/or

ccAuthService (O) String (30) Table 12 General Card-Present Request Fields (Continued)

(30)

item_#_productName Required when item_#_productCode is not

default or one of the values related to shipping and/or handling.

ccAuthService (See description)

String (30)

item_#_productSKU Product identifier code. Required when item_ #_productCode is not default or one of the values related to shipping and/or handling.

String (15)

item_#_quantity Default is 1. Required when item_#_ productCode is not default or one of the values related to shipping and/or handling.

Integer (10)

item_#_taxAmount Total tax to apply to the product. This value cannot be negative. The tax amount and the unit price must be in the same currency. The tax amount field is additive. The following example uses a two-exponent currency such as USD:

1 You include the following items in your request: item_0_unitPrice=10.00 item_0_quantity=1 item_0_taxAmount=0.80 item_1_unitPrice=20.00 item_1_quantity=1 item_1_taxAmount=1.60

2 The total amount authorized will be 32.40, not 30.00 with 2.40 of tax included.

If you want to include item_#_taxAmount and also request the taxService service, see Tax Calculation Service Using the Simple Order API.

item_#_unitPrice Per-item price of the product. You must include either this field or purchaseTotals_

grandTotalAmount in your request. This value cannot be negative. For information about items and grand totals, see Getting Started with CyberSource Advanced for the Simple Order API.

You can include a decimal point (.) in the value for this field, but you cannot include any other special characters. CyberSource truncates the amount to the correct number of decimal places. ccAuthService (See description) For GPN: String (10) All other processors: String (15)

merchantID Your CyberSource merchant ID. ccAuthService (R) String (30)

Table 12 General Card-Present Request Fields (Continued)

(31)

merchantReference Code

Merchant-generated order reference or tracking number. CyberSource recommends that you send a unique value for each

transaction so that you can perform meaningful searches for the transaction. For information about tracking orders, see Getting Started with CyberSource Advanced for the Simple Order API.

FDC Nashville Global:

This value must be numeric and must be less than 9 digits. When you do not send a valid value, CyberSource creates one for you. However, the value is not returned to you, so you cannot use the merchant reference number to track the order.

ccAuthService (R) String (50) Table 12 General Card-Present Request Fields (Continued)

(32)

paymentInitiation Channel

MasterCard-defined code that indicates how the account information was obtained. Possible values:

 00 (default): Card

 01: Removable secure element that is personalized for use with a mobile phone and controlled by the wireless service provider; examples: subscriber identity module (SIM), universal integrated circuit card (UICC)

 02: Key fob  03: Watch  04: Mobile tag  05: Wristband

 06: Mobile phone case or sleeve  07: Mobile phone with a non-removable,

secure element that is controlled by the wireless service provider

 08: Removable secure element that is personalized for use with a mobile phone and not controlled by the wireless service provider; example: memory card

 09: Mobile phone with a non-removable, secure element that is not controlled by the wireless service provider

 10: Removable secure element that is personalized for use with a tablet or e-book and is controlled by the wireless service provider; examples: subscriber identity module (SIM), universal integrated circuit card (UICC)

 11: Tablet or e-book with a non-removable, secure element that is controlled by the wireless service provider

 12: Removable secure element that is personalized for use with a tablet or e-book and is not controlled by the wireless service provider

 13: Tablet or e-book with a non-removable, secure element that is not controlled by the wireless service provider

This field is supported only for MasterCard and only for CyberSource through VisaNet.

(33)

pos_cardPresent Indicates whether the card is present at the time of the retail transaction. Possible values:  N: Card is not present.

 Y: Card is present.

ccAuthService:

 FDMS Nashville: Not used.

 All other processors: Required.

String (1)

pos_catLevel Type of cardholder-activated terminal. Possible values:

 1: Automated dispensing machine  2: Self-service terminal

 3: Limited amount terminal

 4: In-flight commerce (IFC) terminal  5: Radio frequency device

 6: Mobile acceptance terminal  7: Electronic cash register

 8: E-commerce device at your location  9: Terminal or cash register that uses a

dial-up connection to connect to the transaction processing network

Chase Paymentech Solutions

Only values 1, 2, and 3 are supported.

Values 1 through 6 are supported on CyberSource through VisaNet, but some acquirers do not support all six values.

FDC Nashville Global

Only values 7, 8, and 9 are supported.

TSYS Acquiring Solutions

Only value 6 is supported.

ccAuthService:  Chase Paymentech Solutions: Required if pos_terminalID is included in the request. Otherwise, optional.  CyberSource through VisaNet: Optional.  FDC Nashville

Global: Optional for EMV transactions. Otherwise, not used.  TSYS Acquiring

Solutions: Required for transactions from mobile devices. Otherwise, not used.  All other processors:

Not used.

Nonnegative integer (1) Table 12 General Card-Present Request Fields (Continued)

(34)

pos_entryMode Method of entering credit card information into the POS terminal. Possible values:

 contact: Read from direct contact with chip card.

 contactless: Read from a contactless interface using chip data.

 keyed: Manually keyed into POS terminal.  msd: Read from a contactless interface

using magnetic stripe data (MSD).  swiped: Read from credit card magnetic

stripe.

The contact, contactless, and msd

values are supported only for EMV

transactions. See "Europay, MasterCard, Visa (EMV)," page 10.

ccAuthService (R) String (11)

pos_terminalCapability POS terminal’s capability. Possible values:  1: Terminal has a magnetic stripe reader

only.

 2: Terminal has a magnetic stripe reader and manual entry capability.

 3: Terminal has manual entry capability only.

 4: Terminal can read chip cards.

 5: Terminal can read contactless chip cards. The values of 4 and 5 are supported only for EMV transactions. See "Europay, MasterCard, Visa (EMV)," page 10.

ccAuthService:  American Express Direct: Required.  Chase Paymentech Solutions: Required.  CyberSource through VisaNet: Optional.  FDC Nashville Global: Required.  FDMS Nashville: Required.  GPN: Not used.  Litle: Required.  RBS WorldPay Atlanta: Optional.  TSYS Acquiring Solutions: Optional. Integer (1) Table 12 General Card-Present Request Fields (Continued)

(35)

pos_terminalID Identifier for the terminal at your retail location. You can define this value yourself, but consult the processor for requirements.

A list of all possible values is stored in your CyberSource account and the value you send for this field is validated against the list each time you include the field in your request. When you do not include this field in your request, CyberSource uses the default value that is defined in your CyberSource account.

FDC Nashville Global

To have your account configured to support this field, contact CyberSource Customer Support. This value must be a value that FDC Nashville Global issued to you.

ccAuthService:  American Express

Direct: Optional. If not provided, CyberSource uses the value in your CyberSource account.

 Chase Paymentech Solutions: Optional. If you include this field in your request, you must also include pos_catLevel.  CyberSource through VisaNet: Optional.  FDC Nashville Global: Optional. If not provided, CyberSource uses the value in your CyberSource account.

 FDMS Nashville: CyberSource uses the value in your CyberSource account.  GPN: Not used.  Litle: Not used.  RBS WorldPay

Atlanta: Not used.  TSYS Acquiring

Solutions: Not used.

(36)

pos_

terminalIDAlternate

Identifier for an alternate terminal at your retail location. You define the value for this field. This field is supported only for MasterCard transactions on FDC Nashville Global. Use the pos_terminalID field to identify the main terminal at your retail location. If your retail location has multiple terminals, use this pos_ terminalIDAlternate field to identify the terminal used for the transaction.

This field is a pass-through, which means that CyberSource does not check the value or modify the value in any way before sending it to the processor.

ccAuthService:  FDC Nashville

Global: Optional for MasterCard transactions. Otherwise, not used.  All other processors:

Not used.

String (8)

purchaseTotals_ currency

Currency used for order. For possible values, see ISO Standard Currency Codes.

ccAuthService (R) String (5) purchaseTotals_

grandTotalAmount

Grand total for the order. You must include either this field or item_#_unitPrice in your request. For information about items and grand totals, Getting Started with CyberSource Advanced for the Simple Order API.

String (15)

shipTo_city City of shipping address. ccAuthService

(Required if any shipping address information is included in the request and shipping to the U.S. or Canada. Otherwise, optional.)

String (50)

shipTo_country Country of shipping address. Use the two-character ISO Standard Country Codes.

ccAuthService (Required if any shipping address information is included in the request. Otherwise, optional.) String (2)

shipTo_firstName First name of the person receiving the shipment.

ccAuthService (O) String (60) shipTo_lastName Last name of the person receiving the

shipment.

(37)

shipTo_postalCode Postal code for the shipping address. The postal code must consist of 5 to 9 digits. When the shipping country is the U.S., the 9-digit postal code must follow this format: [5 digits][dash][4 digits]

Example: 12345-6789

When the shipping country is Canada, the 6-digit postal code must follow this format: [alpha][numeric][alpha][space][numeric][alpha] [numeric] Example: A1B 2C3 ccAuthService (Required if any shipping address information is included in the request and shipping to the U.S. or Canada. Otherwise, optional.)

String (10)

shipTo_state State or province to ship the product to. Use the State, Province, and Territory Codes for the United States and Canada.

ccAuthService (Required if any shipping address information is included in the request and shipping to the U.S. or Canada. Otherwise, optional.)

String (2)

shipTo_street1 First line of shipping address. ccAuthService (Required if any shipping address information is included in the request. Otherwise, optional.) String (60)

shipTo_street2 Second line of shipping address. ccAuthService (O) String (60) transactionLocalDate

Time

Date and time at your physical location. Format: YYYYMMDDhhmmss, where YYYY = year MM = month DD = day hh = hour mm = minutes ss = seconds

(38)

Reply Fields

Table 13 Reply Fields

Field Description Returned By Data Type

& Length emvReply_

combinedTags

EMV data that is transmitted from the chip card to the issuer, and from the issuer to the chip card. The EMV data is in the tag-length-value format and includes chip card tags, terminal tags, and transaction detail tags. See "Europay, MasterCard, Visa (EMV)," page 10.

Note For information about the individual tags, see the “Application Specification” section in the EMV 4.3 Specifications: http://emvco.com

ccAuthReply ccAuthReversalReply FDC Nashville Global: String (999)

salesSlipNumber Transaction identifier that CyberSource generates. You have the option of printing the sales slip number on the receipt.

This field is supported only for JCN Gateway.

(39)

APP

ENDIX

B

Examples

Name-Value Pair Examples

Sale Using Swiped Track Data

Example 1 Request Message: Sale Using Swiped Track Data merchantID=JanesPlants merchantReferenceCode=ABC123 purchaseTotals_currency=usd purchaseTotals_grandTotalAmount=75.00 pos_entryMode=swiped pos_cardPresent=Y pos_terminalCapability=2 pos_trackData=%B4111111111111111^SMITH/BETTY^16121200123456789012** XXX******?*;4111111111111111=16121200XXXX00000000?* ccAuthService_run=true ccAuthService_commerceIndicator=retail ccCaptureService_run=true

Example 2 Reply Message: Sale Using Swiped Track Data merchantReferenceCode=ABC123 requestID=0305782650000167905080 decision=ACCEPT reasonCode=100 purchaseTotals_currency=usd ccAuthReply_reasonCode=100 ccAuthReply_amount=75.00 ccAuthReply_authorizationCode=831000 ccAuthReply_avsCode=2 ccAuthReply_processorResponse=00

(40)

Appendix B Examples

Sale Using Keyed Data

Example 3 Request Message: Sale Using Keyed Data merchantID=JanesPlants merchantReferenceCode=ABC123 purchaseTotals_currency=usd purchaseTotals_grandTotalAmount=75.00 pos_entryMode=keyed pos_cardPresent=Y pos_terminalCapability=2 card_accountNumber=4111111111111111 card_expirationMonth=12 card_expirationYear=2016 card_cardType=001 ccAuthService_run=true ccAuthService_commerceIndicator=retail ccCaptureService_run=true

Example 4 Reply Message: Sale Using Keyed Data merchantReferenceCode=ABC123 requestID=0305782650000167905080 decision=ACCEPT reasonCode=100 purchaseTotals_currency=usd ccAuthReply_reasonCode=100 ccAuthReply_amount=75.00 ccAuthReply_authorizationCode=831000 ccAuthReply_avsCode=2 ccAuthReply_processorResponse=00 ccAuthReply_reconciliationID=1094820975023470 ccAuthReply_paymentNetworkTransactionID=0412MCCNYJPWY ccAuthReply_cardCategory=J1 ccAuthReply_cardGroup=0 ccCaptureReply_reasonCode=100 ccCaptureReply_amount=75.00 ccCaptureReply_reconciliationID=1094820975023470 receiptNumber=260371

(41)

Sale Using EMV Technology with a

Contact Read

Example 5 Request Message: Sale Using EMV Technology with a Contact Read merchantID=JanesPlants merchantReferenceCode=ABC123 purchaseTotals_currency=usd purchaseTotals_grandTotalAmount=75.00 pos_entryMode=contact pos_cardPresent=Y pos_terminalCapability=4 pos_trackData=%B4111111111111111^SMITH/BETTY^16121200123456789012** XXX******?*;4111111111111111=16121200XXXX00000000?* ccAuthService_run=true ccAuthService_commerceIndicator=retail ccCaptureService_run=true emvRequest_combinedTags=9F3303204000950500000000009F3704518823719F100 706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A020 8409A030006219F02060000000020005F2A0208409F0306000000000000 emvRequest_cardSequenceNumber=001

Example 6 Reply Message: Sale Using EMV Technology with a Contact Read merchantReferenceCode=ABC123 requestID=0305782650000167905080 decision=ACCEPT reasonCode=100 purchaseTotals_currency=usd ccAuthReply_reasonCode=100 ccAuthReply_amount=75.00 ccAuthReply_authorizationCode=831000 ccAuthReply_avsCode=2 ccAuthReply_processorResponse=00 ccAuthReply_reconciliationID=1094820975023470 ccAuthReply_paymentNetworkTransactionID=0412MCCNYJPWY ccAuthReply_cardCategory=J1 ccAuthReply_cardGroup=0 ccCaptureReply_reasonCode=100 ccCaptureReply_amount=75.00 ccCaptureReply_reconciliationID=1094820975023470 receiptNumber=260371 emvReply_combinedTags=9F3303204000950500000000009F3704518823719F100 706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A020

(42)

Sale Using EMV Technology with a

Contactless Read

Example 7 Request Message: Sale Using EMV Technology with a Contactless Read merchantID=JanesPlants merchantReferenceCode=ABC123 purchaseTotals_currency=usd purchaseTotals_grandTotalAmount=75.00 pos_entryMode=contactless pos_cardPresent=Y pos_terminalCapability=5 pos_trackData=%B4111111111111111^SMITH/BETTY^16121200123456789012** XXX******?*;4111111111111111=16121200XXXX00000000?* ccAuthService_run=true ccAuthService_commerceIndicator=retail ccAuthService_captureDate=0823 ccCaptureService_run=true emvRequest_combinedTags=9F3303204000950500000000009F3704518823719F100 706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A020 8409A030006219F02060000000020005F2A0208409F0306000000000000 emvRequest_cardSequenceNumber=001

Example 8 Reply Message: Sale Using EMV Technology with a Contactless Read merchantReferenceCode=ABC123 requestID=0305782650000167905080 decision=ACCEPT reasonCode=100 purchaseTotals_currency=usd ccAuthReply_reasonCode=100 ccAuthReply_amount=75.00 ccAuthReply_authorizationCode=831000 ccAuthReply_avsCode=2 ccAuthReply_processorResponse=00 ccAuthReply_reconciliationID=1094820975023470 ccAuthReply_paymentNetworkTransactionID=0412MCCNYJPWY ccAuthReply_cardCategory=J1 ccAuthReply_cardGroup=0 ccCaptureReply_reasonCode=100 ccCaptureReply_amount=75.00 ccCaptureReply_reconciliationID=1094820975023470 receiptNumber=852734 emvReply_combinedTags=9F3303204000950500000000009F3704518823719F100 706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A020 8409A030006219F02060000000020005F2A0208409F0306000000000000

(43)

Authorization Using Point-to-Point Encryption

Example 9 Request Message: Authorization Using Point-to-Point Encryption ccAuthService_commerceIndicator=retail ccAuthService_run=true merchantID=myMerchantID123 merchantReferenceCode=9876 pos_cardPresent=y pos_deviceReaderData=4649443D4944544543482E556E694D61672E416E64726F6 9642E53646B7631 pos_encodingMethod=Hex pos_encryptionAlgorithm=TDES pos_entryMode=swiped pos_paymentData=02d700801f3c20008383252a363031312a2a2a2a2a2a2a2a303030 395e46444d53202020202020202020202020202020202020202020205e323231322a 2a2a2a2a2a2a2a3f2a3b363031312a2a2a2a2a2a2a2a303030393d323231322a2a2a 2a2a2a2a2a3f2a7a75ad15d25217290c54b3d9d1c3868602136c68d339d52d984233 91f3e631511d548fff08b414feac9ff6c6dede8fb09bae870e4e32f6f462d6a75fa0 a178c3bd18d0d3ade21bc7a0ea687a2eef64551751e502d97cb98dc53ea55162cdfa 395431323439323830303762994901000001a000731a8003 pos_terminalCapability=2 purchaseTotals_currency=USD purchaseTotals_grandTotalAmount=30.00

Example 10 Reply Message: Authorization Using Point-to-Point Encryption ccAuthReply_amount=30.00 ccAuthReply_authorizationCode=888888 ccAuthReply_avsCode=1 ccAuthReply_processorResponse=100 ccAuthReply_reasonCode=100 ccAuthReply_reconciliationID=64709061YTHMP2LF decision=ACCEPT merchantReferenceCode=9876 purchaseTotals_currency=USD reasonCode=100 requestID=3965463790780176056470

(44)

XML Examples

Sale Using Swiped Track Data

Example 11 Request Message: Sale Using Swiped Track Data

<requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.86"> <merchantID>JanesPlants</merchantID> <merchantReferenceCode>ABC123</merchantReferenceCode> <purchaseTotals> <currency>usd</currency> <grandTotalAmount>75.00</grandTotalAmount> </purchaseTotals> <pos> <entryMode>swiped</entryMode> <cardPresent>Y</cardPresent> <terminalCapability>2</terminalCapability> <trackData>%B4111111111111111^SMITH/BETTY^16121200123456789012**XXX******?*; 4111111111111111=16121200XXXX00000000?*</trackData> </pos> <ccAuthService run="true"> <commerceIndicator>retail</commerceIndicator> </ccAuthService> <ccCaptureService run="true"/> </requestMessage>

(45)

Example 12 Reply Message: Sale Using Swiped Track Data

<c:replyMessage xmlns:c="urn:schemas-cybersource-com:transaction-data-1.86"> <c:merchantReferenceCode>ABC123</c:merchantReferenceCode> <c:requestID>0305782650000167905080</c:requestID> <c:decision>ACCEPT</c:decision> <c:reasonCode>100</c:reasonCode> <c:purchaseTotals> <c:currency>usd</c:currency> </c:purchaseTotals> <c:ccAuthReply> <c:reasonCode>100</c:reasonCode> <c:amount>75.00</c:amount> <c:authorizationCode>831000</c:authorizationCode> <c:avsCode>2</c:avsCode> <c:processorResponse>00</c:processorResponse> <c:reconciliationID>1094820975023470</c:reconciliationID> <c:paymentNetworkTransactionID>0412MCCNYJPWY</c:paymentNetworkTransactionID> <c:cardCategory>J1</c:cardCategory> <c:cardGroup>0</c:cardGroup> </c:ccAuthReply> <c:ccCaptureReply> <c:reasonCode>100</c:reasonCode> <c:amount>75.00</c:amount> <c:reconciliationID>1094820975023470</c:reconciliationID> </c:ccCaptureReply> <c:receiptNumber>260371</c:receiptNumber> </c:replyMessage>

(46)

Sale Using Keyed Data

Example 13 Request Message: Sale Using Keyed Data

<requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.86"> <merchantID>JanesPlants</merchantID> <merchantReferenceCode>ABC123</merchantReferenceCode> <purchaseTotals> <currency>usd</currency> <grandTotalAmount>75.00</grandTotalAmount> </purchaseTotals> <pos> <entryMode>keyed</entryMode> <cardPresent>Y</cardPresent> <terminalCapability>2</terminalCapability> </pos> <card> <accountNumber>4111111111111111</accountNumber> <expirationMonth>12</expirationMonth> <expirationYear>2016</expirationYear> <cardType>001</cardType> </card> <ccAuthService run="true"> <commerceIndicator>retail</commerceIndicator> </ccAuthService> <ccCaptureService run="true"/> </requestMessage>

(47)

Example 14 Reply Message: Sale Using Keyed Data

<c:replyMessage xmlns:c="urn:schemas-cybersource-com:transaction-data-1.86"> <c:merchantReferenceCode>ABC123</c:merchantReferenceCode> <c:requestID>0305782650000167905080</c:requestID> <c:decision>ACCEPT</c:decision> <c:reasonCode>100</c:reasonCode> <c:purchaseTotals> <c:currency>usd</c:currency> </c:purchaseTotals> <c:ccAuthReply> <c:reasonCode>100</c:reasonCode> <c:amount>75.00</c:amount> <c:authorizationCode>831000</c:authorizationCode> <c:avsCode>2</c:avsCode> <c:processorResponse>00</c:processorResponse> <c:reconciliationID>1094820975023470</c:reconciliationID> <c:paymentNetworkTransactionID>0412MCCNYJPWY</c:paymentNetworkTransactionID> <c:cardCategory>J1</c:cardCategory> <c:cardGroup>0</c:cardGroup> </c:ccAuthReply> <c:ccCaptureReply> <c:reasonCode>100</c:reasonCode> <c:amount>75.00</c:amount> <c:reconciliationID>1094820975023470</c:reconciliationID> </c:ccCaptureReply> <c:receiptNumber>260371</c:receiptNumber> </c:replyMessage>

(48)

Sale Using EMV Technology with a

Contact Read

Example 15 Request Message: Sale Using EMV Technology with a Contact Read <requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.86"> <merchantID>JanesPlants</merchantID> <merchantReferenceCode>ABC123</merchantReferenceCode> <purchaseTotals> <currency>usd</currency> <grandTotalAmount>75.00</grandTotalAmount> </purchaseTotals> <pos> <entryMode>contact</entryMode> <cardPresent>Y</cardPresent> <terminalCapability>4</terminalCapability> <trackData>%B4111111111111111^SMITH/BETTY^16121200123456789012**XXX******?*; 4111111111111111=16121200XXXX00000000?*</trackData> </pos> <ccAuthService run="true"> <commerceIndicator>retail</commerceIndicator> </ccAuthService> <ccCaptureService run="true"/> <emvRequest> <combinedTags>9F3303204000950500000000009F3704518823719F100706011103A000009F260 81E1756ED0E2134E29F36020015820200009C01009F1A0208409A030006219F0206000000002 0005F2A0208409F0306000000000000</combinedTags> <cardSequenceNumber>001</cardSequenceNumber> </emvRequest> </requestMessage>

(49)

Example 16 Reply Message: Sale Using EMV Technology with a Contact Read <c:replyMessage xmlns:c="urn:schemas-cybersource-com:transaction-data-1.86"> <c:merchantReferenceCode>ABC123</c:merchantReferenceCode> <c:requestID>0305782650000167905080</c:requestID> <c:decision>ACCEPT</c:decision> <c:reasonCode>100</c:reasonCode> <c:purchaseTotals> <c:currency>usd</c:currency> </c:purchaseTotals> <c:ccAuthReply> <c:reasonCode>100</c:reasonCode> <c:amount>75.00</c:amount> <c:authorizationCode>831000</c:authorizationCode> <c:avsCode>2</c:avsCode> <c:processorResponse>00</c:processorResponse> <c:reconciliationID>1094820975023470</c:reconciliationID> <c:paymentNetworkTransactionID>0412MCCNYJPWY</c:paymentNetworkTransactionID> <c:cardCategory>J1</c:cardCategory> <c:cardGroup>0</c:cardGroup> </c:ccAuthReply> <c:ccCaptureReply> <c:reasonCode>100</c:reasonCode> <c:amount>75.00</c:amount> <c:reconciliationID>1094820975023470</c:reconciliationID> </c:ccCaptureReply> <c:receiptNumber>260371</c:receiptNumber> <c:emvReply> <c:combinedTags>9F3303204000950500000000009F3704518823719F100706011103A000009F2 6081E1756ED0E2134E29F36020015820200009C01009F1A0208409A030006219F02060000000 020005F2A0208409F0306000000000000</c:combinedTags> </c:emvReply> </c:replyMessage>

(50)

Sale Using EMV Technology with a

Contactless Read

Example 17 Request Message: Sale Using EMV Technology with a Contactless Read <requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.86"> <merchantID>JanesPlants</merchantID> <merchantReferenceCode>ABC123</merchantReferenceCode> <purchaseTotals> <currency>usd</currency> <grandTotalAmount>75.00</grandTotalAmount> </purchaseTotals> <pos> <entryMode>contactless</entryMode> <cardPresent>Y</cardPresent> <terminalCapability>5</terminalCapability> <trackData>%B4111111111111111^SMITH/BETTY^16121200123456789012**XXX******?*; 4111111111111111=16121200XXXX00000000?*</trackData> </pos> <ccAuthService run="true"> <commerceIndicator>retail</commerceIndicator> <captureDate>0823</captureDate> </ccAuthService> <ccCaptureService run="true"/> <emvRequest> <combinedTags>9F3303204000950500000000009F3704238561349F100706011103A000009F260 88717A1A173EAA04D9F36020065820200009C01009F1A0208409A030006209F0206000000002 0005F2A0208409F0306000000000000</combinedTags> <cardSequenceNumber>001</cardSequenceNumber> </emvRequest> </requestMessage>

Card-Present Processing Using the Simple Order API