4D Payments SDK 2016 .NET Edition

Questions / Feedback?

PTechCanadianDebit Component

Properties   Methods   Events   Configuration Settings   Errors  

The PTechCanadianDebit component is used to authorize face-to-face Interac (Canadian) debit card transactions with the Paymentech NetConnect system on the Tampa platform. This component allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.




Canadian debit card processing on the Paymentech system is fundamentally different than authorizing US Debit cards. The US protocol requires an encrypted PIN block and Key Sequence Number (KSN), retrieved from a PIN Pad utilizing the DUKPT (DES/3DES) encryption protocols. However, Interac (Canadian) Debit uses Master/Session key authentication to retrieve an encrypted key from a PIN Pad. This is a much more complex procedure, and requires the use of a Chase Paymentech certified PIN pad (we recommend the Ingenico i3070).

A unique key per device for both the PIN key and the MAC key is required. All PIN pads must have a unique key injected at the time of deployment. In order for Chase Paymentech to identify the Master Key being used by the device, the PIN pad serial number (PinPadSerialNumber) is required to be sent with every transaction.

Before you can send any debit card transactions, you must first load the PIN Pad with a current session key. This is retrieved from Paymentech via the RequestCurrentKeys method. Two keys will be returned in the response: PINKey (also known as TPK) and MACKey (also known as TAK). Both keys must be loaded into the PIN pad device. The PIN key is used by the PIN pad to encrypt the customer's PIN, and the MAC key is used to generate hash values used in requests and responses. These keys are updated after every transaction, and the PIN pad must be updated with the current keys each time a response is received.

Each transaction you send (excluding RequestCurrentKeys and MACReversals) requires an accompanying MACValue. This value is a hash of the contents of GetRequestDataToMAC, and is hashed by the PIN Pad device using the MACKey returned in response to the last transaction.

In each response there is also a MACValue. You must use the PIN Pad to calculate the hash of the value returned by GetResponseDataToMAC for each response, and make sure that calculated value matches the MACValue. If they do not match, you cannot accept the transaction, and you must send an MACReversal transaction (tor MACReversals you may send the MACValue used in the original request, or omit it entirely - do not calculate a new one).

The following code illustrates the steps necessary to initialize the PIN Pad and begin sending transactions:

First, set up the component with your merchant information.

  ' Set up the component
  component.MerchantNumber = "yourMerchantNumber"  
  component.TerminalNumber = "100"
  component.ClientNumber = "0002"
  component.UserId = "yourUserId"
  component.Password = "yourPassword"
Then, retrieve the current PIN and MAC encryption keys with the RequestCurrentKeys method, as shown below. (The following code will also update the EncryptedKeyIndex).
  component.SequenceNumber = 1
  component.PinPadSerialNumber = "FFFFFFFFFFFFFFFF" ' retrieved from your PIN Pad
After receiving a valid response to RequestCurrentKeys, it is essential that you update the PIN pad with the PINKey and MACKey. The PINKey is used by the PIN pad to encrypt the customer's pin, and the MACKey is used by the PIN pad's MAC function. Now we are able to send an actual customer sale transaction. First, set up the transaction details:
  component.SequenceNumber = 2
  component.InteracTransactionType = ittSale ' Set this before calling GetRequestDataToMAC method
  component.TransactionAmount = "1.00"
Now, have the customer swipe his card, and pass the TransactionAmount, Number, and GetRequestDataToMAC to the PIN pad in a PURCHASE transaction. After the customer enters his PIN, use the response from the PIN pad to fill the following properties:
  component.CardTrack2Data = "9999999800002773=05121015432112345678" ' retrieved from your card reader
  component.AccountType = acctChecking        ' retrieved from your PIN pad
  component.EncryptedPIN = "FFFFFFFFFFFFFFFF" ' retrieved from your PIN pad
  component.MACValue = "FFFFFFFF"             ' retrieved from your PIN pad
Once all the above properties are set, you can call the Authorize method to send the transaction to Paymentech for authorization.
If the transaction was successful, the Code field will contain "A" (for Approval). Before processing the response, you must first analyze the response with the PIN pad to verify that the MACValue is correct, load the newly returned keys, and print the transaction's success or failure on the PIN pad device for the customer to read. To do this, you send the PINKey, MACKey, and GetResponseDataToMAC to the PIN pad in a "Response Analysis" transaction. The PIN Pad response will indicate if the MAC value matches and the keys were successfully loaded.

If the MAC validated correctly, you're done with this transaction. However, if it did not validate, then you must send a MACReversal to abort the transaction, and then re-send it. If you are unable to verify the contents of the MACValue after another transaction attempt, refresh your keys via the RequestCurrentKeys method and try again. You must call RequestCurrentKeys any time the PIN pad loses sync with the Paymentech server, or whenever the ForceKeyRequest property is true (or when initializing the PIN pad for the first time).

The status of any of the above transactions will be stored in the Code field, with human-readable text appearing in Text. Like the PTechCharge component, there are several other Response fields which will contain data that should be logged. However, there are a few new properties specific to the PTechCanadianDebit component that must be printed on each customer's receipt. These include RetrievalNumber, Time, and Trace.

Debit card transactions are instant funds transfers. There is no block placed on the debit card, funds are immediately removed and sent to the merchant. Therefore, only the Host Capture settlement mode is supported. At the end of the day you should release the current batch using the PTechHostSettle component (the batch may contain other authorizations that were made using different components from this product. See the documentation for the other components you are using for more information).

Note: All PIN pads must be certified with Chase Paymentech and Interac prior to being used or deployed. All injection services must be approved and certified by Chase Paymentech.

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

AccountTypeAccount type selected by the cardholder.
CardNumberThe credit card number parsed from the CardTrack2Data .
CardTrack2DataThe Track2 portion of the debit card's magnetic stripe.
ClientNumberMerchant configuration property, assigned by Paymentech.
DebitCashBackOptional cash back amount for debit transactions.
DebitSurchargeExtra amount the merchant charges the customer for using a debit card.
EncryptedKeyIndexSpecifies the current keys that are in use in the PIN pad and by Paymentech.
EncryptedPINCustomer's PIN, encrypted by a PIN pad under the current PINKey .
InteracTransactionTypeIndicates the type of transaction to authorize.
LastRetrievalNumberThe last RetrievalNumber received from the host. Used for Void transactions.
MACValueHash of transaction data used to verify message was not tampered with.
MerchantNumberA unique number used to identify the merchant, assigned by Paymentech.
PasswordPassword for authentication with the NetConnect Server .
PinPadSerialNumberThe serial number retrieved from the PIN pad.
ProxyA set of properties related to proxy access.
ResponseContains the response to the authorization.
RetrievalNumberToVoidIndicates the transaction to void.
SequenceNumberSequence number of the transaction.
ServerThe URL for the PaymenTech NetConnect server.
SSLAcceptServerCertInstructs the component to unconditionally accept the server certificate that matches the supplied certificate.
SSLCertThe certificate to be used during SSL negotiation.
SSLServerCertThe server certificate for the last established connection.
TerminalNumberTerminal number assigned by Paymentech.
TimeoutA timeout for the component.
TransactionAmountPurchase amount for an authorization.
UserIdUserId for authentication with the NetConnect Server .

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

AuthorizeAuthorizes a Canadian debit card transaction.
ConfigSets or retrieves a configuration setting.
GetRequestDataToMACReturns a string of data for the PIN pad to hash with the MAC algorithm.
GetResponseDataToMACReturns a string containing data to validate against the MACValue using a PIN pad device.
InterruptInterrupt the current method.
MACReversalReverses a transaction when MAC validation fails.
RequestCurrentKeysUsed to retrieve the current encryption keys from Paymentech.
ResetClears all properties to their default values.
ReversalAdviceUsed if no response is received from the Server to void the authorization.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

DataPacketInFired when receiving a data packet from the transaction server.
DataPacketOutFired when sending a data packet to the transaction server.
ErrorInformation about errors during data delivery.
SSLServerAuthenticationFired after the server presents its certificate to the client.
SSLStatusShows the progress of the secure connection.

Configuration Settings

The following is a list of configuration settings for the component with short descriptions. Click on the links for further details.

CustomerDefinedDataAdditional transaction identification data.
EMVDataThe EMV data returned from a Pin Pad after reading an EMV card.
EMVEntryDataSourceThe EMV Data Entry Source (DES).
ResponseEMVCardAuthCodeThe ChaseNet and Visa card authentication results code.
ResponseEMVDataThe response EMV data.
ResponseEMVDownloadIndicatorWhether EMV parameters should be updated.
ResponsePOSRetrievalNumberPOS Retrieval Number sent in the request, echoed back in the response.
SettlementModeIndicates whether the component uses Paymentech's Host Capture or Terminal Capture system.
SystemInformationSystem Information field for Batch Inquiry and Release transactions.
AcceptEncodingUsed to tell the server which types of content encodings the client supports.
AllowHTTPCompressionThis property enables HTTP compression for receiving data.
AllowHTTPFallbackWhether HTTP/2 connections are permitted to fallback to HTTP/1.1.
AllowNTLMFallbackWhether to allow fallback from Negotiate to NTLM when authenticating.
AppendWhether to append data to LocalFile.
AuthorizationThe Authorization string to be sent to the server.
BytesTransferredContains the number of bytes transferred in the response data.
ChunkSizeSpecifies the chunk size in bytes when using chunked encoding.
CompressHTTPRequestSet to true to compress the body of a PUT or POST request.
EncodeURLIf set to true the URL will be encoded by the component.
FollowRedirectsDetermines what happens when the server issues a redirect.
GetOn302RedirectIf set to true the component will perform a GET on the new location.
HTTP2HeadersWithoutIndexingHTTP2 headers that should not update the dynamic header table with incremental indexing.
HTTPVersionThe version of HTTP used by the component.
IfModifiedSinceA date determining the maximum age of the desired document.
KeepAliveDetermines whether the HTTP connection is closed after completion of the request.
KerberosSPNThe Service Principal Name for the Kerberos Domain Controller.
LogLevelThe level of detail that is logged.
MaxHeadersInstructs component to save the amount of headers specified that are returned by the server after a Header event has been fired.
MaxHTTPCookiesInstructs component to save the amount of cookies specified that are returned by the server when a SetCookie event is fired.
MaxRedirectAttemptsLimits the number of redirects that are followed in a request.
NegotiatedHTTPVersionThe negotiated HTTP version.
OtherHeadersOther headers as determined by the user (optional).
ProxyAuthorizationThe authorization string to be sent to the proxy server.
ProxyAuthSchemeThe authorization scheme to be used for the proxy.
ProxyPasswordA password if authentication is to be used for the proxy.
ProxyPortPort for the proxy server (default 80).
ProxyServerName or IP address of a proxy server (optional).
ProxyUserA user name if authentication is to be used for the proxy.
SentHeadersThe full set of headers as sent by the client.
StatusLineThe first line of the last response from the server.
TransferredDataThe contents of the last response from the server.
TransferredDataLimitThe maximum number of incoming bytes to be stored by the component.
TransferredHeadersThe full set of headers as received from the server.
TransferredRequestThe full request as sent by the client.
UseChunkedEncodingEnables or Disables HTTP chunked encoding for transfers.
UseIDNsWhether to encode hostnames to internationalized domain names.
UsePlatformDeflateWhether to use the platform implementation to decompress compressed responses.
UsePlatformHTTPClientWhether or not to use the platform HTTP client.
UserAgentInformation about the user agent (browser).
CloseStreamAfterTransferIf true, the component will close the upload or download stream after the transfer.
ConnectionTimeoutSets a separate timeout value for establishing a connection.
FirewallAutoDetectTells the component whether or not to automatically detect and use firewall system settings, if available.
FirewallHostName or IP address of firewall (optional).
FirewallListenerIf true, the component binds to a SOCKS firewall as a server (IPPort only).
FirewallPasswordPassword to be used if authentication is to be used when connecting through the firewall.
FirewallPortThe TCP port for the FirewallHost;.
FirewallTypeDetermines the type of firewall to connect through.
FirewallUserA user name if authentication is to be used connecting through a firewall.
KeepAliveIntervalThe retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
KeepAliveTimeThe inactivity time in milliseconds before a TCP keep-alive packet is sent.
LingerWhen set to True, connections are terminated gracefully.
LingerTimeTime in seconds to have the connection linger.
LocalHostThe name of the local host through which connections are initiated or accepted.
LocalPortThe port in the local host where the component binds.
MaxLineLengthThe maximum amount of data to accumulate when no EOL is found.
MaxTransferRateThe transfer rate limit in bytes per second.
ProxyExceptionsListA semicolon separated list of hosts and IPs to bypass when using a proxy.
TCPKeepAliveDetermines whether or not the keep alive socket option is enabled.
TcpNoDelayWhether or not to delay when sending packets.
UseIPv6Whether to use IPv6.
UseNTLMv2Whether to use NTLM V2.
CACertFilePathsThe paths to CA certificate files when using Mono on Unix/Linux.
LogSSLPacketsControls whether SSL packets are logged when using the internal security API.
ReuseSSLSessionDetermines if the SSL session is reused.
SSLCACertsA newline separated list of CA certificate to use during SSL client authentication.
SSLCheckCRLWhether to check the Certificate Revocation List for the server certificate.
SSLCipherStrengthThe minimum cipher strength used for bulk encryption.
SSLEnabledCipherSuitesThe cipher suite to be used in an SSL negotiation.
SSLEnabledProtocolsUsed to enable/disable the supported security protocols.
SSLEnableRenegotiationWhether the renegotiation_info SSL extension is supported.
SSLIncludeCertChainWhether the entire certificate chain is included in the SSLServerAuthentication event.
SSLNegotiatedCipherReturns the negotiated ciphersuite.
SSLNegotiatedCipherStrengthReturns the negotiated ciphersuite strength.
SSLNegotiatedKeyExchangeReturns the negotiated key exchange algorithm.
SSLNegotiatedKeyExchangeStrengthReturns the negotiated key exchange algorithm strength.
SSLNegotiatedProtocolReturns the negotiated protocol version.
SSLProviderThe name of the security provider to use.
SSLSecurityFlagsFlags that control certificate verification.
SSLServerCACertsA newline separated list of CA certificate to use during SSL server certificate validation.
TLS12SignatureAlgorithmsDefines the allowed TLS 1.2 signature algorithms when UseInternalSecurityAPI is True.
TLS12SupportedGroupsThe supported groups for ECC.
TLS13KeyShareGroupsThe groups for which to pregenerate key shares.
TLS13SignatureAlgorithmsThe allowed certificate signature algorithms.
TLS13SupportedGroupsThe supported groups for (EC)DHE key exchange.
AbsoluteTimeoutDetermines whether timeouts are inactivity timeouts or absolute timeouts.
FirewallDataUsed to send extra data to the firewall.
InBufferSizeThe size in bytes of the incoming queue of the socket.
OutBufferSizeThe size in bytes of the outgoing queue of the socket.
BuildInfoInformation about the product's build.
GUIAvailableTells the component whether or not a message loop is available for processing events.
LicenseInfoInformation about the current license.
UseInternalSecurityAPITells the component whether or not to use the system security libraries or an internal implementation.

Copyright (c) 2021 4D Payments Inc. - All rights reserved.
4D Payments SDK 2016 .NET Edition - Version 16.0 [Build 8017]