Introduction

Welcome to 4D Payments SDK, the ultimate suite of components for integrating direct Internet payment processing into applications. The 4D Payments SDK combines the 4D Payments Integrators for FDMS, TSYS, Paymentech, and Global Payments into one comprehensive package for direct payment processing.

Included Libraries

The .NET Edition includes several libraries (.dll files) which are supported in different environments. The following libraries are present in the lib directory after installation:

  • lib\DPayments.DPaymentsSDK.dll is designed for use in .NET Framework 4.0 and up, .NET Core 3.0 and up, and .NET 5 and up. This is the default library which maintains a familiar API in line with previous versions of the product.

    Support for asynchronous programming patterns (async/await) is exposed in a separate DPayments.async.DPaymentsSDK namespace. See the Async Functionality page for details.

  • lib\net6.0\DPayments.DPaymentsSDK.dll is designed for use in .NET 6 and up. The .NET 6 library provides cross-platform support while maintaining the same API as the default library in lib.

  • lib\netstandard2.0\DPayments.DPaymentsSDK.dll is designed for use in .NET Standard 2.0 and up. The .NET Standard library provides cross-platform support for legacy projects.

  • lib\net20\DPayments.DPaymentsSDK.dll is designed for use in .NET Framework 2.0 and up. This library targets .NET Framework 2.0 and is maintained for legacy projects.

Included Components

CardValidatorThe CardValidator component is used to verify that a given credit card number is formatted properly, and could be a valid card number. Validating a card before actually submitting a transaction for authorization can reduce the fees that may be associated with invalid or declined transactions.
CertMgrThe CertMgr component is used to create, read, and manage certificates.
EMVKeyMgrThe EMVKeyMgr component simplifies the process of downloading EMV public keys for FDMS Rapid Connect and Paymentech.
FDMSBenefitThe FDMSBenefit component is used to authorize Electronic Benefits Transfer (EBT) transactions with the FDMS system on the North platform. An EBT transaction is similar to a Debit transaction, using a PIN and KSN, but is used for Food Stamp or Cash Benefit programs. This component allows for simple, direct, secure communication to the First Data platform through a standard Internet connection.
FDMSDebitThe FDMSDebit component is an advanced tool used to authorize debit cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing debit card transactions with a customer PIN very easy.
FDMSDetailRecordThe FDMSDetailRecord component is a tool used to create off-line Credit or Force transactions to be settled by the FDMSSETTLE component. The FDMSDetailRecord component may also be used to modify the XML aggregates returned by the FDMSRETAIL or FDMSECOMMERCE component's GetDetailAggregate method.
FDMSECommerceThe FDMSECommerce component is an advanced tool used to authorize credit cards in both Mail Order (Direct Marketing) and eCommerce environments, where the customer is ordering products or services via the telephone or Internet. This component makes authorizing these types of transactions very easy.
FDMSGiftCardThe FDMSGiftCard component is used to manipulate funds on Stored Value (Gift) Cards with the FDMS Closed Loop Gift Card System. This component supports both card-present and card-not-present gift card transactions, and allows for simple, direct, secure communication to the Datawire gateway to FDMS through a standard Internet connection. This component can be integrated into web pages or stand- alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
FDMSHealthCareThe FDMSHealthCare component is an advanced tool used to authorize FSA cards for healthcare transactions in either a retail or e-commerce/moto environment. This component makes authorizing these types of transactions very easy. Supported Industry Types include retail stores, direct marketing (e-commerce and mail order/phone order) and grocery or food stores.
FDMSHotelThe FDMSHotel component is an advanced tool used to authorize credit cards in a retail environment, where the customer is purchasing products or services in person. This component makes authorizing these types of transactions very easy.
FDMSLevel2The FDMSLevel2 component is a tool used to create Level2 Corporate Purchasing Card addendum aggregates, which can then be passed to the FDMSSETTLE component and settled.
FDMSLevel3The FDMSLevel3 component is a tool used to create Level 3 Corporate Purchasing Card addendum aggregates, which can then be passed to the FDMSSETTLE component and settled.
FDMSOmahaBatchMgrThe FDMSOmahaBatchMgr component is used to close batches and also handles the sending of all offline transactions to the FDMS Host.
FDMSOmahaDetailRecordThe FDMSOmahaDetailRecord component is a tool used to create off-line transactions (Captures, Refunds, Revisions, and Voids) to be settled by the FDMSOmahaBatchMgr component.
FDMSOmahaECommerceThe FDMSOmahaECommerce component is used to perform Credit card transactions in both Mail Order (Direct Marketing) and eCommerce environments, where the customer is ordering products or services via the telephone or Internet.
FDMSOmahaRestaurantThe FDMSOmahaRestaurant component is used to perform Credit, Debit, or EBT card transactions in a Restaurant environment, where the customer is purchasing products or services in a restaurant.
FDMSOmahaRetailThe FDMSOmahaRetail component is used to perform Credit, Debit, or EBT card transactions in a Retail environment, where the customer is purchasing products or services in person.
FDMSRcBenefitThe FDMSRcBenefit component is used to authorize Electronic Benefits Transfer (EBT) transactions. An EBT transaction is similar to a Debit transaction, using a PIN and KSN, but is used for Food Stamp, Cash Benefit or eWIC programs. This component makes authorizing these types of transactions very easy. Supported Industry Types include retail stores and grocery or food stores.
FDMSRcDebitThe FDMSRcDebit component is an advanced tool used to authorize debit cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing debit card transactions with a customer PIN very easy.
FDMSRcDetailRecordThe FDMSRcDetailRecord component is a tool used to create off-line Refund or Force/VoiceApproved transactions to be settled by the FDMSRcSettle component. The FDMSRcDetailRecord component may also be used to modify the XML aggregates returned by the FDMSRcRetail or FDMSRcECommerce component's GetDetailAggregate method.
FDMSRcECommerceThe FDMSRcECommerce component is an advanced tool used to authorize credit cards in both Mail Order (Direct Marketing) and eCommerce environments, where the customer is ordering products or services via the telephone or Internet. This component makes authorizing these types of transactions very easy.
FDMSRcHealthCareThe FDMSRcHealthCare component is an advanced tool used to authorize FSA/HSA cards for healthcare transactions in either a retail or e-commerce/moto environment. This component makes authorizing these types of transactions very easy. Supported Industry Types include retail stores, direct marketing (e-commerce and mail order/phone order) and grocery or food stores.
FDMSRcRetailThe FDMSRcRetail component is an advanced tool used to authorize credit cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing these types of transactions very easy. Supported Industry Types include retail stores and restaurants.
FDMSRcSettleThe FDMSRcSettle component is used to do a Batch Settlement on all transactions that were successfully authorized with the FDMSRcECommerce or FDMSRcRetail components.
FDMSRegisterThe FDMSRegister component is a tool used to Register and Activate a merchant account with the Datawire VXN. This allows you to send transactions through the Datawire system to the First Data Merchant Services (FDMS) processor. This component is also used to find the appropriate URLs to which authorizations and settlements will be posted.
FDMSRetailThe FDMSRetail component is an advanced tool used to authorize credit cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing these types of transactions very easy. Supported Industry Types include retail stores, restaurants, and grocery or food stores.
FDMSReversalThe FDMSREVERSAL component is used to reverse a transaction that was previously authorized using the FDMSRETAIL , FDMSECOMMERCE , or FDMSHEALTHCARE component. This immediately releases the funds in the cardholder's open-to-buy that were blocked by the original authorization.
FDMSSettleThe FDMSSettle component is used to do a Batch Settlement on all transactions that were successfully authorized with the FDMSECOMMERCE or FDMSRETAIL components. This component may also send Level 2 and Level 3 Corporate Purchasing Card data for better interchange rates.
GlobalBatchMgrThe GlobalBatchMgr component is used to manage your Global Transport account. It can be used to check the connection to the Server , verify your merchant setup, retrieve a summary of transactions in the current batch, and capture (settle) the current batch.
GlobalBenefitThe GlobalBenefit component is used to authorize Electronic Benefits Transfer (EBT) transactions with the Global Payments system, using the Global Transport Direct API. This component is supported in the Retail and Restaurant environments, and allows for simple, direct, secure communication to the Global Transport gateway through a standard Internet connection. An EBT transaction is similar to a Debit transaction, using a PIN and Key Sequence Number (KSN), but is used for Food Stamp or Cash Benefit programs.
GlobalCardValidatorThe GlobalCardValidator component is used to verify with Global Payments that a given card number is formatted properly, and could be a valid card number. Validating a card before actually submitting a transaction for authorization can reduce the fees that may be associated with invalid or declined transactions.
GlobalChargeThe GlobalCharge component is used to authorize credit card transactions with the Global Payments system, using the Global Transport Direct API. This component supports Direct Marketing, e-Commerce, Retail, and Restaurant environments, and allows for simple, direct, secure communication to the Global Transport TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
GlobalDebitThe GlobalDebit component is used to authorize debit card transactions with the Global Payments system, using the Global Transport Direct API. This component is supported in the Retail and Restaurant environments, and allows for simple, direct, secure communication to the Global Transport gateway through a standard Internet connection. This component can be integrated into Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application can be deployed without the need for expensive dedicated TLS/SSL servers.
GlobalTransactionSearchThe GlobalTransactionSearch component is used to search for transactions made using the Global Transport Direct API. It can search for transactions in the open batch or in any previously closed batch.
PTechBenefitThe PTechBenefit component is used to authorize Electronic Benefits Transfer (EBT) transactions with the Paymentech NetConnect system on the Tampa platform. An EBT transaction is similar to a Debit transaction, using a PIN and Trace number, but is used for Food Stamp or Cash Benefit programs. This component allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection.
PTechCanadianDebitThe PTechCanadianDebit component is used to authorize face-to-face Interac (Canadian) debit card transactions with the Paymentech NetConnect system on the Tampa platform. This component allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
PTechChargeThe PTechCharge component is used to authorize credit card transactions with the Paymentech NetConnect system on the Tampa platform. This component supports Direct Marketing, e-Commerce, and Retail environments, and allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
PTechDebitThe PTECHDEBIT component is used to complete debit card transactions with the Paymentech NetConnect system on the Tampa platform. This component supports only Retail, Restaurant, and Hotel environments, and allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application can be deployed without the need for expensive dedicated TLS/SSL servers.
PTechDetailRecordThe PTechDetailRecord component is a tool used to create off-line Credit or Force transactions to be settled by the PTECHMANUALSETTLE component. The PTDetailRecord component may also be used to modify the XML aggregates returned by the PTECHCHARGE component's GetDetailAggregate method.
PTechECommerceThe PTECHECOMMERCE component is an advanced tool used to authorize credit card transactions in both Direct Marketing and E-Commerce environments with the Paymentech NetConnect system on the Tampa platform. It allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
PTechGiftCardThe PTechGiftCard component is used to manipulate funds on Stored Value (Gift) Cards with the Paymentech NetConnect system on the Tampa platform. This component supports card-present gift card transactions, and allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand- alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
PTechHealthCareThe PTECHHEALTHCARE component is designed to be a simple interface for those wishing to add Healthcare Auto- Substantiation (IIAS) support without redesigning their entire payment system. This component can be used for the Retail, Direct Marketing, and E-Commerce IndustryType s. It allows for simple, direct, secure communication to the Paymentech NetConnect (Tampa platform) TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
PTechHostSettleThe PTechHostSettle component is used to manually settle an open Batch with the Paymentech NetConnect system on the Tampa platform. This component supports Direct Marketing, e-Commerce, and Retail environments, and allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
PTechHotelThe PTECHHOTEL component is used to authorize credit card transactions for the Hotel IndustryType with the Paymentech NetConnect system on the Tampa platform. This component creates a simple interface for processing transactions in the Hotel environment. It allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
PTechManualSettleThe PTechManualSettle component is used to do a Batch Settlement on all transactions that were successfully authorized with the PTECHCHARGE component in Terminal Capture mode.
PTechRetailThe PTECHRETAIL component is used to authorize face-to-face credit card transactions with the Paymentech NetConnect system on the Tampa platform. This component creates a simple interface for processing transactions in the Retail and Restaurant environments. It allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
PTechReversalThe PTECHREVERSAL component is used to reverse a transaction that was previously authorized with the Paymentech NetConnect system on the Tampa platform. This immediately releases the funds in the cardholder's open-to-buy that were blocked by the original authorization.
TSYSBenefitThe TSYSBenefit component is an advanced tool used to authorize Electronic Benefits (EBT) cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing EBT Food Stamp and Cash Benefit transactions (with a customer PIN) very easy. Supported Industry Types include retail stores, restaurants, and grocery stores.
TSYSDebitThe TSYSDebit component is an advanced tool used to authorize debit cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing debit card transactions with a customer PIN very easy. Supported Industry Types include retail stores, restaurants, and grocery stores.
TSYSDetailRecordThe TSYSDetailRecord component is a tool used to create off-line Credit or Force transactions to be settled by the TSYSSETTLE component. The TSYSDetailRecord component may also be used to modify the XML aggregates returned by the TSYSRETAIL or TSYSECOMMERCE component's GetDetailAggregate method.
TSYSECommerceThe TSYSECommerce component is an advanced tool used to authorize credit cards in both Mail Order (Direct Marketing) and eCommerce environments, where the customer is ordering products or services via the telephone or Internet. This component makes authorizing these types of transactions very easy.
TSYSGiftCardThe TSYSGiftCard component is used to manipulate funds on Gift and Prepaid Cards using the Vital/TSYS payment system. This component supports card-present gift card transactions, and allows for simple, direct, secure communication to the Vital/TSYS TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand- alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
TSYSHCAdjustmentThe TSYSHCAdjustment component is used to adjust a previously authorized transaction. This component makes adjusting transactions very easy.
TSYSHCBatchMgrThe TSYSHCBatchMgr component is used to manually close batches as well as retrieve details and summaries about batches. This component makes closing batches very easy.
TSYSHCBenefitThe TSYSHCBenefit component is used to authorize Electronic Benefits (EBT) cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing EBT Food Stamp and Cash Benefit transactions (with a customer PIN) very easy.
TSYSHCDebitThe TSYSHCDebit component is used to authorize debit cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing debit card transactions with a customer PIN very easy.
TSYSHCECommerceThe TSYSHCECommerce component is used to authorize credit cards in both Mail Order (Direct Marketing) and eCommerce environments, where the customer is ordering products or services via the telephone or Internet. This component makes authorizing these types of transactions very easy.
TSYSHCLevel3The TSYSHCLevel3 component is used to add Level 3 data to a previously authorized transaction. This component makes adding Level 3 data very easy.
TSYSHCRetailThe TSYSHCRetail component is used to authorize credit cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing these types of transactions very easy.
TSYSHCReversalThe TSYSHCReversal component is used to reverse a previously authorized transaction. This component makes reversing transactions very easy.
TSYSHCTerminalMgrThe TSYSHCTerminalMgr component is used to authenticate and deactivate POS devices on the TSYS Host Capture System. This component makes authenticating and deactivating POS devices very easy.
TSYSHCTransactionDetailsThe TSYSHCTransactionDetails component is used to retrieve details about authorized transactions. This component makes retrieving transaction details very easy.
TSYSHealthCareThe TSYSHEALTHCARE component is designed to be a simple interface for those wishing to add Healthcare Auto- Substantiation (IIAS) support without redesigning their entire payment system. This component is used to authorize FSA cards in a Retail environment, where the customer is purchasing products or services in person. Both full and partial authorizations are supported.
TSYSLevel2The TSYSLevel2 component is a tool used to create Level2 Corporate Purchasing Card addendum aggregates, which can then be passed to the TSYSSETTLE component and settled.
TSYSLevel3The TSYSLevel3 component is a tool used to create Level3 Corporate Purchasing Card addendum aggregates, which can then be passed to the TSYSSETTLE component and settled.
TSYSRetailThe TSYSRetail component is an advanced tool used to authorize credit cards in a Retail environment, where the customer is purchasing products or services in person. This component makes authorizing these types of transactions very easy. Supported Industry Types include retail stores, restaurants, grocery or food stores, Hotels, Auto Rental businesses and Passenger Transport.
TSYSReversalThe TSYSReversal component is used to reverse transactions that were previously authorized using the TSYSRETAIL , TSYSECOMMERCE , or TSYSHEALTHCARE components.
TSYSSettleThe TSYSSettle component is used to do a Batch Settlement on all transactions that were successfully authorized with the TSYSECOMMERCE or TSYSRETAIL components. This component may also send Level II and Level III Corporate Purchasing Card data for better interchange rates.
TSYSTerminalMgrThe TSYSTerminalMgr component is used to authenticate and deactivate POS devices on the TSYS Terminal Capture platform.

Additional Information

You will always find the latest information about 4D Payments SDK at our web site: www.4dpayments.com. We offer free, fully-functional 30-day trials for all of our products, and our technical support staff are happy to answer any questions you may have during your evaluation.

Please direct all technical questions to support@4dpayments.com. To help support technicians assist you as quickly as possible, please provide an detailed and accurate description of your problem, the results you expected, and the results that you received while using our product. For questions about licensing and pricing, and all other general inquiries, please contact sales@4dpayments.com.

Thank You!

Thank you for choosing 4D Payments SDK for your development needs. We realize that you have a choice among development tools, and that by choosing us you are counting on us to be a key component in your business. We work around the clock to provide you with ongoing enhancements, support, and innovative products; and we will always do our best to exceed your expectations!

PA-DSS Implementation Overview

PA-DSS stands for Payment Application Data Security Standard. PA-DSS is managed by the PCI Security Standards Council. Any payment application that is sold, distributed, or licensed to third parties are subject to the PA-DSS requirements. The key to this program is the PCI DSS, or "Payment Card Industry Data Security Standard." This standard describes how a merchant is to secure electronic data, physical servers, hard drives, employee access to data, and more.

For an entity (merchant, service provider, etc) to be PCI compliant, the application used to authorize credit cards and store customer data must conform to these Payment Application Data Security Standards.

This application is designed to be used to support another application. It can be used to create a PA-DSS compliant secure payment application. This documentation is intended for developers of payment applications to give you instructions on how to implement this application in such a way that it will meet PA-DSS and PCI requirements.

IMPORTANT: You must write your own implementation guide to be supplied with your product to your customers. This guide should not be distributed to your customers (end users), only your implementation guide that you create should be supplied.

All official updates to this product must be obtained from our website at a URL provided by our support staff or via our download page at https://4dpayments.com/download/. To verify that the build is an official build, right click the setup file (setup.exe) and choose properties. From this window select the Digital Signature tab and press the Details button to view details about the digital signature. The text "This digital signature is OK." should be present in this dialog window.

Installation

When installing this product the installer will create files on disk at the location specified during the setup. The default installation location is under a folder at "C:\Program Files\4D Payments". The files written include help files, demos, the uninstall program, and the application itself. Additionally during installation on windows machines a registry key is added under "HKEY_LOCAL_MACHINE/SOFTWARE/DPayments/RT" to hold the license.

Sensitive Authentication Data

This application does not store any authentication data, and has not done so in previous versions. As a result there is no sensitive authentication to delete from previous versions. If your application stores sensitive authentication data you must be sure it is properly deleted. Sensitive authentication data is not required for troubleshooting this product. If sensitive authentication data is received by our support staff it is immediately and permanently deleted. If you or your customer obtain sensitive authentication data as a result of troubleshooting the following rules must be followed:

  • Sensitive authentication data (pre-authorization) must only be collected to solve a specific problem
  • The data must be stored in a known, specific location with limited access.
  • Limit the amount of data to only the amount necessary to solve the issue.
  • Sensitive authentication data MUST be encrypted while stored.
  • The data must be deleted immediately after it is no longer needed.

If your application stores any cardholder data it must be purged after the customer-defined retention period. It must be stored on servers that are NOT connected to the Internet. You must also document all locations where the data is stored. This application does not store any cardholder data, therefore there are no locations to disclose.

The system on which the application runs must be configured to prevent accidental exposure of sensitive cardholder information. In Windows this includes disabling system backup and restore to prevent inadvertent storage of cardholder data. Additionally the Windows paging file (pagefile.sys) should be cleared during shutdown to prevent unsecured data from being written to disk. In non-Windows systems the swap space should be cleared. To further protect cardholder data in both Windows and non-Windows systems the swap space, or the entire disk, may be encrypted. Any crash dumps from the application may contain cardholder data and must be encrypted if stored.

Cryptographic Keys

Cryptographic keys are used to encrypt cardholder data for storage. This application does not store any cardholder data, as such there are no keys to protect. No previous versions of this application have stored cardholder data, so there were no cryptographic keys in previous versions either.

If your application stores cardholder data you must protect the keys used to encrypt it against disclosure and misuse. Restrict access to the keys to the fewest number of custodians. Store the keys in the fewest possible locations and in the fewest possible forms. You must implement key management procedures to protect the keys (See Appendix B at the bottom of this document). A sample key custodian form can be found here: https://4dpayments.com/wp-content/docs/Sample_Key_Custodian_Form.pdf. If previous versions of your application stored cryptographic key material it must be rendered irretrievable.

Controlling User Ids and Authentication

This application does not provide any account management or authentication options. This application does not use any accounts. If your application allows authentication and provides accounts, you must use unique user IDs and secure authentication for administrative access and access to cardholder data. Secure authentication should be assigned to any default account, even if they are not used. Default accounts should be disabled and should not be used. Access to PCs, servers, and databases with payment applications must also be secured. Access to PCs, servers, and databases with payment applications must be secured by the completion of installation and for any changes after installation. See Appendix A at the bottom of this document for more details.

Logging

This application does not perform any administrative function that are required to be logged. It is your responsibility to implement logging in your application to meet the requirements for PA-DSS validation. You must implement and maintain automated audit trails. Automated audit trails must be implemented for all system components to reconstruct the following events:

  • All individual accesses to cardholder data
  • All actions taken by any individual with root or administrative privileges
  • Access to all audit trails
  • Invalid logical access attempts
  • Use of identification and authentication mechanisms
  • Initialization of the application audit logs
  • Creation and deletion of system-level objects
Record at least the following audit trail entries for all system components for each event:
  • User identification
  • Type of event
  • Date and time
  • Success or failure indication
  • Origination of event
  • Identity or name of affected data, system component, or resource
Logging must be enabled. Disabling logs will result in non-compliance with PCI DSS.

You must also establish and maintain centralized logging. Examples of this functionality may include, but are not limited to:

  • Logging via industry standard log file mechanisms such as Common Log File System (CLFS), Syslog, delimited text, etc.
  • Provided functionality and documentation to convert the application's proprietary log format into industry standard log formats suitable for centralized logging.
Audit trail files must be promptly backed up to a centralized log server or media that is difficult to alter.

Secure Protocols and Transmission

All communication performed by this product will be performed over SSL. The SSLCipherStrength configuration setting may be specified to force a minimum cipher strength. It is strongly recommended that this be set to a value of 128 to ensure at least 128 bit SSL is used. The SSLStatus event will fire with information about the negotiated SSL parameters which may be inspected to verify the connection was established securely.

In Windows this application relies on the Microsoft CryptoAPI to perform cryptographic functions. In other environments (Mac and Linux) this application relies on OpenSSL to perform cryptographic functions. This application does not have any other dependencies on any services, software, components, or hardware.

Wireless and Public Networks

If the application is used on a wireless or public network the transmission must be properly secured. You must:

  • Change wireless vendor defaults, including default wireless encryption keys, passwords for access points, and SNMP community strings
  • Change encryption keys anytime anyone with knowledge of the keys leaves the company or changes positions in the company.
  • Update firmware on wireless devices to support strong encryption for authentication and transmission.
  • Install a firewall between any wireless networks and systems that store cardholder data
  • Configure the firewall to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment
  • NOT use WEP as a security control
  • Use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission of cardholder data

Remote Access

This application does not allow remote access in any form. If your application may be accessed remotely, then remote access must be authenticated using a two-factor authentication mechanism. Two-factor authentication consists of a user ID and password and an additional authentication item such as a smart card, token, or PIN). Two forms of one-factor authentication are not sufficient. Examples of two-factor authentication include RADIUS with tokens, or TACAS with tokens.

This application does not deliver remote updates. If your application delivers remote updates via remote access into the customers' systems, instruct the customers to turn on remote-access technologies only when needed for downloads. The technologies must be turned off immediately after download completes. Alternatively, if updates are delivered via VPN or other high-speed connections, instruct customers to properly configure a firewall or a personal firewall product to secure "always-on" connections. The following actions must be taken:

  • Establish firewall and router configuration standards that include:
    • A formal process for approving and testing all network connections and changes to the firewall and router configurations.
    • Current network diagram with all connections to cardholder data, including any wireless networks.
    • Requirements for a firewall at each Internet connection and between any demilitarized zone (DMZ) and the internal network zone.
    • Description of groups, roles, and responsibilities for logical management of network components.
    • Documentation and business justification for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure. Examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP.
    • Requirement to review firewall and router rule sets at least every six months.
  • Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment. An "untrusted network" is any network that is external to the networks belonging to the entity under review, and/or which is out of the entity's ability to control or manage.
    • Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment.
    • Secure and synchronize router configuration files.
    • Install perimeter firewall between any wireless networks and the cardholder data environment, and configure these firewall to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment.
  • Prohibit direct public access between the Internet and any system component in the cardholder data environment.
    • Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.
    • Limit inbound Internet traffic to IP addresses within the DMZ.
    • Do not allow any direct connections between the Internet and the cardholder data environment.
    • Do not allow internal addresses to pass from the Internet into the DMZ.
    • Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.
    • Implement stateful inspection, also known as dynamic packet filtering. That is, only "established" connections are allowed into the network.
    • Place system components that store cardholder data (such as a database) in an internal network zone, segregated from the DMZ and other untrusted networks.
    • Do not disclose private IP addresses and routing information to unauthorized parties. Methods to obscure IP addressing may include, but are not limited to:
      • Network Address Translation (NAT)
      • Placing servers containing cardholder data behind proxy servers/firewalls or content caches
      • Removal of filtering of route advertisements for private networks that employ registered addressing
      • Internal use of RFC1918 address space instead of registered addresses.
  • Install personal firewall software on any mobile and/or employee-owned computers with direct connectivity to the Internet (for example, laptops used by employees), which are used to access the organization's network.

If your application can be accessed remotely, the remote access must be implemented securely. Examples of remote access security features include:

  • Change default settings in the remote access software (for example, change default password and use unique passwords for each customer).
  • Allow connections only from specific (known) IP/MAC addresses.
  • Use strong authentication and complex passwords for logins. See "Appendix A - Unique UserIDs and Secure Authentication".
  • Enable encrypted data transmission. Instruct customers to encrypt all non-console administrative access with strong cryptography, using technologies such as SSH, VPN, or SSL/TSLS for web-based management and other non-console administrative access. Telnet or rlogin must never be used for administrative access.
  • Enable account lockout after not more than six failed login attempts.
  • Configure the system so a remote user must establish a Virtual Private Network (VPN) connection via a firewall before access is allowed.
  • Enable the logging function.
  • Restrict access to customer passwords to authorized reseller/integrator personnel.
  • Establish strong and complex customer passwords. See "Appendix A - Unique UserIDs and Secure Authentication".
Your payment application must support customers' use of remote access security features.

This application does not have an administrative interface, therefore encrypting non-console administrative access is not a concern. If your application does have an administrative interface non-console administrative access must be encrypted with strong cryptography, using technologies such as SSH, VPN, or SSL/TSLS for web-based management and other non-console administrative access. Telnet or rlogin must never be used for administrative access.

Messaging

This application does not support messaging. If your application supports messaging encrypt all PANs sent with end-user messaging technologies (for example, e-mail, instant messaging, chat). A solution must be in place that renders the PAN unreadable or implements strong cryptography to encrypt the PANs. Never send unprotected PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat, etc.).

Appendix A - Unique UserIDs and Secure Authentication:

The following guidelines must be adhered to.

  • All users must be assigned a unique ID before being allowed to access the system components or cardholder data.
  • At least one of the following methods must be used to authenticate all users.
    • Something you know, such as a passphrase.
    • Something you have, such as a token device or smart card.
    • Something you are, such as a biometric.
  • The application must not require or use any group, shared, or generic accounts and passwords.
  • The application must require changes to user passwords at least every 90 days.
  • The application must require a minimum password length of at least seven characters.
  • The application must require that passwords contain both numeric and alphabetic characters.
  • The application must keep password history and requires that any new password is different than any of the last four passwords used.
  • The application limits repeated access attempts by locking out the user account after not more than six logon attempts.
  • The application must set the lockout duration to a minimum of 30 minutes or until the administrator enabled the user ID.
  • If an existing session has been idle for more than 15 minutes, the application must require the user to re-authenticate to re-activate the session.

Appendix B - Key management Procedures:

Companies that use payment applications must have key management procedures that cover the points listed below. The following requirements and procedures must be addressed:

  • The encryption algorithm used must be an industry recognized algorithm (proprietary in-house algorithms are not allowed).
  • Generation of strong keys (minimum 128-bit key length)
  • Secure key distribution
  • Secure key storage
  • Periodic changing of keys (as deemed necessary, but at least annually)
  • Destruction of old keys
  • Replacement of known or suspected compromised keys
  • Revocation of old or invalid keys
  • Split knowledge and establishment of dual control of keys so that it requires two or three people, each knowing only their part of the key, to reconstruct the whole key)
  • Prevention of unauthorized substitution of keys
  • Requirement for key custodians to sign a form stating that they understand and accept their key-custodian responsibilities.

Basic Credit Card Information

A credit card number consists of anywhere between 12 and 19 digits (depending upon the credit card type). The first six digits of a credit card number are known as the Issuer Identification Number (IIN) or Bank Identification Number (BIN), which is used to identify which organization issued the card along with other information. The remaining digits make up the account identifier/number with the exception of the last digit, which is the checksum digit used to validate the card number via the LUHN formula.

With the IIN/BIN, one can identify the card type (i.e. Visa, MasterCard, etc.), card level (i.e. business or purchasing card), along with issuer details (such as bank and country). The only type of card information able to be obtained by directly viewing the card number is the card type, as card brands are all assigned the same starting digits (i.e. all Visa cards start with a 4). Therefore the CardValidator component is only able to determine the CardType (along with validating the card number via the LUHN formula and verifying the Expiration Date). The remaining digits of the IIN/BIN are not specifically assigned (based on a formula) for a card issuer or level. Thus we cannot determine this information. However all this information is stored within IIN/BIN databases. There are multiple databases available but often require some sort of subscription to access the data. These are very helpful resources in the case that you need to determine if the card is a commercial card and sending Level2 and Level3 data (which is often associated with lower interchange fees).

Authorization Source Codes

This page lists authorization source codes. This information is not applicable to all processors.

TSYS

This is a list of possible AuthSource codes. These codes indicate the source of the ApprovalCode.

CodeDescription
6Off-line approval: POS device generated.
7Acquirer approval.
9Use for non-authorized transactions; such as credit card credits
BResponse provided by Visa Transaction Advisor Service.
EOff-line approval: authorization code manually keyed.
FCAFIS-generated response: Post-Auth.*
GIssuer Approval: Post-Auth.*
HExceeds acquirer settlement risk exposure cap.
NNo authorization required: Below floor limit
LLate clearing - authorization previously obtained (clearing beyond 30 days)
VAuthorization obtained via VisaNet (Issuer or STIP response)
SpaceDefault value, if acquirer cannot define it (MC, D, AX)
* Currently in use by Japan Acquirer Services (JAS).

Paymentech

This is a list of possible AuthSource codes. These codes indicate the source of the ApprovalCode.

CodeDescription
1STIP (Stand-In Processing): time-out response.
2STIP: amount below issuer limit.
3STIP: issuer in Suppress Inquiry mode.
4STIP: issuer unavailable.
5Issuer generated response.
6Off-line approval: POS device generated.
7Acquirer approval: Base I unavailable.
8Acquirer approval of a referral.
9Use for non-authorized transactions; such as credit card credits.
DReferral: authorization code manually keyed.
EOff-line approval: authorization code manually keyed.
FCAFIS Interface Off-Line Post-Auth.*
GIssuer Approval: Post-Auth.*
TAdvice of a Telcode File change initiated by the VisaPhone Issuer Direct Service.
* Currently in use by Japan Acquirer Services (JAS).

AVS Result Codes

This page lists AVS result codes.

TSYS

This is a list of possible AVSResult codes.

CodeDescription
0Approved/Declined - Address verification was not requested or it was requested but the transaction was declined (Visa, MC, Amex, Discover).
AAddress Match - CustomerAddress matches, CustomerZip does not, or the request does not include the CustomerZip (Visa, Amex, Discover).
I*Ver Unavailable - Address information not verified (Discover).
NNo match - Transaction contained postal/ZIP code only, or street address only, or postal code and street address. Also used when transaction requests AVS but sends no AVS data (Visa, MC, Amex, Discover).
RRetry - System unable to process (Visa, MC, Amex, Discover).
SServ Unavailable - Service not supported (MC, Amex, Discover).
UVer Unavailable - No data from Issuer/Authorization platform (Visa, MC, Amex, Discover).
WZip Match - Nine character CustomerZip matches, CustomerAddress does not (MC, Discover).
XExact Match - Nine character CustomerZip and CustomerAddress match (MC, Discover).
YExact Match - CustomerZip and CustomerAddress match (Visa, MC, Amex, Discover).
ZZip Match - CustomerZip matches; CustomerAddress does not match or street address not included in the request (Visa, MC, Amex, Discover).
1APPROVAL - Cardholder name and ZIP match (Amex only).
2APPROVAL - Cardholder name, address, and ZIP match (Amex only).
3APPROVAL - Cardholder name, address match (Amex only).
4APPROVAL - Cardholder name matches (Amex only).
5APPROVAL - Cardholder name incorrect, ZIP matches (Amex only).
6APPROVAL - Cardholder name incorrect, address and ZIP match (Amex only).
7APPROVAL - Cardholder name incorrect, address matches (Amex only).
8NO MATCH - Cardholder name, address, and ZIP do not match (Amex only).

*AVS Result Code for International addresses only

Paymentech

This is a list of possible AVSResult codes.

CodeDescription
0Address verification was not requested.
ACustomerAddress matches, CustomerZip does not.
EAVS error / Ineligible (not a mail/phone order).
GVer Unavailable - Non-US Issuer does not participate.
IVer Unavailable - Address information not verified for international transaction.
MExact Match - CustomerAddress match for international transaction.
NNo match on CustomerAddress or CustomerZip.
RRetry - Issuer system unavailable.
SService not supported by issuer.
UAddress information is unavailable.
WNine digit CustomerZip matches, CustomerAddress does not.
XExact AVS match, nine digit CustomerZip.
YExact AVS match, five digit CustomerZip.
ZFive digit CustomerZip matches, CustomerAddress does not.

If supporting international transactions, six additional International Address Verification Service (IAVS) codes are introduced:

BStreet address match for international transaction. Postal code not verified due to incompatible formats (acquirer sent both street address and postal code).
CStreet address and postal code not verified for international transaction due to incompatible formats (acquirer sent both street address and postal code).
DStreet addresses and postal codes match for international transaction.
IAddress information not verified for international transaction.
MStreet addresses and postal codes match for international transaction.
PPostal codes match for international transaction. Street address not verified due to incompatible formats (acquirer sent both street address and postal code).

FDMS

This is a list of possible AVSResult codes.

CodeDescription
AStreet address matches, ZIP does not.
BStreet address matches. Postal code not verified due to incompatible formats (acquirer sent both street address and postal code).
CStreet address and postal code not verified due to incompatible formats (acquirer sent both street address and postal code).
DStreet address and postal code match.
FStreet address and postal code match. (U.K. only)
GAddress information not verified for international transaction. (Non-US Issuer does not participate)
IAddress information not verified.
MStreet address and postal code match.
NNo match. Transaction contained postal/ZIP code only, or street address only, or both postal code and street address. Also used when transaction requests AVS, but sends no AVS data.
PPostal code matches. Postal code and street address were sent but street address not verified due to incompatible formats.
RRetry - Issuer system unavailable.
SService not supported by issuer.
UAddress information is unavailable.
WNot applicable.
YStreet address and postal code match.
ZPostal/ZIP matches; street address does not match or street address not included in the request.

If supporting international transactions, four additional International Address Verification Service (IAVS) codes are introduced:

DStreet addresses and postal codes match for international transaction.
IAddress information not verified for international transaction.
MStreet addresses and postal codes match for international transaction.
PPostal codes match for international transaction. Street address not verified due to incompatible formats (acquirer sent both street address and postal code).

Global Payments

This is a list of possible AVSResultCode codes.

X Exact: Address and nine-digit Zip match.
Y Yes: Address and five-digit Zip match.
A Address: Address matches, Zip does not.
Z 5-digit Zip: 5-digit Zip matches, address doesn't.
W Whole Zip: 9-digit Zip matches, address doesn't.
N No: Neither address nor Zip matches.
U Unavailable: Address information not available.
G Unavailable: Address information not available for international transaction.
R Retry: System unavailable or time-out.
E Error: Transaction unintelligible for AVS or edit error found in the message that prevents AVS from being performed.
S Not Supported: Issuer doesn't support AVS service.
B * Street Match: Street addresses match for international transaction, but postal code doesn't.
C * Street Address: Street addresses and postal code not verified for international transaction.
D * Match: Street addresses and postal codes match for international transaction.
I * Not Verified: Address Information not verified for International transaction.
M * Match: Street addresses and postal codes match for international transaction.
P * Postal Match: Postal codes match for international transaction, but street address doesn't.
0 ** No response sent.
5 Invalid AVS response.

* These values are Visa specific.

** These values are returned by the Global Transport Gateway and not the issuing bank.

Response Codes

This page lists response codes.

TSYS

The following is a list of possible Code, and Text that may be returned by the TSYS server.

Response CodeResponse TextDefinition
00"APPROVAL" Approved and completed.
01"CALL" Refer to issuer.
02"CALL" Refer to issuer - Special condition.
03"TERM ID ERROR" Invalid Merchant ID.
04"HOLD-CALL" Pick up card (no fraud).
05"DECLINE" Do not honor.
06"ERROR" General error.
07"HOLD-CALL" Pick up card, special condition (fraud account).
08"APPROVAL" Honor MasterCard with ID.
10"PARTIAL APPROVAL" Partial approval for the authorized amount returned in Group III version 022.
11"APPROVAL" VIP approval.
12"INVALID TRANS" Invalid transaction.
13"AMOUNT ERROR" Invalid amount.
14"CARD NO. ERROR" Invalid card number.
15"NO SUCH ISSUER" No such issuer.
19"RE ENTER" Re-enter transaction.
21"NO ACTION TAKEN" Unable to back out transaction.
25"NO CARD NUMBER" Unable to locate the account number.
28"NO REPLY" File is temporarily unavailable.
30"MSG FORMAT ERROR" Transaction was improperly formatted
39"NO CREDIT ACCT" No credit account.
41"HOLD-CALL" Lost card, pick up (fraud account).
43"HOLD-CALL" Stolen card, pick up (fraud account).
46"CLOSED ACCOUNT" Closed account.
51"DECLINE" Insufficient funds.
52"NO CHECK ACCOUNT" No checking account.
53"NO SAVE ACCOUNT" No savings account.
54"EXPIRED CARD" Expired card.
55"WRONG PIN" Incorrect PIN.
57"SERV NOT ALLOWED" Transaction not permitted - Card.
58"SERV NOT ALLOWED" Transaction not permitted - Terminal.
59"SUSPECTED FRAUD" Suspected fraud.
61"EXC APPR AMT LIM" Exceeds approval amount limit.
62"DECLINE" Invalid service code, restricted.
63"SEC VIOLATION" Security violation.
65"EXC W/D FREQ LIM" Exceeds withdrawal frequency limit.
6P"VERIF DATA FAILD" Verification data failed.
75"PIN EXCEEDED" Allowable number of PIN-entry tries exceeded.
76"UNSOLIC REVERSAL" Unable to locate, no match.
77"NO ACTION TAKEN" Inconsistent, reversed, or repeat data.
78"NO ACCOUNT" Blocked, first used transaction from new cardholder, and card not properly unblocked.
79"ALREADY REVERSED" Already reversed at switch.
80"NO IMPACT" No Financial impact (used in reversal responses to decline originals).
81"ENCRYPTION ERROR" Cryptographic error.
82"INCORRECT CVV" CVV data is not correct Or Offline PIN authentication interrupted.
83"CANT VERIFY PIN" Cannot verify PIN.
85"CARD OK" No reason to decline.
86"CANT VERIFY PIN" Cannot verify PIN.
91"NO REPLY" Issuer or switch is unavailable.
92"INVALID ROUTING" Destination not found.
93"DECLINE" Violation, cannot complete.
94"DUPLICATE TRANS" Unable to locate, no match.
96"SYSTEM ERROR" System malfunction.
A1"ACTIVATED" POS device authentication successful.
A2"NOT ACTIVATED" POS device authentication not successful.
A3"DEACTIVATED" POS device deactivation successful.
B1"SRCHG NOT ALLOWD" Surcharge amount not permitted on debit cards or EBT food stamps.
B2"SRCHG NOT ALLOWD" Surcharge amount not supported by debit network issuer.
CV"FAILURE CV" Card Type Verification Error.
D3"SECUR CRYPT FAIL" Transaction failure due to missing or invalid 3D-Secure cryptogram.
E1"ENCR NOT CONFIGD" Encryption is not configured.
E2"TERM NOT AUTHENT" Terminal is not authenticated.
E3"DECRYPT FAILURE" Data could not be decrypted.
EA"ACCT LENGTH ERR" Verification error.
EB"CHECK DIGIT ERR" Verification error.
EC"CID FORMAT ERROR" Verification error.
H1-H9"SERV NOT ALLOWED" Contact Merchant Services/Technical Support.
HV"FAILURE HV" Hierarchy Verification Error.
K0"TOKEN RESPONSE" Token request was processed.
K1"TOKEN NOT CONFIG" Tokenization is not configured.
K2"TERM NOT AUTHENT" Terminal is not authenticated.
K3"TOKEN FAILURE" Data could not be de-tokenized.
M0"DOM DBT NOT ALWD" Mastercard: Canada region-issued Domestic Debit Transaction not allowed.
N3"CASHBACK NOT AVL" Cashback service not available.
N4"DECLINE" Exceeds issuer withdrawal limit.
N7"CVV2 MISMATCH" CVV2 value supplied is invalid.
P0-P6"SERV NOT ALLOWED" Contact Merchant Services/Technical Support.
P7"MISSING SERIAL NUM" The terminal has not yet completed the boarding process. The Serial Number has not been set up.
Q1"CARD AUTH FAIL" Card authentication failed.
R0"STOP RECURRING" Customer requested stop of specific recurring payment.
R1"STOP RECURRING" Customer requested stop of all recurring payments from specific merchant.
R3"STOP ALL RECUR" All recurring payments have been canceled for the card number in the request.
S0"INACTIVE CARD" The PAN used in the transaction is inactive.
S1"MOD 10 FAIL" The Mod-10 check failed.
S5"DCLN NO PRE AUTH" Decline - no preauthorization found.
S9"MAX BALANCE" Maximum working balance exceeded.
SA"SHUT DOWN" The Authorization Server is shut down.
SB"INVALID STATUS" Invalid card status - status is other than active.
SC"UNKNOWN STORE" Unknown dealer/store code - special edit.
SD"TOO MANY RCHRGS" Maximum number of recharges is exceeded.
SE"ALREADY USED" Card was already used.
SF"NOT MANUAL" Manual transactions not allowed.
SH"TYPE UNKNOWN" Transaction type was unknown.
SJ"INVALID TENDER" An invalid tender type was submitted.
SK"CUSTOMER TYPE" An invalid customer type was submitted.
SL"PIN LOCKED" PIN was locked.
SM"MAX REDEMPTS" The maximum number of redemptions was exceeded.
SP"MAX PAN TRIES" The maximum number of PAN tries was exceeded.
SR"ALREADY ISSUED" The card was already issued.
SS"NOT ISSUED" The card was not issued.
T0"APPROVAL" First check is OK and has been converted.
T1"CANNOT CONVERT" The check is OK but cannot be converted. This is a declined transaction.
T2"INVALID ABA" Invalid ABA number, not an ACH participant.
T3"AMOUNT ERROR" Amount greater than the limit.
V1"FAILURE VM" Daily threshold exceeded.

TSYSTerminalMgr

The following is a list of Code value that may be returned by the TSYS server when using TSYSTerminalMgr.

Response CodeDefinition
A1The device was authenticated.
A2The device was not authenticated.
A3The device was deactivated.

Paymentech Server Errors:

The following is a list of error codes which may be returned by the Paymentech Server. In the case of a server-side error condition, the Code field will contain "E", the error code will be contained in the ApprovalCode field, and the description in Text

Paymentech Issuer Errors

ApprovalCodeTextDescription
200Auth DeclinedCardholder's bank did not approve transaction.
201Call Voice OperAuthorizer needs more information for approval.
202Hold - CallCard issuer does not want that card used. Call for further instructions.
203Call Voice OperAuthorizer didn't respond within allotted time.
204Invalid Card NoAccount #/mag stripe is invalid.
205Invalid Exp. DateExpiration date is either incorrect format or prior to today.
206Invalid ICA NoInvalid International Control Account number.
207Invalid ABA NoInvalid American Banking Association number.
208Invalid PIN NoThe Personal ID Number for a debit transaction is incorrect.
209Invalid Bank MID The Bank Merchant ID is incorrect.
210Invalid Term NoThe merchant ID is not valid or active.
211Invalid AmountAmount is either: equal to 0, has no decimal, has decimal in wrong place, or has multiple decimals.
213Invalid Tran FmtThe transaction format isn't valid, typically invalid SIC code
214Call Voice OperAuthorization center cannot be reached.
215Lost/Stolen CardCard has been reported lost or stolen.
216Invalid PINPersonal ID code is incorrect.
217Over Credit FlrAmount requested exceeds credit limit.
218Request DeniedTransaction is not valid for this authorizer.
220Not Online to XXFatal communications error.
221Auth Down-RetryDebit authorizer temporarily unavailable.
222Auth DeclinedVehicle not found in positive file.
223Invalid Pin NoDriver # not found in positive file.
224Auth DeclinedCard is on private label negative file.
225Card Not AllowedMerchant does not accept this card.
226PL Setup ReqdMerchant not set up for Private Label.
227BIN Not AllowedMerchant cannot accept this Private Label BIN range.
228Card Not AllowedMerchant cannot accept this card.
229Inv Merc Rstrct CodeRestriction code field contains invalid data.
230Prod RestrictedMerchant attempted a product code not permitted by this merchant.
231Prod Not On FileMerchant attempted a product code that does not exist on host.
232Auth DeclinedInvalid card type for Prior Auth sale.
233Auth DeclinedTerminal Type not supported.
234Auth DeclinedT&E card used for Sale when merchant only allows Auth Only.
235*Request Denied*Prior Auth selected with no Auth code provided.
238Invalid Driver NumberThe Driver Number entered is invalid.
247PIN Not SelectedEBT recipient has not selected a PIN for this card.
248Unmatch Vch InfoVoucher submitted does not match one previously issued.
248CVC2/CID ERRORCVC2 or CID entered was not valid for the card number.
249Tran Not DefinedThis type of transaction is not allowed for this type of card.
257Block Act Not AlwdThe merchant.is not allowed to process Stored Value Block Activations
258Incorrect Act AmtThe activation amount requested does not match the predenominated amount for the card.
292Auth Down - RetryAuthorizer is not responding.
293Auth Busy - RetryAuthorizer not available at this time.
294Auth Busy - RetryAuthorizer not available at this time.
297Auth Error - RetryAuthorizer not available at this time.
298Err - Pls RetryDebit authorizer experienced an error.
299Err - Pls RetryDebit authorizer experienced an error.

Paymentech Format Errors

ApprovalCodeTextDescription
300Invalid Term IDThe length of the merchant ID is incorrect or contains invalid data.
301Invalid FunctionTran code is incorrect or wrong length.
302Invalid CardMag stripe contains invalid data or account # is greater than 19 digits
303Invalid Exp. DateCard has expired, month was not 01-12 or year was not 00-99.
304Invalid Action CodeAction code is longer than 1 digit.
305Amt Entry ErrorAmount less than .01 or greater than 99999.99 or contained non- numeric data.
306Invalid PINIncorrect PIN block length.
307Invalid Card Invalid card type or account number.
308Auth # Not EnteredAuth code was not entered on a Prior Auth, Incremental or Rev.
309Invalid Down Pay IndInsurance down payment indicator is invalid.
310Policy # Wrong LenInsurance policy number is incorrect length.
311Invalid Ind CodeIndustry type must be RE or DM.
312Invalid FunctionTran code is invalid or contains alpha data.
313Entry Mode InvalidPOS Entry mode is less than 01 or greater than 04.
314Invalid Industry DataThe Industry Specific field contains invalid data.
315Inv Fleet DataThe Fleet Card field contains invalid data.
316Invalid Sys InfoThe System Information field contains invalid data.
317Invalid FormatPayment Service indicator or Transaction ID is invalid.
318Inv Transaction ClassTransaction class not "F" for financial transaction.
319Inv PIN CapabilityPin capability code field contains invalid data.
320Inv/Missing Retr RefRetrieval Reference # is missing or contains alpha data.
321Inv MSDIMarket Specific Data field contains invalid data.
322Invalid DurationMarket specific data field Duration is 00, blank or missing.
323Inv Pref Cust IndPreferred Customer indicator contains invalid data.
324Inv MO/TO NumberMail/Telephone Order number is invalid (InvoiceNumber must have a value).
325Inv Sale/Chg Des/FolioHotel Sale Code, Charge Descriptor or Folio contains invalid data.
326Inv Mult Clr Seq NoMultiple Clearing sequence number is invalid.
327Inv Purch Card DataPurchasing card field contains invalid data.
328Inv Input/Use VRUInsurance transaction not from VRU.
329Invalid EC Data 329Invalid Electronic Commerce Data.
330INV Function or Multiple FS or Unknown TKNIndicates system problem, notify Paymentech Network Services or Multiple field separators received without required data or A token of unknown definition was received
331INV TKN ValueInvalid token value was received.
332CVD Data ErrorError with the cardholder verification data received; invalid value or not allowable for this card for this transaction.
333TKN Data ErrorIndicates system problem, notify Paymentech Network Services.
359Invalid Sequence NumberThe SequenceNumber must be a number between 0 and 2400.

Paymentech Host / Setup Errors

ApprovalCodeTextDescription
400Invalid Term IDMerchant ID not found in merchant file.
401Invalid Term IDMerchant ID not found in terminal file.
402Term Not ActiveActive flag for merchant set to "N".
403Invalid Act CodeMerchant not set up for cash advance function.
404Void Not AllowedThe transaction requested for voiding is not an EFT transaction.
405Ref Num Not FoundTransaction requested for reversal not found.
406Proc Error 7The host can't clear all transaction records for the requested Batch Release.
407Too Many BatchesThere are 999 open batches for this merchant.
408Release BatchCurrent batch has 999 records. Release batch before continuing.
409Invalid FunctionDebit transaction requested but debit flag is set to "N".
410Invalid Term IDThe Terminal ID portion of the merchant ID is incorrect.
411Invalid Term IDThe maximum retries for this merchant have been exceeded.
412Proc Error 13Unable to read reference number file.
413Proc Error 14413
414Proc Error 15414
415Invalid Function 415
416Invalid FunctionMerchant is Authorization Only and a debit record was sent.
417Invalid FunctionPrivate label flag is "N" but a private label account number was sent.
418Please Try AgainIncorrect debit working key.
419Invalid Function Manually entered transactions are not allowed for this terminal ID.
420Amount Too LargeMaximum sale amount exceeded.
421Amount Too LargeMaximum return amount exceeded.
422Invalid Term IDHost couldn't read terminal file within specified time.
423Proc Error 24Host couldn't read reference number file within specified time.
424Invalid Term IDTransaction open flag has been set to "Y" within prior 3 minutes.
425Invalid FunctionCash management not allowed for this merchant ID.
426Rev Not AllowedHost found no batch number matching the one sent.
427Rev Not AllowedHost found no transactions meeting the specifications sent.
428Dscv Not AllowedMerchant not set up for Discover transactions.
429Rev Not AllowedThe batch containing the transaction to void has been released.
430Dscv Not AllowedMerchant not set up for Discover.
431DC Not AllowedMerchant not set up for Diners Club.
432CB Not AllowedMerchant not set up for Carte Blanche.
433Invalid KeyNo AMEX subscriber number, process control ID or product code set up
434Invalid KeyFuture use.
435Failed-Plz CallDebit transaction being sent to an authorizer not set up on host file.
436Failed-Plz CallDebit security key does not exist on the security management file.
437Failed-Plz CallFailure occurred during encryption/decryption of PIN.
438Failed-Plz CallError occurred while generating a debit working key.
439Failed-Plz CallThe DB (debit) sponsor institution on the merchant file is not set up on sponsor file.
440Failed-Plz CallThe network set up on the sponsoring bank file for this institution is not set up on the host's network file.
441Failed-Plz CallThe host is unable to communicate with decryption device.
442JCB Not AllowedJCB CD flag on merchant record not set up for JCB transactions.
443JCB Not AllowedJCB subscriber number not set up for JCB transactions.
444Bank Not On FileDebit BIN not set up for this merchant in routing table.
445No Sponsor InstNo valid sponsorship was found on Merchant record.
446Failed Plz CallFuture use.
447WX Not AllowedMerchant not set up to accept WEX.
448Amount Too LargeAmount exceeds maximum limit.
449Reenter OdometerOdometer was 000000 or contained non-numeric data.
450Duplicate TranNo ACK reversal was followed by a duplicate request
451Tran Not AllowedRequested transaction type is not allowed for this card/merchant.
452Bat Already RelsBatch has already been released.
453Invalid Rtng IndInvalid Routing Indicator field.
454AX Not AllowedAMEX not allowed.
999Invalid MerchantMerchant number not on file.

Paymentech Debit / EBT Specific Errors

ApprovalCodeTextDescription
602Call Voice OpAuth center cannot be reached.
692Auth Down-Retry Debit authorizer temporarily unavailable.
693Auth Busy-Retry Queue for debit authorizer too long.
694Auth Busy-Retry Debit authorizer not responding in time.

Paymentech Batch Management Errors (use the ErrorCode configuration setting to retrieve this information from the PTechHostSettle component.

ErrorCodeTextDescription
105Invalid Term IDMerchant ID on a Batch Inquiry or Release is incorrect.
106Term Not ActiveActive flag for the merchant ID is set to N.
107No TransactionsA Batch Inquiry or Release was requested but no open batch exists.
108Bat Already RelsA second batch release was attempted.
109Batch Not FoundRequested batch does not exist.

FDMS North/Nashville

The CaptureFlag, field indicates whether the transaction was successful. If True the transaction was successful. If False there was an error and the ApprovalCode, contains the error message.

Approval CodeMeaning
CALL CARD CENTER System problem.
CVV2 DECLINED Association indicated the transaction wasn't approved due to mismatch of the CVV2 value, but would have been approved had the CVV2 values matched.
DECLINED Decline the sale.
EXPIRED CARD Card is expired.
HOLD - CALL CTR Problem with card.
INV ACCT NUM Invalid card number or prefix.
INV CREDIT PLAN Private label message only.
INV EXP DATE Invalid expiration date.
INV MER ID Merchant is not set up on Host file.
INV TERM ID Terminal is not set up on Host file.
PLEASE RETRY System time-out or other generic system error.
REFERRAL Referral.
REFERRAL INV TR2 Referral - Invalid Track II Data.
REFERRAL INV TR1 Referral - Invalid Track I Data.
SERV NOT ALLOWED Merchant is not entitled to this card type.
SYS REJECT Transaction was rejected by the system due to "batch in progress indicators" being turned on.
UNSUPPORTED TRAN Batch Review (Tran Code 97) not supported.

Global Payments

The current response codes returned by Global Payments are listed below.

Code field: This value signifies the result of the transaction (i.e. approved, declined, etc). When programmatically validating a transaction's result, this value should ALWAYS be used instead of any response message describing the result. See the table below for a full list of result codes and descriptions.

-100Transaction NOT Processed; Generic Host Error.
0Approved.
2Invalid Transaction.
3Invalid Transaction Type.
3Unsupported Transaction Type.
4Invalid Amount.
4Invalid Cash Back Amount.
5Invalid Merchant Information.
6Time Out Waiting for Host Response.
7Field Format Error. See Message and MessageDetail for more info.
7Swiped and Card Present transactions are not supported in Card Not Present markets.
8Not a Transaction Server.
11Client Timeout Waiting for Response.
12Declined.
14Transaction Type Not Supported In This Version.
19Original Transaction Id, PNRef, or Approval Code Not Found.
20Customer Reference Number Not Found.
22Invalid ABA Number.
23Invalid Account Number.
24Invalid Expiration Date.
25Transaction Type Not Supported by Host.
26Invalid Reference Number or PNRef.
27Invalid Receipt Information.
28Invalid Check Holder Name.
29Invalid Check Number.
30Check DL Verification Requires DL State.
31Cannot perform multiple captures on a PreAuth.
40Not Currently Supported.
50Insufficient Funds Available.
99General Error.
100Invalid Transaction Returned from Host.
101Timeout Value too Small or Invalid Time Out Value.
102Processor Not Available.
103Error Reading Response from Host.
104Timeout waiting for Processor Response.
105Credit Error.
106Host Not Available.
107Duplicate Suppression Timeout.
108Void Error/Cannot void a previously voided or settled transaction.
109Timeout Waiting for Host Response.
110Duplicate Transaction.
111Capture Error.
112Failed AVS Check.
113Cannot Exceed Sales Cap / Requested Refund Exceeds Available Refund Amount.
114Cannot refund a voided transaction.
115Sum of Tax, Tip, and Cash Back amount cannot exceed total Amount.
116Unsupported Card Type.
117Only Sales, Repeat Sales, Force Captures, and Post Authorizations can be refunded.
118The amount of a Pre-Auth Complete (Capture) must be less than or equal to the original amount authorized. Please retry.
200A Partial Authorization of a pre-paid card. This is considered an Approved transaction. Check the AuthorizedAmount field for the amount approved. See below for more information.
1000Generic Host Error or General Exception. (Missing or invalid data). See Message and MessageDetail for more info.
1001Invalid Login Information.
1002Insufficient Privilege or Invalid Amount.
1002AVS Only transactions are not supported in E-Commerce markets.
1002Debit/EBT Return transactions must provide the PNRef from the original Sale. Please retry.
1002Zip is required for AVS Only transaction type.
1003Invalid Login Blocked.
1004Invalid Login Deactivated.
1005Transaction Type or Service Not Allowed.
1006Unsupported Processor.
1007Invalid Request Message.
1008Invalid Version / The MAC value is required.
1010Payment Type Not Supported.
1011Error Starting Transaction.
1012Error Finishing Transaction.
1013Error Checking Duplicate.
1014No Records To Settle (in the current batch).
1015No Records To Process (in the current batch).

HostCode field: Typically, if the transaction is approved, this will be the batch reference number. If the transaction is declined, the HostCode will indicate the reason for the decline. The table below lists the possible HostCode and Message combinations for error conditions.

HostCodeMessageDescription
000AP Approved or Completed Successfully.
000AP NEW INFO Approved with updated cardholder data.
000PARTIAL AP Only part of the requested amount was approved.
001CALL AE Refer to American Express.
001CALL DC Refer to Diners Club.
001CALL DISCOVER Refer to Discover.
001CALL ND Call your Visa/MasterCard Voice Authorization Center.
001CALL TK Refer to TeleCheck.
001CALL XXXXXXXXXX Call indicated number.
001ISSUER UNAVAIL Global Payments cannot contact issuing bank for authorization.
002CALL AE Touchtone capture, won't roll to an operator.
002CALL DC Touchtone capture, won't roll to an operator.
002CALL DISCOVER Touchtone capture, won't roll to an operator.
002CALL ND Touchtone capture, won't roll to an operator.
002CALL XXXXXXXXXX Touchtone capture, won't roll to an operator.
002ISSUER UNAVAIL Touchtone capture, won't roll to an operator.
003INVLD MERCH ID Invalid Merchant ID.
004PIC UP Authorization Declined.
005DECLINE Authorization Declined.
005DECLINE NEW INFO Update cardholder data.
005DECLINE TRY LATER Try again in 3 days.
005REVK PAY ORDERED Stop payment of a specific recurring payment.
005STOP PAY ORDERED Stop all future recurring payments.
006REVERSED Requested transaction reversal was successful.
007DECLINE-CV2 FAIL Response for CVV2 failure. Declined. (Visa).
008AP WITH ID Approved with positive ID. Host does not capture this transaction.
012INVLD TRAN CODE Processing code entered is incorrect. Please refer to valid processing code.
013INVLD AMOUNT Amount entered is invalid.
014INVLD ACCT Account number does not pass issuer's edit checks.
014INVLD CODE ACCT Valid account number matched with a transaction code for a different card type.
014INVLD CID American Express CID failure.
019PLEASE RETRY Retry the transaction.
054INVLD EXP DATE Expiration date entered is incorrect.
055PIN INVALID Incorrect PIN entered.
058UNAUTH TRANS Merchant not set up for transaction code used.
075MAX PIN RETRIES Maximum PIN number entry attempts exceeded.
094AP DUPE Transaction entered is a duplicate.
0C1SYSTEM UNAVAILABLE Global Payments Check System unavailable.
0N2INV AMT MATCH The amount entered for a void or adjustment transaction does not match the amount stored in the host for that item.
0N3INV ITEM NUM The item number entered for a void or adjustment transaction is incorrect.
0N4ITEM VOIDED An adjustment or item review was attempted on a transaction previously voided.
0N5MUST BALANCE NOW Terminal has not been balanced within time specified in the Global Payments Merchant Master File for this merchant.
0N6USE DUP THEN BAL Originating device has not been balanced within time specified in the Global Payments Merchant Master File for this merchant, but merchant is set up to perform extra transactions before balancing.
0N7NO DUP FOUND Override transaction is attempted on a non-duplicated transaction.
0N8INVALID DATA Format of the transaction is incorrect.
0NANO TRANS FOUND Reversal transaction is attempted on a transaction that is not in the open batch on the host.
0NCAP NOT CAPTURED Approved but not captured (applies only to credit card transactions)- stand in.
0NEAP AUTH-ONLY Approved but this EDC merchant is not set up to capture this card type (applies only to credit card transactions).
PART AP AUTH-ONLY Only part of the requested amount was approved, but this EDC merchant is not set up to capture this card type (applies only to credit card transactions).
0P1APPROVED Approved debit card transaction.
0P2DB UNAVAIL 02 Global Payments is experiencing a problem.
0P5UNAUTH USER Merchant is not set up for debit on Global Payments Merchant Master File.
0P6INVALID CARD Invalid card number.
0T1EDC UNAVAILABLE EDC application down, try later.
0T2DB UNAVAIL 01 Debit application down, try later.
121EXCEEDS MAX AMT Exceeds withdrawal amount limit.
121EXCEEDS MAX AMT Exceeds withdrawal amount limit.

CVVResultCode field: This value is only applicable to credit card transactions. The card verification number is typically printed on the back of the card and not embossed on the front. It is used as an extra authentication method for "card not present" transactions. When programmatically validating a CV Result, this value should ALWAYS be used instead of any formatted response message describing the result, contained in the CVVResultMessage field.

The following table lists the possible CVV result codes:

Value Description
M CVV2/CVC2/CID Match
N CVV2/CVC2/CID No Match
P Not Processed
S Issuer indicates that the CV data should be present on the card, but the merchant has indicated that the CV data is not present on the card.
U Unknown / Issuer has not certified for CV or issuer has not provided Visa/MasterCard with the
CV encryption keys.
X Server Provider did not respond

AVSResultCode field: When programmatically validating an AVS Result, this value should ALWAYS be used instead of any formatted AVSResultMessage describing the result. The following table lists the possible AVS result codes:

X Exact: Address and nine-digit Zip match.
Y Yes: Address and five-digit Zip match.
A Address: Address matches, Zip does not.
Z 5-digit Zip: 5-digit Zip matches, address doesn't.
W Whole Zip: 9-digit Zip matches, address doesn't.
N No: Neither address nor Zip matches.
U Unavailable: Address information not available.
G Unavailable: Address information not available for international transaction.
R Retry: System unavailable or time-out.
E Error: Transaction unintelligible for AVS or edit error found in the message that prevents AVS from being performed.
S Not Supported: Issuer doesn't support AVS service.
B * Street Match: Street addresses match for international transaction, but postal code doesn't.
C * Street Address: Street addresses and postal code not verified for international transaction.
D * Match: Street addresses and postal codes match for international transaction.
I * Not Verified: Address Information not verified for International transaction.
M * Match: Street addresses and postal codes match for international transaction.
P * Postal Match: Postal codes match for international transaction, but street address doesn't.
0 ** No response sent.
5 Invalid AVS response.

* These values are Visa specific.

** These values are returned by the Global Transport Gateway and not the issuing bank.

FDMS Rapid Connect

Possible response codes returned by FDMS Rapid Connect are listed below along with a textual description.

CodeDescription
000Approved
001Schema Validation Error
002Approved for partial amount
003Approved VIP
100Do not honor
101Expired card
102Suspected fraud
104Restricted card
105Call acquirer's security department
106Allowable PIN tries exceeded
107Call for authorization
108Refer to issuer's special conditions
109Invalid merchant. The merchant is not in the merchant database or the merchant is not permitted to use this particular card
110Invalid amount
114Invalid account type
116Not sufficient funds
117Incorrect PIN
118No card record
119Transaction not permitted to cardholder
120Transaction not permitted to terminal
121Exceeds withdrawal amount
122Security violation
123Exceeds withdrawal frequency limit
124Violation of law
129Suspected counterfeit card
130Invalid terminal
131Invalid account number
132Unmatched card expiry date
150Invalid merchant set up
151Activation failed
152Exceeds limit
153Already redeemed
154Over monthly limit
155Recharge amount exceeded
156Max number of recharges exceeded
157Invalid entry
208Lost card
209Stolen card
302Account closed. The account was closed, probably because the account balance was $0.00
303Unknown account. The account could not be located in the account table
304Inactive account. The account has not been activated by an approved location
308Already active. The card is already active and does not need to be reactivated
311Not lost or stolen
315Bad mag stripe. The mag stripe could not be parsed for account information
316Incorrect location. There was a problem with the merchant location
317Max balance exceeded. The transaction, if completed, would cause the account balance to be exceeded by the max_balance as specified in the promotion. Some merchants set the max_balance to a value twice the max transaction amount
318Invalid amount. There was a problem with the amount field in the transaction format - more or less than min/max amounts specified in the promotion for that transaction
319Invalid clerk. The clerk field was either missing, when required, or the content did not match the requirements
320Invalid password
321Invalid new password. The new password does not meet the minimum security criteria
322Exceeded account reloads. The clerk/user/location was only permitted to reload some number of accounts. That number was exceeded. (See your Business Manager in order to extend this limit.)
323Password retry exceeded. The user account has been frozen because the user attempted access and was denied. Seek management assistance
326Incorrect transaction version or format number for POS transactions
327Request not permitted by this account
328Request not permitted by this merchant location
329Bad_repay_date
330Bad checksum. The checksum provided is incorrect
331Balance not available (denial). Due to an internal First Data Prepaid Closed Loop issue, information from this account could not be retrieved
332Account locked
333No previous transaction. The void or reversal transaction could not be matched to a previous (original) transaction. In the case of a pre-auth redemption, the corresponding locking transaction could not be identified
334Already reversed
336Bad Authorization ID. The Authorization ID test failed
337Too many transactions requested
338No transactions available/no more transactions available. There are no transactions for this account or there are no transactions as determined by the specified first transaction number
339Transaction history not available
340New password required
341Invalid status change. The status change requested (e.g. lost/stolen, freeze active card) cannot be performed
342Void of activation after account activity
343No phone service. Attempted a calling card transaction on an account which is not configured for calling card activity
344Internet access disabled
355Invalid currency. The provided currency is invalid
357Currency conversion error
359The terminal transaction number did not match (on a void or reversal).
367Target embossed card entered and Transaction count entered do not match
368No account link
369Invalid time zone
370Account on hold
372Promo location restricted
373Invalid Card Account
374Product code(s) restricted
375Bad Post Date. The Post Date is not a valid date.
376Account status is void lock
377Already active and reloadable
378Account is Purged. The Account record was purged from the database.
380Bulk activation error
381Bulk activation un-attempted error
382Bulk activation package amount error
383Store location zero not allowed
384Account row locked
385Accepted but not yet processed
401Offer Processing Error
402TransArmor Service Unavailable
403TransArmor Invalid Token or Account Number
404TransArmor Key Error
500Decline
501Date of Birth Error for Check Processing
502Invalid State Code
503New Account Information
504Do not try again
505Please retry
506Invalid Checking Account Number
507New Account Information available
508Try again later - Declined: Association's payment cancellation advice code provided. Applies to recurring authorizations only. These are examples of what may have occurred: the account is over the credit limit try again in 72 hours.
509Do not try again - Applies to recurring authorizations only. The card has expired
510New Account Information - Applies to recurring authorizations only. The card has expired
511Try again later - Applies to recurring authorizations only. The card has expired. Get the new expiration date and try again.
512Service not allowed
513Decline. Transaction not permitted to acquirer or terminal
514Do not try again - Applies to recurring authorizations only. There was security violation
515Declined. No term record on First Data system
516Please retry - Reasons for this error are one of the following: Format Error, Unable to route transaction, Switch or issuer unavailable, System Busy, Timeout
517CVV2 Declined
518Invalid account/date or sales date in future
519Invalid Effective Date
520Reversal Rejected. Do not try again.
521Enter lesser amount
522Cash Back greater than total Transaction amount
523Crypto box is offline
524Debit Switch unavailable Timeout Retry - Communications link to debit/EBT network gateway is down or responded with a "System Malfunction (96)" message
525Debit/EBT network gateway cannot get through to the ISSUER.
526Undefined Card - Debit/EBT network gateway cannot route card based on Merchant Entitlement
527Network Response indicates that Merchant ID / SE is invalid
528Debit/EBT transaction count exceeds pre-determined limit in specified time/ Withdrawal limit exceeded.
529Resubmission of transaction violates debit/EBT network frequency
530The authorizing network has a problem decrypting the cryptogram in the request
532The DUKPT Base Derivation key is missing or incorrect in the PIN pad, or PIN key synchronization error.
540Edit Honor
541No Savings Account
542DUKPT: An error while processing the PIN block that is not related to the point-of-sale equipment. Contact the Help Desk for assistance.
550Invalid Vehicle
551Invalid Driver
552Invalid Product
553Exceeds transaction total limit per product class.
554Over daily limit
555Invalid Date/Time
556Exceeds quantity
557Invalid prompt entry
558Invalid Track 2 data
559Voyager ID problem
560Invalid Odometer
561Invalid Restriction Code
562Pay at pump not allowed
563Over fuel limit
564Over cash limit
565Fuel price error
566Y or N required
567Over repair limit
568Over additive limit
569Invalid user
701Approved EMV Key Load
702EMV Key Download Error
703Approved EMV Key Load, more key load data pending
704Pick Up Card
708Honor With Authentication
721Invalid ZIP Code
722Invalid value in the field
723Driver's License or ID is Required
724Referred - Not Active
726Unable to Locate Record On File
727Refer - Call Authorization (Checks only)
728Referred - Skip Trace Info
729Hard Negative Info On File
731Rejected Lost/Stolen Checks
740Totals Unavailable
767Hard Capture; Pick Up
771Amount Too Large
772Duplicate Return
773Unsuccessful
774Duplicate Reversal
775Subsystem Unavailable
776Duplicate Completion
782Count Exceeds Limit
785No reason to decline.
790Not approved. Used only in Visa bill/recurring payment. Merchant must not resubmit same transaction but may continue billing process in subsequent billing period.
791Not approved. Used only in Visa bill/recurring payment. Merchant must stop recurring payment requests.
792See attendant.
801Over merchandise limit
802Imprint card
803Not on file
804Fuel only
805Velocity exceeded
806Authorization ID needed
807Over non-fuel limit
808Invalid location
809Over card velocity count
810Over card velocity amount
811Over issuer velocity count
812Over issuer velocity amount
813Over merchant daily velocity count
814Over merchant daily velocity amount
815Over merchant daily velocity both
816Over merchant product velocity amount
817Over merchant product velocity count
818Over merchant product velocity both
819Over chain daily velocity count
820Over chain daily velocity amount
821Over chain daily velocity both
822Over chain product velocity count
823Over chain product velocity both
824Over chain product velocity amount
825No chain ID for chain merchant
826Signature required
902Invalid transaction. This card or terminal is not permitted to perform this transaction, or the transaction type is invalid, or First Data is unable to route a refund request to the network.
904Format error.
906System Error. There is a problem with the host processing system. Call your helpdesk or operations support.
907Card issuer or switch inoperative
908Transaction destination not found.
909System malfunction
911Card issuer timed out
913Duplicate transaction.
914Void/Full Reversal requests in which the Original Authorization was not found.
915Timeout Reversal not supported Resend the original transaction.
920Security H/W or S/W error - try again
921Security H/W or S/W error - no action
923Request in progress
924Limit check failed
940Error.
941Invalid issuer
942Customer cancellation
944Invalid response
950Violation of business arrangement
954CCV failed.
958CCV2 failed
959CAV failed
963Acquirer channel unavailable

Returned ACI Codes

This page lists ACI codes. This information is not applicable to all processors.

TSYS

This is a list of possible ReturnedACI values. Please note that many of these return values result from features not available in any of the currently supported Industry Types.

ValueDescription
ACPS qualified.
DVisa Electronic Data Quality Program (EDQP) transaction (not CPS).
ECPS qualified and Card Acceptor Data was supplied in the authorization request.
FCPS qualified for Visa Account Funding Transactions.
ICPS qualified incremental authorization request.
JCard Not Present, Recurring Bill Payment.
CCPS qualified for a self-service automated fuel dispense.
KCPS qualified and included an address verification request in the authorization request (Unable to read magnetic stripe).
MMeets national payment service requirements with no address verification: Direct Marketing.
NNot CPS qualified.
PCPS qualified and accepted for Preferred Customer qualification or 3D Secure validation failure for T&E transaction.
RRecurring or Installment Payments, Healthcare and select developing market MCCs may submit the ACI of R to bypass AVS requirements.
SCPS attempted for Preferred e-Commerce (3D Secure).
TTransaction cannot participate in CPS.
UCPS qualified for Preferred e-Commerce (3D Secure).
VCPS qualified and included an address verification request in the authorization request.
WCPS qualified for Basic e-Commerce (Non-3D Secure).
spaceIf "Y" sent and transaction not qualified (VAS downgrade).

FDMS

The following is a list of all returned ACI values. Please note that many of these return values result from features not available in any of the currently supported Industry Types.

ValueDescription
I Incremental to a previously approved authorization
P Preferred Customer (auto rental, hotel, and transport)
Y Transaction is requesting service in CPS/2000 Received by issuer on first authorization, saved in terminal, and returned on reversal and settlement transactions:
" " (Space) Transaction not submitted for REPS processing
A Normal qualified
C Qualified, customer-activated terminal
E Qualified Retail
F Card Not Present (Account Funding - with AVS and CVV2)
I Qualified incremental
J Card not present - Recurring bill payment
K Qualified CPS/Retail Key Entry (AVS is required with K)
N Not qualified
P Qualified Preferred
R AVS not Required - Only available to VISA Health Care and Select Developing Markets
S Card Not Present (E-Commerce - 3D Secure Attempt)
T Transaction cannot participate in CPS programs
V Qualified Address Verification
U Card Not Present (E-Commerce - 3D Secure)
W Card Not Present (E-Commerce - Non 3D Secure w/AVS)

Card Level Result Codes

This page lists Card Level Result codes. This information is not applicable to all processors.

TSYS

This is a list of possible CardLevel values.

Value (^ = space)Description
A^Visa Traditional
AXAmerican Express Card
B^Visa Traditional Rewards
C^Visa Signature
D^Visa Signature Preferred
DIDiscover Card
DNDiners Card
E^Proprietary ATM
F^Visa Classic
G^Visa Business
G1Visa Signature Business
G2Reserved
G3Visa Business Enhanced, Visa Platinum Business
G4Visa Infinite Business, Visa Infinite Privilege Business (Canada)
G5Visa Business Rewards
H^Reserved
I^Visa Infinite
J^, J1, J2, J4Reserved
I1Visa Infinite Privilege
J3Visa Healthcare
JCJCB Card
K^Visa Corporate T&E
K1Visa GSC Corporate T&E
L^Electron
M^Mastercard
N^Visa Platinum
N1Visa Rewards
N2Visa Select
P^Visa Gold
Q^Private Label
Q1Reserved
Q2Private Label Basic
Q3Private Label Standard
Q4Private Label Enhanced
Q5Private Label Specialized
Q6Private Label Premium
R^Proprietary
S^Visa Purchasing
S1Visa Purchasing with Fleet (outside of Canada), Visa Fleet (cards issued in Canada)
S2Visa GSA Purchasing
S3Visa GSA Purchasing with Fleet
S4Commercial Loan
S5Commercial Transport EBT
S6Business Loan
S7Reserved
T^Reserved
U^Visa Travel Money
V^V Pay
V1Reserved
W^Reserved
X^Visa B2B Virtual Payments
Y^Reserved
Z^Reserved

Paymentech

Visa Card Level Results Code:

CodeMeaning
SpacesNot applicable
A^Visa Traditional
AX*American Express
B^Visa Traditional Rewards
C^Visa Signature
D^Visa Infinite
DI*Discover
E^Reserved
F^Reserved
G^Visa Business Card
G1Visa Signature Business
G2Visa Business Check Card
H^Classic Visa Check Card
I^Visa Commerce
J^Reserved
J1Visa General Prepaid
J2Visa Prepaid Gift Card
J3Visa Prepaid Healthcare
J4Visa Prepaid Commercial
K^Visa Corporate Card
K1Visa GSA Corporate T&E
L^Reserved
M^*MasterCard/EuroCard and Diners
N^ - P^Reserved
Q^Private Label
Q1Private Label Prepaid
R^Proprietary Card
S^Visa Purchasing Card
S1Visa Fleet
S2Visa GSA Purchasing
S3Visa GSA Purchasing with Fleet
T^Reserved/Interlink
U^Visa TravelMoney
W^ - Z^Reserved
0^ - 9^Reserved
^ Space
* Valid only when the transaction was re-routed to Visa for authorization.

Testing Information

This page provides testing information for the various processors.

TSYS test account information

The following TSYSMerchant information may be used to test transactions. Note that the TSYS server will route the test account (indicated by the MerchantBankId) to a test server. If the test system is off-line, you will receive a "Bad BIN or Host Disconnect" error. This error is returned whenever the live server does not recognize a MerchantBankId.

TSYSMerchant.BankId "999995"
TSYSMerchant.CategoryCode "5999"
TSYSMerchant.Name "4DPAYMENTS"
TSYSMerchant.Number "999999999911"
TSYSMerchant.ServicePhone "800-1234567"
TSYSMerchant.State "NC"
TSYSMerchant.StoreNumber "0011"
TSYSMerchant.TerminalNumber "9911"
TSYSMerchant.Zip "27609"
TSYSMerchant.TimeZone "705"
AgentBankNumber (for settlement) "000000"
AgentChainNumber (for settlement) "111111"
TerminalId (for settlement) "00000001"

TSYS Test Host Authorization Values for Regular Credit Card Transactions:

Request ValueResponse CodeResponse Text
$0.00 13 Amount Error
$0.01 01 Call
$0.02 02 Call
$0.03 28 No Reply
$0.04 91 No Reply
$0.05 04 Hold - Call
$0.06 07 Hold - Call
$0.07 41 Hold - Call
$0.08 43 Hold - Call
$0.09 EA Account Length Error
$0.10 79 Already Reversed
$0.11 13 Amount Error
$0.12 83 Can't Verify PIN
$0.13 86 Can't Verify PIN
$0.14 14 Card No Error
$0.15 82 Cashback Not APP
$0.16 N3 Cashback Not Avl
$0.17 06 Check Digit Error
$0.18 EC CID Format Error
$0.19 80 Date Error
$0.20 05 Decline
$0.21 51 Decline
$0.22 N4 Decline
$0.23 61 Decline
$0.24 62 Decline
$0.25 65 Decline
$0.26 93 Decline
$0.27 81 Encryption Error
$0.28 06 Error XXXX
$0.29 54 Expired Card
$0.30 92 Invalid Routing
$0.31 12 Invalid Trans
$0.32 78 No Account
$0.33 21 No action taken
$0.34 76 No action taken
$0.35 77 No action taken
$0.36 52 No Check Account
$0.37 39 No Credit Acct
$0.38 53 No Save Acct
$0.39 15 No Such Issuer
$0.40 75 PIN Exceeded
$0.41 19 RE-ENTER
$0.42 63 SEC Violation
$0.43 57 Serv Not Allowed
$0.44 58 Serv Not Allowed
$0.45 96 System Error
$0.46 03 Term ID Error
$0.47 55 Wrong PIN
$0.48 N7 CVV Mismatch
$0.49 85 Card OK
$0.50* VITAL X APPROVAL
$0.80 00 (space) CAVV result code
$0.81 00 0' CAVV result code
$0.82 00 1' CAVV result code
$0.83 00 2' CAVV result code
$0.84 00 3' CAVV result code
$0.85 00 4' CAVV result code
$0.86 00 D' For Commercial Card -Visa Commerce
* Used for a debit switching. The amount provokes the host into sending "V" as the NetworkId instead of "G". If the NetworkId contains a "V" (or a "5"), this indicates the transaction was processed as a credit card purchase transaction even though it was originally submitted as a debit transaction. Therefore, the transaction must be settled as a credit card (non-debit) transaction.

Visa Commercial Card Group III Responses

Request Value Response Code Text Response
$0.51 001B VITAL X (approval)
$0.52 001R VITAL X (approval)
$0.53 001S VITAL X (approval)
$0.86 001D VITAL X (approval)

MasterCard Commercial Card Group III Responses

Card Number Response Code Text Response
552500000000005 001R VITAL X (approval)
5472060000000000 001B VITAL X (approval)
5550000000000003 001S VITAL X (approval)

Visa Infinite / Visa Signature Card Auth. Transaction Amount Limits (Cert box testing)

For testing, submit a Visa card transaction for $444,444.44 only.

Large Ticket - Commercial Card

For testing, submit a Visa card for $10,000,000.00 only.

Card Verification Value Test Responses (CVV2)

CVV2 Request Value CVV Result Response Text
998 (MasterCard) M VITAL X (approval)
xxx (MasterCard) N7 CVC2 MISMATCH
xxx (VISA) N7 CVV MISMATCH
9997 (AMEX) (no response) VITAL X (approval)
xxxx (AMEX) EC CID FORMAT ERROR
999 (VISA) M VITAL X (approval)

Address Verification Service Responses

CustomerZipResponse Code Response Text
85284 Z Zip Match
99999 U Ver Unavailable
99998 G Ver Unavailable
999970001 B Address Match
999970002 C Serv Unavailable
999970003 D Exact Match
999970004 I Ver Unavailable
999970005 M Exact Match
999970006 P Zip Match
999970007 A Address Match
999970008 Y Exact Match
*Use "8320" for the CustomerAddress in all of the above cases.

Test Card Numbers: (Use any future expiration date)

Visa 4012000010000
MasterCard 5499740000000057
Discover 6011000991001201
Amex 371449635392376
Diners 38555565010005

Paymentech test account information

The following Merchant information may be used to test transactions. Note that the you must use the test server URL as in the code below. PTechCharge1.Server = "https://netconnectvar1.chasepaymentech.com/NetConnect/controller" PTechCharge1.MerchantNumber = txtMerchantNumber.Text PTechCharge1.TerminalNumber = txtTerminalNumber.Text PTechCharge1.ClientNumber = txtClientNumber.Text PTechCharge1.UserId = txtUserId.Text PTechCharge1.Password = txtPassword.Text

Server "https://netconnectvar1.chasepaymentech.com/NetConnect/controller"
MerchantNumber "700000000125"
TerminalNumber "001"
ClientNumber "0002"
UserId "4dpayments01"
Password "4dpaymentspw01"

The following amounts may be sent to test various responses from Paymentech. As a note, with the test server only the first three characters of the Response Approval Code should be checked as the server will append the cents portion of the amount to the approval code to indicate what value caused the error. Paymentech Test Host Capture Authorization Values for Regular Credit Card Transactions:

Request ValueResponse Approval CodeResponse Text
$x.01 200 AUTH. DECLINED
$x.02 201 CALL VOICE OPER
$x.03 202 HOLD - CALL
$x.04 203 CALL VOICE OPER
$x.05 204 INVALID CARD NO
$x.06 205 INVALID EXP DATE
$x.07 206 INVALID ICA NO
$x.08 207 INVALID ABA NO
$x.09 208 INVALID PIN NO
$x.10 209 INVALID BANK MID
$x.11 210 INVALID TERM NO
$x.12 211 INVALID AMOUNT
$x.13 212 INVALID STATE CD
$x.14 213 INVALID TRAN FMT
$x.15 214 CALL VOICE OPER
$x.16 215 LOST/STOLEN CARD
$x.17 216 INVALID PIN
$x.18 217 OVER CREDIT FLR
$x.19 218 *REQUEST DENIED*
$x.20 220 NOT ONLINE TO ??
$x.21 221 DOWN - PLS RETRY
$x.22 222 AUTH. DECLINED
$x.23 223 INVALID PIN NO
$x.24 224 AUTH. DECLINED
$x.25 225 CARD NOT ALLOWED
$x.59 NA DECLINED PER CARDHOLDER
$x.92 292 DOWN - PLS RETRY
$x.93 293 BUSY - PLS RETRY
$x.94 294 BUSY - PLS RETRY
$x.97 297 ERROR - RETRY
$x.98 298 ERROR - RETRY
$x.99 299 ERROR - RETRY

Paymentech Test Terminal Capture Authorization Values for Regular Credit Card Transactions:

Request ValueResponse Approval CodeResponse Text
$x.01 200 AUTH. DECLINED
$x.02 201 CALL VOICE OPER
$x.03 202 HOLD - CALL
$x.04 203 CALL VOICE OPER
$x.05 204 INVALID CARD NO
$x.06 205 INVALID EXP DATE
$x.07 206 INVALID ICA NO
$x.08 207 INVALID ABA NO
$x.09 208 INVALID PIN NO
$x.10 209 INVALID BANK MID
$x.11 210 INVALID TERM NO
$x.12 211 INVALID AMOUNT
$x.13 212 INVALID STATE CD
$x.14 213 INVALID TRAN FMT
$x.15 214 CALL VOICE OPER
$x.16 215 LOST/STOLEN CARD
$x.17 216 INVALID PIN
$x.18 217 OVER CREDIT FLR
$x.19 218 *REQUEST DENIED*
$x.20 220 NOT ONLINE TO ??
$x.21 218 *REQUEST DENIED*
$x.22 218 *REQUEST DENIED*
$x.23 218 *REQUEST DENIED*
$x.24 218 *REQUEST DENIED*
$x.25 218 *REQUEST DENIED*
$x.59 NA DECLINED PER CARDHOLDER
$x.92 218 *REQUEST DENIED*
$x.93 218 *REQUEST DENIED*
$x.94 218 *REQUEST DENIED*
$x.97 218 *REQUEST DENIED*
$x.98 218 *REQUEST DENIED*
$x.99 218 *REQUEST DENIED*

FDMS

FDMS does not provide public testing facilities. You must contact FDMS to obtain a test account. Once you have an account you must also setup Datawire (unless you are using FDMS Omaha via a direct connection).

The FDMSRegister component is a tool used to Register and Activate a merchant account with the Datawire VXN. This component communicates with the Datawire VXN transaction transport network, and allows you to set up your account so that credit card transactions made with the FDMSECommerce, FDMSRetail, and FDMSSettle components will pass through Datawire and ultimately reach the First Data Merchant Services (FDMS) transaction processor. Before you can charge a single credit card, you must Register and Activate your FDMS account, and then run a ServiceDiscovery to find acceptable URLs, which you will ultimately use to send credit card authorizations.

The first thing you must do is Register your merchant account. First Data Merchant Services will provide you with a MerchantNumber and a MerchantTerminalNumber, which are required for registering with Datawire. If you are registering on the Rapid Connect platform you must also set the GroupId configuration setting. In addition, you will need to set the TransactionNumber with a unique value (the TransactionNumber should be incremented for each transaction you send to the Datawire VXN). The example below also sets the URL to point to the Datawire test server.

FDMSRegister.MerchantNumber = "000000999990"; FDMSRegister.MerchantTerminalNumber = "555555"; //FDMSRegister.Config("GroupId=FDMS_Assigned_GroupId"); //Rapid Connect Only FDMSRegister.TransactionNumber = "0000001V002500" 'any unique number will do; check TransactionNumber property for format FDMSRegister.URL = "https://stagingsupport.datawire.net/staging_expresso/SRS.do" FDMSRegister.Register()

If the registration was successful, the DatawireStatus will contain "OK", and the DatawireId will contain the new Id which you must save and send with every subsequent transaction. The PrimaryDiscoveryURL and SecondaryDiscoveryURL properties will also be filled after a successful authorization. These URLs should be saved for later, and used to perform ServiceDiscovery.

After registering, you must immediately Activate the merchant. If you wait too long, your registration will time out, and you will have to contact Datawire to have them reset your account so that you may register again. When activating the merchant, the same properties are required as for the Register method, with the addition of the DatawireId property. Since the call to Register filled the DatawireId property with the correct value, all we need to do now is:

FDMSRegister.TransactionNumber = "0000002V002500" 'any unique number will do; check TransactionNumber property for format FDMSRegister.Activate()

After registering and activating the account, you may now move on to Service Discovery. The Register method will return both a PrimaryDiscoveryURL and a SecondaryDiscoveryURL. Use these URLs with the ServiceDiscovery method to retrieve a list of valid transaction URLs. For instance:

FDMSRegister.ServiceDiscovery("https://staging1.datawire.net/sd")

After a successful ServiceDiscovery the DatawireStatus will be "OK". The discovered URLs will be listed in the ServiceProviders array property. At this time, you should Ping each of these URLs and sort them in order of fastest to slowest response time. You will use the URL with the fastest response time to authorize transactions with FDMSRetail or FDMSECommerce. If the first URL stops responding, you should remove the URL and switch to the next URL in the list. The following example shows how to ping each of the ServiceProviders (you must save and sort the results yourself).

for (int i = 0; i < FDMSRegister.ServiceProviders.Length; i++) { FDMSRegister.Ping(FDMSRegister.ServiceProviders[i]); Console.WriteLine(FDMSRegister.ServiceProviders[i] + " = " + FDMSRegister.PingResponseTime); }

If your list of servers becomes empty, perform ServiceDiscovery and the subsequent steps to re-populate the list of available servers.

You may now use the DatawireId and the Service Provider URLs retrieved by this component to submit transactions using the FDMSECommerce, FDMSRetail, and FDMSSettle components.

FDMS Rapid Connect Test Cards

The Rapid Connect Sandbox also provides test cards that can be used for ad hoc testing.

PIN Debit 4017779991113335
Visa 4761530001111118
EBT 5076800002222223
MasterCard 5137221111116668
Discover 6011208701117775
Amex 371030089111338
Diners Club 36185900011112
JCB 3566002345432153
The TransactionAmount also may have a special meaning.
  • The value "4567" ($45.67) will result in a No Host Response to simulate Time-out Reversal testing.
  • Values below "10000" ($100.00) will receive an approved response.
  • Values above "10000" ($100.00) will receive a specific error. The last 3 digits of the value represent the 3 digit Code. For instance to receive a response with error code 106 the amount should be "10116" ($101.16).

Global Payments test account information

The following merchant information may be used to test transactions. Note that the you must use the test server URL as in the code below. GlobalCharge1.Server = "https://certapia.globalpay.com" GlobalCharge1.UserId = "4dpayments_ecom" GlobalCharge1.Password = "Passw0rd" Since Global Payments separates industry types by UserId, there are several UserId values that can be used for testing depending upon the type of transaction you want to test. These are:

IndustryUserIdPasswordVendorNumber
E-Commerce4dpayments_ecomPassw0rd718
MOTO4dpayments_motoPassw0rd732
Retail4dpayments_retailPassw0rd719
Restaurant4dpayments_restaurantPassw0rd711

VendorNumber is only required when using GlobalTransactionSearch.

Note that for testing Server must be set to "https://certapia.globalpay.com".