Professional Documents
Culture Documents
Table Of Contents
Copyright................................................................................................................................ 4
Introduction ................................................................................................................. 5
Introduction .......................................................................................................................... 11
Introduction .......................................................................................................................... 18
Introduction .......................................................................................................................... 20
Testing Transactions............................................................................................................ 21
Introduction .......................................................................................................................... 24
3D Secure Page 2 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Appendices ............................................................................................................... 32
3D Secure Page 3 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Because almost all communication between the merchant's system and the RBS
WorldPay Payment Service is realised through predefined XML messages over the
Internet using standard protocols, you will need basic XML programming skills and
knowledge of HTTP(S). Furthermore, it is recommended that you are familiar with
the basics of the Payment system. Where applicable, this document refers to the
related documentation with further details.
Copyright
RBS WorldPay © The Royal Bank of Scotland plc
While every effort has been made to ensure the accuracy of the information
contained in this publication, the information is supplied without representation or
warranty of any kind, is subject to change without notice and does not represent a
commitment on the part of WorldPay Limited. WorldPay Limited,
therefore, assumes no responsibility and shall have no liability,
consequential or otherwise, of any kind arising from this material or any part thereof,
or any supplementary materials subsequently issued by WorldPay Limited.
WorldPay Limited has made every effort to ensure the accuracy of this material.
3D Secure Page 4 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Introduction
What is XML Direct?
Merchants who collect and store their shoppers' payment details on their own
platform can use the XML Direct model as an effective payment-processing gateway.
With this model, the merchant collects both order and payment details and then
communicates the relevant payment details on a per order basis with RBS WorldPay,
for processing. The XML Direct model only allows for using a select number of on-
line payment methods, where no consumer interaction is involved.In view of the cost
involved in establishing appropriate security measures this model only applies for
merchants with established high transaction volumes.
Security
A core issue associated with using the XML Direct model is security. The collection
and storage of payment information, such as, card numbers and cardholder names
must take place in a secure environment.
For more information, please refer to PCI DSS and to the PCI Security Standards
Council at: www.pcisecuritystandards.org. If you want any help to gain compliance
this site also lists PCI approved Quality Security Assessors (QSA') who can provide
technical advice (chargeable).
You can reduce your exposure to fraud and increase confidence in online shopping
by implementing 3-D Secure Authentication with the XML Direct Model. The
additional security benefits and liability shifts of authenticated transactions are
currently only supported by cards within the Visa and MasterCard brands.
From 30th June 2008, MasterCard requires that your website implements
3-D Secure authentication in order for you to continue accepting Maestro
payments. Please also note that at some point in the future we expect that
this mandate will be applied to all Visa and MasterCard transactions.
3D Secure Page 5 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
The benefits of the 3-D Secure process are the enhanced security available when
performing an authenticated transaction as well as the shift of liability in the event of
fraudulent transactions. Authentication should strengthen your existing anti-fraud
strategy and help protect your business, but bear in mind that coverage of
authentication programmes is currently limited to Internet transactions. This means
that authentication programmes do not cover fax, mail, or phone orders, nor do they
cover all card types.
For further details about authentication, refer to the Cardholder Authentication guide
3D Secure Page 6 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
account settings: before sending test orders to the Payment Service check
and, if necessary, update settings that control aspects of how the service
works. For example, setting a delay between authorisation and capture.
order submission: setting up an HTTP(S) connection between your system
and ours and automating the sending of XML orders over that connection.
This topic is covered in this guide.
testing the connection: you are able to test the connection using the Test
environment before using the Production environment.
Please note the following before proceeding.
Account Settings
A number of the settings that affect the way the service works, can only be modified
via our online administration tool, the Merchant Interface.
Note to remember: you have a separate Merchant Interface for your Production
environment and for your Test environment. You can login to both via:
www.rbsworldpay.com/admin
When setting up the HTTP(s) connection over which you will send XML orders,
remember to use a valid login and password.
Your login name is the relevant merchant code (to look up the merchant code(s)
allocated to your organisation, login to the Merchant Interface and refer to the status
box in the left-hand side of the page).
3D Secure Page 7 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Most of the incorrect XML issues will be resolved by using an industry standard
parser. XML messages should be parsed prior to sending them to the RBS
WorldPay Payment Service and upon receipt. This ensures that the messages sent
are valid and messages received are correctly interpreted. When parsing, please
ensure that you are using an industry standard Parser that parses the message
against the RBS WorldPay Document Type Definition (DTD) (refer to Reference the
DTD below). Do not rely on a self-built parser. Please refer to http://www.xml.org for
further details on XML and parsers.
For examples of XML errors messages our system may return, please refer to the
appendix XML Error Codes.
All XML messages sent to the RBS WorldPay system must be well-formed and valid.
For the XML to be well-formed, it must adhere to a number of rules, including:
A valid XML message must always include a reference to the DTD, so it can be
automatically compared with it in order to check if all the references used are correct.
The DTD is specified in the header of the XML message and will look as follows:
3D Secure Page 8 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Every element, attribute and entity in the XML that you send, must be declared in the
DTD (Document Type Definition).
Name Tokens
An XML name token consists of alphanumeric and/or ideographic characters and the
punctuation marks [_], [-], [.], and [:]. No other characters are allowed. An XML name
token may not contain white spaces.
If an attribute is declared to contain a name token or list of name tokens, the values
of these attributes must be legal XML name tokens. Below you can find an example
of this:
PCDATA
In a PCDATA (Parsed Character DATA) block in the XML message the following
special characters should not be included: [&], [<], [>] and ["]. If you need to use
these characters within a PCDATA block you should specify them as follows:
& = &
> = >
< = <
" = "
For example, for the description element which is declared to contain PCDATA
<!ELEMENT description (#PCDATA )> a valid example would be:
3D Secure Page 9 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
CDATA
]]>.
A CDATA block must be enclosed between the start tag <[CDATA[ and the end
tag ]]>. For example:
<[CDATA[This text has not been parsed & still can be used]]>
3D Secure Page 10 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
dtd.wp3.rbsworldpay.com/
XML files are valid if they are well-formed, that is, they have a correct XML syntax,
and conform to a Document Type Definition.
Note for details of submitting a 3-D Secure payment request, please refer to the
chapter Submitting a 3D-Secure Order.
<?xml version="1.0"?>
<!DOCTYPE paymentService PUBLIC
"-//RBS WorldPay//DTD RBS WorldPay PaymentService v1//EN"
"http://dtd.wp3.rbsworldpay.com/paymentService_v1.dtd">
Order Content
The third child element of the order element is orderContent. You can deliver the
order content in HTML format. When supplying HTML order content the only HTML
tags allowed are the tags permitted between the <body> and </body> tags of a
valid HTML document! No form of scripting is allowed in the order content.
The order content must be less than 10 kilobytes and should always be included in a
CDATA section to avoid parsing problems.
<orderContent>
<![CDATA[content here]]>
</orderContent>
order code
product(s) and/or service(s) ordered
item price
total amount
3D Secure Page 11 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
In addition to the regular payment details you need to provide information about the
shopper browser session in the paymentDetails child element session,
containing the shopperIPAddress and session id.
RBS WorldPay uses the payment details and session information for risk
assessment. They are a mandatory element in a 3-D Secure transaction.
<paymentDetails>
<VISA-SSL>
<cardNumber>4444333322221111</cardNumber>
<expiryDate>
<date month="09" year="2009"/>
</expiryDate>
<cardHolderName>J. Shopper</cardHolderName>
<cvc>123</cvc>
<cardAddress>
<address>
<firstName>John</firstName>
<lastName>Shopper</lastName>
<street>47A Queensbridge Rd</street>
<!-- We recommend that you include the whole address in this
field with the exception of postalCode and CountryCode.>
<postalCode>CB94BQ</postalCode>
<countryCode>GB</countryCode>
<telephoneNumber>0123456789</telephoneNumber>
3D Secure Page 12 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
</address>
</cardAddress>
</VISA-SSL>
<session shopperIPAddress="123.123.123.123"
id="02l5ui8ib1"/>
</paymentDetails>
Note that the payment method code VISA-SSL should be used for both
Visa credit and Visa debit card payments.
Note that the cvc element contains the Card Verification Code. For details please
refer to the appendix CVC/CVV Checks And Responses. Also note that the
numeric parts (if there are any) of the street element are used in the AVS
check. The non-numeric parts are ignored.
For the Solo (SOLO_GB-SSL) payment method either the issue number or the start
date must be included in the paymentDetails, depending on the issuer policy.
Please note that the issue number can be up to three digits, including possible zeros
in front. This example shows paymentDetails for SOLO_GB-SSL:
<paymentDetails>
<SOLO_GB-SSL> <cardNumber>6333333333333333336</cardNumber>
<expiryDate><date month="05" year="2009"></expiryDate>
<cardHolderName>J. Shopper</cardHolderName>
<issueNumber>07</issueNumber>
</SOLO_GB-SSL>
</paymentDetails>
Shopper Information
You can provide extra information about the shopper in an XML order by using the
order child element shopper. Its shopperEmailAddress element is used by
RBS WorldPay to identify possible fraudulent transactions, or to send an email to the
shopper when the payment is authorised or refused.
<shopper>
<shopperEmailAddress>jshopper@myprovider.int</shopperEmail
Address>
</shopper>
3D Secure Page 13 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Please note that a browser-view picture of the order is shown below the XML code.
<?xml version="1.0"?>
<!DOCTYPE paymentService PUBLIC "-//RBS WorldPay/DTD
RBS WorldPay PaymentService v1//EN"
"http://dtd.wp3.rbsworldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="MYMERCHANT">
<submit>
<order orderCode="T0211010">
<description>20 Tulip Bulbs from MYMERCHANT
Webshops</description>
<amount value="2600" currencyCode="EUR" exponent="2"/>
<orderContent>
<![CDATA[
<center><table>
<tr><td bgcolor="#ffff00">Your Internet Order:</td><td
colspan="2" bgcolor="#ffff00"
align="right">T0211010</td></tr>
<tr><td bgcolor="#ffff00">Description:</td><td>20 Tulip
Bulbs</td><td align="right">1,00</td></tr>
<tr><td colspan="2">Subtotal:</td><td
align="right">10,00</td></tr>
<tr><td colspan="2">VAT: 15%</td><td
align="right">3</td></tr>
<tr><td colspan="2">Shipping and Handling:</td><td
align="right">3</td></tr>
<tr><td colspan="2" bgcolor="#c0c0c0">Total cost:</td><td
bgcolor="#c0c0c0" align="right">EUR 26,00</td></tr>
<tr><td colspan="3"> </td></tr>
<tr><td bgcolor="#ffff00" colspan="3">Your billing
address:</td></tr>
<tr><td colspan="3">Mr. J. Shopper<br>47A Queensbridge
Road<br>Cambridge<br>CB9 4BQ<br>United Kingdom</td></tr>
<tr><td colspan="3"> </td></tr>
<tr><td bgcolor="#ffff00" colspan="3">Your shipping
address:</td></tr>
<tr><td colspan="3">Mr.J. Shopper<br>
47A Queensbridge Road<br>Cambridge<br>CB9
4BQ<br>UK</td></tr>
<tr><td colspan="3"> </td></tr>
<tr><td bgcolor="#ffff00" colspan="3">Our contact
information:</td></tr>
<tr><td colspan="3">MYMERCHANT Webshops International<br>461
3D Secure Page 14 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
3D Secure Page 15 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
3D Secure Page 16 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
3D Secure Page 17 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
When parsing RBS WorldPay reply it is important that you use an industry standard
XML parser. Do not depend on a homemade one, which may not be able to correctly
interpret the messages received from RBS WorldPay. For various platforms different
XML parsers exist. Please refer to http://www.xml.org.
<<?xml version="1.0"?>
<!DOCTYPE paymentService PUBLIC "-//RBS WorldPay//DTD RBS
WorldPay PaymentService
v1//EN"
"http://dtd.wp3.rbsworldPay.com/paymentService_v1.dtd">
<paymentService merchantCode="MYMERCHANT" version="1.4">
<reply>
<orderStatus orderCode="T0211010">
<payment>
<paymentMethod>VISA-SSL</paymentMethod>
<amount value="1400" currencyCode="GBP" exponent="2"
debitCreditIndicator="credit"/>
<lastEvent>AUTHORISED</lastEvent>
<CVCResultCode description="APPROVED"/>
<balance accountType="IN_PROCESS_AUTHORISED">
<amount value="1400" currencyCode="GBP"
exponent="2"
debitCreditIndicator="credit"/>
</balance>
<cardNumber>4444********1111</cardNumber>
<riskScore value="0"/>
</payment>
3D Secure Page 18 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
</orderStatus>
</reply>
</paymentService>
In the reply, the payment element holds the relevant payment details and status
information. Its child elements paymentMethod and amount contain the payment
method used and the amount, including the currency, its exponent and the
debitCreditIndicator that indicates the amount is positive.
Always refer to the RBS WorldPay DTD for an up-to-date list of child elements and
attributes of the reply element.
To inform the shopper of the payment result you can, for instance, send an email.
Alternatively, you can have your account configured so that RBS WorldPay sends an
email to the shopper after a successful authorisation or a refusal. To use the latter
method, you can change the settings and the text of the actual emails through
the ’Edit Channels' functionality in the Merchant Interface.
3D Secure Page 19 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Make sure the HTTP content type is “text/xml”! It is important to check that
&rsquocontent length' is specified correctly. Not specifying the content length will not
create errors, while specifying it incorrectly will.
3D Secure Page 20 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
The value of the cardHolderName element in the XML order message can be used
to manipulate the test, as follows:
Note that in the Production environment, the length of the paResponse element
can be up to 4.7KB. However, in the Test Environment you should use
considerably shorter lengths, such as those shown above, otherwise a parse
error will be generated.
Testing Transactions
3D Secure Page 21 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
A number of different cases can be tested by entering the following values as the
card/accountholder name (<cardHolderName>) in the order:
For test purposes we have provided a set of test credit and debit card numbers,
these are listed below in the Test Card Numbers section.
Captures and refunds can be simulated through the Merchant Interface. Use the
"Capture" or "Refund" button in the Payment and Order Details page. Alternatively,
you can send an XML capture or refund order modification to the Test environment.
The following card numbers can be used when you make test transactions in Test
environments only - do not use them in live, Production environments:
Card
Card Type Card Number Lengt Issue No. Length
h
Visa
4484070000000000 16 0
Purchasing
Mastercard 5100080000000000 16 0
Visa Delta -
4406080400000000 16 0
UK
Visa Delta -
4462030000000000 16 0
Non-UK
Visa 4911830000000 13 0
Visa 4917610000000000 16 0
American
370000200000000 15 0
Express
Diners 36700102000000 14 0
3D Secure Page 22 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
JCB 3528000700000000 16 0
Visa
4917300800000000 16 0
Electron
Solo 6334580500000000 16 0
63347306000000000
Solo 18 1
0
Discover
6011000400000000 16 0
card
63049506000000000
Laser 18 0
0
57000000000000000
Maestro 19 1
00
German ELV
account
card type bank code
number
Please note that ELV must be activated in the Production environment for merchants
who would like to test ELV transactions.
3D Secure Page 23 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Please note that our Test Environment enables you to test your implementation.
3D Secure Page 24 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
The following section details the additional XML required to process a request and
explains the information returned in the subsequent response.
3D Secure Page 25 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
The first order message is almost the same as the regular order messages. Only a
few additional elements are added and some elements are made mandatory for use
with 3-D Secure.
The acceptHeader element should contain the exact content of the HTTP accept header as
sent to the merchant from the shopper's user agent.
The userAgentHeader element should contain the exact content of the HTTP
user-agent header as sent to the merchant from the shopper's user agent.
Please note, when using the Test environment, the cardHolderName element
must contain '3D' as the cardholder name.
3D Secure Page 26 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
The element paRequest contains data that was received from the 3-D Security
Directory. This data must be supplied as-is in the redirect message to the shopper's
issuer site.
The issuerURL element contains the actual URL to which the shopper must be
redirected. This is shopper's Issuer site where the shopper should authenticate
themselves with the 3-D Secure mechanism.
An extra element echoData is added, which is used by our software to process the
subsequent messages belonging to the same transaction more efficiently. This
element must be supplied in all subsequent messages as-is.
When the merchant receives the first reply with the request for 3-D Secure
authentication, the merchant must redirect the shopper to the issuer's site. This must
be done by submitting an HTTP POST to the Issuer URL. The HTTP POST must
contain the attributes "PaReq" and "TermUrl". Optionally it can contain an attribute
"MD".
The Issuer's site URL, to which the HTTP POST must be submitted, is given in the
issuerUrl element of the reply message.
The value for the "PaReq" attribute must be the data supplied in the paRequest
element of the reply message.
3D Secure Page 27 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
The value for the "TermUrl" attribute is a URL pointing to the merchant's site. It
specifies the service to which the shopper is redirected from the issuer's site. The
merchant is responsible for supplying a correct value.
The "MD" attribute can contain any data and will be supplied as-is in the final post
when the shopper is redirected from the Issuer's site to the merchant's site (the value
of the TermUrl attribute). This attribute can be used by the merchant to handle the
session state between the original shopping session and the final post after the
shopper has been authenticated.
This HTML example page redirects the shopper to the Issuer's site:
<html>
<head>
<title>3-D Secure helper page</title>
</head>
<body OnLoad="OnLoadEvent();">
This page should forward you to your own card issuer for
identification. If your browser does not start loading the
page, press the button you see.
<br/>
After you successfully identify yourself you will be sent
back to this site where the payment process will continue as
if nothing had happened.<br/> implemented...
<form name="theForm" method="POST" action="value of the
issuerUrl element" >
<input type="hidden" name="PaReq" value="value of the
paRequest element" />
<input type="hidden" name="TermUrl" value="url of merchant
site" />
<input type="hidden" name="MD" value="merchant supplied
data" />
<input type="submit" name="Identify yourself" />
</form>
<script language="Javascript">
<!--
function OnLoadEvent()
{
// Make the form post as soon as it has been loaded.
document.theForm.submit();
}
// -->
</script>
</body>
</html>
3D Secure Page 28 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
When the shopper has enabled Javascript in the browser, the shopper will
automatically forwarded to the Issuer's site. If Javascript has been disabled, the
shopper must press the submit button in order to continue.
The second order message is almost the same as the initial order message. Only
two elements are added, the info3DSecure element (and sub elements) and the
echoData element. Your system must ensure that there are no differences in the
second order message other than those shown in the below example, or the second
order message will be rejected by the RBS WorldPay system
The info3DSecure element contains the payer authentication response data received by
the shopper/merchant from the issuer.
In the echoData element the merchant must supply the same data as it received in the first
reply message.
3D Secure Page 29 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Please note: we use a farm of web servers to serve requests and as such the RBS
WorldPay system needs to ensure that the first and second orders are processed by
the same web servers. In order to facilitate this, you need to extract the session
cookie that is passed back in the HTTP header of the XML message (the response
from the Payment Service with the issuerURL) and return it in the HTTP header of
the second XML order, which includes the payer authentication response data.
Equivalent functions for PHP using Curl would be as follows: 1st CURL submission
needs a parameter of: curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookie.cookie");
2nd CURL submission needs a parameter of: curl_setopt ($ch,
CURLOPT_COOKIEFILE, "cookie.cookie");
Please Note: that the above methods of capturing the session cookie are provided
as examples only and as such are not supported by RBS WorldPay.
<payment>
<paymentMethod>MAESTRO-SSL</paymentMethod>
<amount value="2750" currencyCode="GBP" exponent="2"
debitCreditIndicator="credit"/>
<lastEvent>REFUSED</lastEvent>
<ISO8583ReturnCode code="76" description="REFUSED"/>
</payment>
Authorised
If the shopper authenticates successfully, you will receive the normal reply for
authorised payments. No additional elements are added.
3D Secure Page 30 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
3D Secure Page 31 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Appendices
Payment Method Codes
The child elements below are used to define the card type that is used by the
shopper.
payment
name area remarks
method code
payment method
name area remarks
code
3D Secure Page 32 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
only.
Shopper needs to
have a ING
Homepay account
at his bank.
3D Secure Page 33 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
3D Secure Page 34 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Netherlands the
'reference
id' as
payment
reference
to be
printed on
the accept
giro forms.
PERMANENT_SIGNED_DD_NL The
Netherlands
SINGLE_UNSIGNED_DD_FR France,
SINGLE_UNSIGNED_DD_NL The
Netherlands
Please note that the values in the orders sent to RBS WorldPay NEVER have any
decimal delimiters. Merchants should use 'exponent' instead. Exponent is the
number of decimals available in the currency. Also note that currency code is always
in capitals.
In the following example the amount payable by the shopper is Euro 19,82:
ARS Nuevo 2
Argentine
Peso
AUD Australian 2
Dollar
BRL Brazilian 2
Real
CAD Canadian 2
Dollar
CLP Chilean 2
Peso
3D Secure Page 35 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
CNY Yuan 2
Renminbi
COP Colombian 2
Peso
CZK Czech 2
Koruna
DKK Danish 2
Krone
EUR Euro 2
GBP Pound 2
Sterling
HUF Hungarian 2
Forint
IDR Indonesian 0
Rupiah
ISK Iceland 2
Krona
JPY Japanese 2
Yen
KES Kenyan 2
Shilling
KRW South- 2
Korean Won
MXP Mexican 2
Peso
MYR Malaysian 2
Ringgit
NOK Norwegian 2
Krone
NZD New 2
Zealand
Dollar
PHP Philippine 2
Peso
PTE Portugese 2
3D Secure Page 36 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Escudo
SEK Swedish 2
Krone
SGD Singapore 2
Dollar
SKK Slovak 2
Koruna
USD US Dollars 2
VND Vietnamese 2
New Dong
ZAR South 2
African Rand
The Payment Service maps these responses to a simplified list. Below you will find
all possible response codes, their numeric value and the mapping to a status.
0 AUTHORISED AUTHORISED
2 REFERRED REFUSED
5 REFUSED REFUSED
3D Secure Page 37 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
17 ANNULATION BY REFUSED
CLIENT
29 IMPOSSIBLE REFUSED
REFERENCE NUMBER
57 ILLEGAL REFUSED
TRANSACTION
91 CREDITCARD REFUSED
ISSUER TEMPORARILY
NOT REACHABLE
3D Secure Page 38 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
12 INVALID ERROR
TRANSACTION
25 REFERENCE ERROR
NUMBER CANNOT BE
FOUND
26 DUPLICATE ERROR
REFERENCE NUMBER
27 ERROR IN ERROR
REFERENCE NUMBER
FIELD
31 UNKNOWN ERROR
ACQUIRER ACCOUNT
CODE
40 REQUESTED ERROR
FUNCTION NOT
SUPPORTED
3D Secure Page 39 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
68 TRANSACTION ERROR
TIMED OUT
80 AMOUNT NO ERROR
LONGER AVAILABLE,
AUTHORISATION
EXPIRED
94 DUPLICATE ERROR
REQUEST ERROR
...
<address>
<countryCode>GB</countryCode>
</address>
http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-
code-lists/list-en1.html
<countryCode>
or
country name
country
parameter value
AFGHANISTAN AF
ÅLAND ISLANDS AX
ALBANIA AL
3D Secure Page 40 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
ALGERIA DZ
AMERICAN AS
SAMOA
ANDORRA AD
ANGOLA AO
ANGUILLA AI
ANTARCTICA AQ
ANTIGUA AND AG
BARBUDA
ARGENTINA AR
ARMENIA AM
ARUBA AW
AUSTRALIA AU
AUSTRIA AT
AZERBAIJAN AZ
BAHAMAS BS
BAHRAIN BH
BANGLADESH BD
BARBADOS BB
BELARUS BY
BELGIUM BE
BELIZE BZ
BENIN BJ
BERMUDA BM
3D Secure Page 41 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
BHUTAN BT
BOLIVIA BO
BOSNIA AND BA
HERZEGOVINA
BOTSWANA BW
BOUVET ISLAND BV
BRAZIL BR
BRITISH INDIAN IO
OCEAN
TERRITORY
BRUNEI BN
DARUSSALAM
BULGARIA BG
BURKINA FASO BF
BURUNDI BI
CAMBODIA KH
CAMEROON CM
CANADA CA
CAPE VERDE CV
CAYMAN KY
ISLANDS
CENTRAL CF
AFRICAN
REPUBLIC
CHAD TD
CHILE CL
3D Secure Page 42 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
CHINA CN
CHRISTMAS CX
ISLAND
COCOS CC
(KEELING)
ISLANDS
COLOMBIA CO
COMOROS KM
CONGO CG
CONGO, THE CD
DEMOCRATIC
REPUBLIC OF
THE
COOK ISLANDS CK
COSTA RICA CR
CÔTE D'IVOIRE CI
CROATIA HR
CUBA CU
CYPRUS CY
CZECH CZ
REPUBLIC
DENMARK DK
DJIBOUTI DJ
DOMINICA DM
DOMINICAN DO
REPUBLIC
ECUADOR EC
3D Secure Page 43 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
EGYPT EG
EL SALVADOR SV
EQUATORIAL GQ
GUINEA
ERITREA ER
ESTONIA EE
ETHIOPIA ET
FALKLAND FK
ISLANDS
(MALVINAS)
FAROE ISLANDS FO
FIJI FJ
FINLAND FI
FRANCE FR
FRENCH GUIANA GF
FRENCH PF
POLYNESIA
FRENCH TF
SOUTHERN
TERRITORIES
GABON GA
GAMBIA GM
GEORGIA GE
GERMANY DE
GHANA GH
GIBRALTAR GI
3D Secure Page 44 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
GREECE GR
GREENLAND GL
GRENADA GD
GUADELOUPE GP
GUAM GU
GUATEMALA GT
GUERNSEY GG
GUINEA GN
GUINEA-BISSAU GW
GUYANA GY
HAITI HT
HEARD ISLAND HM
AND MCDONALD
ISLANDS
HOLY SEE VA
(VATICAN CITY
STATE)
HONDURAS HN
HONG KONG HK
HUNGARY HU
ICELAND IS
INDIA IN
INDONESIA ID
IRAN, ISLAMIC IR
REPUBLIC OF
IRAQ IQ
3D Secure Page 45 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
IRELAND IE
ISRAEL IL
ITALY IT
JAMAICA JM
JAPAN JP
JERSEY JE
JORDAN JO
KAZAKHSTAN KZ
KENYA KE
KIRIBATI KI
KOREA, KP
DEMOCRATIC
PEOPLE'S
REPUBLIC OF
KOREA, KR
REPUBLIC OF
KUWAIT KW
KYRGYZSTAN KG
LAO PEOPLE'S LA
DEMOCRATIC
REPUBLIC
LATVIA LV
LEBANON LB
LESOTHO LS
LIBERIA LR
LIBYAN ARAB LY
3D Secure Page 46 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
JAMAHIRIYA
LIECHTENSTEIN LI
LITHUANIA LT
LUXEMBOURG LU
MACAO MO
MACEDONIA, THE MK
FORMER
YUGOSLAV
REPUBLIC OF
MADAGASCAR MG
MALAWI MW
MALAYSIA MY
MALDIVES MV
MALI ML
MALTA MT
MARSHALL MH
ISLANDS
MARTINIQUE MQ
MAURITANIA MR
MAURITIUS MU
MAYOTTE YT
MEXICO MX
MICRONESIA, FM
FEDERATED
STATES OF
MOLDOVA, MD
REPUBLIC OF
3D Secure Page 47 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
MONACO MC
MONGOLIA MN
MONTSERRAT MS
MOROCCO MA
MOZAMBIQUE MZ
MYANMAR MM
NAMIBIA NA
NAURU NR
NEPAL NP
NETHERLANDS NL
NETHERLANDS AN
ANTILLES
NEW CALEDONIA NC
NEW ZEALAND NZ
NICARAGUA NI
NIGER NE
NIGERIA NG
NIUE NU
NORFOLK NF
ISLAND
NORTHERN MP
MARIANA
ISLANDS
NORWAY NO
OMAN OM
3D Secure Page 48 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
PAKISTAN PK
PALAU PW
PALESTINIAN PS
TERRITORY,
OCCUPIED
PANAMA PA
PAPUA NEW PG
GUINEA
PARAGUAY PY
PERU PE
PHILIPPINES PH
PITCAIRN PN
POLAND PL
PORTUGAL PT
PUERTO RICO PR
QATAR QA
RÉUNION RE
ROMANIA RO
RUSSIAN RU
FEDERATION
RWANDA RW
SAINT BL
BARTHELEMY
SAINT HELENA SH
3D Secure Page 49 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
SAINT LUCIA LC
SAINT PIERRE PM
AND MIQUELON
SAINT VINCENT VC
AND THE
GRENADINES
SAMOA WS
SAN MARINO SM
SAUDI ARABIA SA
SENEGAL SN
SERBIA AND CS
MONTENEGRO
SEYCHELLES SC
SIERRA LEONE SL
SINGAPORE SG
SLOVAKIA SK
SLOVENIA SI
SOLOMON SB
ISLANDS
SOMALIA SO
SOUTH AFRICA ZA
SOUTH GEORGIA GS
AND THE SOUTH
SANDWICH
ISLANDS
SPAIN ES
3D Secure Page 50 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
SRI LANKA LK
SUDAN SD
SURINAME SR
SVALBARD AND SJ
JAN MAYEN
SWAZILAND SZ
SWEDEN SE
SWITZERLAND CH
SYRIAN ARAB SY
REPUBLIC
TAIWAN, TW
PROVINCE OF
CHINA
TAJIKISTAN TJ
TANZANIA, TZ
UNITED
REPUBLIC OF
THAILAND TH
TIMOR-LESTE TL
TOGO TG
TOKELAU TK
TONGA TO
TRINIDAD AND TT
TOBAGO
TUNISIA TN
TURKEY TR
TURKMENISTAN TM
3D Secure Page 51 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
TURKS AND TC
CAICOS ISLANDS
TUVALU TV
UGANDA UG
UKRAINE UA
UNITED ARAB AE
EMIRATES
UNITED GB
KINGDOM
UNITED STATES US
UNITED STATES UM
MINOR OUTLYING
ISLANDS
URUGUAY UY
UZBEKISTAN UZ
VANUATU VU
VENEZUELA VE
VIET NAM VN
VIRGIN ISLANDS, VG
BRITISH
VIRGIN ISLANDS, VI
U.S.
WALLIS AND WF
FUTUNA
WESTERN EH
SAHARA
3D Secure Page 52 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
YEMEN YE
ZAMBIA ZM
ZIMBABWE ZW
<cardHolderName>J. Shopper</cardHolderName>
<cvc>123</cvc>
<cardAddress>
...
Testing
The following CVC/CVV scenarios can be tested using the codes listed below.
numeric
CVC/CVV simulated
respons
code situation
e
222 NO RESPONSE C
FROM
ACQUIRER
444 FAILED D
555 APPROVED A
3D Secure Page 53 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
Examples
Error Code 2
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//RBS WorldPay//DTD RBS
WorldPay PaymentService v1//EN"
"http://dtd.rbsworldpay.om/paymentService_v1.dtd">
<paymentService version="1.3" merchantCode="MYCO">
<reply>
<error code="2"><![CDATA[Invalid bankAccount details :
Invalid payment
details : Account and bankcode combination is
incorrect]]></error>
</reply>
</paymentService>
Error Code 4
<?xml version="1.0"?>
<!DOCTYPE paymentService PUBLIC "-//RBS WorldPay//DTD RBS
WorldPay PaymentService v1//EN"
"http://dtd.rbsworldpay.com/paymentService_v1.dtd">
<paymentService merchantCode="MYCO" version="1.3">
<reply>
<error code="4"><![CDATA[IP check failed. Access
denied.]]></error>
</reply>
</paymentService>
Error Code 5
3D Secure Page 54 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
<?xml version="1.0"?>
<!DOCTYPE paymentService PUBLIC "-//RBS WorldPay//DTD RBS
WorldPay PaymentService
v1//EN""http://dtd.rbsworldpay.com/paymentService_v1.dtd"><p
aymentService merchantCode="MYCO" version="1.4">
<reply>
<orderStatus orderCode="11223">
<error code="5"><![CDATA[Requested capture amount (EUR
125,50) exceeds the
authorised balance for this payment (EUR 115,50)]]></error>
</orderStatus>
</reply>
</paymentService>
Error Code 7
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//RBS WorldPay//DTD RBS
WorldPay PaymentService v1//EN"
"http://dtd.rbsworldpay.com/paymentService_v1.dtd"><paymentS
ervice version="1.3" merchantCode="MYCO">
<reply>
3D Secure Page 55 of 56
Submitting Transactions in the XML Direct Model with 3D Secure Guide
<orderStatus orderCode="1112">
<error code="7"><![CDATA[Invalid payment details : Expiry
date =
012002]]></error>
</orderStatus>
</reply>
</paymentService>
3D Secure Page 56 of 56