Retail POS Processing Using the Simple Order API

Title Page
Card-Present Processing
Using the Simple Order API
Supplement to Credit Card Services
Using the Simple Order API
May 2015
CyberSource Corporation HQ | P.O. Box 8999 | San Francisco, CA 94128-8999 | Phone: 800-530-9095
CyberSource Contact Information
For general information about our company, products, and services, go to
http://www.cybersource.com.
For sales questions about any CyberSource Service, email [email protected] or
call 650-432-7350 or 888-330-2300 (toll free in the United States).
For support information about any CyberSource Service, visit the Support Center at
http://www.cybersource.com/support.
Copyright
© 2015 CyberSource Corporation. All rights reserved. CyberSource Corporation ("CyberSource") furnishes this
document and the software described in this document under the applicable agreement between the reader of
this document ("You") and CyberSource ("Agreement"). You may use this document and/or software only in
accordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the information
contained in this document is subject to change without notice and therefore should not be interpreted in any way
as a guarantee or warranty by CyberSource. CyberSource assumes no responsibility or liability for any errors
that may appear in this document. The copyrighted software that accompanies this document is licensed to You
for use only in strict accordance with the Agreement. You should read the Agreement carefully before using the
software. Except as permitted by the Agreement, You may not reproduce any part of this document, store this
document in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical,
recording, or otherwise, without the prior written consent of CyberSource.
Restricted Rights Legends
For Government or defense agencies. Use, duplication, or disclosure by the Government or defense agencies
is subject to restrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS
252.227-7013 and in similar clauses in the FAR and NASA FAR Supplement.
For civilian agencies. Use, reproduction, or disclosure is subject to restrictions set forth in subparagraphs (a)
through (d) of the Commercial Computer Software Restricted Rights clause at 52.227-19 and the limitations set
forth in CyberSource Corporation's standard commercial agreement for this software. Unpublished rights
reserved under the copyright laws of the United States.
Trademarks
CyberSource, The Power of Payment, CyberSource Payment Manager, CyberSource Risk Manager,
CyberSource Decision Manager, CyberSource Connect, Authorize.Net, and eCheck.net are trademarks and/or
service marks of CyberSource Corporation. All other brands and product names are trademarks or registered
trademarks of their respective owners.
2
CONTENTS
Contents
Recent Revisions to This Document
About This Guide
6
Audience and Purpose
Conventions
6
6
Related Documentation
Customer Support
Chapter 1
7
7
Introduction to Card-Present Transactions
Supported Processors
Prerequisites
Chapter 2
5
8
8
9
Optional Features
10
Europay, MasterCard, Visa (EMV) 10
EMV Cards and Cardholder Verification Methods (CVMs)
EMV Transactions 11
Encryption
12
Payment Network Tokenization
Appendix A API Fields
15
16
XML Schema Versions
16
Formatting Restrictions
17
Data Type Definitions
17
P2PE Request Fields (Recommended)
EMV Request Fields
18
19
Clear Text Request Fields
22
General Card-Present Request Fields
Reply Fields
11
23
38
Card-Present Processing Using the Simple Order API | May 2015
3
Contents
Appendix B Examples
39
Name-Value Pair Examples 39
Sale Using Swiped Track Data 39
Sale Using Keyed Data 40
Sale Using EMV Technology with a Contact Read 41
Sale Using EMV Technology with a Contactless Read 42
Authorization Using Point-to-Point Encryption 43
XML Examples 44
Sale Using Swiped Track Data 44
Sale Using Keyed Data 46
Sale Using EMV Technology with a Contact Read 48
Sale Using EMV Technology with a Contactless Read 50
Authorization Using Point-to-Point Encryption 52
Card-Present Processing Using the Simple Order API | May 2015
4
REVISIONS
Recent Revisions to This
Document
Release
Changes
May 2015
All processors that support encryption: updated the information about devices
and device reader data values. See "Encryption," page 12.
FDC Nashville Global: added note that forced captures are not supported for
EMV transactions. See "Europay, MasterCard, Visa (EMV)," page 10.
April 2015
All processors that support encryption: updated the device reader data in
"Encryption," page 12.
FDC Nashville Global: added support for EMV. See "Europay, MasterCard,
Visa (EMV)," page 10.
TSYS Acquiring Solutions: added support for the pos_catLevel field for
transactions from mobile devices. See "General Card-Present Request
Fields," page 23.
March 2015
December 2014
All processors that support encryption:

Updated the device reader data in "Encryption," page 12.

Updated the description of the pos_encodingMethod field in "P2PE
Request Fields (Recommended)," page 18.
All processors: changed the retail and retail POS terminology to card present.
All processors that support encryption:

Added a transaction flow diagram. See "Encryption," page 12.

Updated the device reader data in "Encryption," page 12.

Added P2PE examples. See "Authorization Using Point-to-Point
Encryption," page 43 (NVP), and "Authorization Using Point-to-Point
Encryption," page 52 (XML).
JCN Gateway: added salesSlipNumber reply field in Table 13, "Reply Fields,"
on page 38.
May 2014
CyberSource through VisaNet: added new possible values for the MasterCard
payment initiation channel. See paymentInitiationChannel in "General CardPresent Request Fields," page 23.
FDC Nashville Global: updated the pos_terminalID field and added the pos_
terminalIDAlternate field. See "General Card-Present Request Fields,"
page 23.
April 2014
All processors: moved the optional features into a new chapter. See
Chapter 2, "Optional Features," on page 10.
Card-Present Processing Using the Simple Order API | May 2015
5
ABOUT GUIDE
About This Guide
Audience and Purpose
This guide is written for application developers who want to use the CyberSource Simple
Order API to integrate credit card processing with card-present data into their order
management system.
Implementing the CyberSource credit card services requires software development skills.
You must write code that uses the API request and reply fields to integrate the credit card
services into your existing order management system.
Conventions
The following special statements are used in this document:
A Note contains helpful suggestions or references to material not contained in
this document.
Note
An Important statement contains information essential to successfully
completing a task or learning a concept.
Important
The following text conventions are used in this document:
Table 1
Text Conventions
Convention
Meaning
boldface

API field names

API service names

Graphical user interface elements that you must act upon
monospace
Code in examples or possible values for API fields
Card-Present Processing Using the Simple Order API | May 2015
6
About This Guide
Related Documentation

Getting Started with CyberSource Advanced for the Simple Order API (PDF | HTML)
describes how to get started using the Simple Order API.

Credit Card Services Using the Simple Order API (PDF | HTML) describes how to
integrate CyberSource payment processing services into your business.
Refer to the Support Center for complete CyberSource technical documentation:
http://www.cybersource.com/support_center/support_documentation
Customer Support
For support information about any CyberSource service, visit the Support Center:
http://www.cybersource.com/support
Card-Present Processing Using the Simple Order API | May 2015
7
CHAPTER
1
Introduction to
Card-Present Transactions
This addendum to Credit Card Services Using the Simple Order API describes cardpresent processing with CyberSource.
Supported Processors
CyberSource supports card-present credit card transactions for the processors shown in
the following table.
Table 2
Processors that CyberSource Supports for Card-Present Transactions
Processor
EMV
Magnetic
Stripe
American Express Direct—supports card-present
processing only for merchants in the U.S. who are doing
business in U.S. dollars.
No
Yes
Chase Paymentech Solutions
No
Yes
CyberSource through VisaNet
No
Yes
FDC Nashville Global
Yes
Yes
FDMS Nashville
No
Yes
GPN
No
Yes
Litle
No
Yes
RBS WorldPay Atlanta
No
Yes
TSYS Acquiring Solutions
No
Yes
Card-Present Processing Using the Simple Order API | May 2015
8
Chapter 1
Introduction to Card-Present Transactions
Prerequisites
Before you start your implementation:

Contact your acquirer to find out whether you are allowed to process card-present
transactions.

Find out from your acquirer and CyberSource Customer Support whether you must
have a separate CyberSource merchant ID for your card-present transactions.

Contact CyberSource Customer Support to have your account configured to process
card-present transactions.

For point-to-point encryption (P2PE), you must use an approved device. See
"Encryption," page 12.

Make sure that you are familiar with the CyberSource Simple Order API for processing
e-commerce and mail order/telephone order (MOTO) transactions as described in
Credit Card Services Using the Simple Order API. The request and reply fields for
card-present transactions are very similar to the request and reply fields for
e-commerce/MOTO transactions.
Table 3
Card-Present Fields in Service Requests and Replies
Service Request
Description
Authorization request
A card-present authorization request includes additional fields
and several existing authorization request fields have different
requirements when the request is for a card-present transaction.
Authorization reply
A card-present authorization reply includes the same fields that
are included for an e-commerce/MOTO transaction.
Capture request
For all processors except CyberSource through VisaNet, a cardpresent capture request includes the same fields that are
included for an e-commerce/MOTO transaction. For
CyberSource through VisaNet:
Capture reply

A card-present capture request for a restaurant transaction
requires additional fields. See the tables of request fields in
Appendix A, "API Fields," on page 16.

For non-restaurant transactions, a card-present capture
request includes the same fields that are included for an
e-commerce/MOTO transaction.
A card-present capture reply includes the same fields that are
included for an e-commerce/MOTO transaction.
Card-Present Processing Using the Simple Order API | May 2015
9
CHAPTER
Optional Features
2
Europay, MasterCard, Visa (EMV)
Services:

Authorization

Authorization reversal

Capture

Credit
Processor:

FDC Nashville Global
Forced captures are not supported for EMV transactions.
Note
Card Types:


Contact:

American Express

Diners Club

Discover

JCB

MasterCard

Visa
Contactless:

American Express ExpressPay

Diners Club

Discover

JCB

MasterCard PayPass

Visa payWave
Card-Present Processing Using the Simple Order API | May 2015
10
Chapter 2
Optional Features
EMV (Europay, MasterCard, Visa) is a global standard for exchanging information
between chip cards and POS terminals. A chip card is a credit or debit card with an
embedded microchip. A chip card also has a magnetic stripe on the back of the card,
which can be used for a back-up transaction when the card’s chip cannot be read. The
EMV standards define the protocols for all levels of transmission between chip cards and
chip card processing devices: physical, electrical, data, and application.
EMV Cards and Cardholder Verification
Methods (CVMs)
FDC Nashville Global supports EMV cards that are chip-and-signature cards. For these
cards, a signature is the only CVM.
EMV Transactions
When you use the Simple Order API in XML format, you must use version 1.86
or later of the XML schema to implement EMV.
Note
EMV transactions are more secure from fraud than are magnetic stripe transactions,
which require a visual inspection of the card. Chip-and-PIN cards are more secure from
fraud than chip-and-signature cards. When an EMV chip card is used in a POS
environment, it generates a cryptogram that changes with each transaction. This dynamic
authentication provides an extra layer of security for POS transactions.
For an EMV transaction, use the fields documented in "EMV Request Fields," page 19.
The following fields and values are specifically for EMV:


Request fields:

emvRequest_cardSequenceNumber

emvRequest_combinedTags
Reply field:



emvReply_combinedTags
Values for pos_entryMode:

contact: Read from direct contact with chip card.

contactless: Read from a contactless interface using chip data.

msd: Read from a contactless interface using magnetic stripe data (MSD).
Values for pos_terminalCapability:

4: Terminal can read chip cards.

5: Terminal can read contactless chip cards.
Card-Present Processing Using the Simple Order API | May 2015
11
Chapter 2
Optional Features
Encryption
Services:

Authorization
Processor:

All processors that are supported for card-present transactions
When you use the Simple Order API in XML format, you must use version 1.86
or later of the XML schema to use encryption.
Note
The following diagram illustrates the steps in a transaction that uses encryption.
1
You send authentication data to your mobile device management (MDM) application
to ensure that the user and the device have the required permissions. Your MDM
application sends authentication credentials to the device.
2
The card is keyed, swiped, or read. The device generates an encrypted payload and
sends it to your server along with the authentication credentials that were created in
Step 1.
3
Your server creates a request message and uses the CyberSource API to send the
message to CyberSource.
4
CyberSource sends a reply message to your server. The message indicates whether
the request succeeded or failed.
5
Your server processes the information in the reply message. The device displays the
status of the transaction.
Card-Present Processing Using the Simple Order API | May 2015
12
Chapter 2
Optional Features
CyberSource provides Derived Unique Key Per Transaction (DUKPT) keys to device
manufacturers which they inject into their card readers. To encrypt sensitive transaction
data, the read heads on a CyberSource-supported card reader use DUKPT for key
management along with the Triple Data Encryption Standard (3DES or TDES) algorithm
for data encryption. When you use a card reader that encrypts sensitive transaction data,
you can securely send transactions to CyberSource for decryption and processing. You
can reduce your PCI scope with encryption that is implemented correctly.
CyberSource natively supports encrypted output from ID Tech’s Shuttle, UniMag II,
SecureKey M100, SecureKey M130, and SREDKey devices. The following table indicates
whether swiped entry and keyed entry are supported for each device.
Table 4
Entry Modes Supported by ID Tech Devices
ID Tech Device
Swiped Entry
Keyed Entry
Shuttle
Yes
No
UniMag II
Yes
No
M100
No
Yes
M130
Yes
Yes
SREDKey
Yes
Yes
The following tables provide the device reader data values for swiped and keyed entry for
each device.
Table 5
Device Reader Data Values for Swiped Entry for ID Tech Devices
ID Tech Device
Base64 Value for
pos_deviceReaderData
Hex Value for
pos_deviceReaderData
Shuttle and UniMag II
RklEPUlEVEVDSC5VbmlNYWcuQW5
kcm9pZC5TZGt2MQ==
4649443d4944544543482e556e694d61672e4
16e64726f69642e53646b7631
M130 and SREDKey
RklEPUlEVEVDSC5TZWN1cmVLZXk
uTVNSLlNka3Yx
4649443D4944544543482E5365637572654B6
5792E4D53522E53646B7631
Table 6
Device Reader Data Values for Keyed Entry for ID Tech Devices
ID Tech Device
Base64 Value for
pos_deviceReaderData
Hex Value for
pos_deviceReaderData
M100, M130, and
SREDKey
RklEPUlEVEVDSC5TZWN1cmVLZXk
uU2RrdjE=
4649443D4944544543482E5365637572654B6
5792E53646B7631
Card-Present Processing Using the Simple Order API | May 2015
13
Chapter 2
Optional Features
Perform the following steps to enable CyberSource to process the native output from ID
Tech’s Shuttle, UniMag II, M100, M130, and SREDKey devices:
Step 1
Use the following command to instruct the device to output the data in USB human
interface device (HID) mode:
Command 02 53 23 01 30 03 40
The device outputs the data as a hex ByteArray.
Step 2
Convert the hex ByteArray to a string representation of the hex ByteArray.
For example, if a hex byte is A1, converting it to an ASCII string results in the asterisk
character (*) but converting it to a string representation of the hex byte results in A1.
Step 3
Set the pos_paymentData field to the string representation of the hex ByteArray.
For all other devices, use the CyberSource Common Track Format ID to send encrypted
data to CyberSource. To use the Common Track specification, you must receive track 1 or
track 2 data from the device, reformat the data, and add redundancy checks. For a copy of
the Common Track specification, contact your CyberSource account representative. The
following table provides the device reader data values for the CyberSource Common
Track Format ID.
Table 7
Device Reader Data Values for CyberSource Common Track Format ID
Format ID
Base64 Value for
pos_deviceReaderData
Hex Value for
pos_deviceReaderData
Common Track
RklEPUNPTU1PTi5FbmNyeXB0ZWR
UcmFja3MuU2RrdjE=
4649443d434f4d4d4f4e2e456e637279707465
64547261636b732e53646b7631
You must use hardware injected with Visa cryptography keys. If you have a specific device
that you want to use and it is not in the table of supported devices, contact CyberSource
Customer Support to learn whether your desired device can be injected with Visa Inc.
cryptography keys and certified for use. Visa Inc. cryptography services work with DUKPT
key management and 3DES encryption technologies.
For security reasons, you cannot store CyberSource transaction credentials on a mobile
device. You can store CyberSource transaction credentials in a secure manner on a file
server or a workstation. CyberSource transaction credentials include your merchant ID,
transaction security keys, and CyberSource certificates. For information about certificates
and security keys, see Creating and Using Security Keys.
To support this security requirement, point-of-sale (POS) devices that use the card
encryption capabilities supported by CyberSource do not transact directly with
CyberSource. Instead, POS devices use an application, an intermediate server, or device
management software that transacts directly with CyberSource.
Card-Present Processing Using the Simple Order API | May 2015
14
Chapter 2
Optional Features
For a transaction that uses encryption, use the fields documented in "P2PE Request
Fields (Recommended)," page 18. The following fields are specifically for encryption:

pos_deviceReaderData

pos_encodingMethod

pos_encryptionAlgorithm

pos_paymentData
For examples of P2PE requests and replies, see:

Name-value pair examples: "Authorization Using Point-to-Point Encryption," page 43

XML examples: "Authorization Using Point-to-Point Encryption," page 52
Payment Network Tokenization
Payment network tokenization enables you to request a credit card authorization with a
token instead of a primary account number (PAN). For information about adding payment
network tokenization functionality to an order management system that already uses
CyberSource credit card services, see the Payment Network Tokenization Using the
Simple Order API.
Card-Present Processing Using the Simple Order API | May 2015
15
APPENDIX
A
API Fields
Important
When you send an authorization, authorization reversal, capture, or credit
request that includes card-present data, you must include the basic fields
required for every authorization, authorization reversal, capture, or credit
request. For information about card-not-present fields required for these
requests, see Credit Card Services Using the Simple Order API.
XML Schema Versions
For general information about the XML schema versions, see Getting Started with
CyberSource Advanced for the Simple Order API.The following table specifies the Simple
Order API version to use for each processor for clear-text card-present transactions and
card-present transactions that use point-to-point encryption (P2PE).
Table 8
Simple Order API XML Schema Versions for Card-Present Transactions
Processor
Version for P2PE
Transactions
Version for Clear
Text Transactions
American Express Direct
1.86 or later
1.27 or later
Chase Paymentech Solutions
1.86 or later
1.25 or later
CyberSource through VisaNet
1.86 or later
1.69 or later
FDC Nashville Global
1.86 or later
1.24 or later
FDMS Nashville
1.86 or later
1.29 or later
GPN
1.86 or later
1.26 or later
Litle
1.86 or later
1.58 or later
RBS WorldPay Atlanta
1.86 or later
1.48 or later
TSYS Acquiring Solutions
1.86 or later
1.13 or later
Card-Present Processing Using the Simple Order API | May 2015
16
Appendix A
API Fields
Formatting Restrictions
Unless otherwise noted, all field names are case sensitive and all fields accept special
characters such as @, #, and %.
The values of the item_#_ fields must not contain carets (^) or colons (:)
because these characters are reserved for use by the CyberSource services.
Note
Values for request-level and item-level fields must not contain new lines or
carriage returns. However, they can contain embedded spaces and any other
printable characters. CyberSource removes all leading and trailing spaces.
Data Type Definitions
For more information about these data types, see the World Wide Web Consortium (W3C)
XML Schema Part 2: Datatypes specification.
Data Type
Description
Integer
Whole number {..., -3, -2, -1, 0, 1, 2, 3, ...}
String
Sequence of letters, numbers, spaces, and special characters
Card-Present Processing Using the Simple Order API | May 2015
17
Appendix A
API Fields
P2PE Request Fields
(Recommended)
Table 9
P2PE Request Fields
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
pos_deviceReaderData
Data that identifies the card reader. This data
enables CyberSource to parse the data that is
in the pos_paymentData field. For possible
values, see "Encryption," page 12.
ccAuthService (O)
String (512)
pos_encodingMethod
Encoding method that was applied to the data
in the pos_deviceReaderData and pos_
paymentData fields. When sensitive data must
be included in the authorization reply message
that CyberSource sends you, CyberSource
uses this encoding method to encrypt the
sensitive data. Possible values:
ccAuthService (O)
String (6)

Base64

Hex
pos_
encryptionAlgorithm
Encryption algorithm that was used to encrypt
the data in the pos_paymentData field. Set
this value to TDES. See "Encryption," page 12.
ccAuthService (O)
String (4)
pos_paymentData
Encrypted payment data from a card reader.
See "Encryption," page 12.
ccAuthService (O)
String (2048)
Card-Present Processing Using the Simple Order API | May 2015
18
Appendix A
API Fields
EMV Request Fields
Table 10
EMV Request Fields
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
emvRequest_
cardSequenceNumber
Number assigned to a specific card when two
or more cards are associated with the same
primary account number. This value enables
issuers to distinguish among multiple cards
that are linked to the same account. This value
can also act as a tracking tool when reissuing
cards. When this value is available, it is
provided by the chip reader. When the chip
reader does not provide this value, do not
include this field in your request. See "Europay,
MasterCard, Visa (EMV)," page 10.
ccAuthService (O)
String with
numbers
only (3)
Card-Present Processing Using the Simple Order API | May 2015
19
Appendix A
Table 10
API Fields
EMV Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
emvRequest_
combinedTags
EMV data that is transmitted from the chip card
to the issuer, and from the issuer to the chip
card. The EMV data is in the tag-length-value
format and includes chip card tags, terminal
tags, and transaction detail tags. See
"Europay, MasterCard, Visa (EMV)," page 10.
ccAuthService (O)
FDC
Nashville
Global:
String (999)
For information about the individual tags, see
the “Application Specification” section in the
EMV 4.3 Specifications: http://emvco.com
ccCreditService
(See description)
ccAuthReversalService
(O)
ccCaptureService
(See description)
Important The following tags contain
sensitive information and must not be included
in this field:

56: Track 1 equivalent data

57: Track 2 equivalent data

5A: Application PAN

5F20: Cardholder name

5F24: Application expiration date

99: Transaction PIN

9F0B: Cardholder name (extended)

9F1F: Track 1 discretionary data

9F20: Track 2 discretionary data
For information about the individual tags, see
the “Application Specification” section in the
EMV 4.3 Specifications: http://emvco.com
For captures, this field is required for contact
EMV transactions. Otherwise, it is optional.
For credits, this field is required for contact
EMV stand-alone credits and contactless EMV
stand-alone credits. Otherwise, it is optional.
Important For contact EMV captures,
contact EMV stand-alone credits, and
contactless EMV stand-alone credits, you must
include the following tags in this field. For all
other types of EMV transactions, the following
tags are optional.

95: Terminal verification results

9F10: Issuer application data

9F26: Application cryptogram
Card-Present Processing Using the Simple Order API | May 2015
20
Appendix A
Table 10
API Fields
EMV Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
pos_environment
Operating environment. Possible values:
ccAuthService (O)
String (1)

0: No terminal used or unknown
environment.

1: On merchant premises, attended.

2: On merchant premises, unattended, or
cardholder terminal. Examples: oil, kiosks,
self-checkout, home computer, mobile
telephone, personal digital assistant (PDA).
Cardholder terminal is supported only for
MasterCard transactions on CyberSource
through VisaNet.

3: Off merchant premises, attended.
Examples: portable POS devices at trade
shows, at service calls, or in taxis.

4: Off merchant premises, unattended, or
cardholder terminal. Examples: vending
machines, home computer, mobile
telephone, PDA. Cardholder terminal is
supported only for MasterCard transactions
on CyberSource through VisaNet.

5: On premises of cardholder, unattended.

9: Unknown delivery mode.

S: Electronic delivery of product. Examples:
music, software, or eTickets that are
downloaded over the internet.

T: Physical delivery of product. Examples:
music or software that is delivered by mail or
by a courier.
This field is supported only for American
Express Direct and CyberSource through
VisaNet.
CyberSource through VisaNet
For MasterCard transactions, the only valid
values are 2 and 4.
Card-Present Processing Using the Simple Order API | May 2015
21
Appendix A
API Fields
Clear Text Request Fields
Table 11
Clear Text Request Fields
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
pos_serviceCode
MasterCard service code that is included in the
track data. You can extract the service code
from the track data and provide it in this API
field.
ics_auth (O)
String (3)
ccAuthService:
String (119)
This field is supported only for MasterCard and
only on CyberSource through VisaNet.
pos_trackData
Card’s track 1 and 2 data. For all processors
except FDMS Nashville, this value consists of
one of the following:

Track 1 data

Track 2 data

Data for both tracks 1 and 2
For FDMS Nashville, this value consists of one
of the following:

Track 1 data

Data for both tracks 1 and 2
Example: %B4111111111111111^SMITH/
JOHN
^1612101976110000868000000?;41
11111111111111=16121019761186800000?
Card-Present Processing Using the Simple Order API | May 2015

FDC Nashville
Global: Required if
pos_entryMode=
contact,
contactless,
msd, or swiped;
otherwise, not used.

All other processors:
Required if pos_
entryMode=
swiped; otherwise,
not used.
22
Appendix A
API Fields
General Card-Present Request
Fields
Table 12
General Card-Present Request Fields
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
billTo_city
Credit card billing city.
ccAuthService:
String (50)
billTo_country
Credit card billing country. Use the twocharacter ISO Standard Country Codes.
Card-Present Processing Using the Simple Order API | May 2015

Chase Paymentech
Solutions: Optional.

Litle: Optional.

TSYS Acquiring
Solutions: Required
when
ccAuthService_
billPayment=true
and pos_
entryMode=keyed.

All other processors:
Not used.
ccAuthService:

Chase Paymentech
Solutions: Optional.

Litle: Optional.

TSYS Acquiring
Solutions: Required
when
ccAuthService_
billPayment=true
and pos_
entryMode=keyed.

All other processors:
Not used.
String (2)
23
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
billTo_email
Customer’s email address, including full
domain name.
Format: [email protected]
ccAuthService:
String (255)
billTo_firstName
billTo_lastName
Customer’s first name. Value should match
value on card.
Customer’s last name. Value should match
value on card.
Card-Present Processing Using the Simple Order API | May 2015

Chase Paymentech
Solutions: Optional.

Litle: Optional.

TSYS Acquiring
Solutions: Required
when
ccAuthService_
billPayment=true
and pos_
entryMode=keyed.

All other processors:
Not used.
ccAuthService:

Chase Paymentech
Solutions: Optional.

Litle: Optional.

TSYS Acquiring
Solutions: Required
when
ccAuthService_
billPayment=true
and pos_
entryMode=keyed.

All other processors:
Not used.
ccAuthService:

Chase Paymentech
Solutions: Optional.

Litle: Optional.

RBS WorldPay
Atlanta: Optional.

TSYS Acquiring
Solutions: Required
when
ccAuthService_
billPayment=true
and pos_
entryMode=keyed.

All other processors:
Not used.
String (60)
String (60)
24
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
billTo_phoneNumber
Customer’s phone number. CyberSource
recommends that you include the country code
when order is from outside the U.S.
ccAuthService:
String (15)
billTo_postalCode
Postal code for billing address. Postal code
must consist of 5 to 9 digits.

Chase Paymentech
Solutions: Optional.

Litle: Optional.

TSYS Acquiring
Solutions: Optional.

All other processors:
Not used.
ccAuthService:

FDMS Nashville:
Required if pos_
entryMode=keyed
and the address is in
the U.S. or Canada.
Optional if pos_
entryMode=keyed
and the address is
not in the U.S. or
Canada. Not used if
swiped.

RBS WorldPay
Atlanta: For best
card-present keyed
rates, send the postal
code if pos_
entryMode=keyed.

TSYS Acquiring
Solutions: Required
when
ccAuthService_
billPayment=true
and pos_
entryMode=keyed.

All other processors:
Optional.
When the billing country is U.S., the
9-digit postal code must follow this format:
[5 digits][dash][4 digits]
Example: 12345-6789
When the billing country is Canada, the 6-digit
postal code must follow this format:
[alpha][numeric][alpha][space][numeric][alpha]
[numeric]
Example: A1B 2C3
Card-Present Processing Using the Simple Order API | May 2015
String (10)
25
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
billTo_state
Credit card billing state or province. Use State,
Province, and Territory Codes for the United
States and Canada.
ccAuthService:
String (2)
billTo_street1
Credit card billing street address as it appears
in credit card issuer’s records.
FDMS Nashville:
When the street name is numeric, it must be
sent in numeric format. For example, if the
address is One First Street, it must be sent as
1 1st Street.
billTo_street2
Used for additional address information. For
example:
Attention: Accounts Payable

Chase Paymentech
Solutions: Optional.

Litle: Optional.

TSYS Acquiring
Solutions: Required
when
ccAuthService_
billPayment=true
and pos_
entryMode=keyed.

All other processors:
Not used.
ccAuthService:

FDMS Nashville:
Required if keyed;
Not used if swiped.

TSYS Acquiring
Solutions: Required
when
ccAuthService_
billPayment=true
and pos_
entryMode=keyed.

All other processors:
Optional.
ccAuthService (O)
Customer’s credit card number.
Card-Present Processing Using the Simple Order API | May 2015
All other
processors:
String (60)
FDMS
Nashville:
String (20)
All other
processors:
String (60)
FDMS Nashville:
billTo_street1 and billTo_street2 together
cannot exceed 20 characters.
card_accountNumber
FDMS
Nashville:
String (20)
ccAuthService:

FDMS Nashville:
Required.

All other processors:
Required if pos_
entryMode=keyed.
FDMS
Nashville:
String with
numbers
only (19)
All other
processors:
String with
numbers
only (20)
26
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
card_cardType
Type of card to authorize. Possible values:
String (3)
card_cvIndicator

001: Visa

002: MasterCard

003: American Express
ccAuthService
(Required for Carte
Blanche and JCB.
Optional for other card
types.)

004: Discover
Important

005: Diners Club

006: Carte Blanche

007: JCB
Indicates whether a CVN code was sent.
Possible values:

CyberSource strongly
recommends that you
send the card type even
when it is optional for
your processor and
card type. Omitting the
card type can cause the
transaction to be
processed with the
wrong card type.
ccAuthService:

FDMS Nashville:
Required for
American Express.
Otherwise, optional.

TSYS Acquiring
Solutions: Optional if
pos_entryMode=
keyed. Otherwise,
not used.

All other processors:
Optional.
0 (default): CVN service not requested.
CyberSource uses this default when you do
not include card_cvNumber in the request.
card_cvNumber

1 (default): CVN service requested and
supported. CyberSource uses this default
when you include card_cvNumber in the
request.

2: CVN on credit card is illegible.

9: CVN not imprinted on credit card.
CVN. See CVN information in Credit Card
Services Using the Simple Order API.
Card-Present Processing Using the Simple Order API | May 2015
ccAuthService:

FDMS Nashville:
Required for
American Express or
if swiped. Otherwise,
optional.

TSYS Acquiring
Solutions: Optional if
pos_entryMode=
keyed. Otherwise,
not used.

All other processors:
Optional.
String with
numbers
only (1)
String with
numbers
only (4)
27
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
card_expirationMonth
Two-digit month in which credit card expires.
Format: MM.
Possible values: 01 through 12. Leading 0 is
required.
ccAuthService:
String (2)
card_expirationYear
ccAuthService_
billPayment
Four-digit year in which credit card expires.
Format: YYYY.
Indicates payment for bill or payment towards
existing contractual loan. For information about
Visa Bill Payments and Visa Debt
Repayments, see Credit Card Services Using
the Simple Order API. Possible values:

true: Bill payment or loan payment.

false (default): Not a bill payment or loan
payment.

FDMS Nashville:
Required.

All other processors:
Required if pos_
entryMode=keyed.
ccAuthService:

FDMS Nashville:
Required.

All other processors:
Required if pos_
entryMode=keyed.
String (4)
ccAuthService (O)
String (5)
ccAuthService_
commerceIndicator
Type of transaction. For a card-present
transaction, you must set this field to retail.
ccAuthService (R)
String (13)
ccAuthService_run
Set to true to request credit card
authorization.
ccAuthService (R)
String (255)
ccCaptureService_
industryDatatype
Indicates whether the transaction includes
restaurant data. You must set this field to
restaurant in order for restaurant data to
be sent to the processor.
ccCaptureService
(Required for restaurant
transactions)
String (10)
When this field is not set to restaurant or
is not included in the request, CyberSource
does not send restaurant data to the
processor.
Restaurant data is supported only for
CyberSource through VisaNet.
Card-Present Processing Using the Simple Order API | May 2015
28
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
extendedCreditTotal
Count
Number of months the cardholder can use to
pay for the purchase. You can use this field
when offering extended credit to a cardholder
at a retail location. The cardholder provides
this value. The issuer pays you for the
purchase in one payment, and then the
cardholder pays the issuer in the number of
monthly payments specified by this value.
ccAuthService (O)
String (2)
ccCaptureService (O)
Numeric (12)
ccAuthService (O)
String (30)
Note This field is supported only for acquirers
in South Africa and only for CyberSource
through VisaNet.
gratuityAmount
Gratuity or tip amount for restaurants when the
card is present. Allowed only when
ccCaptureService_
industryDatatype=restaurant.
When your customer uses a debit card or
prepaid card, and you receive a partial
authorization, the payment networks
recommend that you do not submit a capture
amount that is higher than the authorized
amount. When the capture amount exceeds
the partial amount that was approved, the
issuer has chargeback rights for the excess
amount. For information about partial
authorizations, see Credit Card Services Using
the Simple Order API.
Restaurant data is supported only for
CyberSource through VisaNet.
item_#_productCode
Type of product. This value is used to identify
the product category (electronic, handling,
physical, service, or shipping). The default
value is default. For a list of valid values,
see the information about product codes in
Credit Card Services Using the Simple Order
API.
When this field is not set to default or one
of the values related to shipping and/or
handling, the item_#_quantity, item_#_
productName, and item_#_productSKU
fields are required. For information about items
and grand totals, see Getting Started with
CyberSource Advanced for the Simple Order
API.
Card-Present Processing Using the Simple Order API | May 2015
29
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
item_#_productName
Required when item_#_productCode is not
default or one of the values related to
shipping and/or handling.
ccAuthService
(See description)
String (30)
item_#_productSKU
Product identifier code. Required when item_
#_productCode is not default or one of the
values related to shipping and/or handling.
ccAuthService
(See description)
String (15)
item_#_quantity
Default is 1. Required when item_#_
productCode is not default or one of the
values related to shipping and/or handling.
ccAuthService
(See description)
Integer (10)
item_#_taxAmount
Total tax to apply to the product. This value
cannot be negative. The tax amount and the
unit price must be in the same currency.
ccAuthService (O)
String (15)
ccAuthService
(See description)
For GPN:
String (10)
The tax amount field is additive. The following
example uses a two-exponent currency such
as USD:
1 You include the following items in your
request:
item_0_unitPrice=10.00
item_0_quantity=1
item_0_taxAmount=0.80
item_1_unitPrice=20.00
item_1_quantity=1
item_1_taxAmount=1.60
2 The total amount authorized will be 32.40,
not 30.00 with 2.40 of tax included.
If you want to include item_#_taxAmount and
also request the taxService service, see Tax
Calculation Service Using the Simple Order
API.
item_#_unitPrice
Per-item price of the product. You must include
either this field or purchaseTotals_
grandTotalAmount in your request. This
value cannot be negative. For information
about items and grand totals, see Getting
Started with CyberSource Advanced for the
Simple Order API.
All other
processors:
String (15)
You can include a decimal point (.) in the value
for this field, but you cannot include any other
special characters. CyberSource truncates the
amount to the correct number of decimal
places.
merchantID
Your CyberSource merchant ID.
Card-Present Processing Using the Simple Order API | May 2015
ccAuthService (R)
String (30)
30
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
merchantReference
Code
Merchant-generated order reference or
tracking number. CyberSource recommends
that you send a unique value for each
transaction so that you can perform meaningful
searches for the transaction. For information
about tracking orders, see Getting Started with
CyberSource Advanced for the Simple Order
API.
ccAuthService (R)
String (50)
FDC Nashville Global:
This value must be numeric and must be less
than 9 digits. When you do not send a valid
value, CyberSource creates one for you.
However, the value is not returned to you, so
you cannot use the merchant reference
number to track the order.
Card-Present Processing Using the Simple Order API | May 2015
31
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
paymentInitiation
Channel
MasterCard-defined code that indicates how
the account information was obtained.
Possible values:
ccAuthService (O)
String (2)

00 (default): Card

01: Removable secure element that is
personalized for use with a mobile phone
and controlled by the wireless service
provider; examples: subscriber identity
module (SIM), universal integrated circuit
card (UICC)

02: Key fob

03: Watch

04: Mobile tag

05: Wristband

06: Mobile phone case or sleeve

07: Mobile phone with a non-removable,
secure element that is controlled by the
wireless service provider

08: Removable secure element that is
personalized for use with a mobile phone
and not controlled by the wireless service
provider; example: memory card

09: Mobile phone with a non-removable,
secure element that is not controlled by the
wireless service provider

10: Removable secure element that is
personalized for use with a tablet or e-book
and is controlled by the wireless service
provider; examples: subscriber identity
module (SIM), universal integrated circuit
card (UICC)

11: Tablet or e-book with a non-removable,
secure element that is controlled by the
wireless service provider

12: Removable secure element that is
personalized for use with a tablet or e-book
and is not controlled by the wireless service
provider

13: Tablet or e-book with a non-removable,
secure element that is not controlled by the
wireless service provider
This field is supported only for MasterCard and
only for CyberSource through VisaNet.
Card-Present Processing Using the Simple Order API | May 2015
32
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
pos_cardPresent
Indicates whether the card is present at the
time of the retail transaction. Possible values:
ccAuthService:
String (1)
pos_catLevel

N: Card is not present.

Y: Card is present.
Type of cardholder-activated terminal. Possible
values:

1: Automated dispensing machine

2: Self-service terminal

3: Limited amount terminal

4: In-flight commerce (IFC) terminal

5: Radio frequency device

6: Mobile acceptance terminal

7: Electronic cash register

8: E-commerce device at your location

9: Terminal or cash register that uses a dialup connection to connect to the transaction
processing network

FDMS Nashville: Not
used.

All other processors:
Required.
ccAuthService:

Chase Paymentech
Solutions: Required if
pos_terminalID is
included in the
request. Otherwise,
optional.

CyberSource through
VisaNet: Optional.

FDC Nashville
Global: Optional for
EMV transactions.
Otherwise, not used.

TSYS Acquiring
Solutions: Required
for transactions from
mobile devices.
Otherwise, not used.

All other processors:
Not used.
Chase Paymentech Solutions
Only values 1, 2, and 3 are supported.
CyberSource through VisaNet
Values 1 through 6 are supported on
CyberSource through VisaNet, but some
acquirers do not support all six values.
Nonnegative
integer (1)
FDC Nashville Global
Only values 7, 8, and 9 are supported.
TSYS Acquiring Solutions
Only value 6 is supported.
Card-Present Processing Using the Simple Order API | May 2015
33
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
pos_entryMode
Method of entering credit card information into
the POS terminal. Possible values:
ccAuthService (R)
String (11)
ccAuthService:
Integer (1)

contact: Read from direct contact with
chip card.

contactless: Read from a contactless
interface using chip data.

keyed: Manually keyed into POS terminal.

msd: Read from a contactless interface
using magnetic stripe data (MSD).

swiped: Read from credit card magnetic
stripe.
The contact, contactless, and msd
values are supported only for EMV
transactions. See "Europay, MasterCard, Visa
(EMV)," page 10.
pos_terminalCapability
POS terminal’s capability. Possible values:

1: Terminal has a magnetic stripe reader
only.

American Express
Direct: Required.

2: Terminal has a magnetic stripe reader
and manual entry capability.

Chase Paymentech
Solutions: Required.

3: Terminal has manual entry capability
only.

CyberSource through
VisaNet: Optional.

4: Terminal can read chip cards.


5: Terminal can read contactless chip cards.
FDC Nashville
Global: Required.

FDMS Nashville:
Required.

GPN: Not used.

Litle: Required.

RBS WorldPay
Atlanta: Optional.

TSYS Acquiring
Solutions: Optional.
The values of 4 and 5 are supported only for
EMV transactions. See "Europay, MasterCard,
Visa (EMV)," page 10.
Card-Present Processing Using the Simple Order API | May 2015
34
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
pos_terminalID
Identifier for the terminal at your retail location.
You can define this value yourself, but consult
the processor for requirements.
ccAuthService:
String (8)
CyberSource through VisaNet
A list of all possible values is stored in your
CyberSource account and the value you send
for this field is validated against the list each
time you include the field in your request.
When you do not include this field in your
request, CyberSource uses the default value
that is defined in your CyberSource account.
FDC Nashville Global
To have your account configured to support
this field, contact CyberSource Customer
Support. This value must be a value that FDC
Nashville Global issued to you.
Card-Present Processing Using the Simple Order API | May 2015

American Express
Direct: Optional. If
not provided,
CyberSource uses
the value in your
CyberSource
account.

Chase Paymentech
Solutions: Optional. If
you include this field
in your request, you
must also include
pos_catLevel.

CyberSource through
VisaNet: Optional.

FDC Nashville
Global: Optional. If
not provided,
CyberSource uses
the value in your
CyberSource
account.

FDMS Nashville:
CyberSource uses
the value in your
CyberSource
account.

GPN: Not used.

Litle: Not used.

RBS WorldPay
Atlanta: Not used.

TSYS Acquiring
Solutions: Not used.
35
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
pos_
terminalIDAlternate
Identifier for an alternate terminal at your retail
location. You define the value for this field.
ccAuthService:
String (8)
This field is supported only for MasterCard
transactions on FDC Nashville Global. Use the
pos_terminalID field to identify the main
terminal at your retail location. If your retail
location has multiple terminals, use this pos_
terminalIDAlternate field to identify the
terminal used for the transaction.

FDC Nashville
Global: Optional for
MasterCard
transactions.
Otherwise, not used.

All other processors:
Not used.
This field is a pass-through, which means that
CyberSource does not check the value or
modify the value in any way before sending it
to the processor.
purchaseTotals_
currency
Currency used for order. For possible values,
see ISO Standard Currency Codes.
ccAuthService (R)
String (5)
purchaseTotals_
grandTotalAmount
Grand total for the order. You must include
either this field or item_#_unitPrice in your
request. For information about items and grand
totals, Getting Started with CyberSource
Advanced for the Simple Order API.
ccAuthService
(See description)
String (15)
shipTo_city
City of shipping address.
ccAuthService
(Required if any
shipping address
information is included
in the request and
shipping to the U.S. or
Canada. Otherwise,
optional.)
String (50)
shipTo_country
Country of shipping address. Use the twocharacter ISO Standard Country Codes.
ccAuthService
(Required if any
shipping address
information is included
in the request.
Otherwise, optional.)
String (2)
shipTo_firstName
First name of the person receiving the
shipment.
ccAuthService (O)
String (60)
shipTo_lastName
Last name of the person receiving the
shipment.
ccAuthService (O)
String (60)
Card-Present Processing Using the Simple Order API | May 2015
36
Appendix A
Table 12
API Fields
General Card-Present Request Fields (Continued)
Field
Description
Used By:
Required (R)
or Optional (O)
Data Type
& Length
shipTo_postalCode
Postal code for the shipping address. The
postal code must consist of 5 to 9 digits.
ccAuthService
(Required if any
shipping address
information is included
in the request and
shipping to the U.S. or
Canada. Otherwise,
optional.)
String (10)
When the shipping country is the U.S., the 9digit postal code must follow this format:
[5 digits][dash][4 digits]
Example: 12345-6789
When the shipping country is Canada, the 6digit postal code must follow this format:
[alpha][numeric][alpha][space][numeric][alpha]
[numeric]
Example: A1B 2C3
shipTo_state
State or province to ship the product to. Use
the State, Province, and Territory Codes for the
United States and Canada.
ccAuthService
(Required if any
shipping address
information is included
in the request and
shipping to the U.S. or
Canada. Otherwise,
optional.)
String (2)
shipTo_street1
First line of shipping address.
ccAuthService
(Required if any
shipping address
information is included
in the request.
Otherwise, optional.)
String (60)
shipTo_street2
Second line of shipping address.
ccAuthService (O)
String (60)
transactionLocalDate
Time
Date and time at your physical location.
ccAuthService (O)
String (14)
Format: YYYYMMDDhhmmss, where
YYYY = year
MM = month
DD = day
hh = hour
mm = minutes
ss = seconds
Card-Present Processing Using the Simple Order API | May 2015
37
Appendix A
API Fields
Reply Fields
Table 13
Reply Fields
Field
Description
Returned By
Data Type
& Length
emvReply_
combinedTags
EMV data that is transmitted from the chip card
to the issuer, and from the issuer to the chip
card. The EMV data is in the tag-length-value
format and includes chip card tags, terminal
tags, and transaction detail tags. See "Europay,
MasterCard, Visa (EMV)," page 10.
ccAuthReply
ccAuthReversalReply
FDC
Nashville
Global:
String (999)
ccAuthService
Integer (5)
Note For information about the individual tags,
see the “Application Specification” section in the
EMV 4.3 Specifications: http://emvco.com
salesSlipNumber
Transaction identifier that CyberSource
generates. You have the option of printing the
sales slip number on the receipt.
This field is supported only for JCN Gateway.
Card-Present Processing Using the Simple Order API | May 2015
38
APPENDIX
B
Examples
Name-Value Pair Examples
Sale Using Swiped Track Data
Example 1
Request Message: Sale Using Swiped Track Data
merchantID=JanesPlants
merchantReferenceCode=ABC123
purchaseTotals_currency=usd
purchaseTotals_grandTotalAmount=75.00
pos_entryMode=swiped
pos_cardPresent=Y
pos_terminalCapability=2
pos_trackData=%B4111111111111111^SMITH/BETTY^16121200123456789012**
XXX******?*;4111111111111111=16121200XXXX00000000?*
ccAuthService_run=true
ccAuthService_commerceIndicator=retail
ccCaptureService_run=true
Example 2
Reply Message: Sale Using Swiped Track Data
merchantReferenceCode=ABC123
requestID=0305782650000167905080
decision=ACCEPT
reasonCode=100
purchaseTotals_currency=usd
ccAuthReply_reasonCode=100
ccAuthReply_amount=75.00
ccAuthReply_authorizationCode=831000
ccAuthReply_avsCode=2
ccAuthReply_processorResponse=00
ccAuthReply_reconciliationID=1094820975023470
ccAuthReply_paymentNetworkTransactionID=0412MCCNYJPWY
ccAuthReply_cardCategory=J1
ccAuthReply_cardGroup=0
ccCaptureReply_reasonCode=100
ccCaptureReply_amount=75.00
ccCaptureReply_reconciliationID=1094820975023470
receiptNumber=260371
Card-Present Processing Using the Simple Order API | May 2015
39
Appendix B
Examples
Sale Using Keyed Data
Example 3
Request Message: Sale Using Keyed Data
merchantID=JanesPlants
merchantReferenceCode=ABC123
purchaseTotals_currency=usd
purchaseTotals_grandTotalAmount=75.00
pos_entryMode=keyed
pos_cardPresent=Y
pos_terminalCapability=2
card_accountNumber=4111111111111111
card_expirationMonth=12
card_expirationYear=2016
card_cardType=001
ccAuthService_run=true
ccAuthService_commerceIndicator=retail
ccCaptureService_run=true
Example 4
Reply Message: Sale Using Keyed Data
merchantReferenceCode=ABC123
requestID=0305782650000167905080
decision=ACCEPT
reasonCode=100
purchaseTotals_currency=usd
ccAuthReply_reasonCode=100
ccAuthReply_amount=75.00
ccAuthReply_authorizationCode=831000
ccAuthReply_avsCode=2
ccAuthReply_processorResponse=00
ccAuthReply_reconciliationID=1094820975023470
ccAuthReply_paymentNetworkTransactionID=0412MCCNYJPWY
ccAuthReply_cardCategory=J1
ccAuthReply_cardGroup=0
ccCaptureReply_reasonCode=100
ccCaptureReply_amount=75.00
ccCaptureReply_reconciliationID=1094820975023470
receiptNumber=260371
Card-Present Processing Using the Simple Order API | May 2015
40
Appendix B
Examples
Sale Using EMV Technology with a
Contact Read
Example 5
Request Message: Sale Using EMV Technology with a Contact Read
merchantID=JanesPlants
merchantReferenceCode=ABC123
purchaseTotals_currency=usd
purchaseTotals_grandTotalAmount=75.00
pos_entryMode=contact
pos_cardPresent=Y
pos_terminalCapability=4
pos_trackData=%B4111111111111111^SMITH/BETTY^16121200123456789012**
XXX******?*;4111111111111111=16121200XXXX00000000?*
ccAuthService_run=true
ccAuthService_commerceIndicator=retail
ccCaptureService_run=true
emvRequest_combinedTags=9F3303204000950500000000009F3704518823719F100
706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A020
8409A030006219F02060000000020005F2A0208409F0306000000000000
emvRequest_cardSequenceNumber=001
Example 6
Reply Message: Sale Using EMV Technology with a Contact Read
merchantReferenceCode=ABC123
requestID=0305782650000167905080
decision=ACCEPT
reasonCode=100
purchaseTotals_currency=usd
ccAuthReply_reasonCode=100
ccAuthReply_amount=75.00
ccAuthReply_authorizationCode=831000
ccAuthReply_avsCode=2
ccAuthReply_processorResponse=00
ccAuthReply_reconciliationID=1094820975023470
ccAuthReply_paymentNetworkTransactionID=0412MCCNYJPWY
ccAuthReply_cardCategory=J1
ccAuthReply_cardGroup=0
ccCaptureReply_reasonCode=100
ccCaptureReply_amount=75.00
ccCaptureReply_reconciliationID=1094820975023470
receiptNumber=260371
emvReply_combinedTags=9F3303204000950500000000009F3704518823719F100
706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A020
8409A030006219F02060000000020005F2A0208409F0306000000000000
Card-Present Processing Using the Simple Order API | May 2015
41
Appendix B
Examples
Sale Using EMV Technology with a
Contactless Read
Example 7
Request Message: Sale Using EMV Technology with a Contactless
Read
merchantID=JanesPlants
merchantReferenceCode=ABC123
purchaseTotals_currency=usd
purchaseTotals_grandTotalAmount=75.00
pos_entryMode=contactless
pos_cardPresent=Y
pos_terminalCapability=5
pos_trackData=%B4111111111111111^SMITH/BETTY^16121200123456789012**
XXX******?*;4111111111111111=16121200XXXX00000000?*
ccAuthService_run=true
ccAuthService_commerceIndicator=retail
ccAuthService_captureDate=0823
ccCaptureService_run=true
emvRequest_combinedTags=9F3303204000950500000000009F3704518823719F100
706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A020
8409A030006219F02060000000020005F2A0208409F0306000000000000
emvRequest_cardSequenceNumber=001
Example 8
Reply Message: Sale Using EMV Technology with a Contactless
Read
merchantReferenceCode=ABC123
requestID=0305782650000167905080
decision=ACCEPT
reasonCode=100
purchaseTotals_currency=usd
ccAuthReply_reasonCode=100
ccAuthReply_amount=75.00
ccAuthReply_authorizationCode=831000
ccAuthReply_avsCode=2
ccAuthReply_processorResponse=00
ccAuthReply_reconciliationID=1094820975023470
ccAuthReply_paymentNetworkTransactionID=0412MCCNYJPWY
ccAuthReply_cardCategory=J1
ccAuthReply_cardGroup=0
ccCaptureReply_reasonCode=100
ccCaptureReply_amount=75.00
ccCaptureReply_reconciliationID=1094820975023470
receiptNumber=852734
emvReply_combinedTags=9F3303204000950500000000009F3704518823719F100
706011103A000009F26081E1756ED0E2134E29F36020015820200009C01009F1A020
8409A030006219F02060000000020005F2A0208409F0306000000000000
Card-Present Processing Using the Simple Order API | May 2015
42
Appendix B
Examples
Authorization Using Point-to-Point Encryption
Example 9
Request Message: Authorization Using Point-to-Point Encryption
ccAuthService_commerceIndicator=retail
ccAuthService_run=true
merchantID=myMerchantID123
merchantReferenceCode=9876
pos_cardPresent=y
pos_deviceReaderData=4649443D4944544543482E556E694D61672E416E64726F6
9642E53646B7631
pos_encodingMethod=Hex
pos_encryptionAlgorithm=TDES
pos_entryMode=swiped
pos_paymentData=02d700801f3c20008383252a363031312a2a2a2a2a2a2a2a303030
395e46444d53202020202020202020202020202020202020202020205e323231322a
2a2a2a2a2a2a2a3f2a3b363031312a2a2a2a2a2a2a2a303030393d323231322a2a2a
2a2a2a2a2a3f2a7a75ad15d25217290c54b3d9d1c3868602136c68d339d52d984233
91f3e631511d548fff08b414feac9ff6c6dede8fb09bae870e4e32f6f462d6a75fa0
a178c3bd18d0d3ade21bc7a0ea687a2eef64551751e502d97cb98dc53ea55162cdfa
395431323439323830303762994901000001a000731a8003
pos_terminalCapability=2
purchaseTotals_currency=USD
purchaseTotals_grandTotalAmount=30.00
Example 10
Reply Message: Authorization Using Point-to-Point Encryption
ccAuthReply_amount=30.00
ccAuthReply_authorizationCode=888888
ccAuthReply_avsCode=1
ccAuthReply_processorResponse=100
ccAuthReply_reasonCode=100
ccAuthReply_reconciliationID=64709061YTHMP2LF
decision=ACCEPT
merchantReferenceCode=9876
purchaseTotals_currency=USD
reasonCode=100
requestID=3965463790780176056470
Card-Present Processing Using the Simple Order API | May 2015
43
Appendix B
Examples
XML Examples
Sale Using Swiped Track Data
Example 11
Request Message: Sale Using Swiped Track Data
<requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.86">
<merchantID>JanesPlants</merchantID>
<merchantReferenceCode>ABC123</merchantReferenceCode>
<purchaseTotals>
<currency>usd</currency>
<grandTotalAmount>75.00</grandTotalAmount>
</purchaseTotals>
<pos>
<entryMode>swiped</entryMode>
<cardPresent>Y</cardPresent>
<terminalCapability>2</terminalCapability>
<trackData>%B4111111111111111^SMITH/BETTY^16121200123456789012**XXX******?*;
4111111111111111=16121200XXXX00000000?*</trackData>
</pos>
<ccAuthService run="true">
<commerceIndicator>retail</commerceIndicator>
</ccAuthService>
<ccCaptureService run="true"/>
</requestMessage>
Card-Present Processing Using the Simple Order API | May 2015
44
Appendix B
Example 12
Examples
Reply Message: Sale Using Swiped Track Data
<c:replyMessage xmlns:c="urn:schemas-cybersource-com:transaction-data-1.86">
<c:merchantReferenceCode>ABC123</c:merchantReferenceCode>
<c:requestID>0305782650000167905080</c:requestID>
<c:decision>ACCEPT</c:decision>
<c:reasonCode>100</c:reasonCode>
<c:purchaseTotals>
<c:currency>usd</c:currency>
</c:purchaseTotals>
<c:ccAuthReply>
<c:reasonCode>100</c:reasonCode>
<c:amount>75.00</c:amount>
<c:authorizationCode>831000</c:authorizationCode>
<c:avsCode>2</c:avsCode>
<c:processorResponse>00</c:processorResponse>
<c:reconciliationID>1094820975023470</c:reconciliationID>
<c:paymentNetworkTransactionID>0412MCCNYJPWY</c:paymentNetworkTransactionID>
<c:cardCategory>J1</c:cardCategory>
<c:cardGroup>0</c:cardGroup>
</c:ccAuthReply>
<c:ccCaptureReply>
<c:reasonCode>100</c:reasonCode>
<c:amount>75.00</c:amount>
<c:reconciliationID>1094820975023470</c:reconciliationID>
</c:ccCaptureReply>
<c:receiptNumber>260371</c:receiptNumber>
</c:replyMessage>
Card-Present Processing Using the Simple Order API | May 2015
45
Appendix B
Examples
Sale Using Keyed Data
Example 13
Request Message: Sale Using Keyed Data
<requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.86">
<merchantID>JanesPlants</merchantID>
<merchantReferenceCode>ABC123</merchantReferenceCode>
<purchaseTotals>
<currency>usd</currency>
<grandTotalAmount>75.00</grandTotalAmount>
</purchaseTotals>
<pos>
<entryMode>keyed</entryMode>
<cardPresent>Y</cardPresent>
<terminalCapability>2</terminalCapability>
</pos>
<card>
<accountNumber>4111111111111111</accountNumber>
<expirationMonth>12</expirationMonth>
<expirationYear>2016</expirationYear>
<cardType>001</cardType>
</card>
<ccAuthService run="true">
<commerceIndicator>retail</commerceIndicator>
</ccAuthService>
<ccCaptureService run="true"/>
</requestMessage>
Card-Present Processing Using the Simple Order API | May 2015
46
Appendix B
Example 14
Examples
Reply Message: Sale Using Keyed Data
<c:replyMessage xmlns:c="urn:schemas-cybersource-com:transaction-data-1.86">
<c:merchantReferenceCode>ABC123</c:merchantReferenceCode>
<c:requestID>0305782650000167905080</c:requestID>
<c:decision>ACCEPT</c:decision>
<c:reasonCode>100</c:reasonCode>
<c:purchaseTotals>
<c:currency>usd</c:currency>
</c:purchaseTotals>
<c:ccAuthReply>
<c:reasonCode>100</c:reasonCode>
<c:amount>75.00</c:amount>
<c:authorizationCode>831000</c:authorizationCode>
<c:avsCode>2</c:avsCode>
<c:processorResponse>00</c:processorResponse>
<c:reconciliationID>1094820975023470</c:reconciliationID>
<c:paymentNetworkTransactionID>0412MCCNYJPWY</c:paymentNetworkTransactionID>
<c:cardCategory>J1</c:cardCategory>
<c:cardGroup>0</c:cardGroup>
</c:ccAuthReply>
<c:ccCaptureReply>
<c:reasonCode>100</c:reasonCode>
<c:amount>75.00</c:amount>
<c:reconciliationID>1094820975023470</c:reconciliationID>
</c:ccCaptureReply>
<c:receiptNumber>260371</c:receiptNumber>
</c:replyMessage>
Card-Present Processing Using the Simple Order API | May 2015
47
Appendix B
Examples
Sale Using EMV Technology with a
Contact Read
Example 15
Request Message: Sale Using EMV Technology with a Contact Read
<requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.86">
<merchantID>JanesPlants</merchantID>
<merchantReferenceCode>ABC123</merchantReferenceCode>
<purchaseTotals>
<currency>usd</currency>
<grandTotalAmount>75.00</grandTotalAmount>
</purchaseTotals>
<pos>
<entryMode>contact</entryMode>
<cardPresent>Y</cardPresent>
<terminalCapability>4</terminalCapability>
<trackData>%B4111111111111111^SMITH/BETTY^16121200123456789012**XXX******?*;
4111111111111111=16121200XXXX00000000?*</trackData>
</pos>
<ccAuthService run="true">
<commerceIndicator>retail</commerceIndicator>
</ccAuthService>
<ccCaptureService run="true"/>
<emvRequest>
<combinedTags>9F3303204000950500000000009F3704518823719F100706011103A000009F260
81E1756ED0E2134E29F36020015820200009C01009F1A0208409A030006219F0206000000002
0005F2A0208409F0306000000000000</combinedTags>
<cardSequenceNumber>001</cardSequenceNumber>
</emvRequest>
</requestMessage>
Card-Present Processing Using the Simple Order API | May 2015
48
Appendix B
Example 16
Examples
Reply Message: Sale Using EMV Technology with a Contact Read
<c:replyMessage xmlns:c="urn:schemas-cybersource-com:transaction-data-1.86">
<c:merchantReferenceCode>ABC123</c:merchantReferenceCode>
<c:requestID>0305782650000167905080</c:requestID>
<c:decision>ACCEPT</c:decision>
<c:reasonCode>100</c:reasonCode>
<c:purchaseTotals>
<c:currency>usd</c:currency>
</c:purchaseTotals>
<c:ccAuthReply>
<c:reasonCode>100</c:reasonCode>
<c:amount>75.00</c:amount>
<c:authorizationCode>831000</c:authorizationCode>
<c:avsCode>2</c:avsCode>
<c:processorResponse>00</c:processorResponse>
<c:reconciliationID>1094820975023470</c:reconciliationID>
<c:paymentNetworkTransactionID>0412MCCNYJPWY</c:paymentNetworkTransactionID>
<c:cardCategory>J1</c:cardCategory>
<c:cardGroup>0</c:cardGroup>
</c:ccAuthReply>
<c:ccCaptureReply>
<c:reasonCode>100</c:reasonCode>
<c:amount>75.00</c:amount>
<c:reconciliationID>1094820975023470</c:reconciliationID>
</c:ccCaptureReply>
<c:receiptNumber>260371</c:receiptNumber>
<c:emvReply>
<c:combinedTags>9F3303204000950500000000009F3704518823719F100706011103A000009F2
6081E1756ED0E2134E29F36020015820200009C01009F1A0208409A030006219F02060000000
020005F2A0208409F0306000000000000</c:combinedTags>
</c:emvReply>
</c:replyMessage>
Card-Present Processing Using the Simple Order API | May 2015
49
Appendix B
Examples
Sale Using EMV Technology with a
Contactless Read
Example 17
Request Message: Sale Using EMV Technology with a Contactless Read
<requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.86">
<merchantID>JanesPlants</merchantID>
<merchantReferenceCode>ABC123</merchantReferenceCode>
<purchaseTotals>
<currency>usd</currency>
<grandTotalAmount>75.00</grandTotalAmount>
</purchaseTotals>
<pos>
<entryMode>contactless</entryMode>
<cardPresent>Y</cardPresent>
<terminalCapability>5</terminalCapability>
<trackData>%B4111111111111111^SMITH/BETTY^16121200123456789012**XXX******?*;
4111111111111111=16121200XXXX00000000?*</trackData>
</pos>
<ccAuthService run="true">
<commerceIndicator>retail</commerceIndicator>
<captureDate>0823</captureDate>
</ccAuthService>
<ccCaptureService run="true"/>
<emvRequest>
<combinedTags>9F3303204000950500000000009F3704238561349F100706011103A000009F260
88717A1A173EAA04D9F36020065820200009C01009F1A0208409A030006209F0206000000002
0005F2A0208409F0306000000000000</combinedTags>
<cardSequenceNumber>001</cardSequenceNumber>
</emvRequest>
</requestMessage>
Card-Present Processing Using the Simple Order API | May 2015
50
Appendix B
Example 18
Examples
Reply Message: Sale Using EMV Technology with a Contactless Read
<c:replyMessage xmlns:c="urn:schemas-cybersource-com:transaction-data-1.86">
<c:merchantReferenceCode>ABC123</c:merchantReferenceCode>
<c:requestID>0305782650000167905080</c:requestID>
<c:decision>ACCEPT</c:decision>
<c:reasonCode>100</c:reasonCode>
<c:purchaseTotals>
<c:currency>usd</c:currency>
</c:purchaseTotals>
<c:ccAuthReply>
<c:reasonCode>100</c:reasonCode>
<c:amount>75.00</c:amount>
<c:authorizationCode>831000</c:authorizationCode>
<c:avsCode>2</c:avsCode>
<c:processorResponse>00</c:processorResponse>
<c:reconciliationID>1094820975023470</c:reconciliationID>
<c:paymentNetworkTransactionID>0412MCCNYJPWY</c:paymentNetworkTransactionID>
<c:cardCategory>J1</c:cardCategory>
<c:cardGroup>0</c:cardGroup>
</c:ccAuthReply>
<c:ccCaptureReply>
<c:reasonCode>100</c:reasonCode>
<c:amount>75.00</c:amount>
<c:reconciliationID>1094820975023470</c:reconciliationID>
</c:ccCaptureReply>
<c:receiptNumber>260371</c:receiptNumber>
<c:emvReply>
<c:combinedTags>9F3303204000950500000000009F3704518823719F100706011103A000009F2
6081E1756ED0E2134E29F36020015820200009C01009F1A0208409A030006219F02060000000
020005F2A0208409F0306000000000000</c:combinedTags>
</c:emvReply>
</c:replyMessage>
Card-Present Processing Using the Simple Order API | May 2015
51
Appendix B
Examples
Authorization Using Point-to-Point Encryption
Example 19
Request Message: Authorization Using Point-to-Point Encryption
<requestMessage xmlns="urn:schemas-cybersource-com:transaction-data-1.86">
<merchantID>myMerchantID123</merchantID>
<merchantReferenceCode>9876</merchantReferenceCode>
<purchaseTotals>
<currency>USD</currency>
<grandTotalAmount>30.00</grandTotalAmount>
</purchaseTotals>
<pos>
<entryMode>swiped</entryMode>
<cardPresent>y</cardPresent>
<terminalCapability>2</terminalCapability>
<paymentData>02d700801f3c20008383252a363031312a2a2a2a2a2a2a2a303030395e46444d53
202020202020202020202020202020202020202020205e323231322a2a2a2a2a2a2a2a3f2a3b
363031312a2a2a2a2a2a2a2a303030393d323231322a2a2a2a2a2a2a2a3f2a7a75ad15d25217
290c54b3d9d1c3868602136c68d339d52d98423391f3e631511d548fff08b414feac9ff6c6de
de8fb09bae870e4e32f6f462d6a75fa0a178c3bd18d0d3ade21bc7a0ea687a2eef64551751e5
02d97cb98dc53ea55162cdfa395431323439323830303762994901000001a000731a8003
</paymentData>
<deviceReaderData>4649443D4944544543482E556E694D61672E416E64726F69642E53646B76
31</deviceReaderData>
<encryptionAlgorithm>TDES</encryptionAlgorithm>
<encodingMethod>Hex</encodingMethod>
</pos>
<ccAuthService run="true">
<commerceIndicator>retail</commerceIndicator>
<ccAuthService>
</requestMessage>
Example 20
Reply Message: Authorization Using Point-to-Point Encryption
<c:replyMessage xmlns:c="urn:schemas-cybersource-com:transaction-data-1.86">
<c:merchantReferenceCode>9876</c:merchantReferenceCode>
<c:requestID>3965463790780176056470</c:requestID>
<c:decision>ACCEPT</c:decision>
<c:reasonCode>100</c:reasonCode>
<c:purchaseTotals><c:currency>USD</c:currency></c:purchaseTotals>
<c:ccAuthReply>
<c:reasonCode>100</c:reasonCode>
<c:amount>30.00</c:amount>
<c:authorizationCode>888888</c:authorizationCode>
<c:avsCode>1</c:avsCode>
<c:processorResponse>100</c:processorResponse>
<c:reconciliationID>64709061YTHMP2LF</c:reconciliationID>
</c:ccAuthReply>
</c:replyMessage>
Card-Present Processing Using the Simple Order API | May 2015
52