On This Page

Card-Present Authorizations

For card-present transactions, the presence of the payment card is established during the authorization service. These are the basic types of card-present authorizations:
  • EMV authorization: Authorization that is based on the EMV chip embedded in the cardholder's card.
  • Magnetic stripe authorization: Authorization that is based on the magnetic stripe on the back of the cardholder's card.
  • Hand-keyed authorization: Authorization that is based on you manually entering the card information into the payment terminal.
  • Cash advance authorization: Authorization for withdrawing cash against a cardholder's credit card limit at their bank.
After you complete a card-present authorization, using these follow-on services enables you to complete the full payment workflow:
  • Capture
  • Contact EMV capture
  • Stand-alone credit
  • Authorization reversal
  • Void

Related Information

Debit and Prepaid Card Payments

Debit cards are linked to a cardholder's checking account. A merchant who accepts the debit card can deduct funds directly from the linked cardholder's account.
You can process debit cards using these services:
  • Credit card services
  • PIN debit services
  • Partial authorizations, which are a special feature available for debit cards
  • Balance inquiries, which are a special feature available for debit cards

Requirements

In Canada, to process domestic debit transactions on 
Visa Platform Connect
 with Mastercard, you must contact customer support to have your account configured for this feature.

Related Information

Airline Data

Airline data processing goes beyond basic payment transactions by allowing you to process specific travel data. This requires you to submit additional information, such as:
  • Carrier
  • Departure Date
  • Destination Airport
  • Purchase Date
  • Originating Airport
  • Ticket Class
  • Trip Legs

Supported Card Types

  • American Express
  • Discover
  • Mastercard
  • Visa

Supported Acquirers

These
Visa Platform Connect
 acquirers are supported for airline data processing:
  • Agricultural Bank of China (ABC)
  • Ahli United Bank in Bahrain
  • Arab African International Bank (AAIB)
  • Asia Commercial Bank (ACB)
  • Auckland Savings Bank (ASB)
  • Axis Bank Ltd. of India
  • Bangkok Bank Ltd.
  • Bank Muscat of Oman
  • Bank of Ayudhya (BAY)
  • Bank of China (BOC)
  • Bank of Communications
  • Bank Sinarmas (Omise Ltd.)
  • Banque Pour Le Commerce Exterieur Lao (BCEL)
  • Barclays Bank Mauritius Ltd.
  • Barclays Bank Botswana
  • Barclays Bank of Ghana Ltd., Barclays Bank of Tanzania Ltd., and Barclays Bank of Uganda Ltd.
  • Barclays Bank of Kenya
  • Barclays Bank of Zambia
  • Barclays Bank Seychelles
  • BC Card Co., Ltd.
  • BLOM Bank
  • Cathay United Bank (CUB)
  • Citibank Hongkong and Macau
  • Citibank Singapore Ltd.
  • Commercial Bank of Qatar
  • CrediMax (Bahrain)
  • CTBC Bank Ltd.
  • FirstRand Bank
  • Global Payments Asia Pacific
  • Habib Bank Ltd. (HBL)
  • HDFC Bank Ltd. of India
  • I&M Bank
  • ICICI of India
  • Korea Exchange Bank (KEB)
  • Mashreq
  • National Bank of Abu Dhabi (NBAD)
  • National Bank of Kuwait (NBK)
  • National Commercial Bank
  • Network International
  • Overseas Chinese Banking Corp (OCBC)
  • Promerica in Honduras and Nicaragua
  • Qatar National Bank (QNB Group)
  • Raiffeisenbank
  • Rosbank
  • Taishin Bank Ltd.
  • United Overseas Bank (UOB) in Singapore and Vietnam
  • United Overseas Bank (UOB) in Thailand
  • Vietcombank
  • VTB24
  • Wing Lung Bank

Requirement

When you are ready to go live with airline data processing, contact
Cybersource
 Customer Support to have your account configured to process airline data. If your account is not enabled, and you try to send airline transactions, you will receive an error for invalid data.

Related Information

Cybersource
 Airline Data Processing

Cybersource
 does not store airline data. Instead, it functions as a pass-through service for the data.
Cybersource
 enforces only the minimal level of field validation.
When you request an airline service,
Cybersource
 responds with certain fields and values to indicate whether the airline data was processed. The response fields for each service are:
  • Authorization:
    processingInformation.enhancedDataEnabled
  • Capture:
    processingInformation.enhancedDataEnabled
  • Credit:
    processingInformation.enhancedDataEnabled
The possible values for the response fields are:
  • Y
    : the airline data was included in the request to the processor.
  • N
    : the airline data was not included in the request to the processor.
Cybersource
 temporarily disables your account's airline data processing capability and contacts you if your airline data transactions produce batching errors when the information is sent to the processor. If this happens, your request is not rejected, but you receive one of the above listed fields with the
N
 value in the response indicating that airline data in the request has been ignored and not sent to the processor.

Airline Travel Legs

This section shows you how to process an airline transaction with travel legs for this processor:
  • Visa Platform Connect

Using Travel Legs

To include travel legs in an airline transaction, include one or more travel legs in the
legs[]
 array.
For example, these three travel legs are valid:
"travelInformation": {
    "transit": {
      "airline": {
        "legs": [
          {
            "carrierCode": "XX"
          },
          {
            "carrierCode": "XZ"
          },
          {
            "carrierCode": "XX"
          }
        ]
      }
IMPORTANT
If you skip a number,
Cybersource
 ignores the legs that follow the skipped number.

Travel Leg Limitations

Some processors limit the amount of travel legs for each trip based on card type. For more information, see the Leg Limitations table in the capture section of the processor you are using.

Airline Data Reference Information

This section contains reference information that is useful when using Airline Data.

Airline Document Type Codes

To indicate the purpose of a purchase, set the
travelInformation.transit.airline.documentType
 field to a value listed in the Code column.
Airline Document Type Codes
Code
Description
01
Passenger ticket
02
Additional collection
03
Excess baggage
04
Miscellaneous charge order (MCO) or prepaid ticket authorization
05
Special service ticket
06
Supported refund
07
Unsupported refund
08
Lost ticket application
09
Tour order voucher
10
Ticket by mail
11
Undercharge adjustment
12
Group ticket
13
Exchange adjustment
14
SPD or air freight
15
In-flight adjustment
16
Agency passenger ticket
17
Agency tour order or voucher
18
Agency miscellaneous charge order (MCO)
19
Agency exchange order
20
Agency group ticket
21
Debit adjustment for duplicate refund or use
22
In-flight merchandise order
23
Catalogue merchandise order
24
In-flight phone charges
25
Frequent flyer fee or purchase
26
Kennel charge
27
Animal transportation charge
28
Firearms case
29
Upgrade charge
30
Credit for unused transportation
31
Credit for class of service adjustment
32
Credit for denied boarding
33
Credit for miscellaneous refund
34
Credit for lost ticket refund
35
Credit for exchange refund
36
Credit for overcharge adjustment
37
Credit for multiple Unused tickets
38
Exchange order
39
Self-service ticket
41
In-flight duty-free purchase
42
Senior citizen discount booklets
43
Club membership fee
44
Coupon book
45
In-flight charges
46
Tour deposit
47
Frequent flyer overnight delivery charge
48
Frequent flyer fulfillment
49
Small package delivery
50
Vendor sale
51
Miscellaneous taxes or fees
52
Travel agency fee
60
Vendor refund or credit
64
Duty free sale
65
Preferred seat upgrade
66
Cabin upgrade
67
Lounge or club access or day pass
68
Agent assisted reservation or ticketing fee
69
Ticket change or cancel fee
70
Trip insurance
71
Unaccompanied minor
72
Standby fee
73
Curbside baggage
74
In-flight medical equipment
75
Ticket or pass print fee
76
Checked sporting or special equipment
77
Dry ice fee
78
Mail or postage fee
79
Club membership fee or temporary trial
80
Frequent flyer activation or reinstatement
81
Gift certificate
82
Onboard or in-flight prepaid voucher
83
Optional services fee
84
Advance purchase for excess baggage
85
Advance purchase for preferred seat upgrade
86
Advance purchase for cabin upgrade
87
Advance purchase for optional services
88
Wi-Fi
89
Packages
90
In-flight entertainment or internet access
91
Overweight bag fee
92
Sleep sets
93
Special purchase fee

Ancillary Service Category Codes

To indicate the service provided in an ancillary purchase, set the
travelInformation.transit.airline.ancillaryInformation.service[].categoryCode
 and
travelInformation.transit.airline.ancillaryInformation.service[].subCategoryCode
 fields to a value listed in the Ancillary Service Category Code column.
Ancillary Service Category Codes
Ancillary Service Category Codes
Description
BF
Bundled service
BG
Baggage fee
CF
Change fee
CG
Cargo
CO
Carbon offset
FF
Frequent flyer
GF
Gift card
GT
Ground transport
IE
In-flight entertainment
LG
Lounge
MD
Medical
ML
Meal or beverage
OT
Other
PA
Passenger assist fee
PT
Pets
SA
Seat fees
SB
Standby
SF
Service fee
ST
Store
TS
Travel service
UN
Unaccompanied travel
UP
Upgrades
WI
Wi-Fi

Interchange Optimization

Interchange fees are per-transaction transfer fees charged by your acquirer. The fee amount is based in part on the transaction amount that the acquirer submits to the payment network for clearing and settlement. Interchange optimization can help to reduce these fees for card-present transactions.

Payment Cards Supported with Interchange Optimization

  • Mastercard
  • Visa

Automatic Authorizations

Interchange optimization works by automatically performing additional authorization transactions for two types of card-not-present scenarios.
Automatic Authorization Refresh
If a capture request occurs more than 6 days after the date of the original authorization, the processor automatically obtains a fresh authorization for the capture amount.
Automatic Partial Authorization Reversal
If the capture does not need a fresh authorization but the capture amount is less than the authorization amount, the processor automatically performs a partial authorization reversal. The reversal releases the hold on unused credit card funds and ensures that the settlement amount matches the authorization amount.

How Interchange Optimization Transactions are Tracked

To find out when the processor performed automatic authorizations, see the daily processor report.

Limitations

  • Interchange optimization does not apply to transactions in which the payment card is present at the merchant's physical place of business.
  • Interchange optimization is not supported with incremental authorizations.

Requirement

Contact customer support to enable interchange optimization for your account.

Japanese Payment Options

Japanese payment options (JPO) extend the
Cybersource
 payment card processing features to support payment methods used only in Japan. Japanese issuers, cardholders, merchants, and acquirers recognize payment methods that clarify the nature of a payment. JPO provides for more fine-grained identification of one-time payments and installment payments. You can offer your customers JPO payment methods that they select at the time of purchase.
JPO supports these payment methods:
  • Single payment
  • Bonus payment
  • Installment payment
  • Revolving payment
  • Combination of bonus payment and installment payment
IMPORTANT
Requests with Japanese payment options are accepted independently of your agreements with acquirers. When you submit a request with one of these payment options but do not have the necessary contracts and agreements in place, an error might not occur until the acquirer processes the settlement file.
For more information about the Japanese payment options, contact Customer Support of
Cybersource
 KK (Japan).

Payment Cards Supported with JPO

JPO is supported for the Sumitomo Mitsui Card Co. acquirer with transactions that use Visa payment cards issued in Japan.

Services Supported with JPO

Authorization service.

Requirements

  • You have signed a contract with your acquirer.
  • You have contacted your account provider for details about contracts and funding cycles. The funding cycle could differ when using JPO.
  • Card holders who want to use JPO have signed a contract with an issuing bank.
  • You have confirmed payment option availability with your account provider and card holder before implementing one of these payment options.

Related Information

Level II and Level III Data

For business to business customers, Level II and Level III processing can provide lower interchange rates in exchange for providing more information during a transaction.
Support for Level II and Level III data processing is processor and card specific.

Level II Data

Level II cards, which are also called
Type II cards
, provide customers with additional information on their credit card statements about their purchases. Level II cards enable customers to easily track the amount of sales tax they pay and to reconcile transactions with a unique customer code. There are two categories of Level II cards:
  • Business/corporate cards are given by businesses to employees for business-related expenses such as travel and entertainment or for corporate supplies and services.
  • Purchase/procurement cards are used by businesses for expenses such as supplies and services. These cards are often used as replacements for purchase orders.

Level III Data

You can provide Level III data for purchase/procurement cards, which are used by businesses for expenses such as supplies and services. These cards are often used as replacements for purchase orders. The Level III data is forwarded to the company that made the purchase. It enables the company to manage its purchasing activities.

Related Information

  • See Level II Processing for information that shows you how to process transactions that include Level II data.
  • See Level III Processing for information that shows how to process transactions that include Level III data.

Mastercard Bill Payments

In Brazil, you can participate in a Mastercard Bill Payment program. If your account is enrolled in the program, your customers can use their Mastercard payment cards to make payments on their outstanding bills.
IMPORTANT
A Mastercard card payment at the point of sale (POS) when goods or services are purchased is not part of the Mastercard Bill Payment program.
When you send an authorization request for a Mastercard Bill Payment, include the API field that specifies the bill payment type.

Limitation

The Mastercard Bill Payment program supports only bills paid in Brazil using Mastercard payments cards with
Visa Platform Connect
.

Requirements

Sign up with Mastercard to participate in their bill payment program.

Related Information

Mastercard Expert Monitoring Solutions

Mastercard Expert Monitoring Solutions provides a predictive, behavior-based fraud score in real time during authorizations for card-not-present transactions. The score indicates the likelihood that the requested transaction is fraudulent and the type of fraud that is suspected.
To assign the fraud score for a transaction, Mastercard compares the customer’s transaction data to their transaction behavior history and to a regional card-not-present fraud detection model. The resulting score is returned in the body of the response message.

Limitations

This feature is supported on Mastercard Payment cards issued in the US only.
This feature is supported with
Visa Platform Connect
 only.

Requirement

Contact customer support to enable Mastercard Expert Monitoring Solutions for your account.
IMPORTANT
After this feature is enabled for your account, Mastercard returns a fraud score for all your card-not-present authorization requests for Mastercard payment cards issued in the US.

Related Information

Payer Authentication

Payer authentication is run before a transaction is submitted for authorization. Most of the time payer authentication is bundled with authorization so that after payer authentication happens, the transaction is automatically submitted for authorization. Payer authentication and authorization can be configured to occur as separate operations. This section shows you how to run payer authentication as a separate process and pass the payer authentication data when seeking authorization for a transaction.
Payer authentication consists of a two-step verification process that adds an extra layer of fraud protection during the payment process. During transactions, the transaction device, location, past purchasing habits, and other factors are analyzed for indications of fraud. This process collects customer data during the transaction from at least two of these three categories:
  • Something you have
    : A payment card or a payment card number
  • Something you know
    : A password or pin
  • Something you are
    : Facial recognition or fingerprint
Each of these payment card companies has its own payer authentication product:
  • American Express
    : SafeKey
  • Discover
    : ProtectBuy
  • JCB
    : J/Secure
  • Mastercard
    : Identity Check
  • Visa
    : Visa Secure
Payer authentication can be used to satisfy the Strong Customer Authentication (SCA) requirement of the Payment Services Directive (PSD2). SCA applies to the European Economic Area (EEA) and the United Kingdom. SCA requires banks to perform additional checks when customers make payments to confirm their identity.

Related Information

Relaxed Requirements for Address Data and Expiration Date in Payment Transactions

With relaxed requirements for address data and the expiration date, not all standard payment request fields are required. It is your responsibility to determine whether your account is enabled to use this feature and which fields are required.

Related Information

Split Shipments

Split shipments enable you to split an order into multiple shipments with multiple captures. You can use this feature when a customer orders a product that is not yet available, or when one or some products are available but not all. You are able to request multiple partial captures for one authorization, multiple authorizations and one capture, or an authorization and a sale.
Cybersource
 provides the split shipment services for authorizations and captures. There are three scenarios and actions you can take:
  • Multiple authorizations—Request more than one authorizations; when the order is placed for the unavailable product and after the product becomes available to ship.
  • Multiple partial captures—Request an authorization, and then request multiple partial captures for the amount of the products you ship. When the remaining product becomes available, ship it and request another capture.
  • Multiple authorizations with multiple partial captures—Request more than one authorizations and captures when all the products in the order are not available for immediate shipment. After the other products become available, request another authorization, and then a capture when you ship the remaining product.

How Split Shipments Transactions are Linked

All transactions for a split shipment are linked together in the
Business Center
 and in reports. When you split an order into multiple shipments with multiple partial captures,
Cybersource
 requests the additional authorizations for you.

Obtaining the Status of a System-Generated Authorization

IMPORTANT
A system-generated authorization is not performed in real time. The response message that you receive indicates that the request was received, not whether it was approved or declined.
A system-generated authorization can be declined for the same reasons that a regular authorization can be declined.
Cybersource
 recommends you use one of following methods to obtain the status of the system-generated authorization request before shipping the product:
  • Business Center
    —Use the capture request ID to search for the follow-on capture. The details for all related transactions are displayed on the
    Transaction Details
     page. It can take a maximum of 6 hours for the status of the system-generated authorization request to be available.
  • Transaction Detail API—You must use version 1.3 or later of the report and include the parameter
    includeExtendedDetail
     in your query. It can take a maximum of 6 hours for the status of the system-generated authorization request to be available.
  • Transaction Exception Detail Report—
    Cybersource
     recommends you use this report on a daily basis to identify transactions that were declined.

Additional Authorizations

When you need an additional authorization for an order, you can use the
link-to-request
 field to link follow-on authorizations to the original authorization in addition to the basic fields required for every authorization request. The follow-on authorization is linked to the original authorization in the
Business Center
 and in reports. The captures for these authorizations are also linked to the original authorization in the
Business Center
 and in reports.
For an additional authorization on a processor that supports merchant-initiated transactions, the authorization request must include the subsequent authorization fields that are required for merchant-initiated transactions.

Additional Captures

When you need an additional capture for an order,
Cybersource
 performs a system-generated authorization for additional capture requests using the payment data from the original authorization. The system-generated authorization is linked to the original authorization in the
Business Center
 and in reports. The captures are linked to the authorizations in the
Business Center
 and in reports through the request IDs as with any capture.

Related Information

Introduction to Credentialed Transactions

Credentialed transactions are transactions that involve either storing a customer's payment credentials for future transactions or using a customer's already stored payment credentials. When processing a credentialed transaction, you must indicate the type of credentialed transaction and the reason for the transaction. Credentialed transactions are also known as
credential-on-file
 (COF) transactions.
There are several types of credentialed transactions:
  • Customer-Initiated Transactions (CITs):
     Any transaction a customer is actively participating in such as making a card-present payment, completing an online checkout, or by using a stored credential. CIT transactions can store the customer's credentials in your system for future CITs or merchant-initiated transactions.
  • Merchant-Initiated Transactions (MITs):
     Any transaction a merchant initiates without the customer's participation such as an industry practice transaction or a standing instruction transaction.
    • Industry Practice Transactions:
       MITs that are performed as subsequent transactions to a CIT because the initial transaction could not be completed in one transaction. Not every industry practice transaction involves a stored credential. If a stored credential is used only for one transaction, that transaction is not considered a credentialed transaction.
    • Standing Instruction Transactions:
       MITs that are performed to follow agreed-upon instructions from the customer for the provision of goods and services.

Figure:

MIT Types

Supported Services

These are the supported merchant-initiated services:
  • Delayed Authorization
  • Incremental Transactions
  • Installment Transactions
  • Mastercard Standing Order Transactions
  • Mastercard Subscription Transactions
  • No-Show Transactions
  • Reauthorization
  • Recurring Transactions
  • Resubmission
  • Unscheduled Credentials-on-File Transactions
The service determines the reason for the credentialed transaction.

Token Management Service

The
Token Management Service
 (
TMS
) enables you to replace personally identifiable information (PII), such as the primary account numbers (PANs), with unique tokens. These tokens do not include the PII data, but act as a placeholder for the personal information that would otherwise need to be shared. By using tokens, businesses can provide a secure payment experience, reduce the risk of fraud, and comply with industry consumer security regulations such as PCI-DSS.
TMS
 links tokens across service providers, payment types, and channels for sellers, acquirers, and technology partners.
TMS
 tokenizes, securely stores, and manages the primary account number (PAN), the payment card expiration date,
electronic check details,
and customer data.
TMS
 also enables you to create a network token of a customer's payment card.
IMPORTANT
Due to mandates from the Reserve Bank of India, Indian merchants cannot store PANs. Use network tokenization instead.
You can manage sensitive data securely by creating, retrieving, updating, and deleting tokens through the TMS API.
TMS
 simplifies your PCI DSS compliance.
TMS
 passes tokens back to you that represent this data. You then store these tokens in your environment and databases instead of storing customer payment details.
TMS
 protects sensitive payment information through tokenization and secures and manages customer data using these token types:
  • Customer tokens
  • Instrument identifier tokens
  • Payment instrument tokens
  • Shipping address tokens
These
TMS
 tokens can be used individually, or they can be associated with one customer token:

Figure:

TMS
 Token Types
Diagram of the unified token identifier.

Related Information