Simple Order Test Data

After building your payment management solution use the Simple Order API and SOAP Toolkit API Testing Information to test your software.
If your payment management system uses the SCMP API, use the SCMP API Testing Information to test your software.
After your payment management solution is up and running, use the  Best Practices information to manage your system.

Simple Order API & SOAP Toolkit API Testing Information

In the
Cybersource
test environment, you can simulate the specific error messages that you receive from transaction requests. There are both general and processor-specific testing codes and responses. By including specific values in your transaction requests, you can generate specific responses in the transaction reply messages. The simulated environment allows you to become familiar with the reply messages and develop methods for error handling. For more information refer to the implementation guide for the service you are testing.
For a list of valid credit card numbers to use for testing, see Testing Credit Card Services.
By default, all new accounts are configured for the
Chase Paymentech Solutions
simulator. If you plan to use a different payment processor, contact customer support to have your account configured to use the simulator for that processor.

Testing Information

Processor
Simple Order API Testing Responses
AIBMS
American Express Direct
Barclays
Chase Paymentech Solutions
Chase Pay POS
Chase Paymentech
Cielo
Cielo
1.5
Cielo
3.0
Comercio Latino
Credit Mutuel-CIC
Elavon
FDC Compass
FDI Australia
FDC Nashville Global
FDMS Nashville
Getnet
GPN
HBoS
HSBC
JCN Gateway
Moneris
Network International UAE
OmniPay Direct
Paymentech
Rede
SIX
Streamline
TSYS Acquiring Solutions
UATP
Visa Platform Connect
Worldpay VAP

Best Practices

Cybersource
collected practical operating advice based upon the integration experiences of our customer base. This section includes useful information that facilitates the design and development of your site. Contact the Implementation Support team for additional suggestions based upon your business rules.

Credit Card Account Number Verification - Card Type Identification

This section provides information about identifying a credit card type from a card number's numeric range and number of digits.

American Express

Valid length: 15 digits. First digit must be a 3 and second digit must be a 4 or 7.

Diners Club and Carte Blanche

Valid length: 14 digits.
First digit must be 3 and second digit must be 0, 6, 8 or 9. The ranges are:
  • 300000 through 305999
  • 309500 through 309599
  • 360000 through 369999
  • 380000 through 399999

Discover

Valid length: 16 digits.
First six digits must be in one of the following ranges:
  • 601100 through 601109
  • 601120 through 601149
  • 601174
  • 601177 through 601179
  • 601186 through 601199
  • 644000 through 659999

enRoute

Valid length: 15 digits. First four digits must be 2014 or 2149.

JCB

Valid length: 16 to 19 digits.
First four digits must be in the range 3528 through 3589.

Mastercard

Valid length: 16 digits.
First digit must be 5 and second digit must be in the range 1 through 5 inclusive. The range is 510000 through 559999.
First digit must be 2 and second digit must be in the range 2 through 7 inclusive. The range is 222100 through 272099.

Maestro

Valid length: Up to 19 digits.
First digit must be 5 or 6. The ranges are:
  • 50nnnn
  • 56nnnn through 64nnnn
  • 66nnnn through 69nnnn
The range 60nnnn to 64nnnn is also used by Discover (see above).

Visa

Valid length: Up to 19 digits. First digit must be a 4.Information on how to identify the credit card type based on the numeric range and based on the length of the credit card number.

Avoiding Chargebacks

The following document outlines the steps you can take to avoid chargebacks and provides links to Visa and Mastercard website to learn more about chargebacks: Chargeback Best Practices

Best Practices for Disruptions

To minimize business disruption and consumer dissatisfaction, it is recommended that merchants consider some or all of the best practices for handling outages.
Cybersource
recognizes that service disruptions can greatly impact your business, and for that reason, we continue to invest in redundant, fault-tolerant systems to minimize service disruptions. Unfortunately, despite our efforts, service disruptions do occasionally occur. In addition, bank processors sometimes experience outages that are entirely out of our control. When these disruptions occur, they can hamper your ability to complete sales in a timely fashion. To capture these sales and ensure customer satisfaction, it is recommended that you consider implementing some or all of the following best practices.

1. Accepting orders during the outage period

Consider adding logic to your systems to accept some or all orders during service disruptions. These transactions can be marked as "pending" within your system and retained internally until the disruption is over.
Once the outage period ends, you can submit the pended transactions to
Cybersource
to receive a credit card authorization. If the authorization is approved, your processing flow can proceed as normal. If the authorization is declined, contact impacted customers via e-mail or telephone to request another form of payment.

2. Selectively fulfill orders

If possible, you should delay shipping product until after systems come back online and you are able to authorize your customer's credit card. If this is not feasible for any reason, you can reduce your risk of loss by requesting
Cybersource
to run an Internet Fraud Screen score and/or a Delivery Address Verification look-up to help validate the consumer's identity. You can also use the dollar amount of transactions and the requested shipping priority as part of your criteria in their fulfillment decision.
If you sell digital goods online and don't have the luxury of delaying fulfillment until a later time, you should also consider these techniques to minimize your risk while providing a high quality customer experience.

3. Refer customers to your customer service telephone center

If it is not possible to accept orders and put them into pending status as described previously, consider displaying your customer service telephone number on your eCommerce web site.
Cybersource
Professional Services is available for consulting and/or implementation projects in this area. Please contact your Account Manager for more information.
We hope that these suggestions help you to successfully manage the problems associated with any service disruption. If you have any questions regarding these best practices, please don't hesitate to contact your Account Manager or
Cybersource
Merchant Support.

Credit Card Account Number Verification - Check Digit Scheme

This self-checking scheme (referred to as the Luhn Mod-10 Method) is an international standard for validating credit card account numbers.

Check Digit Scheme

A check digit is a digit added to a number (either at the end or the beginning) that validates the authenticity of the number. A simple algorithm is applied to the other digits of the number which yields the check digit. Check Digit Scheme can be used when an end-user has entered in a credit card number and you want to validate it before sending it an authorization.
This self-checking scheme (referred to as the Luhn Mod-10 Method) is an international standard for validating card account numbers (ISO 2894/ANSI 4.13). Such account numbers, which cannot exceed 19 digits including the check digit, are assigned, embossed and encoded to include a single check digit in the rightmost position. The check digit is calculated as follows:
  1. Beginning on the right with the digit which immediately precedes the check digit and moving toward the left, double every other digit. After doubling each selected digit, if the result is ten or greater, add the two digits together to arrive at a single-digit result.
  2. Each individual resulting digit (plus those skipped above) are then added together.
  3. This sum is then subtracted from the lowest multiple of ten which is equal to or greater than the sum and the single-digit result is the check digit.
Example
: 15-Digit Account Number 7951-0287-9015-54?

Preventing Double Orders

The JavaScript code shown in this section prevents an order from being submitted more than once.
The key is that instead of a standard "submit" button (
<input type="submit"...>
), use a regular button (
<input type="button"...>
) that calls the "submit()" function using JavaScript.
The following code goes in the head:
<SCRIPT language="JavaScript"> <!-- var submitted = false; function doSubmit(form) { if (!submitted) { submitted = true; form.submit(); } } // --> </SCRIPT>
And the following code is the generic button and function call:
<INPUT TYPE="BUTTON" VALUE="Click To Accept" NAME="submission" ONCLICK="doSubmit(this.form)">

Postal/ISO Information

This section provides useful information about domestic state codes, Canadian providences, and ISO country codes.

Best Practices for Communications

This section includes suggestions for maintaining and troubleshooting your communication with
Cybersource
servers.

Communicating with
Cybersource

Cybersource
customers are responsible for the maintenance of their communication with
Cybersource
servers.
Using the various networking tools which are available, customers can resolve the current host names of
Cybersource
servers locally.
Cybersource
applications should be set to direct requests of
Cybersource
hosts to a host name, as opposed to an IP address.
Appreciating that some network applications (firewall software applications, for example) do not allow the use of host names, customers may perform a DNS lookup to resolve a
Cybersource
host name to an IP address; however, customers should be aware that it is their responsibility to maintain the timeliness of the IP resolution for a
Cybersource
host name.

Troubleshooting Communication Problems

While
Cybersource
works to maintain a dependable network environment to which the customer can send requests, the possibility exists for network disruption between
Cybersource
and the customer. In order to ensure that any service disruption has limited impact on the consumer, please be sure to keep the following in mind:
  1. Put an order queue system in place: Customers should have a system that allows them to continue to receive orders from consumers. Such systems might include a database that collects all consumer information and then submits all the collected information once the connection to
    Cybersource
    has been re-established.
  2. Collect the following information when working with
    Cybersource
    Customer Support to resolve connection problems:
    • When did you begin to see the problem (date and time)?
    • How often does the problem occur (all the time, sometime, during high volume)?
    • What is the exact behavior of the problem (what
      Cybersource
      error, what browser error, what specific details)?
    • What
      Cybersource
      service are they accessing (transaction service (which service: auth? bill?), transaction support screens, reports)?
    • What server(s) are you trying to access (ics2.ic3.com,
      cybersource.com
      )?
    • What IP address are they requesting this information from (please include this in your support request)?
    • What is the result of “nslookup” for the server that you are requesting (please include this in your support request)?
    • What are the results of “ping” and “tracert” for the server that you are requesting (please include this in your support request)?
    • What
      Cybersource
      client are you using (
      Cybersource
      client version number and platform)?
  3. Send the above information to customer support for troubleshooting assistance.

Perl and C Code Samples

The Perl code sample can be added to a form to verify an address by asking the user to enter it twice. The C code sample will parse HTML files in C CGI scripts; this will allow you to use page templates and dynamically create result pages.

Perl Sample Code

To add an e-mail address checker to your order form, begin by adding a second e-mail field to the form. In this example, we'll call the first e-mail field Email and the second one Em2.
Add the following lines of code to the CGI script that processes your order form. Add the code before the script checks for missing information.
$Form{Em2} =~ s/\s+//g; $Form{Em2} =~ s/\///g; $Form{Email} =~ s/\s+//g; $Form{Email} =~ s/\///g; if ($Form{Em2} ne $Form{Email}) { $Form{Em2} = "Did not match"; $Form{Email} = ""; }
This checks whether Email and Em2 match. If not, then Email is cleared.
When your script then checks whether all fields have values, Email will be blank and the script will ask the customer to enter both e-mail fields again.

C Sample Code

These two functions parse text files.
str_replace
takes the input string from a file, the output string you're going to print, the string to search for, and the string to replace. Here's an example:
fread(proc_buf, sizeof(char), 100000, ACCEPT);strcpy(print_buf, "");str_replace(proc_buf, print_buf, "<ICS_TAG name=accept_url>", ics_fgetbyname(res, "download_url0"));void str_replace(char *input_str, char *output_str, char *search_str, char *replace_str) { int found=0, start_pos=0, search_len = strlen(search_str); while (found != -1) { found = pmatch(input_str+start_pos, search_str); if (found != -1) { strncat(output_str, input_str + start_pos, found); start_pos = start_pos + found + search_len; strcat(output_str, replace_str); } } strcat(output_str, input_str+start_pos);}int pmatch(char *string, char *pat) { int i,j=0, start=0; int lasts = strlen(string)-1; int lastp = strlen(pat)-1; int endmatch = lastp; for (i = 0; endmatch <= lasts; endmatch++, start++) { if (string[endmatch] == pat[lastp]) for (j = 0, i = start; j < lastp && string[i] == pat[j]; i++, j++); if (j == lastp) return start; } return -1;}

Testing Credit Card Services

Use the following test credit card numbers to test the authorization, capture, and credit services. Do not use real credit card numbers. You may use any other values for cardholder name, card authentication or expiration date.

American Express

3782 8224 6310 005

China UnionPay

Replace the Xs with zeros before using the card numbers.
Card-not-present 3-D Secure enabled card
  • Card:
    625X947XXXXXXX14
  • Expiration date (YYMM):
    3312
  • CVV2:
    123
Card-not-present 3-D Secure 2.2 enabled card
  • Frictionless:
    • 81XXX1XXXXXXX142
    • 621XX3823532713X
  • Challenge:
    • 81XXX1XXXXXXX688
    • 621XX3257857442
Domestic China-issued card
  • Card:
    6222X4XXXXX3XX12
  • Expiration date (YYMM):
    4912
  • CVV2:
    123
International-issued card
  • Card:
    625X94X5XXXXXXX6
  • Expiration date (YYMM):
    4912
  • CVV2:
    123
UnionPay International and Visa co-branded card
  • Card:
    44278X2641XX4797
  • Expiration date (YYMM):
    4912
  • CVV2:
    123
UnionPay International and Mastercard co-branded card
  • Card:
    552XX123456789X3
  • Expiration date (YYMM):
    4912
  • CVV2:
    123

JCB

3566 1111 1111 1113

Maestro (International)

  • 5033 9619 8909 17
  • 5868 2416 0825 5333 38

Maestro (UK Domestic)

  • 6759 4111 0000 0008
  • 6759 5600 4500 5727 054
  • 5641 8211 1116 6669

Mastercard

  • 2222 4200 0000 1113
  • 2222 6300 0000 1125
  • 5555 5555 5555 4444

UATP

1354 1234 5678 911

Visa

4111 1111 1111 1111

Visa (19-digit)

4479 6673 5234 2682 672

Legacy SCMP API Testing Information

In the
Cybersource
test environment, you can simulate the specific error messages that you receive from transaction requests. There are both general and processor-specific testing codes and responses. By including specific values in your transaction requests, you can generate specific responses in the transaction reply messages. The simulated environment allows you to become familiar with the reply messages and develop methods for error handling. For more information refer to the implementation guide for the service you are testing.
For a list of valid credit card numbers to use for testing, see Testing Credit Card Services.
By default, all new accounts are configured for the
Chase Paymentech Solutions
simulator. If you plan to use a different payment processor, contact Customer Support to have your account configured to use the simulator for that processor.

Testing Information

Processor
SCMP API Testing Responses
AIBMS
American Express Direct
Barclays
Chase Paymentech Solutions
Chase Pay POS
Chase Paymentech
Cielo
Cielo
1.5
Cielo
3.0
Comercio Latino
Credit Mutuel-CIC
Elavon
FDC Compass
FDC Nashville Global
FDMS Nashville
Getnet
GPN
HBoS
HSBC
JCN Gateway
Moneris
Network International UAE
OmniPay Direct
Paymentech
Rede
SIX
Streamline
TSYS Acquiring Solutions
UATP
Visa Platform Connect
Worldpay VAP