Search documentation:
	Help  Advanced
Published 05/15/2002

Chapter 4

Credit Card Processing

Credit Card Processing is one aspect of CyberSource Payment Services.

This chapter contains the following sections:

• Authorize Card
• Bill Card
• Refund Card
• Credit Card Services Limitations

Authorize Card

Authorize Card authorizes a credit card purchase from the cardholder's bank. Before using Authorize Card, your company must do the following:

• Establish a merchant account with your company's bank.
• Provide the identifying numbers for your bank account. For example, FDMS requires both merchant identification numbers (MID) and terminal identification numbers (TID), while Paymentech requires the division number.

To authorize a credit card transaction, Authorize Card performs the following tasks:

• Calculates the total amount for an order by totaling the cost of each offer in the order.
• Requests credit card authorization from the issuing bank for the total amount.
• Places a temporary hold against the customer's credit card for the total amount of the order. Most authorizations expire within five to seven days, but the bank that issued the card determines the length of the authorization.

Card Verification Number

The card verification value is a number that is printed, not embossed, on the back of a credit card. This number is never transferred during card swipes (magnetic or physical) and should only be known by the cardholder. Using this field offers an added level of security against potentially fraudulent transactions. For more information on card verification value, see the ICS2 Developer's Guide, available at the CyberSource Small Business Support Center Web site.

Using the Authorize Card Service

To authorize credit card purchases, follow the steps below:

1. Open the purchase.pcf file for your store.
2. Add CyberSource Commerce Component in the payment stage.
3. Double-click the CyberSource Commerce Component, then select Authorize Card from the Available Services list.

Credit card data is read directly from mscsOrderForm by Site Server and cannot be changed. For Authorize Card service, banks require the customer's billing, not shipping, address. Notify customers on your Web order form to enter their billing address. Check the box to enable the Address2 option, so that customers can provide a separate shipping address.

Offer-Level Fields

Table 9 lists the offer-level fields for the Authorize Card service.

Table 9 Offer-Level Fields for Authorize Card Service 

Offer-Level Field	Description	Tab
Amount	Per-item price of the product.	Product
Quantity	Quantity of the product being purchased.
Tax Amount	Tax amount associated with this item.	Tax

Reply Fields

The Authorize Card service returns a number of fields, called reply fields, that are written to the mscsOrderForm object. The ICS2 Developer's Guide, available on the CyberSource Small Business Support Center, lists the reply codes for the Authorize Card service.

Reply Flags

The ICS2 Developer's Guide lists the reply flags that are possible for the Authorize Card service. The purpose of the reply flag is to give you enough information to display a reasonable response to your customer. To translate these errors, use the Using Message Manager. For a description of these rflags, see the ICS2 Developer's Guide, available on the CyberSource Small Business Support Center.

Smart Authorization

Smart Authorization is an enhanced payment service with built-in risk checks that protect against the acceptance of high risk orders. Use Smart Authorization if you want to identify highly risky orders without complicated setup or monitoring. If a request is declined, Smart Authorization tells you which factors of the request appear risky.

To use Smart Authorization, contact your CyberSource Customer Support Representative and request Smart Authorization. CyberSource will take care of the configuration requirements. Include the same fields in your request that you would send for a regular ics_auth request. If the optional ship_to request-level fields are supplied in the request, then Smart Authorization additionally screens the ship_to data for risk.

If a Smart Authorization request fails the risk checks, a DCARDREFUSED reply flag is returned, which is the same code returned if the bank declines the request. Smart Authorization also returns risk factor codes, which explain whether the decline is from the processing bank or any of the CyberSource risk screens, in the auth_factor_code reply field.

For more information on Smart Authorization, see the ICS2 Developer's Guide and the Smart Authorization Planning Guide, available on the CyberSource Small Business Support Center.

Bill Card

Bill Card bills (settles) a credit card account for an order. Bill Card also confirms the temporary hold placed on credit card funds after Authorize Card authorizes a transaction.

Card association rules specify that you can bill for an order only after you fulfill the order. Based upon the type of goods that you sell, you must decide to apply Bill Card in your system at one of the following points:

• When the order is placed. Use this option for products that are delivered electronically, or for instant access to a subscriber-only Web site.
• When the product is shipped. Use this option for products that are shipped physically, where there might be a delay between the time the customer places the order and the ship date. Your request for Bill Card must use the same currency as your request for Authorize Card.

Because of the delay between credit authorization and actual billing, the authorization might expire before you request Bill Card. If the authorization expires, your bank or processor may require you to resubmit an authorization request (Authorize Card) with a request to Bill Card in the same message.

If you want CyberSource to bill the customer's credit card after you fulfill the order, you need to implement the Bill Card service. In most cases, if you use CyberSource to authorize the credit card, you also use CyberSource to bill the credit card.

Note  If the product is delivered electronically and the Authorize Card service is used, you should also select the Bill Card service.

Bill Card Features

Merchant Descriptor

This feature allows merchants to dynamically submit a unique merchant descriptor and toll free support number with each transaction. The descriptor and toll free number will transcend through the transaction and be posted on the cardholder's statement. Merchants can use this feature to subdivide their site into multiple departments, each with a unique description and customer support telephone number, making it easier for the customer to identify transactions to a specific department.

For more information, see the ICS2 Developer's Guide, available on the CyberSource Small Business Support Center.

Verbal Authorization

When a merchant requests an authorization, the issuing bank may return a request that the merchant call the payment processor if the issuing bank has questions about the transaction. This will result in a DCALL rflag from CyberSource. Often, after calling the bank or processor, the merchant will receive a verbal authorization for the transaction and will want to settle it. CyberSource enables the merchant to settle verbally authorized transactions by enabling the submission of the verbal authorization code as part of the Bill Card request.

For more information, see the ICS2 Developer's Guide, available on the CyberSource Small Business Support Center.

Using the Bill Card Service

To implement the Bill Card service, follow these steps:

1. Open the purchase.pcf file for your store.
2. Add CyberSource Commerce Component in the payment stage.
3. Double-click the CyberSource Commerce Component to open it.
4. Click Bill Card in the Available Services window, then click the check mark button. Bill Card now appears in the Selected Services list.
5. Double-click Bill Card to open the CyberSource Component Properties window, then click the Payment-General tab.

The Payment-General tab appears.

Figure 9 Bill Card Service in Payment-General Tab

6. Specify fields that correspond to order form object fields, where values are stored.
7. If you want the CyberSource Commerce Component to use the result from Authorize Card to bill the credit card, select the Filled by Authorize Card check box.

Important  When testing the bill card service, using the CyberSource test server, be aware that all amounts between $1,001.00 and $4,000.00 are set up to automatically fail. This only occurs against the test server and the purpose is to allow the merchant to test declines. All amounts up to $99,999.99 are valid against the production server (assuming the currency is USD).

Table 10 Optional Fields for Bill Card  

Optional Field	Description	Field Type or Location of Variable
Auth Request ID Filled by Authorize Card	Authorization identification number. If the Authorize Card service is requested at the same time as the Bill Card service, select the Auth Request ID Filled by Authorize Card check box to use the result of Authorize Card to bill the credit card. If the Authorize Card service is not requested at the same time, the Auth Request ID field must contain the request_id from a prior call to the Authorize Card service.	Order Form
User PO (for use with Type II Cards)	This field is not supported for CyberSource Small Business customers.
Auth Type	If this transaction contains a verbally authorized transaction, this field must be pass the value = "verbal".
Merchant Descriptor	Specify the Merchant Descriptor that appears on the cardholder's statement. Symbols are allowed.
Merchant Descriptor Contact	Specify the Merchant Contact information (for example, phone number) that appears on the cardholder's statement. Must be of the format: ACCCCCCCCCCCC NNN-NNN-NNNN NNN-NNN-NUUU NNN-NNN-UUUU NNN-UUUUUUU where: N - Numeric A - Alpha C - Character (Alpha or Blank) U - Alphanumeric (Alpha or Numeric)
Ignore Bad Card Verification Value	When Authorize Card and Bill Card are combined, the server will not fail the transaction when a bad card verification number is entered, otherwise the accompanying bill is blocked.	Check Box
Verbal Auth Code	Verbal Authorization code.	Order Form
Card Verification	Card verification value.

Table 11 Required Field for Bill Card

Required Field	Description	Field Type or Location of Variable
Order total	Select one of the following: Order total: Send one total for the entire order. This field is only used when the Bill Card is being run without Authorize Card. Send the total thru lineitem offers (see below).	Order Form
Send the total thru lineitem offers	The total amount billed is the sum of the lineitem offer amounts (plus the final shipping and handling offer the component adds).	Option Button

Reply Fields

The Bill Card service returns a number of reply fields that are written to the mscsOrderForm object. The ICS2 Developer's Guide, available on the CyberSource Small Business Support Center, lists the reply codes for the Bill Card service.Reply Flags

Reply Flags

The ICS2 Developer's Guide lists the reply flags that are possible for the Bill Card service. The purpose of the reply flag is to give you enough information to display a reasonable response to your customer. To translate these errors, use the Using Message Manager. For a description of these rflags, see the ICS2 Developer's Guide, available on the CyberSource Small Business Support Center.

Refund Card

Use the Refund Card service to issue a refund to a customer's credit card account after an adjustment, a return, or a voided order.

Warning  Carefully control access to this application to prevent unauthorized credits. Do not request this application directly from your customer interface. Instead, require that the customer contact your customer service organization and incorporate this application as part of your customer service process.

Using the Refund Card Service

To implement the Refund Card service, complete the following steps:

1. Open the pipeline for your store's Refund Card service.
2. Add CyberSource Commerce Component in the payment stage.
3. Double-click the CyberSource Commerce Component to open it.
4. Click Refund Card in the Available Services list, then click the check mark button. Refund Card now appears in the Selected Services window.
5. Double-click Refund Card to open the CyberSource Component Properties window, then click the Payment-General tab.

The Payment-General tab appears.

Figure 10 Refund Card—Bill Request ID in Payment-General Tab

6. Specify fields that correspond to order form object fields, where values are stored.

The Bill Request ID comes from your database.

Table 12 Required Field for Refund Card

Required Field	Description	Field Type or Location of Variable
Bill Request ID	The billing identification number. When you bill through CyberSource, this is the request_id value returned from the Bill Card service.	Order Form

Reply Fields

The Refund Card service returns a number of reply fields that are written to the mscsOrderForm object. The ICS2 Developer's Guide, available on the Cybersource Small Business Support Center, lists the reply codes for the Bill Card service.

Reply Flags

The ICS2 Developer's Guide lists the reply flags that are possible for the Refund Card service. The purpose of the reply flag is to give you enough information to display a reasonable response to your customer. To translate these errors, use the Using Message Manager. For a description of these rflags, see the ICS2 Developer's Guide, available on the CyberSource Small Business Support Center.

Credit Card Services Limitations

The main credit card service limitation is that two payment services cannot be run simultaneously. The pipeline component will not allow you to have more than one payment service set as a "selected service".

If you need to include both Authorize Card and Bill Card in the same request, you have two options:

• Configure one service to be the default, and make the other service a "dynamic configuration."
• Create two separate purchase pipelines, and verify that only the appropriate pipeline gets run for each transaction.

Dynamic Configuration

1. In the pipeline editor, double-click the CyberSource Component for Site Server.
2. On the CyberSource Commerce Component tab, select a service from the Available Services list.

Select a service you desire to be your statically selected service.

3. Click the check mark button to move your selected service to the Selected Service list.
4. Double-click the service the service to view its properties.
5. Click the General tab.
6. In the Dynamic Service Configuration area, select Allow selected services to be set dynamically. Verify that the service(s) listed is the one you want to overwrite the statically configured services.

The service string must contain a single, trailing comma, and no spaces between the service names and the commas.

Example  Specifying two dynamic services

mscsOrderForm.[_dyn_services] = "Authorize Card,Bill Card,"

Be sure to configure compatible service combinations.

The service names can be used for dynamic configuration:

• Authorize Card
• BIll Card
• Refund Card

Example  Dynamic service string

mscsOrderForm.[_dyn_services] = "Authorize Card,"

For a complete overview of Payment Services, including credit card processing, see the ICS2 Developer's Guide, available on the CyberSource Small Business Support Center.