CyberSource Payment Manager 6.4 SP8

Transcription

1 CyberSource Payment Manager 6.4 SP8 Release Notes August 2010

2 CyberSource Contact Information For questions about CyberSource Payment Manager, For general information about our company, products, and services, go to For sales questions about any CyberSource Service, or call or (toll-free in the United States). For support information about any CyberSource service, visit the Support Center at Copyright 2010 CyberSource Corporation. All rights reserved. CyberSource Corporation ("CyberSource") furnishes this document and the software described in this document under the applicable agreement between the reader of this document ("You") and CyberSource ("Agreement"). You may use this document and/or software only in accordance with the terms of the Agreement. Except as expressly set forth in the Agreement, the information contained in this document is subject to change without notice and therefore should not interpreted in any way as a guarantee or warranty by CyberSource. CyberSource assumes no responsibility or liability for any errors that may appear in this document. The copyrighted software that accompanies this document is licensed to You for use only in strict accordance with the Agreement. You should read the Agreement carefully before using the software. Except as permitted by the Agreement, You may not reproduce any part of this document, store this document in a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written consent of CyberSource. Restricted Rights Legends For Government or defense agencies. Use, duplication, or disclosure by the Government or defense agencies is subject to restrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS and in similar clauses in the FAR and NASA FAR Supplement. For civilian agencies. Use, reproduction, or disclosure is subject to restrictions set forth in subparagraphs (a) through (d) of the Commercial Computer Software Restricted Rights clause at and the limitations set forth in CyberSource Corporation's standard commercial agreement for this software. Unpublished rights reserved under the copyright laws of the United States. Trademarks CyberSource, the CyberSource logo, SmartCert, and PaylinX are registered trademarks of CyberSource Corporation in the U.S. and other countries. The Power of Payment, CyberSource Payment Manager, CyberSource Risk Manager, CyberSource Decision Manager, and CyberSource Connect are trademarks and/or service marks of CyberSource Corporation. All other brands and product names are trademarks or registered trademarks of their respective owners. CPM Release Notes CyberSource Corporation August 2010 ii

3 Chapter 1 CyberSource Payment Manager 6.4 SP8...1 Upgrading from Previous Versions...1 Enhancements...1 Vital SSL Support for 2048-bit SSL Certificate...1 FDMS South...1 NOVA...1 Issues Resolved...2 American Express Secure FTP...2 Global Payments Reversals...2 Chapter 2 CyberSource Payment Manager 6.4 SP7...3 Upgrading from Previous Versions...3 Enhancements...3 Upgrade for American Express...3 Secure FTP...3 Prepaid Card Partial Authorization...5 $0 Auth with AVS...6 Full Auth Reversals...6 Enhanced Authorization...6 New APIs...7 New Response Codes...7 Issues Resolved...8 NOVA...8 Vital SSL...8 Chapter 3 CyberSource Payment Manager 6.4 SP6...9 Upgrading from Previous Versions...9 Enhancements...9 Upgrade for FDMS South...9 Secure FTP...9 Pre-Paid Card Partial Authorization...11 Pre-Paid Card Balance Inquiry...11 Discover Full Acquiring...12 $0 Auth with AVS and CVV...12 Upgrade for FDMS Nashville...12 Pre-Paid Card Partial Authorization...12 Pre-Paid Card Balance Inquiry...13 Authorization Decline Code Indicator...13 Upgrade for Global Payments...14 Pre-Paid Card Balance Inquiry...14 FSA/HRA Supported...15 Upgrade for Fifth Third Processing Solutions (FTPS)...15 Pre-Paid Card Partial Authorization...15 Pre-Paid Card Balance Inquiry...16 CPM Release Notes CyberSource Corporation August 2010 iii

4 $0 Auth (AVS only)...16 Auth Reversals...17 Existing Debt Indicator for Visa...17 Network Reference Identifier...17 Added Support for Discover Card Cash Back...17 New API Field...17 Upgrade for Vital SSL...18 Record Format Logging...18 Issues Resolved...18 Global Payments...18 Settlement Record Updates...18 Correct Gateway Name...18 Chapter 4 CyberSource Payment Manager 6.4 SP Upgrading from Previous Versions...19 Enhancements...19 Paymentech NH PIN-less Debit for ACCEL...19 NOVA Auth Reversals...19 NOVA Partial Authorization...19 Vital Record Format Logging...20 Issues Resolved...20 Vital - HTTP Communications Error Corrected...20 RBS Worldpay- HTTP Communications Error Corrected...20 Chapter 5 CyberSource Payment Manager 6.4 SP Upgrading from Previous Versions...21 Enhancements...21 TSYS (Vital) Upgrade...21 Specification Upgrade...21 Visa Bill Payment...21 Visa Existing Debt Indicator...22 Visa, MasterCard, and Discover Full Auth Reversals...22 Visa, MasterCard, Discover, and American Express Partial Authorization...22 Nova - Gift Card Balance Return...23 FDMS North - Cash Advance...23 NOVA - Add Settlement File Name to PROC_BATCH_ID Field...23 Issues Resolved...24 BAMS - Forced Capture Auth Source Code...24 Settlement File Secure Deletion...24 FDMS South Settlement Trailer Record Data Type Overflow...24 FTPS Field format correction...24 Global Payments POS Entry Mode Field...24 Chapter 6 CyberSource Payment Manager 6.4 SP CPM Release Notes CyberSource Corporation August 2010 iv

5 Upgrading from Previous Versions...25 Enhancements...25 FDMS Nashville Upgrade...26 Specification Upgrades...26 Network Reference Identifier...26 Third Party Processor Identifier...26 Address Verification Service...27 Visa and MasterCard full reversal...27 Discover Full and Partial Auth Reversal...27 FDMS North Upgrade...27 Specification Upgrades...27 Network Reference Identifier...28 Third Party Process Identifier...28 CYBS Connect - Removed...29 Pre-paid Cards...29 FDMS South Frame Upgrade...30 Specification Upgrades...30 Network Reference Identifier...30 Third Party Process Identifier...30 CYBS Connect - Removed...31 Full and Partial Auth Reversal...31 $0 Auth with Address Verification Service...32 FDMS South Debit Upgrade...32 NOVA - Settlement File Error Checking...32 Vital, RBS Worldpay, Global Payment Systems - Account Verification Transaction..32 BAMS - Support for Full Reversal...32 Paymentech NH Enhanced Settlement Logging...33 Issues Resolved...33 Vital SSL Corrected Excessive Timeouts...33 Chapter 7 CyberSource Payment Manager 6.4 SP Upgrading from Previous Versions...34 Enhancements...34 Account Verification Transaction...34 Paymentech NH Debt Repayment Indicator...35 Reset Batch Function Now Includes Batch ID and Merchant ID...35 CPM Automatically Update the Submission ID on Startup...35 Issues Resolved...35 CPM Prevent Voided Transaction States Being Changed from V to C...35 CPM Agreement List Retrieval Using Search Corrected...35 Vital File Trail Record Count Corrected...36 Paymentech NH Settlement Timeout Condition Corrected...36 Chapter 8 CyberSource Payment Manager 6.4 SP Upgrading from Previous Versions...37 Enhancements...37 CPM Release Notes CyberSource Corporation August 2010 v

6 Paymentech IP Failover...37 Connection at Startup...37 Loss of Network Connectivity...38 Excessive 000 Response Codes...38 Monitor File...38 New Gateway Settings...39 Authorization Parameters...39 CPM Enhancements...40 Paymentech NH New Batch Status Value CPM Automatically Update the Batch_ID on Startup...40 Issues Resolved...41 CPM Settlement Query Time/Date Clause Removed...41 Nova 602 Settlement Record Original Auth Amount Field Correction...41 Nova Detect and Prevent Reversals to Prevent Timeout...41 Chapter 9 CyberSource Payment Manager Upgrading from Previous Versions...42 Enhancements...42 Update Compliance with Payment Application Best Practices (PABP) version Global Payments Upgrade...43 Support of Visa and MasterCard FSA/HRA Health Benefits Cards...43 Partial Authorization...43 Full Reversal...44 New APIs...45 Authorization Response Code Additions...45 Database Schema Changes...46 Paymentech New Hampshire Upgrade...47 Support of Visa and MasterCard FSA/HRA Health Benefits Cards...47 New APIs...48 Authorization Response Code Additions...48 Database Schema Changes...49 Partial Authorization...49 Added support for Discover Card Cash Back...50 CPM Enhancements...51 Chapter 10 CyberSource Payment Manager Upgrading from Previous Versions...53 Enhancements...53 Paymentech NH PIN-less Debit...53 Purchase Authorization...53 Purchase Reversal...54 API Changes...55 Authorization Response Code Additions...55 Paymentech NH Credit Card Full Reversals...56 Settlement Batch Status Display...57 Settlement Performance Improvement...57 CPM Release Notes CyberSource Corporation August 2010 vi

7 Issues Resolved...57 BAMS Settlement File Cleanup...57 Paymentech NH Restrict Automatic Settlement Recovery...57 Chapter 11 CyberSource Payment Manager Upgrading from Previous Versions...58 Upgrade for FDMS Nashville Merchant Services...58 Specification Upgrades...58 AMEX E-commerce Indicator...58 AMEX CAPN...58 Visa Card Level Results...59 MasterCard Partial Auth Reversal...59 MasterCard and Visa Recurring Advice Code...59 Discover Recurring Transactions...59 Visa Existing Debt Indicator...60 Agent Identification Service (Transparent to Merchant)...60 Paymentech Fixes...60 Maximum Batch Size...60 Chapter 12 CyberSource Payment Manager Upgrading from Previous Versions...61 Upgrade for FDMS North Merchant Services...61 Specification Upgrades...61 Discover Full Service (Transparent to Merchant)...61 Visa, MasterCard, and Discover Full Auth Reversal...62 Visa and MasterCard Recurring Advice Code...62 Visa Existing Debt Indicator...62 Agent Identification Service (Transparent to Merchant)...63 Vital Fixes...63 Merchant Location/City Change...63 Auth Source Code...63 Concurrent Transaction Timeout on Vital SSL...63 Paymentech Fixes...64 Settlement in Test Mode...64 Destination Country Code Padding for Level Division Number Field Size Extended to Store Up to 10-Character Input...64 Chapter 13 CyberSource Payment Manager Summary of Updates for CPM Upgrading from Previous Versions...66 Upgrades for Paymentech New Hampshire...66 Presenter ID and Submitter ID...67 Order Number...67 Agreement Settings...68 CPM Release Notes CyberSource Corporation August 2010 vii

8 Merchant Information...68 Presenter Information...70 Submitter Information...70 Cross Currency Support...70 AVS Response Codes...71 Authorization Response Codes...72 Maestro SecureCode...73 Maestro CVV...73 New API Fields...74 New Field for Automatic Number Identification...74 New Field for Customer Information Identifier...74 Soft Descriptors...75 Architecture Update...75 Enhancements...75 American Express Phoenix Update: ITD Defaults...76 American Express Phoenix Update: ITD Restriction...76 American Express Phoenix Update: Order Numbers...76 BA Merchant Services Update: Buffer Size...76 Database Update: TAA Quantity...76 NOVA Update: Visa Card Level Results...76 Vital SSL and Vital Frame Update: Authorization Timeout...77 Vital SSL and Vital Frame Update: Maximum Authorization Amount...78 Chapter 14 CyberSource Payment Manager Upgrading from Previous Versions...79 Upgrade for BA Merchant Services...79 American Express CAPN...79 Visa Card Level Results...80 MasterCard POS Data Code...80 Data Element Subfields and Enhancements...81 FDMS North Gateway...81 American Express Purchase Card Level II...81 Verified by Visa and MasterCard SecureCode...82 American Express Phoenix Gateway...83 Currency Support Extended for American Express...83 Issues Resolved...83 Paymentech NH Gateway: Settlement Hold Time Calculation...83 American Express Phoenix Gateway...83 Corrupted Authorization Format on the Solaris Version of CPM...83 Settlement File Reversal Tool on the Solaris Version of CPM...84 Heartbeat Message on Solaris...84 Postal Code Format Padding...84 Nova Gateway: 602 Settlement Record...84 Chapter 15 CyberSource Payment Manager CPM Release Notes CyberSource Corporation August 2010 viii

9 Upgrading from Previous Versions...85 Upgrades for Fifth Third Processing Solutions (FTPS)...85 AMEX CAPN...85 Visa Card Level Results...86 MasterCard Recurring Advice Code...86 Changed Branding from MPS Frame to FTPS Frame...86 Enhancements...89 Vital Updates Visa Card Level Results...89 FDMS South Updates AMEX ECI Indicator and Recurring...89 Chapter 16 CyberSource Payment Manager Upgrading from Previous Versions...90 Upgrade for FDMS North AMEX CAPN...90 Agreement Settings...90 Merchant Information...91 Authorization Information...92 Settlement Information...92 FTP Settlement Information...93 New API Fields...93 Additional Enhancements for FDMS North...93 Visa Bill Payment...93 Visa Card Level Results...94 Contactless Card Reads Visa/MasterCard/American Express...94 Recurring Payments MasterCard/American Express...94 Partial Reversal Visa/MasterCard/Discover...94 Chapter 17 CyberSource Payment Manager Upgrading from Previous Versions...95 Upgrade for American Express Phoenix CAPN...95 Gateway Settings...96 Online Settings...96 Settlement Settings...97 Agreement Settings...98 New API Fields File Reversal Tool Upgrade for Vital VirtualNet IP AMEX CAPN Agreement Settings Merchant Information Authorization Information New API Fields Upgrade for Vital VirtualNet SSL AMEX CAPN Agreement Settings Merchant Information Authorization Information New API Fields New API Fields for AMEX CAPN CPM Release Notes CyberSource Corporation August 2010 ix

10 Additional Enhancements New Field for Customer Country New Field for Merchant Advice Code Automatic Settlement Collects Transactions up to the Scheduled Settlement Time.111 Timestamp Added to FTP Log for FDMS South New Command to Clear Batch Status Date/Time Field Not Updated Following Recover Settlement Errors Issues Resolved Endless 5066 Error Messages Appropriate Error Message When Sequence Number Is Not Generated Issues with SSL Default Keystores Have Been Resolved Validation Relaxed for Switch/Solo Cards on Paymentech New Hampshire Expired Expiration Dates Supported for Paymentech New Hampshire Expired Card Processing Allowed New Error Message for Reversals for FDMS South Tax Included in Amount Settled for NOVA Transaction Code Corrected for Retail Key Entered on NOVA Chapter 18 CyberSource Payment Manager Upgrading from Previous Versions Issues Resolved Upgrading the CPM Software Return Codes for Invalid Transactions Administration Client Timeouts and Child Windows Lost Database Connection Chapter 19 CyberSource Payment Manager Upgrading from Previous Versions Enhancements NOVA Debit Controller Paymentech New Hampshire Card Security Presence for MasterCard Non-Authenticated Electronic Commerce MasterCard Transactions Verified by Visa Transactions BIN Ranges Discover Card MasterCard and Diners Recurring Transactions for FDMS Nashville Duplicate Transactions Extended Reason Codes for FDMS South Issues Resolved Memory Leak Error Modifying Customer Information for a Parent Transaction Improved Robustness for Port and Invalid Data CPM Release Notes CyberSource Corporation August 2010 x

11 Chapter 20 CyberSource Payment Manager Upgrading from Previous Versions New BA Merchant Services Gateway Agreement Settings Gateway Settings Online Settings FTP Settings Enhancement: NOVA Gateway Chapter 21 CyberSource Payment Manager Upgrading from Previous Versions New NOVA Debit Gateway Processing a PIN-based Debit Using the Last Record Number Processing a Refund Agreement Settings Gateway Settings Enhancements Parameters for the Settlement Wake Up Interval Options for Encryption Lower Transaction Amounts for Paymentech Online Transaction Timeout Multiple Batch Files Batch Status for the NOVA Gateway Issues Resolved Issues Resolved for the NOVA Gateway Amount Field in the Settlement Record FI Number Chapter 22 CyberSource Payment Manager Upgrading from Previous Versions Enhancements New API Field for Payer Authentication Enhancements to the FDMS Nashville Gateway American Express and Discover CID CVV Indicator Payer Authentication Payer Authentication for the Vital Gateway Chapter 23 CyberSource Payment Manager Upgrading from Previous Versions Minimum Requirement for Windows Systems Summary of Enhancements CPM Release Notes CyberSource Corporation August 2010 xi

12 Database Encryption How Do These Changes Affect You? Split-Knowledge Keys New Key Management Tool Generating a New Key Importing Your Existing Key (for Merchants Upgrading to 6.0) Deleting a Key from the Registry Backing Up Your Key(s) Restoring Your Key(s) Administrator Account Management Important Upgrading Information Using the AcctMaint.exe Tool to Manage Administrators New Password Requirements Removal of Automatic Connect Feature Administration Client Automatic Close Administration Client Activity Log Database Utility Activity Log SSL Encryption CPM Security Existing CPM Users Already Using CPM Security Existing CPM Users Not Already Using CPM Security New CPM Users Settlement File Management American Express Phoenix FDMS North FDMS South MPS NOVA Paymentech Tampa CPM Release Notes CyberSource Corporation August 2010 xii

13 Chapter 1 CyberSource Payment Manager 6.4 SP8 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.4 SP8 release: Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version 6.4 SP8 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements Vital SSL Support for 2048-bit SSL Certificate Vital SSL has been enhanced to support server SSL Certificates of higher encryption key strengths (2048-bits or more). The new RSA SSL-C libraries are FIPS-140 certified and comply with most recent cryptographic standards. FDMS South NOVA FDMS South has been enhanced to support Secure FTP on Unix-based CPM Servers. For Unix-based systems, any errors that occur while attempting to transfer the settlement files are logged in the cpm.log file. For the Solaris version of CPM, Java 1.5 or higher is required. The JAVA_HOME variable must apply to the user account CPM is launched under. See the Cybersource Payment Manager Setup Guide for more information. The NOVA gateway has been enhanced to store the available balance on pre-paid cards in the FRAUD_RESP_CODE column in the CC_TRANSACTION table. CPM Release Notes CyberSource Corporation August

14 CyberSource Payment Manager 6.4 SP8 Issues Resolved Issues Resolved American Express Secure FTP Secure FTP did not support special characters in the username and password. This has been corrected in CPM 6.4 SP8. Special characters are now supported in the Secure FTP username and password for American Express. Global Payments Reversals The incorrect message template was being used for full and partial reversals. This resulted in the reversal request missing the approval code from the original authorization. This has been corrected and the correct template is being used and the request now contains the correct approval code. CPM Release Notes CyberSource Corporation August

15 Chapter 2 CyberSource Payment Manager 6.4 SP7 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.4 SP7 release: Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version 6.4 SP7 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements Upgrade for American Express The American Express gateway has been updated with the following: Secure FTP Prepaid Card Partial Authorization Full Auth Reversals $0 Auth with AVS Enhanced Authorization Secure FTP A checkbox titled Use Secure FTP (SSH over FTP) has been added to the Gateway Settings for American Express. This provides secure file transfer when transferring via FTP. If you choose this option, the IP address and Port required for Secure FTP must also CPM Release Notes CyberSource Corporation August

16 CyberSource Payment Manager 6.4 SP7 Enhancements be changed in the gateway settings. Contact American Express for the IP address and Port required for Secure FTP. When using Secure FTP, two batch ID files are created: <submissionid>.out and <submissionid>.in. The.in file includes the commands executed in the local and remote servers and.out file includes the output of the commands that were executed. These files are created under the Output File Path and contain the status of the files being transferred. Any errors that occur while attempting to transfer the settlement files are logged in the event viewer and the batch status is not updated to batch complete. To enable secure FTP, select the Use Secure FTP (SSH over FTP) checkbox, as shown below. Secure FTP requires a username and password. Contact American Express for this information. For the Solaris version of CPM, Java 1.5 or higher is required. The JAVA_HOME variable must apply to the user account CPM is launched under. See the Cybersource Payment Manager Setup Guide for more information. CPM Release Notes CyberSource Corporation August

17 CyberSource Payment Manager 6.4 SP7 Enhancements Prepaid Card Partial Authorization American Express now supports partial authorizations on prepaid cards. When Partial Authorization is enabled, issuers can approve a transaction if the amount of the transaction is greater than the remaining balance on the card. The remaining transaction amount must be tendered with a different form of payment. American Express determines which card products require a partial authorization response. Specifically, non-prepaid cards products are ineligible for partial authorizations. To enable Partial Authorization on a prepaid card, select Prepaid Card as shown below. Prepaid card authorizations with Balance Return indicates that the merchant s system accepts and processes prepaid card balances in response messages. This alternative for systems that do not support partial authorizations returns the prepaid card balance to the merchant so that an authorization request can be resubmitted for the available amount when transactions are denied for insufficient balance. Another form of payment can be requested for the remainder. American Express systems determine which card products require a response related to authorization with balance return. Specifically, non-prepaid card products are ineligible for Authorization with Balance Return. Using Balance Return indicates that the merchant CPM Release Notes CyberSource Corporation August

18 CyberSource Payment Manager 6.4 SP7 Enhancements is requesting an authorization for the full amount, and that their system supports the return of prepaid card balance information from American Express. $0 Auth with AVS The American Express gateway now supports the Address Verification Service Only ($0 auth). The amount of the authorization must be $0 and can contain AVS. Address, zip, and name verification is performed. The customer s open to buy is not affected. Full Auth Reversals The American Express gateway now supports full auth reversals on credit cards and prepaid cards. The amount of the reversal must equal the amount of the authorization. Enhanced Authorization The American Express gateway has enhanced authorization to include verification of cardholder name, address, and phone number. The Default AVS Level must be set to either Enhanced or Plus. The following input fields are required. Name verification requires the following input fields: CUSTOMER_NAME CUSTOMER_FIRSTNAME CUSTOMER_LASTNAME Phone verification requires CUSTOMER_PHONE. verification (Enabled Field 47 on the Gateway Settings screen must be checked) requires Customer_ . The following output fields are returned: NAME_MATCH PHONE_MATCH _MATCH American Express may return the below response codes: Y: Yes, data matches N: No, data does not match CPM Release Notes CyberSource Corporation August

19 CyberSource Payment Manager 6.4 SP7 Enhancements New APIs ~: Data not sent. Note: Tilde (~) represents character space. U: Data unchecked R: Retry S: Service not allowed CPM 6.4 SP7 includes new fields for use with American Express. Table 1 New APIs Field Data Type and Length Numeric ID Description ID_NAME_MATCH Verifies the customer s name. ID_PHONE_MATCH Verifies the customer s billing phone number. ID_ _MATCH Verifies the customer s address. ID_RELAY_PHONE_NO The relay phone number is a new American Express response field that may contain the phone number for the merchant to call in order to obtain a verbal authorization. New Response Codes The authorization service for American Express was updated with the additional response codes listed in Table 2. See the CPM Messages and Processor Codes for additional information. Table 2 Response Codes American Express Response Code Description CPM Authorization Response Code 002 Partial Authorization A 106 Exceeded PIN Attempts D 117 Invalid PIN D 119 Cardmember not Enrolled D 912 Issuer not Available E CPM Release Notes CyberSource Corporation August

20 CyberSource Payment Manager 6.4 SP7 Issues Resolved Issues Resolved NOVA Vital SSL Exception handling has been added to the NOVA Debit gateway to address vulnerabilities and prevent CPM server crashes. The condition that resulted in sporatic authorization timeouts at times of high transaction volume has been identified and resolved. CPM Release Notes CyberSource Corporation August

21 Chapter 3 CyberSource Payment Manager 6.4 SP6 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.4 SP6 release: Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version 6.4 SP6 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements Upgrade for FDMS South The FDMS South gateway has been updated with the following: Secure FTP Pre-Paid Card Partial Authorization Pre-Paid Card Balance Inquiry Discover Full Acquiring $0 Auth with AVS and CVV Secure FTP A checkbox titled Enable Secure FTP has been added to the Gateway Settings for FDMS South. This provides secure file transfer when transferring via FTP. If you choose this option, the IP address and Port required for Secure FTP must also be changed in the CPM Release Notes CyberSource Corporation August

22 CyberSource Payment Manager 6.4 SP6 Enhancements gateway settings. Contact FDMS South for this information as well as the username and password. If this is not selected, it defaults to the original functionality. When using Secure FTP, two batch ID files are created: PB_<batchid>. in and PB_ <batchid>.out. The.in file includes the commands executed in the local and remote servers and.out file includes the output of the commands that were executed. These files are created under the same directory as the job cards file and contain the status of the files being transferred. Any errors that occur while attempting to transfer the settlement files are logged in the event viewer and the batch status is not updated to batch complete. To enable secure FTP, select the Enable Secure FTP checkbox, as shown below. CPM Release Notes CyberSource Corporation August

23 CyberSource Payment Manager 6.4 SP6 Enhancements Pre-Paid Card Partial Authorization FDMS South now supports partial authorizations on pre-paid cards. When Partial Authorization is enabled, issuers can approve a transaction if the amount of the transaction is greater than the remaining balance on the card. The remaining transaction amount must be tendered with a different form of payment. To enable Partial Authorization, select the Enable Partial Authorization checkbox as shown below. Pre-Paid Card Balance Inquiry The Balance Inquiry only request is supported for Visa, MasterCard and American Express prepaid cards. A Balance Inquiry Only Request is a function that is designed to allow Visa, MasterCard and American Express Prepaid Gift Card cardholders the ability to request the account balance prior to performing an authorization request for goods. Balance inquiry are identified by the following: Amount= $0 BALANCE_INQUIRY API field must be set to 1. The remaining balance is returned in the REMAINING_BALANCE API field with the sign value of C or D appearing in front of the 12 digit amount. C denotes a positive amount and D denotes a negative amount. CPM Release Notes CyberSource Corporation August

24 CyberSource Payment Manager 6.4 SP6 Enhancements Discover Full Acquiring When Discover Full Acquiring is enabled, FDMS performs an authorization to settlement match. The NRID requirement is handled by First Data on behalf of the merchant. To enable Discover Full Acquiring, select the Enable Discover Full Acquiring checkbox in the Agreement Settings as shown above. This enhancement applies to merchants who are FDMS full acquiring. $0 Auth with AVS and CVV $0 authorization is now supported for Visa and MasterCard. For Visa, transactions are identified by submitting the following: Transaction Type=authorization Amount=$0 AVS (optional) CVV (optional) For MasterCard, transactions are identified by submitting the following: Transaction Type=authorization Amount=$0 AVS CVV (optional) Upgrade for FDMS Nashville The FDMS Nashville gateway has been updated with the following: Pre-Paid Card Partial Authorization Pre-Paid Card Balance Inquiry Authorization Decline Code Indicator Pre-Paid Card Partial Authorization A new checkbox titled Enable Partial Authorization has been added to the Agreement Settings for FDMS Nashville. When Partial Authorization is enabled, issuers can approve a transaction if the amount of the transaction is greater than the remaining balance on the CPM Release Notes CyberSource Corporation August

25 CyberSource Payment Manager 6.4 SP6 Enhancements card. The remaining transaction amount must be tendered with a different form of payment. Pre-Paid Card Balance Inquiry The Balance Inquiry only request is supported for Visa, MasterCard and American Express prepaid cards. A Balance Inquiry Only Request is a function that is designed to allow Visa, MasterCard and American Express Prepaid Gift Card cardholders the ability to request the account balance prior to performing an authorization request for goods. Balance inquiry are identified by the following: Amount= $0 BALANCE_INQUIRY API field must be set to 1. The remaining balance is returned in the REMAINING_BALANCE API field with the sign value of C or D appearing in front of the 12 digit amount. C denotes a positive amount and D denotes a negative amount. Authorization Decline Code Indicator A new checkbox titled Enable Authorization Decline Codes has been added to the Gateway Settings for FDMS Nashville. When Authorization Decline Codes is enabled, a two-digit decline code is appended to the Declined message in the AUTH_RESPONSE_ MSG field for all declined transactions. For example, a Declined - 14 message indicates a transaction is declined with a decline code of 14. The 14 indicates an Invalid Account Number. CPM Release Notes CyberSource Corporation August

26 CyberSource Payment Manager 6.4 SP6 Enhancements For example, Decline-XXXXX. This provides additional information on a decline. Upgrade for Global Payments The Global Payments gateway has been updated with the following: Pre-Paid Card Balance Inquiry FSA/HRA Supported Pre-Paid Card Balance Inquiry The Balance Inquiry only request is supported for Visa, MasterCard and American Express prepaid cards. A Balance Inquiry Only Request is a function that is designed to allow Visa, MasterCard and American Express Prepaid Gift Card cardholders the ability to request the account balance prior to performing an authorization request for goods. Balance inquiry are identified by the following: Amount= $0 BALANCE_INQUIRY API field must be set to 1. The remaining balance is returned in the REMAINING_BALANCE API field with the sign value of C or D appearing in front of the 12 digit amount. C denotes a positive amount and D denotes a negative amount. CPM Release Notes CyberSource Corporation August

27 CyberSource Payment Manager 6.4 SP6 Enhancements FSA/HRA Supported The Global Payments gateway has added support for the submittal of the RX_AMOUNT API field in an authorization request for Visa and MasterCard Flexible Spending Account (FSA) and Health Reimbursement Account (HRA) transactions. For a description of how to submit FSA/HRA transactions, see Support of Visa and MasterCard FSA/HRA Health Benefits Cards on page 43. Upgrade for Fifth Third Processing Solutions (FTPS) The FTPS processor has been updated with the following: Pre-Paid Card Partial Authorization Existing Debt Indicator for Visa $0 Auth (AVS only) Auth Reversals Existing Debt Indicator for Visa Network Reference Identifier Added Support for Discover Card Cash Back Pre-Paid Card Partial Authorization The FTPS gateway now supports partial authorization on pre-paid cards. A partial authorizion allows an approval if the amount of the transaction is greater than the remaining balance on the card. The remaining transaction amount must be tendered with a different form of payment. CPM Release Notes CyberSource Corporation August

28 CyberSource Payment Manager 6.4 SP6 Enhancements To enable partial authorization, select the Enable Partial Auth checkbox in the Agreement Settings, as shown below. Pre-Paid Card Balance Inquiry The Balance Inquiry only request is supported for Visa, MasterCard and American Express prepaid cards. A Balance Inquiry only request is a function that is designed to allow Visa, MasterCard and American Express Prepaid Gift Card cardholders the ability to request the account balance prior to performing an authorization request for goods. Balance inquiry are identified by the following: Amount= $0 BALANCE_INQUIRY API field must be set to 1. The remaining balance is returned in the REMAINING_BALANCE API field with the sign value of C or D appearing in front of the 12 digit amount. C denotes a positive amount and D denotes a negative amount. $0 Auth (AVS only) The FTPS gateway now supports the Address Verification Service Only ($0 auth). The amount of the authorization must be $0 and contain AVS only. CVV is not supported as part of this transaction. Refer to FTPS for a list of card types supported. CPM Release Notes CyberSource Corporation August

29 CyberSource Payment Manager 6.4 SP6 Enhancements Auth Reversals The FTPS gateway now supports full and partial auth reversals on credit cards and pre-paid cards for Visa, MasterCard, and Discover. Partial reversals must be less than the original authorized amount. Existing Debt Indicator for Visa Transactions can be identified as existing debt payments by submitting Customer Present Flag = 6. This flag is valid only for Visa. It can be used in Direct Marketing, E-Commerce, and Retail industries to pay an existing debt (for example, a car loan). Network Reference Identifier This requires no action on your part; the change is described here for your information. The FTPS gateway now supports a Network Reference Identifier (NRID). The NRID uniquely identifies a transaction. Discover NRID is part of Discover compliance mandate and it is used to track the life cycle of a transaction from Auth to Settlement. The NRID value is returned in the auth response for Discover. CPM stores this and provides it in the settlement. Added Support for Discover Card Cash Back The FTPS gateway now supports the processing of cash back for Discover card retail transactions. The amount of the cash back must be in $20 increments and cannot be more than $100. Cash back is authorized using the same indicator flags used for partial authorization: New API Field B - Both sale amount and cash back may be partially approved. The sale amount must be fully approved before the cash back amount can be partially approved. C - The sale amount must be fully approved before the cash back amount may be partially approved. X - Merchant may support partial auth, but the sale amount must be fully approved before the cash back amount can be approved. Neither the sale amount nor the cash back amount can be partially approved. CPM 6.4 SP6 includes a new field for use with Visa, MasterCard, and American Express. CPM Release Notes CyberSource Corporation August

30 CyberSource Payment Manager 6.4 SP6 Issues Resolved The field is called Balance Inquiry (BALANCE_INQUIRY 361). BALANCE_INQUIRY asks for the remaining balance on a pre-paid card. This is returned in the Remaining Balance API Numeric Identifier is 361 and valid value is 1. Data Type and length is 1 Alpha numeric. Currently, this field is used only by the FDMS South, FDMS Nashville, Global Payments, and FTPS gateways. Upgrade for Vital SSL The Vital SSL gateway has been updated with the following. Record Format Logging The record format logging of the settlement response messages has been enhanced to include both ASCII and hexidecimal output of decrypted data for readability. Issues Resolved Global Payments The following issues were resolved for the Global Payments gateway. Settlement Record Updates The Routing Data field in the Balance Request message has been modified to contain the string BALANCE. This string will be echoed back in the Balance Response. The Batch Number field in the Balance Request message has been sized to a length of 4 per specification. The value will be set to the four least significant bytes of the CPM Batch ID. Correct Gateway Name The CPM errors that were logged to the event viewer for the GPS gateway have been corrected to include the new name Global Payments Frame instead of NDC East Frame. CPM Release Notes CyberSource Corporation August

31 Chapter 4 CyberSource Payment Manager 6.4 SP5 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.4 SP5 release: Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version 6.4 SP5 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements Paymentech NH PIN-less Debit for ACCEL PIN-less debit transactions processed for the ACCEL network are now supported on the Paymentech NH gateway. Online transactions supported are purchase authorizations and purchase reversals. Card type 33 has also been added for ACCEL. For more information on processing PIN-less debit transactions on this gateway, see Paymentech NH PIN-less Debit on page 53. NOVA Auth Reversals The NOVA gateway now supports full and partial auth reversals on credit cards for Visa, MasterCard, and Discover. Partial reversals must be less than the original authorized amount. NOVA Partial Authorization The NOVA gateway now supports partial authorizations and reversals on pre-paid cards for Visa, MasterCard, and Discover. Partial authorizations allow an approval if the amount of the transaction is greater than the remaining balance on the card. The remaining transaction amount must be tendered with a different form of payment. CPM Release Notes CyberSource Corporation August

32 CyberSource Payment Manager 6.4 SP5 Issues Resolved To enable partial authorization, you must: Refresh the gateway to load the new processor authorization response code (AP00). Select the Enable Partial Authorization checkbox in the Agreement Settings, as shown below: Vital Record Format Logging The record format logging of request and response messages has been enhanced to include both ASCII and hexidecimal output of decrypted data for readability. Issues Resolved The following issues have been resolved. Vital - HTTP Communications Error Corrected The parsing logic has been modified to address the problem associated with the auth response that resulted in auth response code 235. RBS Worldpay- HTTP Communications Error Corrected The parsing logic has been modified to address the problem associated with the auth response that resulted in auth response code 235. CPM Release Notes CyberSource Corporation August

33 Chapter 5 CyberSource Payment Manager 6.4 SP4 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.4 SP4 release: Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version 6.4 SP4 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements TSYS (Vital) Upgrade The following upgrades have been made to the TSYS gateway. Specification Upgrade The TSYS gateway has been upgraded in compliance with the EIS 1080 version 8.2 for Auth and EIS 1081 version 8.2 for settlement. Visa Bill Payment Visa has a special Bill Payment program that allows customers to use their Visa cards to pay their bills. If you participate in this program, Visa requests that you flag the Bill Payments and credits so they can be easily identified. You need to set an indicator so the CPM system can identify the transaction as a Bill Payment: CPM Release Notes CyberSource Corporation August

34 CyberSource Payment Manager 6.4 SP4 Enhancements Recurring transactions are considered Bill Payments. These types of transactions are identified by setting the CUSTOMER_PRESENT_FLAG to its appropriate value. A single Bill Payment transaction is identified by setting the MARKET_ SPECIFIC_INDICATOR API field to B. See the CPM API Reference Guide for information about these fields. Visa Existing Debt Indicator Transactions can be identified as existing debt payments by submitting Customer Present Flag = 6. This flag is valid only for Visa. It can be used in Direct Marketing, E-Commerce, and Retail industries to pay an existing debt (for example, a car loan). Visa, MasterCard, and Discover Full Auth Reversals To completely return funds to a customer s line of credit from a prior authorization, you can perform a Reversal transaction. Visa, MasterCard, and Discover support full reversals. Note The amount field in the reversal transaction must be equal to the original authorization amount to trigger a full reversal. Visa, MasterCard, Discover, and American Express Partial Authorization Partial authorization uses the same functionality as pre-paid cards. It allows an approval if the amount of the transaction is greater than the remaining balance on the card. The remaining transaction amount must be tendered with a different form of payment. Partial authorization is available to Visa, MasterCard, Discover, and American Express. Partial authorization can be enabled by the following: The merchant can enable partial authorization on all transactions by checking the Enable Partial Authorization checkbox on the Agreement Settings screen, as shown below. CPM Release Notes CyberSource Corporation August

35 CyberSource Payment Manager 6.4 SP4 Enhancements The PARTIAL_AUTH_FLAG API field can also be passed on a per transaction basis to override the merchant enabled checkbox. Partial auth flag valid values for Visa, MasterCard, Discover, and American Express are the following: Y - Attempt a partial authorization if allowed for the account. N- Do not attempt a partial authorization. Nova - Gift Card Balance Return The Nova gateway has been enhanced to support balance return information. Balance return returns the prepaid card s balance at the time of the purchase. FDMS North - Cash Advance The FDMS North cash advance feature has been updated in accordance with the new Visa and MasterCard mandate. Cash transaction processing will be submitted as Quasi Cash instead of Cash Advance. NOVA - Add Settlement File Name to PROC_BATCH_ID Field The NOVA gateway has been updated to store the batch filename in the PROCESSOR_ BATCH_ID column of the CC_SETTLEMENT table. This allows you to correlate between a batch submitted with the settlement file that was sent to NOVA. CPM Release Notes CyberSource Corporation August

36 CyberSource Payment Manager 6.4 SP4 Issues Resolved Issues Resolved The following issues have been resolved. BAMS - Forced Capture Auth Source Code The following issues have been corrected for the BAMS gateway: Authorization source codes values D and E were added to the settlement record. D and E applies to referral or forced capture transactions. A referral response is sent by BAMS when you call for a verbal approval. The ISO-8583 field 95 will be sent only for partial reversals (not full reversals). Respond code P was added to the AVS service. Settlement File Secure Deletion The issue with multiple occurences of the secure wipe utility, Eraserl.exe being invoked multiple times on the same directory has been resolved. The cleanup procedure has been modified to remember which directories have been processed and only process them once. FDMS South Settlement Trailer Record Data Type Overflow The file trailer record calculation error caused by the net sales amount exceeding the amount the data type could handle has been corrected. Previously, the data type overflow was encountered when the net sales amount exceeded $21,474, FTPS Field format correction The FTPS field format for American Express authorizations has been corrected. Global Payments POS Entry Mode Field The Global Payments POS Entry Mode field bit 9 in settlement was not matching what was sent during authorization. To correct this, during settlement, the POS Entry Mode is no longer derived. Instead, this value is stored in the FRAUD_RESP_CODE column of the CC_TRANSACTION table during authorization and retrieved during settlement. CPM Release Notes CyberSource Corporation August

37 Chapter 6 CyberSource Payment Manager 6.4 SP3 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.4 SP3 release: Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version 6.4 SP3 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements FDMS Nashville Upgrade FDMS North Upgrade FDMS South Frame Upgrade FDMS South Debit Upgrade NOVA - Settlement File Error Checking Vital, RBS Worldpay, Global Payment Systems - Account Verification Transaction BAMS - Support for Full Reversal Paymentech NH Enhanced Settlement Logging CPM Release Notes CyberSource Corporation August

38 CyberSource Payment Manager 6.4 SP3 Enhancements FDMS Nashville Upgrade Specification Upgrades The FDMS Nashville gateway has been upgraded in compliance with the spec. Network Reference Identifier This requires no action on your part; the change is described here for your information. The FDMS Nashville gateway now supports a Network Reference Identifier (NRID). The NRID uniquely identifies a transaction. Discover NRID is part of Discover compliance mandate and it is used to track the life cycle of a transaction from Auth to Settlement. The NRID value is returned in the auth response for Discover. CPM stores this and provides it in the settlement. Third Party Processor Identifier The FDMS Nashville gateway now supports an additional Third-Party Processor Identifier (TPP ID) for aggregators. A third-party processor is one who runs transactions on behalf of another merchant. The TPP ID is a unique six byte identifier, assigned by FDMS to all certified Third Party Processors and software vendors. FDMS requires the TPP ID to be sent for all third-party processors. CPM sends the TPP ID value in the auth request message to FDMS. To enable TPP ID, on the Gateway Settings screen perform the following: 1 Select the Enable Third Party Provider checkbox. CPM Release Notes CyberSource Corporation August

39 CyberSource Payment Manager 6.4 SP3 Enhancements 2 In the TPP ID2 field, enter your FDMS assigned TPP ID. 3 Click OK and restart the CPM server. Address Verification Service The Discover AVS value has changed. CPM recieves the AVS code from Discover, stores it, and sends it back in settlement. Visa and MasterCard full reversal To return a full refund to a customer s line of credit from a prior authorization, you can perform a Full Reversal transaction. Previously, this capability was supported only for partial reversals. The amount of the reversal must equal the original authorized amount. Discover Full and Partial Auth Reversal The FDMS gateway now supports full and partial auth reversals for Discover cards. Partial reversals must be less than the original authorized amount. FDMS North Upgrade Specification Upgrades The FDMS North gateway has been upgraded in compliance with the ISO8583 v spec and the PTS Settlement spec. CPM Release Notes CyberSource Corporation August

40 CyberSource Payment Manager 6.4 SP3 Enhancements Network Reference Identifier This requires no action on your part; the change is described here for your information. The FDMS North gateway now supports a Network Reference Identifier (NRID). The NRID uniquely identifies a transaction. Discover NRID is part of Discover compliance mandate and it is used to track the life cycle of a transaction from Auth to Settlement. The NRID value is returned in the auth response for Discover. CPM stores this and provides it in the settlement. Third Party Process Identifier The FDMS North gateway now supports an 1st and 2nd Third-Party Processor Identifier (TPP ID) for aggregators. A third-party processor is one who runs transactions on behalf of another merchant. The TPP ID is a unique six byte identifier, assigned by FDMS to all certified Third Party Processors and software vendors. FDMS requires the TPP ID to be sent for all third-party processors. CPM sends the TPP ID value in the auth request message to FDMS. To enable TPP ID, on the Gateway Settings screen perform the following: 1 Select the Enable Third Party Provider checkbox. CPM Release Notes CyberSource Corporation August

41 CyberSource Payment Manager 6.4 SP3 Enhancements 2 In the TPP ID2 field, enter your FDMS assigned TPP ID. 3 Click OK and restart the CPM server. CYBS Connect - Removed CYBS Connect has been removed and is no longer available. Address Verification Service Only ($0 Auth) The FDMS North gateway now supports the Address Verification Service Only ($0 auth). The amount of the authorization must be $0 and contain AVS only. CVV is not supported as part of this transaction. Refer to FDMS North for a list of card types supported. Pre-paid Cards The FDMS North gateway now supports partial authorization on pre-paid cards. A partial authorizion allows an approval if the amount of the transaction is greater than the remaining balance on the card. The remaining transaction amount must be tendered with a different form of payment. CPM Release Notes CyberSource Corporation August

42 CyberSource Payment Manager 6.4 SP3 Enhancements When processing pre-paid card transactions, the following is assumed: If the amount is $0.00 and no AVS data is sent, the transaction is a Balance Inquiry. If you support pre-paid cards, it is recommended that you obtain a BIN File from FDMS. FDMS South Frame Upgrade Specification Upgrades The FDMS South gateway has been upgraded in compliance with the RM3-version 14.7 (April 22, 2009) Authorization spec and the Domestic and Foreign settlement processing, version 13.8 (April 22, 2009) Settlement spec. Network Reference Identifier This requires no action on your part; the change is described here for your information. The FDMS South gateway now supports a Network Reference Identifier (NRID). The NRID uniquely identifies a transaction. Discover NRID is part of Discover compliance mandate and it is used to track the life cycle of a transaction from Auth to Settlement. The NRID value is returned in the auth response for Discover. CPM stores this and provides it in the settlement. Third Party Process Identifier The FDMS South gateway now supports a 1st and 2nd Third-Party Processor Identifier (TPP ID) for aggregators. A third-party processor is one who runs transactions on behalf of another merchant. The TPP ID is a unique six byte identifier, assigned by FDMS to all certified Third Party Processors and software vendors. FDMS requires the TPP ID to be sent for all third-party processors. CPM sends the TPP ID value in the auth request message to FDMS. To enable TPP ID, on the Gateway Settings screen perform the following: 1 Select the Enable Third Party Provider checkbox. CPM Release Notes CyberSource Corporation August

43 CyberSource Payment Manager 6.4 SP3 Enhancements 2 In the TPP ID2 field, enter your FDMS assigned TPP ID. 3 Click OK and restart the CPM server. CYBS Connect - Removed CYBS Connect has been removed and is no longer available. Full and Partial Auth Reversal To return a partial refund to a customer s line of credit from a prior authorization, you can perform a Partial Reversal transaction. The amount field in the reversal must be less than the original authorized amount to trigger a partial auth reversal. To return a full refund to a customer s line of credit from a prior authorization, you can perform a full auth reversal. The amount field in the reversal transaction must be equal to the original authorization amount to trigger a full reversal. This capability is available to Visa, MasterCard, and Discover transactions. CPM Release Notes CyberSource Corporation August

44 CyberSource Payment Manager 6.4 SP3 Enhancements $0 Auth with Address Verification Service $0 authorization is now supported with AVS only (CVV can not be passed) for Visa. Transactions are identified by submitting the following: Transaction Type=authorization Amount=$0 FDMS South Debit Upgrade The FDMS South Debit gateway has been redesigned with better error reporting and connection handling. NOVA - Settlement File Error Checking A new settlement validation will prevent faulty batch files from being FTP d to the processor in the event that configuration changes are made directly in the database. Vital, RBS Worldpay, Global Payment Systems - Account Verification Transaction CPM 6.4 SP3 includes an upgrade to the Vital, RBS Worldpay, and Global Payment System gateways for Visa, MasterCard, American Express and Discover to support the Account Verification ($0 auth) transaction type. Account Verification transactions are used to verify accounts without financially impacting the cardholder. Address Verification Service can be verified along with the account number. Successful Account Verification transactions will return an Approved Authorization response. Transactions are identified by submitting the following: Transaction type=authorization Amount=$0 BAMS - Support for Full Reversal BAMS gateway has been enabled to support full credit card reversals for Visa, MasterCard, and Discover. Ask your processor about additional card types. Full reversal transactions return funds back into the cardholder's available line of credit. Merchants may cancel a credit card authorization in its entirety by submitting a full reversal transaction. The amount of the reversal must equal the original authorized amount. CPM Release Notes CyberSource Corporation August

45 CyberSource Payment Manager 6.4 SP3 Issues Resolved Paymentech NH Enhanced Settlement Logging Paymentech NH response code 275 now maps to a decline. Issues Resolved The following issues have been resolved. Vital SSL Corrected Excessive Timeouts Excessive timeouts were occuring on the Vital SSL gateway due to a modification of the Socket libary. To correct this, the modification was rolled back. CPM Release Notes CyberSource Corporation August

46 Chapter 7 CyberSource Payment Manager 6.4 SP2 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.4 SP2 release: Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version 6.4 SP2 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements Account Verification Transaction CPM 6.4 SP2 includes an upgrade to the Paymentech NH, Nova, and BAMS gateways for Visa, MasterCard, and MasterCard Diners to support the Account Verification ($0 auth) transaction type. Account Verification transactions are used to verify accounts without financially impacting the cardholder. Address Verification Service and Card Security Value can be verified along with the account number. Successful Account Verification transactions will return an Approved Authorization response. Transactions are identified by submitting the following: Transaction type=authorization Amount=$0 Customer present flag=2. This flag is valid only for MasterCard and MasterCard Diners transactions on Paymentech NH. CPM Release Notes CyberSource Corporation August

47 CyberSource Payment Manager 6.4 SP2 Issues Resolved Paymentech NH Debt Repayment Indicator Paymentech NH now includes a debt repayment indicator. This indicates whether the accountholder is paying on any existing debt, such as a car loan. To make use of the indicator on a transaction, pass the customer present flag = 6. Reset Batch Function Now Includes Batch ID and Merchant ID The Reset Batch function did not include merchant IDs in its query, which could cause all merchant batches with the same batch ID to be reset across multiple merchants. To prevent this, the merchant ID is now included when selecting from CC_SETTLEMENT and CC_TRANSACTION tables for Reset Batch, Reset Submission, and Clear Batch states. CPM Automatically Update the Submission ID on Startup During startup, CPM now checks the database for the highest submission ID in the CC_ SETTLEMENT table and compares it to the submission ID stored in the cpm.cfg file. If the maximum database value is higher than what is in the cpm.cfg file, cpm.cfg will be updated to the value in the database. If the submission ID value in cpm.cfg is greater than or equal to what is in the database, then the value in cpm.cfg is kept as is. Issues Resolved The following issues have been resolved. CPM Prevent Voided Transaction States Being Changed from V to C During a look up transaction, the transaction state of a voided settlement was being changed from V (voided) to C (capture). To correct this, ID_Lookup transactions no longer update the transaction states. CPM Agreement List Retrieval Using Search Corrected In the CPM Admin client, when a user performed a search using a search string for an agreement and attempted to modifiy that agreement, the gateway list for the selected agreement was not displaying the gateway IDs, which prevented modification of the agreement. This problem has been fixed to correctly display the gateway corresponding to the selected agreement. CPM Release Notes CyberSource Corporation August

48 CyberSource Payment Manager 6.4 SP2 Issues Resolved Vital File Trail Record Count Corrected During settlement, $0 records were not being accounted for in the record count sent in the trailer record. This caused a settlement error. To correct this error, $0 records are now included in the record count. Paymentech NH Settlement Timeout Condition Corrected The conditions which lead to the batch status 05 timeout that occurred between batch creation and batch submission have been corrected. This timeout, which affected batches with large numbers of transactions, should no longer be seen. In the event that it does, the following batch status text will accompany the 05 batch status: Timeout/Batch Not Sent. CPM Release Notes CyberSource Corporation August

49 Chapter 8 CyberSource Payment Manager 6.4 SP1 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.4 SP1 release: Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version 6.4 SP1 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements Paymentech IP Failover Paymentech IP Failover CPM 6.4 SP1 This feature is optional and can be configured by a CPM administrator. When enabled, this feature allows the Paymentech New Hampshire gateway to switch to an alternate host under to the following conditions: Connection to default host fails at startup. Loss of network connectivity. Excessive number of 000 response codes. If IP Failover is not enabled, the Paymentech New Hampshire gateway will function as it has previously. Connection at Startup The default Paymentech New Hampshire host address is configured in the Gateway Settings in the Primary IP Address field. This is the host that CPM connects to at startup. CPM Release Notes CyberSource Corporation August

50 CyberSource Payment Manager 6.4 SP1 Enhancements To enable the secondary host, you must check the Enable Secondary Host checkbox in the Gateway Settings as shown below. To connect to the secondary host at startup rather than the primary host, check the Set as Default on Startup checkbox and restart the CPM server. Loss of Network Connectivity In the event of a loss of network connectivity (IP/Port are not reachable), CPM will automatically switch to the secondary host if the secondary host is enabled. A message will be sent to the error log indicating a channel failover has occurred. Authorization processing will continue on the secondary host for 15 minutes after which CPM will attempt to automatically switch back to the primary host. A message will be sent to the error log indicating an attempt to restore the primary connection. If the primary connection is still inaccessible processing will resume on the secondary host. The primary connection will be re-attempted every 15 minutes. If both hosts are inaccessible, a message will be sent to the error log indicating both channels are down. If this situation ever occurs, please contact Paymentech for guidance. To enable the secondary host, you must check the Enable Secondary Host checkbox in the Gateway Settings as shown below. Excessive 000 Response Codes The 000 response code is returned by Paymentech when an authorization request is sent and no answer is received from the authorization network. CPM will monitor the occurence of 000 response codes and when the configured threshold is met, the CPM server will failover to the secondary host. A message will be sent to the error log indicating a response code failover has occured. Unlike connectivity failover, the response code failover will not attempt to automatically switch back to the primary host after 15 minutes has elapsed. A switch back to the primary host will require a manual restart of the CPM server. To enable this functionality, you must check the Enable Response Code Failover checkbox and enter the threshold amount for the maximum number of errors. The threshold amount is configured in the gateway settings as shown below. Monitor File A file named paymentech_host.log is located in the..\server\log directory. This file contains the IP/Port of the Paymentech host that the CPM server is connecting to and is used to monitor the connection to Paymentech New Hampshire. CPM Release Notes CyberSource Corporation August

51 CyberSource Payment Manager 6.4 SP1 Enhancements New Gateway Settings Authorization Parameters Primary IP Address.. Primary IP Port. The default Transaction Timeout (seconds). Enable Secondary Host. Check this box to enable the IP Failover functionality. Set as Default on Startup. Select this checkbox if you want to connect to the secondary host on startup. CPM Release Notes CyberSource Corporation August

52 CyberSource Payment Manager 6.4 SP1 Enhancements Seconday IP Address. The IP address of the secondary processor's server to which CPM connects. Secondary IP Port. The IP port of the secondary processor s server to which CPM connects. Enable Response Code Failover. Select this checkbox to enable the Response Code Failover functionality. Max Errors. The maximum number of 000 errors to receive before switching over to the secondary host. Timespan (seconds). If the value specified for the maximum number of allowable errors falls within this time window, failover is initiated. This field works in conjunction with Max Errors. Important If you currently offer credit card full reversals and you enable the failover functionality, a full reversal may fail if the associated authorization occured on the default host but the reversal is attempted on the secondary host (or visa versa). The authorization and the reversal must occur on the same host. Paymentech will decline the reversal request with a 307 Authorization Not Found response code. CPM Enhancements Paymentech NH New Batch Status Value 09 The following batch statuses have been moved to an 09 non-error status value: Batch Sent Processing response Batch Sent Response pending RFR Sending RFR sent Response pending CPM Automatically Update the Batch_ID on Startup During startup, CPM now checks the database for the highest batch ID in the cc_ settlement table and compares it to the batch ID stored in the cpm.cfg file. If the maximum database value is higher than what is in the cpm.cfg file, cpm.cfg will be updated to the CPM Release Notes CyberSource Corporation August

53 CyberSource Payment Manager 6.4 SP1 Issues Resolved value in the database. If the batch ID value in cpm.cfg is greater than or equal to what is in the database, then the value in cpm.cfg is kept as is. Issues Resolved The following issues have been resolved. CPM Settlement Query Time/Date Clause Removed Automatic settlement by time includes the time of day value as a constraint in the settlement query so that only transactions up to the exact second specified by the settlement time are included in a batch. If one of the other settlement criteria (Maximum total dollar amount, Minimum number of transactions in batch, or Maximum total time open) is enabled in combination with Settlement time the time of day value has been removed as a constraint in the settlement query. This change prevents the possibility of the settlement query returning an empty list resulting in a batch status 08 New batch build error or empty. Nova 602 Settlement Record Original Auth Amount Field Correction The 602 settlement record has been corrected to no longer include the tax amount twice. Nova Detect and Prevent Reversals to Prevent Timeout Currently, authorization reversals are not supported on the Nova gateway. To prevent transaction timeouts, CPM will return an error message when a Nova authorization reversal is detected. LCC-return-code will be set to 145. CPM Release Notes CyberSource Corporation August

54 Chapter 9 CyberSource Payment Manager 6.4 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.4 release: Enhancements Upgrading from Previous Versions You can upgrade to version 6.4 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements Update Compliance with Payment Application Best Practices (PABP) version 1.4 Global Payments Upgrade Paymentech New Hampshire Upgrade CPM Enhancements Update Compliance with Payment Application Best Practices (PABP) version 1.4 The PCI Compliance Guide has been updated to comply with the Payment Application Best Practices version 1.4. To reflect this update, the PCI Compliance Guide has been renamed to the PABP Implementation Guide. Eraserl.exe is a secure wipe utility for Windows that has been added to meet the PABP version 1.4 standard. This utility is located in the CPM server directory and is built into InstallShield for the CPM un-install process. It is also built into the automatic settlement file deletion function for gateways that support FTP method of settlement. The command line options of the Eraserl utility may be used to securely remove files and folders on an as needed basis. See the PABP Implementation Guide for syntax. CPM Release Notes CyberSource Corporation August

55 CyberSource Payment Manager 6.4 Enhancements Record format logs used for test and troubleshooting have been relocated from the Windows System32 directory to the CPM server/log directory. Global Payments Upgrade Updated CPM in accordance with Global Payments East Host Authorization and EDC Message Specification version Updated to store American Express transaction ID from authorization response and submit it in settlement. Updated to store Visa card level result from authorization response and submit it in settlement. Updated to support the processing of recurring transactions for Visa and MasterCard, American Express, and Discover cards. Support of Visa and MasterCard FSA/HRA Health Benefits Cards The Global Payments gateway now supports the processing of Visa and MasterCard Flexible Spending Account (FSA) and Heath Reimbursement Account (HRA) cards. These cards are only accepted by the following types of merchants and is enforced using merchant category codes or merchant type codes assigned by Visa and MasterCard. Medical providers such as doctors and hospitals. Merchants with an inventory information approval system (IIAS). An IIAS flags eligible items in its point-of-sale database so that the scanner can separate IIAS items from other items. Only IIAS items can be charged to the card. The Base Group fields must be passed with the QHP_AMOUNT field to qualify as an FSA/HRA transaction. The merchant totalizes the transaction then submits it into the CPM QHP_AMOUNT field, which identifies the transaction as FSA/HRA. The QHP_ AMOUNT fields contains optional subfields such as RX_AMOUNT and VISION_ AMOUNT. If used, the total amount of the subfields should equal the QHP_AMOUNT field. The QHP_AMOUNT cannot be more than the total transaction amount. See Table 3 for a list of optional subfields. Partial Authorization Partial authorization uses the same functionality as pre-paid cards. It allows an approval if the amount of the transaction is greater than the remaining balance on the card. The remaining transaction amount must be tendered with a different form of payment. Partial authorization is available to Visa, MasterCard, and American Express. Partial authorization can be enabled by the following: CPM Release Notes CyberSource Corporation August

56 CyberSource Payment Manager 6.4 Enhancements The merchant can enable partial authorization on all transactions by checking the Enable Partial Authorization checkbox on the Agreement Settings screen, as shown below. The PARTIAL_AUTH_FLAG API field can also be passed on a per transaction basis to override the merchant enabled checkbox. Partial auth flag valid values for Visa, MasterCard, and American Express are the following: Y - Attempt a partial authorization if allowed for the account. N - Do not attempt a partial authorization. Full Reversal Credit card full reversal is available to Visa, MasterCard, and Discover. Merchants may cancel a credit card authorization by submitting a reversal transaction. The reversal transaction returns funds back to the customer s prepaid card or line of credit. The amount of the reversal must equal the original authorized amount. CPM Release Notes CyberSource Corporation August

57 CyberSource Payment Manager 6.4 Enhancements New APIs Table 3 New APIs Field Data Type and Length Numeric ID Description ID_QHP_AMOUNT 12 Numeric 3000 Qualified health benefit (IIAS) amount of the transaction ID_RX_AMOUNT 12 Numeric 3001 Prescription drug portion of the QHP amount ID_VISION_AMOUNT 12 Numeric 3002 Vision portion of the QHP amount ID_CLINIC_OTHER_ AMOUNT ID_DENTAL_ AMOUNT 12 Numeric 3003 Clinic/Other portion of the QHP amount 12 Numeric 3004 Dental portion of the QHP amount ID_PARTIAL_AUTH_ FLAG 1 Alpha Numeric 3005 Partial redemption indicator. Allows for transaction approval if the QHP amount is greater than the remaining balance on the card Authorization Response Code Additions The authorization service for Global Payents was updated with the additional response codes listed in Table 4. See the CPM Messages and Processor Codes for additional information. Table 4 New Authorization Response Codes for Global Payments Global Payments Authorization Reponse Code Description CPM Authorization Response Code 010 Only partial amount authorized A 57 Transaction not allowed E 122 Amex CID failed D CPM Release Notes CyberSource Corporation August

58 CyberSource Payment Manager 6.4 Enhancements Table 4 New Authorization Response Codes for Global Payments Global Payments Authorization Reponse Code 1NE Description Only partial amount authorized, but merchant is not set up to capture this card type CPM Authorization Response Code A Database Schema Changes The following new field has been added to the CC_TRANSACTION table. Table 5 New fields for CC_TRANSACTION table Field Name Data Type and Length Description QHP_AMOUNT Numeric 16, 4 Qualified health benefit amount of the transaction The HBC_TRANSACTION database table has been added with the following fields. Table 6 New fields for HBC_TRANSACTION TABLE Field Name SEQUENCE_ NUMBER Data Type and Length Varchar 15 Description Primary key RX_AMOUNT Numeric 16, 4 Prescription drug portion of the QHP amount VISION_AMOUNT Numeric 16, 4 Vision portion of the QHP amount CLINIC_OTHER_ AMOUNT Numeric 16, 4 Clinic/Other portion of the QHP amount DENTAL_AMOUNT Numeric 16, 4 Dental portion of the QHP amount CPM Release Notes CyberSource Corporation August

59 CyberSource Payment Manager 6.4 Enhancements Paymentech New Hampshire Upgrade The following upgrades have been made to the Paymentech NH gateway. Support of Visa and MasterCard FSA/HRA Health Benefits Cards The Paymentech NH gateway now supports the processing of Flexible Spending Account (FSA) and Heath Reimbursement Account (HRA) cards. These cards are only accepted by the following types of merchants and is enforced using merchant category codes or merchant type codes assigned by Visa and MasterCard. Medical providers such as doctors and hospitals. Merchants with an inventory information approval system (IIAS). An IIAS flags eligible items in its point-of-sale database so that the scanner can separate IIAS items from other items. Only IIAS items can be charged to the card. The Base Group fields must be passed with the QHP_AMOUNT field to qualify as an FSA/HRA transaction. The merchant totalizes the transaction then submits it into the CPM QHP_AMOUNT field, which identifies the transaction as FSA/HRA. The QHP_ AMOUNT fields contains optional subfields such as RX_AMOUNT and VISION_ AMOUNT. If used, the total amount of the subfields should equal the QHP_AMOUNT field. The QHP_AMOUNT cannot be more than the total transaction amount. See Table 7 for a list of optional subfields. CPM Release Notes CyberSource Corporation August

60 CyberSource Payment Manager 6.4 Enhancements New APIs Table 7 New APIs Field Data Type and Length Numeric ID Description ID_QHP_AMOUNT 12 Numeric 3000 Qualified health benefit (IIAS) amount of the transaction ID_RX_AMOUNT 12 Numeric 3001 Prescription drug portion of the QHP amount ID_VISION_AMOUNT 12 Numeric 3002 Vision portion of the QHP amount ID_CLINIC_OTHER_ AMOUNT ID_DENTAL_ AMOUNT 12 Numeric 3003 Clinic/Other portion of the QHP amount 12 Numeric 3004 Dental portion of the QHP amount ID_PARTIAL_AUTH_ FLAG 1 Alpha Numeric 3005 Partial redemption indicator. Allows for transaction approval if the QHP amount is greater than the remaining balance on the card Authorization Response Code Additions The authorization service for Paymentech NH was updated with the additional response codes listed in Table 8. See the CPM Messages and Processor Codes for additional information. Table 8 New Authorization Response Codes Paymentech NH Authorization Reponse Code Description CPM Authorization Response Code 265 Missing QHP Amount E 266 QHP Amount is greater than transaction amount 267 Division does not participate in Healthcare IIAS. E E 268 Invalid cash back amount E 598 No items QHP qualified D CPM Release Notes CyberSource Corporation August

61 CyberSource Payment Manager 6.4 Enhancements Database Schema Changes The following new field has been added to the CC_TRANSACTION table. Table 9 New fields for CC_TRANSACTION table Field Name Data Type and Length Description QHP_AMOUNT Numeric 16, 4 Qualified health benefit amount of the transaction The HBC_TRANSACTION database table has been added with the following fields. Table 10 New fields for HBC_TRANSACTION TABLE Field Name SEQUENCE_ NUMBER Data Type and Length Varchar 15 Description Primary key RX_AMOUNT Numeric 16, 4 Prescription drug portion of the QHP amount VISION_AMOUNT Numeric 16, 4 Vision portion of the QHP amount CLINIC_OTHER_ AMOUNT Numeric 16, 4 Clinic/Other portion of the QHP amount DENTAL_AMOUNT Numeric 16, 4 Dental portion of the QHP amount Partial Authorization Partial authorization is available to Visa, MasterCard, American Express, and Discover. Partial authorization uses the same functionality as pre-paid cards. Partial authorization is enabled by your Paymentech assigned division number. The division level default can be overriden by the partial auth flag API field. Partial auth flag valid values for American Express are the following: Y - Transaction is not declined if authorization amount is greater than the current balance. N - Transaction is declined if authorization amount is greater than the current balance. Partial auth flag valid values for Discover are the following: CPM Release Notes CyberSource Corporation August

62 CyberSource Payment Manager 6.4 Enhancements Y - The sale amount can be partially approved but the cash back amount cannot be partially approved. N - Merchant does not support partial authorization. Partial authorization not allowed for both sale amount and cash back amount. Partial auth flag valid values for Visa andmastercards are the following: Y - Attempt a partial authorization if allowed for the account. N - Do not attempt a partial authorization. Added support for Discover Card Cash Back The Paymentech NH gateway now supports the processing of cash back for Discover card retail transactions. The amount of the cash back must be in $20 increments and cannot be more than $100. Cash back is authorized using the same indicator flags used for partial authorization: B - Both sale amount and cash back may be partially approved. The sale amount must be fully approved before the cash back amount can be partially approved. C - The sale amount must be fully approved before the cash back amount may be partially approved. X - Merchant may support partial auth, but the sale amount must be fully approved before the cash back amount can be approved. Neither the sale amount nor the cash back amount can be partially approved. CPM Release Notes CyberSource Corporation August

63 CyberSource Payment Manager 6.4 Enhancements CPM Enhancements A new search by merchant name feature has been added to the Merchants dialog box under Server Properties. This eliminates the retrieval of the entire merchant list upon initial display. To retrieve the entire merchant list, click the List All button. To retrieve a filter list, enter a specific merchant name or a partial name in the Search field and click the Search button. Only Merchant IDs containing the name or partial name you entered are retreived. CPM Release Notes CyberSource Corporation August

64 CyberSource Payment Manager 6.4 Enhancements The Agreement List has been enhanced with the same search feature as the Merchant List. To retrieve the entire agreement list, click the List All button. To retrieve a filter list, enter a specific Agreement ID or a partial name in the Search field and click the Search button. Only Agreement IDs containing the name or partial name you entered are retreived. CPM Release Notes CyberSource Corporation August

65 Chapter 10 CyberSource Payment Manager This chapter describes enhancements for the CyberSource Payment Manager (CPM) release: Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements Paymentech NH PIN-less Debit Paymentech NH Credit Card Full Reversals Settlement Batch Status Display Settlement Performance Improvement Paymentech NH PIN-less Debit PIN-less debit transactions have been added to the Paymentech NH gateway. Online transactions that support PIN-less debit are purchase authorizations and purchase reversals. Purchase Authorization The Merchant submits an Authorization or Auth_and_Capture transaction with Card_ Type=029. An expiration date for PIN-less debit is not required. CPM Release Notes CyberSource Corporation August

66 CyberSource Payment Manager Enhancements Upon approval, funds are immediately drawn from the the customers account. The following transaction types for PIN-less Debit include: Moto Recurring E-commerce IVR (Interactice Voice Response) CPM formats the authorization request message and sends it to Paymentech. The method of Payment field is set as Generic Debit. Paymentech returns an authorization response and if approved, the Method of Payment identifies the debit network (ACCEL, Pulse, Star, NYCE) it is associated with. This value is stored in the cc_transaction table in the card_ type field and is submitted during settlement. Purchase Reversal Merchants may cancel a PIN-less debit purchase authorization by submitting a reversal transaction. The amount of the reversal must equal the original authorized amount. The merchant has up to 90 minutes from receipt of the authorization response to submit the reversal. CPM Release Notes CyberSource Corporation August

67 CyberSource Payment Manager Enhancements API Changes Table 11 New APIs Field Card_Type Value 30 NYCE 31 Pulse 32 Star 33 ACCEL Customer_Present_ Flag: 8 Interactive Voice Response (IVR) Authorization Response Code Additions The authorization service for Paymentech was updated with the additional response codes listed in Table 12. See the CPM Messages and Processor Codes for additional information. Table 12 New Authorization Response Codes for Paymentech Paymentech Authorization Reponse Code Description CPM Authorization Response Code 109 Previously processed transaction. 258 Not authorized to send record 262 Authorization code and/or response code is invalid 263 Partial authorization not allowed 264 Duplicate deposit transaction 305 Transaction was already reversed 306 Requested reversal amount does not match original approved authorized amount D E E E E D D CPM Release Notes CyberSource Corporation August

68 CyberSource Payment Manager Enhancements Table 12 New Authorization Response Codes for Paymentech Paymentech Authorization Reponse Code Description CPM Authorization Response Code 307 Transaction cannot be matched to a previous authorization transaction 740 Unable to find match for authorized record D D 741 Validation failed D Paymentech NH Credit Card Full Reversals Credit card full reversal is available to Visa, MasterCard, MasterCard/Diners, and Discover. Merchants may cancel a credit card authorization by submitting a reversal transaction. The reversal transaction returns funds back to the customer s line of credit. The amount of the reversal must equal the original authorized amount. CPM Release Notes CyberSource Corporation August

69 CyberSource Payment Manager Issues Resolved Settlement Batch Status Display The Settlement Batch Status display screen has been enhanced to include an End Date/ Time field and a Merchant ID field. When you initially open the Settlement Batch Status screen the End Date/Time field and the Merchant ID field is disabled by default and no data displays. To have data display, you must set your desired parameters and click the Retrieve button. If you leave these fields blank all available data will be returned for all merchants. To retrieve data for a specific merchant, enter all or part of the merchant ID in the The Merchant ID field. The default value for the Max Row field is 25. However, the value you enter will be retained for the next time you open this screen. Settlement Performance Improvement The online settlement process has been improved to prevent the CPU from reaching 100% utilization. Issues Resolved BAMS Settlement File Cleanup A directory separator has been added between the directory path and the settlement file name to enable the automatic deletion of the BAM settlement files. Paymentech NH Restrict Automatic Settlement Recovery The automatic settlement recovery process has been disabled to prevent resubmitting batches in the waiting state. CPM Release Notes CyberSource Corporation August

70 Chapter 11 CyberSource Payment Manager This chapter describes enhancements for the CyberSource Payment Manager (CPM) release: Upgrade for FDMS Nashville Merchant Services Paymentech Fixes Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Upgrade for FDMS Nashville Merchant Services Specification Upgrades The FDMS Nashville gateway has been upgraded in compliance with the DLH Authorization and Settlement Spec. AMEX E-commerce Indicator The E-commerce indicator DataID002 has been added for Amex E-commerce transactions in the authorization and settlement message formats. AMEX CAPN Support has been added to comply with American Express CAPN requirements. This includes storing the transaction ID, POS data code, and American Express CID result code values returned in the Authorization Response message for American Express CAPN transactions. The transaction ID and POS data code values will be included in the Settlement file. In addition, optional Corporate Card Level 2 addendum records have been added in the Settlement file. CPM Release Notes CyberSource Corporation August

71 CyberSource Payment Manager Upgrade for FDMS Nashville Merchant Services Visa Card Level Results The Visa Card Level Result is a value returned from the processor that indicates the type of Visa card used for the transaction. Support has been added to store the two-character product code returned in the Authorization Response message for Visa transactions. This value is stored in the CARD_LEVEL_RESULT database field which is in the CC_ TRANSACTION table. It will also be included in the Settlement file. Visa refers to the Card Level Result as DE See the CPM API Reference Guide for information about the CC_TRANSACTION table. MasterCard Partial Auth Reversal To return a partial refund to a customer s line of credit from a prior authorization, you can perform a Partial Reversal transaction. Previously, this capability was supported only for Visa transactions. Support has now been added for MasterCard. MasterCard and Visa Recurring Advice Code MasterCard and Visa recurring payments return an advice code field indicating the reason for a recurring authorization decline. The advice code field is returned to the client in the RECUR_ADVICE_CODE API. This code is also stored in the CC_TRANSACTION table. Recurring advice code values and their definitions are: Visa 02 Cardholder wishes to stop only one specific payment in the recurring payment relationship. 03 Cardholder has requested to stop all recurring payment transactions for a specific merchant. 21 All recurring payments have been cancelled for the card number requested. MasterCard 01 Expired card, account upgrade, portfolio sale, or conversion. Obtain new account information before next billing cycle. 02 Over credit limit, insufficient funds. Recycle transaction 72 hours later. 03 Account closed fraudulent. Obtain another type of payment from customer. 21 Cardholder has been unsuccessful at cancelling recurring payment through merchant. Stop recurring payment requests. Discover Recurring Transactions Support for Discover recurring transactions was added to comply with the latest specifications. CPM Release Notes CyberSource Corporation August

72 CyberSource Payment Manager Paymentech Fixes Visa Existing Debt Indicator Transactions can be identified as existing debt payments by submitting Customer Present Flag = 6. This flag is valid only for Visa. It can be used in Direct Marketing, E-Commerce, and Retail industries to pay an existing debt (for example, a car loan). Agent Identification Service (Transparent to Merchant) A new data identifier was added to support Visa s Agent Identification Service. The Agent Identifier is required for all Visa transactions. This data element is sent in the authorization request message and is transparent to the merchant. Paymentech Fixes Maximum Batch Size The maximum batch size per merchant is controlled by the SettlementMaxBatchSize config variable stored in the cmp.cfg file. This value is defaulted to 10,000 transactions. A bug has been resolved where batches above the SettlememtMaxBatchSize value were not being created. CPM Release Notes CyberSource Corporation August

73 Chapter 12 CyberSource Payment Manager This chapter describes enhancements for the CyberSource Payment Manager (CPM) release: Upgrade for FDMS North Merchant Services Vital Fixes Paymentech Fixes Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Upgrade for FDMS North Merchant Services Specification Upgrades Support has been added for: ISO 8583 Global Authorization Spec version PTS Settlement Spec version Discover Full Service (Transparent to Merchant) The Discover Qualification Field Identifier was added to support Discover Full Service. Discover compliance data returned in the Authorization response is stored in the CC_TRANSACTION table and subsequently submitted in the XV01 and XV02 records during settlement. Compliance data elements include: Processing Code System Trace Audit Number POS Entry Mode Local Transaction Time CPM Release Notes CyberSource Corporation August

74 CyberSource Payment Manager Upgrade for FDMS North Merchant Services Local Transaction Date Discover Response Code Discover POS Data Code Discover Transaction Qualifier/Track Condition Code Discover Address Verification Result Visa, MasterCard, and Discover Full Auth Reversal To completely return funds to a customer s line of credit from a prior authorization, you can perform a Reversal transaction. Visa, MasterCard, and Discover support full reversals. Note The amount field in the reversal transaction must be equal to the original authorization amount to trigger a full reversal. Visa and MasterCard Recurring Advice Code Visa and MasterCard recurring payments return an advice code field indicating the reason for a recurring authorization decline. The advice code field is returned to the client in the RECUR_ADVICE_CODE API. This code is also be stored in the CC_TRANSACTION table. Visa and MasterCard support full reversals for recurring advice codes: Visa 02 Cardholder wishes to stop only one specific payment in the recurring payment relationship. 03 Cardholder has requested to stop all recurring payment transactions for a specific merchant. 21 All recurring payments have been cancelled for the card number requested. MasterCard 01 Expired card, account upgrade, portfolio sale, or conversion. Obtain new account information before next billing cycle. 02 Over credit limit, insufficient funds. Recycle transaction 72 hours later. 03 Account closed fraudulent. Obtain another type of payment from customer. 21 Cardholder has been unsuccessful at cancelling recurring payment through merchant. Stop recurring payment requests. Visa Existing Debt Indicator Transactions can be identified as existing debt payments by submitting Customer Present Flag = 6. This flag is valid only for Visa. It can be used in Direct Marketing, E-Commerce, and Retail industries to pay an existing debt (for example, a car loan). CPM Release Notes CyberSource Corporation August

75 CyberSource Payment Manager Vital Fixes Agent Identification Service (Transparent to Merchant) A new identifier for CyberSource was added to support North s Agent Identification Service. The Agent Identifier is required for Visa Signature and Visa PIN Debit transactions. Vital Fixes Merchant Location/City Change In CPM 6.2.3, a new variable was introduced to store the value of the Merchant City field from the Agreement Settings screen. The merchant_city data element stored in the agreement_values table replaced the old merchant_location data element. Merchants upgrading their pre-cpm version needed to re-enter this field on the Agreement Setting screen to have it saved under the new variable name. If this was not done, the Merchant City field in the Agreement Setting screen would be blank and settlement would fail due to a missing required field in the Parameter record. CPM fixes this problem by looking for the variable by either the old merchant_ location or the new merchant_city variable name. Auth Source Code The Auth Source Code field in the settlement detail record for Vital was not using the value returned in the Authorization response if an Auth followed by a Capture transaction sequence was performed. Transactions were being downgraded because they were treated as forced captures. If the Auth/Capture transaction was used, then the Auth Source Code field was being properly derived. This fix uses the value stored in the CC_TRANSACTION table AUTH_SOURCE_CODE field if present for both an Auth transaction followed by a Capture transaction and for an Auth/Capture transaction. Concurrent Transaction Timeout on Vital SSL Transactions received concurrently on the Vital SSL gateway were prone to result in timeouts due to a race condition. The SSL session was not being closed immediately, allowing a window of time for a new transaction to be submitted within a previous transaction s session. To fix this, CPM now issues a Close Session command for each transaction., eliminating the race condition. CPM Release Notes CyberSource Corporation August

76 CyberSource Payment Manager Paymentech Fixes Paymentech Fixes Settlement in Test Mode A bug was inadvertently introduced in CPM 6.3 causing the CPM server to terminate if settlement was performed for a Paymentech merchant while in test mode. This fix enables a Paymentech merchant to settle in test mode without causing the server to terminate. Destination Country Code Padding for Level 3 In prior versions of CPM, the destination country code field in the PP0 record was not being space padded if the Ship_to_Country field was not submitted for Visa or MasterCard purchase card level 3 transactions. This fix properly provides space padding if Ship_to_Country is not submitted. If Ship_To_Country is submitted, the field is populated with the 3-digit ISO numeric country code. Division Number Field Size Extended to Store Up to 10-Character Input Paymentech s 7.4 auth spec and byte settlement spec increases the size of the Division Number field from 6 to 10 bytes. The Paymentech Agreement Settings screen now accepts a 10 character input. CPM Release Notes CyberSource Corporation August

77 Chapter 13 CyberSource Payment Manager 6.3 Summary of Updates for CPM 6.3 Gateways Affected Update Description Paymentech N.H. Specifications Specifications for authorization and settlement. See Upgrading from Previous Versions on page 66. Paymentech N.H. Presenter ID and submitter ID Requirements for presenter IDs and submitter IDs. See Presenter ID and Submitter ID on page 67. Paymentech N.H. Order number Uniqueness requirement for the order number. See Order Number on page 67. Paymentech N.H. Agreement Settings New fields added to the Agreement Settings dialog. See Agreement Settings on page 68. Paymentech N.H. Cross currency Support for all Paymentech-supported currencies. See Cross Currency Support on page 70. Paymentech N.H. AVS codes New AVS codes. See AVS Response Codes on page 71. Paymentech N.H. Authorization codes New authorization codes. See Authorization Response Codes on page 72. Paymentech N.H. Maestro SecureCode Support for Maestro SecureCode. See Maestro SecureCode on page 73. Paymentech N.H. Maestro CVV Support for Maestro CVV. See Maestro CVV on page 73. Paymentech N.H. API fields New API fields. See New API Fields on page 74. Paymentech N.H. Soft descriptors Format requirement for soft descriptors. See Soft Descriptors on page 75. Paymentech N.H. Architecture Support for multiple merchants in one settlement file. See Architecture Update on page 75. Amex Phoenix Field 47 (ITD) defaults Defaults for Field 47, which is Internet Transaction Data (ITD). See American Express Phoenix Update: ITD Defaults on page 76. CPM Release Notes CyberSource Corporation August

78 Chapter 13 CyberSource Payment Manager 6.3 Upgrading from Previous Versions Gateways Affected Amex Phoenix Update Field 47 (ITD) restriction Description Restriction for Field 47, which is Internet Transaction Data (ITD). See American Express Phoenix Update: ITD Restriction on page 76. Amex Phoenix Order number Smaller size for order numbers. See American Express Phoenix Update: Order Numbers on page 76. BA Merchant Services All gateways Buffer size TAA1-4_QTY field size Larger Receive buffer size. See BA Merchant Services Update: Buffer Size on page 76. Larger field size for TAA1-4_QTY. See Database Update: TAA Quantity on page 76. NOVA Visa card level results Support for the Visa Card Level Result value. See NOVA Update: Visa Card Level Results on page 76. Vital Authorization timeout Support for authorization timeout. See Vital SSL and Vital Frame Update: Authorization Timeout on page 77. Vital Authorization amount New maximum authorization amount. See Vital SSL and Vital Frame Update: Maximum Authorization Amount on page 78. Upgrading from Previous Versions You can upgrade to version 6.3 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Upgrades for Paymentech New Hampshire This upgrade achieves conformity with: Paymentech specification 7.4 for authorization. Paymentech specification 3.0 for settlement, which implements the 120-byte format. Note Merchants upgrading to this version of CPM or higher must re-certify with Paymentech. CPM Release Notes CyberSource Corporation August

79 Chapter 13 CyberSource Payment Manager 6.3 Upgrades for Paymentech New Hampshire Topics covered in this section: Presenter ID and Submitter ID Order Number Agreement Settings Cross Currency Support AVS Response Codes Authorization Response Codes Maestro SecureCode Maestro CVV New API Fields Soft Descriptors Architecture Update Presenter ID and Submitter ID If you are upgrading from a previous version, your Presenter ID and Submitter ID must be configured for the 120-byte settlement specification. Paymentech will need to either reconfigure your existing IDs or issue you new ones. Each ID consists of a username and password. These values are entered in the Agreement Settings. Order Number If you are using the ORDER_NUMBER API field, the first 8 bytes (8 characters) must be unique. If you don't provide the order number, this field defaults to the SEQUENCE_ NUMBER, for which CyberSource guarantees uniqueness. CPM will map the least significant 8 bytes of the SEQUENCE_NUMBER to the Merchant s Order Number field in the Paymentech authorization request record. CPM Release Notes CyberSource Corporation August

80 Chapter 13 CyberSource Payment Manager 6.3 Upgrades for Paymentech New Hampshire Agreement Settings Several new fields were added to the Agreement Settings dialog. These new fields support the Soft Merchant information (SM) record that accompanies American Express transactions. Merchant Information The first seven fields in this section are new, optional fields that provide merchantidentifying information. If you are an aggregator or petroleum merchant, you might need to include merchant-identifying information with each transaction instead of using the defaults that are stored in the Chase Paymentech Merchant Setup system. You can take advantage of Chase Paymentech s Soft Merchant information (SM) record specifications CPM Release Notes CyberSource Corporation August

81 Chapter 13 CyberSource Payment Manager 6.3 Upgrades for Paymentech New Hampshire in order to submit soft information such as your name, street address, city, state, and postal code. The soft data that is submitted will be passed to the card associations along with the transaction and will be posted on the cardholder s statement, if applicable. You must be approved by the Chase Paymentech Risk/Credit department before becoming certified for or submitting SM records. If you have not obtained the appropriate approvals and try to submit transactions with SM records, the transactions will be rejected by Chase Paymentech. NEW FIELD: Merchant Name. Your merchant name. This name does not need to match the Merchant ID on the Merchant Information tab. This field contains the merchant name that appears on the storefront and/or customer receipts, commonly referred to as the D.B.A. (Doing Business As) name. This information will become part of the descriptive bill on the cardmember s statement. This name must be easily recognized by the cardmember to avoid unnecessary inquiries. If the name is more than 38 characters, use proper and meaningful abbreviation when possible. Do not truncate. (up to 38 characters) NEW FIELD: Merchant Street. Street address where you are located. If you are in mail order, phone order, or internet industries, you can substitute one of the following values in this field (up to 38 characters): Street address where your order processing facility is located. Your Web address (URL) or address. URLs and addresses may be in lower case as appropriate. NEW FIELD: Merchant City. City where you are located. (up to 21 characters) NEW FIELD: Merchant State. State where you are located. (2-character abbreviation) NEW FIELD: Postal Code. Postal code where you are located. NEW FIELD: Country Code. Country where you are located. (3-digit ISO numeric code) NEW FIELD: Merchant ID. Your American Express service establishment number. Division Number. Identifier assigned by Paymentech New Hampshire for live transaction processing. Contact Paymentech New Hampshire for this information. Category Code. Four-digit number corresponding to your primary business. Contact Paymentech New Hampshire for this information. CPM Release Notes CyberSource Corporation August

82 Chapter 13 CyberSource Payment Manager 6.3 Upgrades for Paymentech New Hampshire CHANGED FIELD: Currency. Currency for the transactions. This field has been changed from a drop-down list to a text field. See Cross Currency Support on page 70. (3-digit ISO numeric code) Transaction Type. Your primary type of transaction. NEW FIELD: Override Merchant Master. Selecting this checkbox causes the SM record to be sent for American Express transactions. See the description at the beginning of this section, Merchant Information on page 68. Presenter Information ID. Number assigned to the location that physically sends the transactions. Contact Paymentech New Hampshire for this information. See Presenter ID and Submitter ID on page 67. Password. Number that corresponds to the Presenter s Identifier. Contact Paymentech New Hampshire for this information. Submitter Information ID. Number assigned to the merchant that actually owns the transactions. For example, if a call center submits a transaction to Paymentech that is later forwarded to the merchant, the Presenter s Identifier indicates the call center and the Submitter s Identifier indicates the merchant. Contact Paymentech New Hampshire for this information. See Presenter ID and Submitter ID on page 67. Password. Number that corresponds to the Submitter s Identifier. Contact Paymentech New Hampshire for this information. Cross Currency Support CPM now supports all Paymentech-supported currencies for authorization. This field on the Agreement Settings screen has been changed to a data entry (text) field instead of a drop-down list. Use the 3-digit ISO numeric currency codes. See the currency field description in the preceding section, Agreement Settings on page 68. Contact Paymentech to configure your funding currency. CPM Release Notes CyberSource Corporation August

83 Chapter 13 CyberSource Payment Manager 6.3 Upgrades for Paymentech New Hampshire AVS Response Codes The Address Verification Service for Paymentech was updated with the additional response codes listed in Table 13. See the CPM Messages and Processor Codes for additional information. Table 13 New AVS Response Codes for Paymentech Paymentech AVS Response Code CPM ZIP_MATCH Value CPM ADDRESS_MATCH Value Comments A1 N (Postal code: No match) N (Address: No match) A3 Y (Postal code: Match) Y (Address: Match) A4 Y (Postal code: Match) N (Address: No match) A7 N (Postal code: No match) Y (Address: Match) B3 Y (Postal code: Match) Y (Address: Match) B4 Y (Postal code: Match) N (Address: No match) B7 N (Postal code: No match) Y (Address: Match) B8 N (Postal code: No match) N (Address: No match) IA Y (Postal code: Match) Y (Address: Match) International only CPM Release Notes CyberSource Corporation August

84 Chapter 13 CyberSource Payment Manager 6.3 Upgrades for Paymentech New Hampshire Table 13 New AVS Response Codes for Paymentech Paymentech AVS Response Code CPM ZIP_MATCH Value CPM ADDRESS_MATCH Value Comments IB X (Postal code: Not available or not applicable) Y (Address: Match) Postal code not verified, format incompatible IC X (Postal code: Not available or not applicable) X (Address: Not available or not applicable) Not verified due to incompatible format IG X (Postal code: Not available or not applicable) X (Address: Not available or not applicable) AVS not performed (international issuer) IP Y (Postal code: Match) X (Address: Not available or not applicable) Street address not verified due to incompatible format Authorization Response Codes The authorization service for Paymentech was updated with the additional response codes listed in Table 14. See the CPM Messages and Processor Codes for additional information. Table 14 New Authorization Response Codes for Paymentech Paymentech Authorization Response Code Description CPM Authorization Response Code Comments 108 Approved for activation. A New 204 Other error. E Remapped 249 Invalid MCC. E New 257 Missing customer service phone number. E New CPM Release Notes CyberSource Corporation August

85 Chapter 13 CyberSource Payment Manager 6.3 Upgrades for Paymentech New Hampshire Table 14 New Authorization Response Codes for Paymentech Paymentech Authorization Response Code Description CPM Authorization Response Code Comments 401 Call if not BML, otherwise decline. C Remapped 524 Altered data. E New 572 Closed account. D New 594 Other error. E Remapped 595 New card issued. D New 596 Suspected fraud. D New 606 Invalid transaction type. D Remapped 769 Not convertible account. D New 802 Positive ID. C Remapped Maestro SecureCode Now CPM supports UK Domestic Maestro SecureCode for Paymentech New Hampshire for the Maestro (Switch/Solo) card type. Maestro SecureCode uses the same field inputs as MasterCard SecureCode. See the CPM API Reference Guide for information about the ECommerce Group, which is the group for SecureCode. Maestro CVV Now CPM supports the UK Domestic Maestro CVV. CPM Release Notes CyberSource Corporation August

86 Chapter 13 CyberSource Payment Manager 6.3 Upgrades for Paymentech New Hampshire New API Fields New Field for Automatic Number Identification Field: Automatic Number Identification Numeric Identifier: 178 Description: ANI-specified phone number that the customer used to place the order. Length: 10 Data Type: API Field: Varchar ID_CUSTOMER_ANI New Field for Customer Information Identifier Field: Customer Information Identifier Numeric Identifier: 179 Description: Telephone-company-provided ANI-ii-coding digits associated with the customer ANI phone number that correspond to call type. Examples of call type are cellular, government, or institution. Length: 2 Data Type: API Field: Varchar ID_CUSTOMER_INFORMATION_ID CPM Release Notes CyberSource Corporation August

87 Chapter 13 CyberSource Payment Manager 6.3 Enhancements Soft Descriptors Soft descriptors are the descriptors in the M record and are sometimes referred to as merchant descriptors. The Merchant Billing Name must be in one of these formats: <12-character merchant name>*<9-character product description> <7-character merchant name>*<14-character product description> <3-character merchant name>*<18-character product description> See the CPM API Reference Guide for information about the Billing Group, which is the group for the soft descriptors. Architecture Update CPM now supports Paymentech New Hampshire s requirement to have multiple merchants batches in one settlement file. Previously, CPM settled one merchant batch per file. Enhancements Topics covered in this section: American Express Phoenix Update: ITD Defaults American Express Phoenix Update: ITD Restriction American Express Phoenix Update: Order Numbers BA Merchant Services Update: Buffer Size Database Update: TAA Quantity NOVA Update: Visa Card Level Results Vital SSL and Vital Frame Update: Authorization Timeout Vital SSL and Vital Frame Update: Maximum Authorization Amount CPM Release Notes CyberSource Corporation August

88 Chapter 13 CyberSource Payment Manager 6.3 Enhancements American Express Phoenix Update: ITD Defaults CPM is using defaults for the card-not-present data in Field 47, which is Internet Transaction Data (ITD): Ship-to country = 840 Shipping method = 01 American Express Phoenix Update: ITD Restriction Field 47, which is Internet Transaction Data (ITD), will not be sent if you are configured as a retail merchant. American Express Phoenix Update: Order Numbers For settlement transactions, CPM accommodates order numbers less than 9 bytes. BA Merchant Services Update: Buffer Size The size of the Receive buffer was increased from 256 bytes to 1K to accommodate large sign-on messages. Database Update: TAA Quantity The Dbutil Update function was updated to set the column data type for the TAA1-4_QTY fields to varchar (3) in the TAA_TRANSACTION table. When these columns were introduced in CPM 6.2.3, the TAA1-4_QTY fields were mistakenly set to varchar (2). NOVA Update: Visa Card Level Results The Visa Card Level Result is a value returned from the processor that indicates the type of Visa card used for the transaction. Support has been added to store the two-character product code returned in the Authorization Response message for Visa transactions. This value is stored in the CARD_LEVEL_RESULT database field which is in the CC_TRANSACTION table. It will also be included in the Settlement file. Visa refers to the Card Level Result as DE NOVA refers to this value as Account Level Processing CPM Release Notes CyberSource Corporation August

89 Chapter 13 CyberSource Payment Manager 6.3 Enhancements (ALP). See the CPM API Reference Guide for information about the CC_TRANSACTION table. Vital SSL and Vital Frame Update: Authorization Timeout The authorization timeout value is configurable. This value specifies the length of time CPM will try to send an authorization request to the processor before timing out. This value is on the Gateway Settings dialog, as shown in Figure 1 and Figure 2. CPM Release Notes CyberSource Corporation August

90 Chapter 13 CyberSource Payment Manager 6.3 Enhancements Figure 1 Vital VirtualNet IP Gateway Settings Figure 2 Vital VirtualNet SSL Gateway Settings Vital SSL and Vital Frame Update: Maximum Authorization Amount The maximum allowable authorization amount has been increased to 9,999, CPM Release Notes CyberSource Corporation August

91 Chapter 14 CyberSource Payment Manager This chapter describes enhancements for the CyberSource Payment Manager (CPM) release. Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Upgrade for BA Merchant Services American Express CAPN Support has been added to comply with the American Express CAPN mandate. The transaction ID and POS_DATA_CODE values returned in the authorization response are stored in the CC_TRANSACTION table TRANSACTION_ID and POS_DATA_CODE fields respectively and returned in the settlement file for the associated transaction. In addition, American Express now returns a CID response value in the authorization response message. This value is stored in the CC_TRANSACTION table CVV_RESPONSE field similar to what is presently done for Visa, MasterCard, and Discover. CPM Release Notes CyberSource Corporation August

92 Chapter 14 CyberSource Payment Manager Upgrade for BA Merchant Services Visa Card Level Results Support has been added to comply with Visa s card level results mandate (also referred to as Visa DE 62.23). Visa returns a value in the authorization response which classifies the type of card used in the transaction. This value is stored in the CC_TRANSACTION table CARD_LEVEL_RESULT field and returned in the settlement file for the associated transaction. MasterCard POS Data Code Support has been added to comply with the MasterCard requirement to supply a POS_ DATA_CODE value in the settlement file for each MasterCard transaction. The MasterCard POS_DATA_CODE is a mapped value consisting of a combination of data derived from the operating environment and data returned in the authorization response. This value is stored in the CC_TRANSACTION table POS_DATACODE field and returned in the settlement file for the associated transaction. Data Element Subfields and Data element subfields (Merchant Order Number) and (Merchant Reference Number) are now submitted in the authorization request to BA Merchant Services. If you pass the ORDER_NUMBER API field to CPM in the authorization request, that value is used for DE If you do not pass the ORDER_NUMBER field, CPM uses the transaction sequence number by default for DE CPM uses the 8 least-significant bytes of the transaction sequence number for DE CPM Release Notes CyberSource Corporation August

93 Chapter 14 CyberSource Payment Manager Enhancements Enhancements FDMS North Gateway American Express Purchase Card Level II Support has been added for American Express Purchasing Cards on FDMS North. In order to qualify for American Express CPS level 2 rates the following fields must be submitted in the authorization request: COMMERCIAL_CARD_TYPE=01 PURCHASE_CARD_ORDER_NUMBER TAX_AMOUNT SHIP_TO_ZIP_CODE Additionally, the following optional fields can be sent to further describe the purchase: TAA1 TAA1_QTY TAA2 TAA2_QTY TAA3 TAA3_QTY TAA4 TAA4_QTY The FDMS North settlement file accommodates up to four sets of records for item descriptions and quantities contained in the purchase. The FDMS North settlement records limit the 40-byte TAA1 through TAA4 fields to 35 characters each. Item descriptions greater than 35 characters are truncated. CPM Release Notes CyberSource Corporation August

94 Chapter 14 CyberSource Payment Manager Enhancements Verified by Visa and MasterCard SecureCode Payer Authentication. CPM supports Verified by Visa and MasterCard SecureCode for the FDMS North gateway. Use these API fields to provide the payer authentication data in the authorization or sale request: For Verified by Visa ECommerce Type CAVV For MasterCard SecureCode ECommerce Type UCAF Indicator CAVV ECommerce Type. Use one of these values to indicate the type of payer authentication transaction: 03: Successful Verified by Visa transaction. 04: Attempted Verified by Visa transaction (you attempted but the transaction was not authenticated). 05: MasterCard SecureCode transaction. UCAF Indicator. Indicates whether the UCAF data was collected for a MasterCard SecureCode transaction. The field is required when ECommerce Type=05. Use one of these values: 1: UCAF data collection is supported, but UCAF data was not populated. You are not required to provide the CAVV field. 2: UCAF data collection is supported, and UCAF data was populated. You must also send the CAVV field with the AAV (UCAF data). CAVV. Cardholder Authentication Verification Value used for payer authentication. Use this field for the Verified by Visa CAVV and for the MasterCard SecureCode AAV (also referred to as the UCAF data). For Verified by Visa transactions with FDMS North, you must send the value in hex binary format. For MasterCard SecureCode transactions with FDMS North, you must send the value in base64 format. See the CPM API Reference Guide for more information about these API fields. CPM Release Notes CyberSource Corporation August

95 Chapter 14 CyberSource Payment Manager Issues Resolved American Express Phoenix Gateway Currency Support Extended for American Express American Express has extended the list of currencies supported for authorization. The currency dropdown list on the Agreement Settings screen has been changed to a data entry field to enable input of any 3-digit numeric ISO currency code. This value is stored in the AGREEMENT_VALUES database table and is submitted in the authorization request. At this time American Express supports only USD as the funding currency for settlement. Issues Resolved Paymentech NH Gateway: Settlement Hold Time Calculation Previously, a SQL error was generated if the number of minutes set for the settlement hold time fell during the prior hour. For example, if the scheduled settlement time was set for 11:15 and the Hold Time specified in the Paymentech Gateway Settings was set for 30 minutes, this SQL error would get generated during settlement initiation. No problem resulted if the hold time fell within the current hour or if the hold time was expressed in increments of 60 minutes. Because Paymentech recommends a Hold Time of 120 minutes, this error would not normally be encountered in production. This error was detected in testing. The resolution modified the way minutes were being subtracted from scheduled settlement time. American Express Phoenix Gateway Corrupted Authorization Format on the Solaris Version of CPM The wrong ISO 8583 class library was being referenced. The resolution modified code to reference the correct library. CPM Release Notes CyberSource Corporation August

96 Chapter 14 CyberSource Payment Manager Issues Resolved Settlement File Reversal Tool on the Solaris Version of CPM The resolution modified build scripts to build American Express settlement file reversal tool on Solaris. Heartbeat Message on Solaris Fixed compiler-related byte alignment issue impacting heartbeat message format. Postal Code Format Padding Corrected space padding of 9-digit postal code format. This field used to be zero padded. Nova Gateway: 602 Settlement Record Tax amount was being doubled in the Original Amount Authorized field of the 602 record. The resolution was logic to provide correct authorized amount value. CPM Release Notes CyberSource Corporation August

97 Chapter 15 CyberSource Payment Manager This chapter describes enhancements for the CyberSource Payment Manager (CPM) release: Upgrades for Fifth Third Processing Solutions (FTPS) Enhancements Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Upgrades for Fifth Third Processing Solutions (FTPS) This section covers the following topics: AMEX CAPN Visa Card Level Results MasterCard Recurring Advice Code Changed Branding from MPS Frame to FTPS Frame AMEX CAPN Support has been added to comply with American Express CAPN requirements. This includes storing the transaction ID, POS data code, and American Express CID result code values returned in the Authorization Response message for American Express CAPN transactions. The transaction ID and POS data code values will be included in the Settlement file. In addition, optional Retail and Corporate Card Level 2 addendum records have been added in the Settlement file. CPM Release Notes CyberSource Corporation August

98 Chapter 15 CyberSource Payment Manager Upgrades for Fifth Third Processing Solutions (FTPS) Visa Card Level Results The Visa Card Level Result is a value returned from the processor that indicates the type of Visa card used for the transaction. Support has been added to store the two-character product code returned in the Authorization Response message for Visa transactions. This value is stored in the CARD_LEVEL_RESULT database field which is in the CC_TRANSACTION table. It will also be included in the Settlement file. Visa refers to the Card Level Result as DE See the CPM API Reference Guide for information about the CC_TRANSACTION table. MasterCard Recurring Advice Code Support has been added for receiving and storing the advice code value returned in recurring MasterCard transactions. See New Field for Merchant Advice Code on page 111. Changed Branding from MPS Frame to FTPS Frame The gateway processor Midwest Payment Services (MPS) has changed its name to Fifth Third Processing Solutions (FTPS). All references to MPS on Administration Client Screens and in documentation have been changed to FTPS. The following four figures show the updates to the Administration Client Screens for the change from MPS to FTPS. CPM Release Notes CyberSource Corporation August

99 Chapter 15 CyberSource Payment Manager Upgrades for Fifth Third Processing Solutions (FTPS) CPM Release Notes CyberSource Corporation August

100 Chapter 15 CyberSource Payment Manager Upgrades for Fifth Third Processing Solutions (FTPS) CPM Release Notes CyberSource Corporation August

101 Chapter 15 CyberSource Payment Manager Enhancements Enhancements This section covers the following topics: Vital Updates Visa Card Level Results FDMS South Updates AMEX ECI Indicator and Recurring Vital Updates Visa Card Level Results The Visa Card Level Result is a value returned from the processor that indicates the type of Visa card used for the transaction. Support has been added to store the two-character product code returned in the Authorization Response message for Visa transactions. This value is stored in the CARD_LEVEL_RESULT database field which is in the CC_TRANSACTION table. It will also be included in the Settlement file. Visa refers to the Card Level Result as DE See the CPM API Reference Guide for information about the CC_TRANSACTION table. FDMS South Updates AMEX ECI Indicator and Recurring Support has been added to provide the ECI indicator for American Express E-Commerce transactions in the Authorization Request message. In addition, the Authorization Request message has been updated to support recurring American Express transactions. CPM Release Notes CyberSource Corporation August

102 Chapter 16 CyberSource Payment Manager This chapter describes enhancements for the CyberSource Payment Manager (CPM) release: Upgrade for FDMS North AMEX CAPN Additional Enhancements for FDMS North Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Upgrade for FDMS North AMEX CAPN This section covers the following topics: Agreement Settings New API Fields Agreement Settings The Agreement Settings dialog was updated: Two fields were added: Merchant Address and Service Establishment Number One field name was modified: Industry Code was changed to Merchant Category Code CPM Release Notes CyberSource Corporation August

103 Chapter 16 CyberSource Payment Manager Upgrade for FDMS North AMEX CAPN One field was removed: Job Cards File Path Merchant Information Merchant Name. Merchant name assigned by FDMS. Contact FDMS North for this information. Merchant Type. Number assigned by FDMS to identify the merchant type. Contact FDMS North for this information. Merchant ID. Number assigned by FDMS to identify the merchant location. Contact FDMS North for this information. Merchant Tax ID. FDMS North's assigned merchant tax identifier. Contact FDMS North for this information. NEW FIELD: Merchant Address. Street address where the merchant is located. CPM Release Notes CyberSource Corporation August

104 Chapter 16 CyberSource Payment Manager Upgrade for FDMS North AMEX CAPN State/Province/Country. State, province, or country where the merchant is located. Merchant City. City where the merchant is located. Destination Country Code. Contact FDMS North for this information. Zip Code. Postal code where the merchant is located. AmEx Charge Description. Description of an American Express transaction. Store ID. FDMS North's assigned store identifier. Contact FDMS North for this information. NEW FIELD: Service Establishment Number. Merchant s American Express service establishment number. Authorization Information Terminal ID. Number assigned by FDMS North to identify a specific terminal at the merchant location. Contact FDMS North for this information. Industry Type. FDMS North's industry type identifier. Contact FDMS North for this information CHANGED FIELD: Merchant Category Code. FDMS North's assigned industry code. Contact FDMS North for this information. Currency Code. The currency for the transactions. CHANGED FIELD: Override Merchant Master. When this checkbox is selected, alternate merchant identifying information will be sent in the authorization request, overriding what is maintained on the FDMS Merchant Master file. Subfields that will be sent in ISO field 43 of the authorization request are Merchant Name, Merchant Address, Merchant City, State, Zip Code, Country Code, and Service Establishment Number. This information may appear on customer billing statements. If this checkbox is not selected, FDMS will provide the information that is in the Merchant Master file. Settlement Information Terminal ID. FDMS North's assigned settlement terminal identifier. Contact FDMS North for this information. Security Code. FDMS North's assigned security code. Contact FDMS North for this information. CPM Release Notes CyberSource Corporation August

105 Chapter 16 CyberSource Payment Manager Additional Enhancements for FDMS North Customer Service Phone Number. Merchant's customer service phone number. Print Customer Service Phone Number. Selecting this check box indicates to FDMS North to print the customer service phone number on the customer's credit card statement. FDMS Fills Fields. This function supports authorization matching. Selecting this check box causes CPM not to include the supplemental Visa and MasterCard detail records in the settlement file. Instead, FDMS North retrieves the required data on your behalf from the associated authorization record. Enable this function only if you have a special agreement with FDMS North allowing you to omit those records during settlement. Purchase Cards Supported. Selecting this check box enables purchasing card support. FTP Settlement Information Username and Password. The username and password that the CPM Server uses to access the FTP site for settling batches through an FTP session. Filename. Dataset name used to store the settlement file that is transmitted by means of FTP to FDMS North. New API Fields See New API Fields for AMEX CAPN on page 106. Additional Enhancements for FDMS North The following additional enhancements were made for FDMS North. Visa Bill Payment Visa has a special Bill Payment program that allows customers to use their Visa cards to pay their bills. If you participate in this program, Visa requests that you flag the Bill Payments and credits so they can be easily identified. You need to set an indicator so the CPM system can identify the transaction as a Bill Payment: CPM Release Notes CyberSource Corporation August

106 Chapter 16 CyberSource Payment Manager Additional Enhancements for FDMS North Recurring and installment transactions are considered Bill Payments. These types of transactions are identified by setting the CUSTOMER_PRESENT_FLAG to its appropriate value. A single Bill Payment transaction is identified by setting the MARKET_ SPECIFIC_INDICATOR API field to B. See the CPM API Reference Guide for information about these fields. Visa Card Level Results The Visa card level result is a value returned from the processor that indicates the type of Visa card used for the transaction. This value is returned in the Authorization Response and is stored in the new CARD_LEVEL_RESULT database field which is in the CC_TRANSACTION table. See the CPM API Reference Guide for information about the CC_TRANSACTION table. Contactless Card Reads Visa/MasterCard/American Express Support has been added for contactless card reads for Visa, MasterCard, and American Express. New values for the Terminal Capability and POS Entry Mode fields were added to support contactless card reads. See the CPM API Reference Guide for information about these fields. Recurring Payments MasterCard/American Express Support has been added for recurring payments for MasterCard and American Express. Partial Reversal Visa/MasterCard/Discover In addition to Visa, CPM now supports partial reversal for MasterCard and Discover. CPM Release Notes CyberSource Corporation August

107 Chapter 17 CyberSource Payment Manager This chapter describes enhancements for the CyberSource Payment Manager (CPM) release: Upgrade for American Express Phoenix CAPN Upgrade for Vital VirtualNet IP AMEX CAPN Upgrade for Vital VirtualNet SSL AMEX CAPN New API Fields for AMEX CAPN Additional Enhancements Issues Resolved Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Upgrade for American Express Phoenix CAPN As part of the CAPN upgrade for American Express Phoenix, you can send a transaction with a value less than $1 for micro-payment processing. The maximum amount is 99, The major changes are: Gateway Settings Agreement Settings New API Fields File Reversal Tool CPM Release Notes CyberSource Corporation August

108 Chapter 17 CyberSource Payment Manager Upgrade for American Express Phoenix CAPN Gateway Settings The Gateway Settings dialog was updated: the CYBS Connect Settings group was removed. Online Settings Host. IP address of the processor's server to which CPM connects for authorizations. Port. IP port to which the processor's server listens. Heartbeat Delay (seconds). Length of time without communication before a ping occurs to keep the connection to the processor open. A recommended value is 120 seconds, but you can use any value you want to use. Enable Field 47. Selecting this check box enables the sending of this data field. This is an optional field for merchants in mail, telephone, and internet order industries that pass Card Not Present (ITD) data with transactions. See the American Express Credit Authorization Guide, spec POS version 3.1 for information about the field contents. CPM Release Notes CyberSource Corporation August

109 Chapter 17 CyberSource Payment Manager Upgrade for American Express Phoenix CAPN Settlement Settings Host. IP address of the processor's server to which CPM connects for settlement. Contact American Express Phoenix for this information. Port. IP port to which the processor's server listens. Contact American Express Phoenix for this information. Password. Your settlement password. Contact American Express Phoenix for this information. Output File Path. Local directory where you want to store the FTP file before it is sent. For PCI compliance reasons, these files will automatically be hidden. If you are using a Windows-based CPM Server and wish to view these files, configure the folder that holds the files so that it displays hidden files. Process Control ID (normal). Identifier code used for settling normal transactions. Contact American Express Phoenix for this information. Process Control ID (level 2). Identifier code used for settling Level II transactions. Contact American Express Phoenix for this information. Invoice Batch (USD). Code that specifies processing options applicable to the USD settlement batch. Contact American Express Phoenix for this information. Invoice Batch (CAD). Code that specifies processing options applicable to the CAD settlement batch. Contact American Express Phoenix for this information. Invoice Subcode. Code that specifies additional American Express controls and processing requirements. Contact American Express Phoenix for this information. Keep Settlement Batch Files for? days. How long CPM keeps the settlement batch files on the hard drive before automatically deleting them. Enable FTP. When enabled, the CPM Server puts the settlement batches on an FTP site. When disabled, the settlement files are stored locally and are not sent to American Express Phoenix. The disable mode is mainly used to support testing. CPM Release Notes CyberSource Corporation August

110 Chapter 17 CyberSource Payment Manager Upgrade for American Express Phoenix CAPN Agreement Settings The Agreements Settings dialog was updated: several new fields were added. Service Establishment Number. Your American Express Service Establishment Number. Contact American Express Phoenix for this information. Acquiring Institution ID Code. Identification code of the party processing the request. Contact American Express Phoenix for this information. Acquiring Institution Country Code (3). Country where the Service Establishment is located. Card Acceptor Business Code (4). Code for the merchant's business type. Contact American Express Phoenix for this information. CPM Release Notes CyberSource Corporation August

111 Chapter 17 CyberSource Payment Manager Upgrade for American Express Phoenix CAPN Card Acceptor Terminal ID (8). Code that identifies a specific terminal at a merchant location. Contact American Express Phoenix for this information. Default AVS Level. Default AVS level to use for transactions. You can override this default value for each transaction using the AVS Level field in the API. NEW FIELD: Location Type. Type of transaction that can occur at this location. Merchant Name. Name of the merchant. The merchant name does not need to match the Merchant ID on the Merchant Information tab. This field contains the merchant name that appears on the storefront and/or customer receipts, commonly referred to as the D.B.A. (Doing Business As) name. This information will become part of the descriptive bill on the cardmember s statement. This name must be easily recognized by the cardmember to avoid unnecessary inquiries. If the name is more than 38 characters, use proper and meaningful abbreviation when possible. Do not truncate. (up to 38 characters) NEW FIELD: Merchant Street Address. Street address where the merchant is located. Merchants in mail order, phone order, or internet industries may substitute one of the following values in this field (up to 38 characters): Street address where the merchant s order processing facility is located. Merchant s Web address (URL) or address. URLs and addresses may be in lower case as appropriate. Merchant City. City where the merchant is located. (up to 21 characters) Merchant State. State where the merchant is located. (2-character abbreviation) NEW FIELD: Merchant ZIP Code. Postal code where the merchant is located. NEW FIELD: Merchant Country. Country where the merchant is located. (3-character ISO alpha or numeric code) NEW FIELD: Merchant Phone Number. Merchant s phone number. Currency. Currency for the transactions. Retail Charge Description. Description of the purchase. Use the Transaction Advice Addendum (TAA) API fields to further describe the transaction. Default TAA1 Value. Default value to use for the Transaction Advice Addendum 1 field. Required if you select the Enable Level 2 check box. CPM Release Notes CyberSource Corporation August

112 Chapter 17 CyberSource Payment Manager Upgrade for American Express Phoenix CAPN Send CID. Selecting this check box causes the CPM software to send the CID you provide in the CVV API field to American Express for validation. You must be signed up with American Express to use the CID before enabling this feature. Enable Level 2. Selecting this check box enables Level II transactions. NEW FIELD: Prepaid Card. Selecting this check box enables prepaid cards. To use this feature, you must choose either partial authorization or balance return. Partial authorization lets the customer use the prepaid card as partial payment for a purchase along with another form of payment. Balance return returns the prepaid card s balance at the time of the purchase. New API Fields See New API Fields for AMEX CAPN on page 106. File Reversal Tool If a duplicate file is accidentally sent to American Express Phoenix, the processor requires that a corresponding reversal file be sent. CyberSource is providing the American Express File Reversal Tool for creating reversal files. This is a command line tool that is installed to the server directory. You can move the tool to a different location if necessary. When American Express Phoenix requests a reversal file from you, run the American Express File Reversal Tool as follows: 1 Locate the file that needs to be reversed. 2 Open the command prompt. 3 Locate the American Express File Reversal Tool. 4 Run the following command: amexpfilereversal.exe <relative path\filename>.txt 5 The American Express File Reversal Tool creates a reversal file named <relative path\filename>_reversed.txt in the same location as the original file. 6 Manually FTP the reversal file to American Express Phoenix using binary mode: a From the command line type: ftp <amex settlement gateway IP> CPM Release Notes CyberSource Corporation August

113 Chapter 17 CyberSource Payment Manager Upgrade for Vital VirtualNet IP AMEX CAPN b c d Enter your username and password. Type bi to set to binary mode. Run the following put command: put <reversed file> <password>.<username> The second argument, <password>.<username>, is the filename that is used to store the settlement file on the American Express system. Upgrade for Vital VirtualNet IP AMEX CAPN This section covers the following topics: Agreement Settings New API Fields Agreement Settings The Agreement Settings dialog was updated: one new field was added. CPM Release Notes CyberSource Corporation August

114 Chapter 17 CyberSource Payment Manager Upgrade for Vital VirtualNet IP AMEX CAPN Merchant Information Store Name. Twenty-five-character identifier for the store. The identifier should be unique. Contact Vital for this information. Store Number. Four-digit number that identifies a specific merchant store in the VirtualNet system. Contact Vital for this information. Agent Chain Number. Six-digit number that identifies the merchant's bank in the VirtualNet system. Contact Vital for this information. Agent Bank Number. Six-digit number that identifies the merchant's bank. Contact Vital for this information. Merchant Number. Twelve-digit number that identifies the merchant in the VirtualNet system. Contact Vital for this information. Merchant Location Number. Nine-digit number that identifies the merchant location. In the United States, the five or nine digit postal code is used. Outside the United States, Vital assigns this number. Category Code. Four-digit number that identifies the merchant's industry classification. Contact Vital for this information. Terminal ID. Eight-digit point of sale tracking number. Contact Vital for this information. City. City where the merchant is located. This field is limited to 13 characters. For Direct Marketing, this field contains the Customer Service phone number. Use NNN- NNNNNNN as the format. State. State where the merchant is located. (2-character abbreviation) NEW FIELD: Street. Street address where the merchant is located. Authorization Information Acquirer BIN. Six-digit bank identification number assigned by Vital. Contact Vital for this information. Currency. Currency for the transactions. Language Indicator. Primary language spoken by the merchant's patrons. Terminal Number. Four-digit number identifying a unique terminal in a merchant location. Contact Vital for this information. CPM Release Notes CyberSource Corporation August

115 Chapter 17 CyberSource Payment Manager Upgrade for Vital VirtualNet IP AMEX CAPN Country Code. Country where the merchant bank is located. Time Zone. Time zone in which the merchant is located. Industry Code. Merchant's industry code. Zip Code. Postal code where the merchant is located. Daylight Saving Time. When selected, this setting indicates the merchant adjusts for daylight saving time. New API Fields See New API Fields for AMEX CAPN on page 106. CPM Release Notes CyberSource Corporation August

116 Chapter 17 CyberSource Payment Manager Upgrade for Vital VirtualNet SSL AMEX CAPN Upgrade for Vital VirtualNet SSL AMEX CAPN This section covers the following topics: Agreement Settings New API Fields Agreement Settings The Agreement Settings dialog was updated: one new field was added. Merchant Information Store Name. Twenty-five-character identifier for the store. The identifier should be unique. Contact Vital for this information. Store Number. Four-digit number that identifies a specific merchant store in the VirtualNet system. Contact Vital for this information. Agent Chain Number. Six-digit number that identifies the merchant's bank in the VirtualNet system. Contact Vital for this information. Agent Bank Number. Six-digit number that identifies the merchant's bank. Contact Vital for this information. CPM Release Notes CyberSource Corporation August

117 Chapter 17 CyberSource Payment Manager Upgrade for Vital VirtualNet SSL AMEX CAPN Merchant Number. Twelve-digit number that identifies the merchant in the VirtualNet system. Contact Vital for this information. Merchant Location Number. Nine-digit number that identifies the merchant location. In the United States, the five or nine digit postal code is used. Outside the United States, Vital assigns this number. Category Code. Four-digit number that identifies the merchant's industry classification. Contact Vital for this information. Terminal ID. Eight-digit point of sale tracking number. Contact Vital for this information. City. City where the merchant is located. This field is limited to 13 characters. For Direct Marketing, this field contains the Customer Service phone number. Use NNN- NNNNNNN as the format. State. State where the merchant is located. NEW FIELD: Street. Street address where the merchant is located. Authorization Information Acquirer BIN. Six-digit bank identification number assigned by Vital. Contact Vital for this information. Currency. Currency for the transactions. Language Indicator. Primary language spoken by the merchant's patrons. Terminal Number. Four-digit number identifying a unique terminal in a merchant location. Contact Vital for this information. Country Code. Country where the merchant bank is located. Time Zone. Time zone in which the merchant is located. Industry Code. Merchant's industry code. Zip Code. Postal code where the merchant is located. Daylight Savings Time. When selected, this setting indicates the merchant adjusts for daylight savings time. CPM Release Notes CyberSource Corporation August

118 Chapter 17 CyberSource Payment Manager New API Fields for AMEX CAPN New API Fields See New API Fields for AMEX CAPN on page 106. New API Fields for AMEX CAPN For the CAPN upgrade, several new API fields were added to the Purchasing Card Group: Transaction Advice Addendum Amounts Transaction Advice Addendum Quantities Retail Department Name Retail Item Descriptions Retail Item Amounts Retail Item Quantities Transaction Advice Addendum Amounts Fields: Transaction Advice Addendum Amount 1 4 Numeric Identifiers: Description: The unit cost for the corresponding Transaction Advice Addendum field. Length: 12 Data Type: Varchar API Fields: ID_TAA1_AMOUNT, ID_TAA2_AMOUNT, ID_TAA3_AMOUNT, ID_TAA4_AMOUNT Database Fields: In the TAA_TRANSACTION table: TAA1_AMOUNT, TAA2_AMOUNT, TAA3_AMOUNT, TAA4_AMOUNT CPM Release Notes CyberSource Corporation August

119 Chapter 17 CyberSource Payment Manager New API Fields for AMEX CAPN Transaction Advice Addendum Quantities Fields: Transaction Advice Addendum Quantity 1 4 Numeric Identifiers: Description: The quantity purchased for the corresponding Transaction Advice Addendum field. Length: 3 Data Type: Varchar API Fields: ID_TAA1_QTY, ID_TAA2_QTY, ID_TAA3_QTY, ID_TAA4_QTY Database Fields: In the TAA_TRANSACTION table: TAA1_QTY, TAA2_QTY, TAA3_QTY, TAA4_QTY Retail Department Name Field: Department Name Numeric Identifier: 912 Description: Name of the department where the retail transaction took place. Length: 40 Data Type: API Field: Database Field: Varchar ID_RETAIL_DEPT_NAME DEPT_NAME in the TAA_RETAIL_TRANSACTION table CPM Release Notes CyberSource Corporation August

120 Chapter 17 CyberSource Payment Manager New API Fields for AMEX CAPN Retail Item Descriptions Fields: Item 1 6 Description Numeric Identifiers: Description: Description of a retail item. Length: 19 Data Type: Varchar API Fields: ID_RETAIL_ITEM1_DESCRIPTION, ID_RETAIL_ITEM2_ DESCRIPTION, ID_RETAIL_ITEM3_DESCRIPTION, ID_RETAIL_ ITEM4_DESCRIPTION, ID_RETAIL_ITEM5_DESCRIPTION, ID_ RETAIL_ITEM6_DESCRIPTION Database Fields: In the TAA_RETAIL_TRANSACTION table: ITEM1_DESCRIPTION, ITEM2_DESCRIPTION, ITEM3_DESCRIPTION, ITEM4_DESCRIPTION, ITEM5_DESCRIPTION, ITEM5_DESCRIPTION Retail Item Amounts Fields: Item 1 6 Amount Numeric Identifiers: Description: Unit cost of the corresponding retail item. Length: 12 Data Type: Varchar API Fields: ID_RETAIL_ITEM1_AMOUNT, ID_RETAIL_ITEM2_AMOUNT, ID_RETAIL_ITEM3_AMOUNT, ID_RETAIL_ITEM4_AMOUNT, ID_RETAIL_ITEM5_AMOUNT, ID_RETAIL_ITEM6_AMOUNT Database Fields: In the TAA_RETAIL_TRANSACTION table: ITEM1_AMOUNT, ITEM2_AMOUNT, ITEM3_AMOUNT, ITEM4_AMOUNT, ITEM5_AMOUNT, ITEM6_AMOUNT CPM Release Notes CyberSource Corporation August

121 Chapter 17 CyberSource Payment Manager Additional Enhancements Retail Item Quantities Fields: Item 1 6 Quantity Numeric Identifiers: Description: Quantity purchased of the corresponding retail item. Length: 3 Data Type: Varchar API Fields: ID_RETAIL_ITEM1_QTY, ID_RETAIL_ITEM2_QTY, ID_RETAIL_ITEM3_QTY, ID_RETAIL_ITEM4_QTY, ID_RETAIL_ITEM5_QTY, ID_RETAIL_ITEM6_QTY Database Fields: In the TAA_RETAIL_TRANSACTION table: ITEM1_QTY, ITEM2_QTY, ITEM3_QTY, ITEM4_QTY, ITEM5_QTY, ITEM6_QTY Additional Enhancements The additional enhancements are: New Field for Customer Country New Field for Merchant Advice Code Automatic Settlement Collects Transactions up to the Scheduled Settlement Time Timestamp Added to FTP Log for FDMS South New Command to Clear Batch Status Date/Time Field Not Updated Following Recover Settlement Errors CPM Release Notes CyberSource Corporation August

122 Chapter 17 CyberSource Payment Manager Additional Enhancements New Field for Customer Country A new database field was added for customer country. The already-existing Bill Me Later API field was copied to the Extended Customer Information Group: Field: Customer Country Numeric Identifier: 174 Description: Two-letter ISO country code of the country in which the customer resides. See the processor specification for a list of ISO country codes. Note Customer Country is a required field for Paymentech New Hampshire International AVS transactions (Authorization transactions and Authorization and Capture transactions) if Ship To Country is not set. Length: 2 Data Type: API Field: Database Field: Varchar ID_CUSTOMER_COUNTRY CUSTOMER_COUNTRY in the CC_TRANSACTION table Previously, the Ship To Country field was a required field for Paymentech New Hampshire international AVS transactions. Now, Customer Country is used if it is present. If it is not present, then Ship To Country is used. CPM Release Notes CyberSource Corporation August

123 Chapter 17 CyberSource Payment Manager Additional Enhancements New Field for Merchant Advice Code This new database field applies to Paymentech New Hampshire and Vital. The field is the merchant advice code. The Recur Advice Code API field already existed in the Extended Information Group and will now be stored in the database: Field: Recur Advice Code Numeric Identifier: 1039 Description: Recurring payment advice code returned in the authorization response for MasterCard recurring transactions. Applies to Paymentech New Hampshire and Vital gateways. Possible values: 01: New account information available. Obtain new account information. 02: Try again later. Recycle transaction in 72 hours. 03: Do not try again. Obtain another type of payment from the customer. 21: Recurring payment cancellation. Length: 2 Data Type: API Field: Database Field: Varchar ID_RECUR_ADVICE_CODE RECUR_ADVICE_CODE in the CC_TRANSACTION table Automatic Settlement Collects Transactions up to the Scheduled Settlement Time Previously, automatic settlement collected transactions that occurred up to the time that the automatic settlement began. Now, automatic settlement collects transactions only up to the scheduled settlement time. For example, if automatic settlement is scheduled for 8:00 PM with a 5 minute window, the automatic settlement can begin any time from 8:00 PM to 8:05 PM. Previously, if the automatic settlement started at 8:03 PM, transactions that occurred up to 8:03 PM would be collected. Now, only transactions that occurred up to 8:00 PM will be collected. The collection time cuts off at 8:00 PM precisely: transactions that occurred between 8:00:01 and 8:00:59 will not be collected. CPM Release Notes CyberSource Corporation August

124 Chapter 17 CyberSource Payment Manager Issues Resolved Timestamp Added to FTP Log for FDMS South A timestamp was added to the FTP log for FDMS South. New Command to Clear Batch Status A new command has been added to the pop-up menu for the Batch Status display: Clear Batch Status. If you invoke this command for a batch status that is not 00, CPM clears the batch status by setting it to 00. The transactions in the batch will not be modified or manipulated in any way. Date/Time Field Not Updated Following Recover Settlement Errors The original design updated the settlement Date/Time field following Recover Settlement Errors. A change has been made to leave this field unaltered to reflect the Date/Time of the settlement. Issues Resolved The following issues have been resolved: Endless 5066 Error Messages Appropriate Error Message When Sequence Number Is Not Generated CPM Release Notes CyberSource Corporation August

125 Chapter 17 CyberSource Payment Manager Issues Resolved Issues with SSL Default Keystores Have Been Resolved Validation Relaxed for Switch/Solo Cards on Paymentech New Hampshire Expired Expiration Dates Supported for Paymentech New Hampshire Expired Card Processing Allowed New Error Message for Reversals for FDMS South Tax Included in Amount Settled for NOVA Transaction Code Corrected for Retail Key Entered on NOVA Endless 5066 Error Messages This issue applies to the following gateways: American Express Phoenix BA Merchant Services FDMS South Debit NOVA NOVA Debit Paymentech Tampa Previously, if you did not have any gateway settings defined for the gateway and the gateway was enabled and you started the CPM server, CPM wrote endless 5066 error messages to the error log. With this release, this issue has been resolved. Appropriate Error Message When Sequence Number Is Not Generated Previously, when you performed a transaction with the Java sample when running Java version without the local and U.S. policy jar files present, the result was 109- success even when a sequence number was not generated. With this release, the result is an error message when a sequence number is not generated. For information about the jar files: Windows: See New Java SDK and Java SSL Proxy Server in CPM Release Notes. Solaris: See New Java SDK and Java SSL Proxy Server in CPM Release Notes. CPM Release Notes CyberSource Corporation August

126 Chapter 17 CyberSource Payment Manager Issues Resolved Issues with SSL Default Keystores Have Been Resolved Previously, creating SSL default keystores did not work correctly as follows: The create_default_keystore.bat file generated an output file with the wrong name (default_server_keystore instead of default_proxy_keystore). The command rm does not exist by default in Windows, resulting in an error message. The keystore password in the create_default_keystore.bat file does not match what the ProxyServer is expecting, so the ProxyServer generates a Java error when running as a console application for debugging purposes. With this release, these issues have been resolved. Validation Relaxed for Switch/Solo Cards on Paymentech New Hampshire Field validation for the Card Issue Number on Switch/Solo cards for Paymentech New Hampshire has been relaxed to accept 0 as a valid value. Expired Expiration Dates Supported for Paymentech New Hampshire Processing of expiration dates for Paymentech New Hampshire was updated to accept four spaces (blanks) in accordance with the Paymentech New Hampshire specification. Expired Card Processing Allowed Previously, CPM did not pass transactions for expired cards to the processor even when the Allow expired card processing check box on the Admin Client's Card Type tab was checked. With this release, CPM correctly passes or prevents transactions for expired CPM Release Notes CyberSource Corporation August

127 Chapter 17 CyberSource Payment Manager Issues Resolved cards depending on if the Allow expired card processing check box is checked. This check box has been moved to the Server tab: New Error Message for Reversals for FDMS South FDMS South does not support reversals. Previously, the error message for attempted reversals was ambiguous. With this release, a new error message for attempted reversals for FDMS South has been implemented: FDMS South doesn't support reversal. Tax Included in Amount Settled for NOVA Previously for NOVA, the tax amount was not included in the amount settled. With this release, the issue has been resolved: the tax amount is included in the amount settled. Transaction Code Corrected for Retail Key Entered on NOVA The transaction code field in the authorization message has been corrected. This field is now being set to 01 for key-entered transactions. Previously, it was being set to 00, which indicated a card swipe. CPM Release Notes CyberSource Corporation August

128 Chapter 18 CyberSource Payment Manager This chapter describes enhancements for the CyberSource Payment Manager (CPM) release. Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Issues Resolved Upgrading the CPM Software Before version 6.2.2, InstallShield assumed the C drive was the installation drive when running the repair option to upgrade the CPM software. Version fixes this problem. If an installation already exists, InstallShield locates it regardless of which drive it is on and then upgrades it. If no installation exists, InstallShield installs the CPM software on the C drive by default or in the user-specified location. Return Codes for Invalid Transactions Before version 6.2.2, some invalid transactions were being rejected by the CPM Server with a return code of 0, which indicates success. This problem was first identified when a postal code field was submitted with invalid characters. For example, CUSTOMER_ ZIP=*****. Version fixes this problem by returning an appropriate return code for all invalid transactions. CPM Release Notes CyberSource Corporation August

129 Chapter 18 CyberSource Payment Manager Issues Resolved Administration Client Timeouts and Child Windows Before version 6.2.2, the CPM Administration Client crashed on Windows 2003 when it was left idle for the defined 15-minute inactivity period. The crash occurred when the Administration Client main window was left open along with one or more child windows. Windows 2003 handles windowing operations differently than previous versions of the operating system. Version fixes this problem by explicitly closing the Administration Client child windows before closing the parent window. Lost Database Connection In version 6.2.1, the CPM Administration Client lost the connection to the database when the merchant table was very large. This problem occurred because of a limit on the amount of data that could be read from the database. Version fixes this problem by removing the limit, thus allowing any amount of data to be read from the database. CPM Release Notes CyberSource Corporation August

130 Chapter 19s CyberSource Payment Manager This chapter describes enhancements for the CyberSource Payment Manager (CPM) release. Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. Enhancements NOVA Debit Controller CPM includes a controller mechanism for the NOVA Debit gateway. Debit transactions are submitted to NOVA on a terminal ID basis. Typically, each PIN pad device is assigned a unique terminal ID for which a sequential count of debit transactions is maintained. As an alternative to establishing a one-for-one relationship of PIN pad devices to terminal IDs, a controller mechanism has been developed to dynamically assign a terminal ID and its corresponding Last Record Number for each NOVA Debit transaction. The NOVA Debit Controller maintains the Last Record Number for each terminal ID in a terminal ID pool. CPM Release Notes CyberSource Corporation August

131 Chapter 19 CyberSource Payment Manager Enhancements The CPM Administration Client s Gateway Settings dialog has been updated to include values for the Controller: For information about keeping track of Terminal IDs and Last Record Numbers, see Using the Last Record Number on page 133. For more information about the NOVA Debit Controller, see the CPM NOVA Debit Controller Administration Guide. Paymentech New Hampshire Card Security Presence for MasterCard CVV support was enhanced for MasterCard for Paymentech New Hampshire. Starting with this release, the Fraud Format Record will send a 1 for the Card Security Presence if the CVV is present and if the card type is MasterCard. Non-Authenticated Electronic Commerce MasterCard Transactions Support for non-authenticated electronic commerce transactions was enhanced for MasterCard for the Paymentech New Hampshire gateway. To support this type of transaction, merchants must send the UCAF Indicator to CPM. The UCAF_INDICATOR indicates whether UCAF data was collected for a MasterCard SecureCode transaction. The possible values are: 0: UCAF data collection is not supported at your Web site. CPM Release Notes CyberSource Corporation August

132 Chapter 19 CyberSource Payment Manager Enhancements 1: UCAF data collection is supported, but UCAF data was not populated. In this case, you do not need to send the CAVV field. 2: UCAF data collection is supported and UCAF data was populated. You must send the CAVV field with the AAV (the UCAF data). CPM uses the UCAF indicator to derive the Transaction Type as follows: If UCAF_INDICATOR = 0 or 1, the transaction type (ECI Indicator) will be set to 6 (non-authenticated e-commerce transaction). If UCAF_INDICATOR = 2, the transaction type (ECI Indicator) will be set to 5 (authenticated e-commerce transaction). Verified by Visa Transactions If neither the CAVV field or XID field is sent in an authorization request, CPM will no longer send a blank VA extension record to Paymentech. If neither the CAVV field or XID field is sent in a settlement request, a blank EVI002 record will no longer be sent. BIN Ranges CyberSource strongly recommends that you send the card type with each transaction to avoid confusion caused by overlapping BIN ranges. If the card type is not sent, CPM will attempt to determine the card type based on the BIN ranges. Discover Card The Discover Card BIN range has been extended to include the following ranges: MasterCard and Diners For account numbers starting with 36, CPM will default to MasterCard if the card type is not included in the transaction request. CPM Release Notes CyberSource Corporation August

133 Chapter 19 CyberSource Payment Manager Enhancements Recurring Transactions for FDMS Nashville For FDMS Nashville, support for recurring transactions and Visa Bill Payment transactions was enhanced to comply with the latest specifications. Duplicate Transactions If CPM detects duplicate transactions, this information is returned to the merchant in the authorization response. When duplicate transaction checking is enabled, CPM determines that a transaction is a duplicate transaction if the following are all true: The transaction is approved or is currently being processed. The transaction has the same values for the following fields as another transaction in the CPM database: ACCOUNT_NUMBER AMOUNT MERCHANT_ID ORDER_NUMBER TRANSACTION_CODE The transaction is dated within seven days of the transaction that is in the database. An exception to these rules occurs if the potentially duplicate transaction does not have an order number: the order number is null and the field is empty. The CPM Server does not consider matching transactions that have matching null order numbers as duplicates. Be sure your order/entry system is filling out the order number properly. When CPM detects a duplicate transaction, the following values are returned: Authorization Response Code = E Authorization Response Message = not processed CPM Release Notes CyberSource Corporation August

134 Chapter 19 CyberSource Payment Manager Enhancements Extended Reason Codes for FDMS South A checkbox titled Enable Extended Reason Codes has been added to the Gateway Settings for FDMS South: When the Enable Extended Reason Codes checkbox is selected, the authorization response will include an extended reason code when FDMS South declines a transaction. The extended reason code will be returned in the APPROVAL_CODE API field and will be stored in the APPROVAL_CODE field in the CC_TRANSACTION table. CPM Release Notes CyberSource Corporation August

135 Chapter 19 CyberSource Payment Manager Issues Resolved Issues Resolved Memory Leak Error A memory leak in the DBUTIL encryption function has been corrected. Modifying Customer Information for a Parent Transaction Logic for modifying customer information was corrected. If a capture request includes a sequence number, the customer information in the request takes precedence over the customer information in the database. By inserting the sequence number of an authorization into the sequence number field of a reversal, capture, or void, the CPM Server looks up all detail fields of the authorization and copies them to the corresponding fields of the subsequent transaction. However, if the capture request includes any detail fields, the values in the request s fields will be used instead of the values that were sent with the authorization. Improved Robustness for Port and Invalid Data When invalid data is sent over the Administration Client port or 28883, CPM recognizes the invalid data and ignores it. CPM Release Notes CyberSource Corporation August

136 Chapter 20 CyberSource Payment Manager 6.2 This chapter describes enhancements for the CyberSource Payment Manager (CPM) 6.2 release. Upgrading from Previous Versions You can upgrade to version 6.2 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on upgrading your CPM software. New BA Merchant Services Gateway CPM 6.2 includes a new processor gateway, BA Merchant Services, which you can use to process credit cards. The gateway includes these basic features: Mail order/telephone order, and e-commerce credit card transactions using VISA, MasterCard, American Express, and Discover Address Verification Service (AVS) for VISA, MasterCard, American Express, and Discover cards Card Verification Value (CVV) for VISA, MasterCard, American Express, and Discover cards Transactions in U.S. dollars and Canadian dollars CPM Release Notes CyberSource Corporation August

137 Chapter 20 CyberSource Payment Manager 6.2 New BA Merchant Services Gateway Agreement Settings To set up the BA Merchant Services gateway, enter the agreement settings in the Administration Client s Agreement Settings dialog box: Source ID. Alpha-numeric code that is passed in the settlement file and is used to identify the merchant. Contact BA Merchant Services for this information. Merchant ID. 11-digit number that identifies the merchant. The first 3 digits are the merchant number. The next 7 digits are the store number. The last digit is a check digit. Contact BA Merchant Services for this information. Merchant Name. Name of the merchant. Address. Merchant's street address. City. City where the merchant is located. State. State where the merchant is located. Postal Code. Postal code for the merchant's location. Currency Code. Code that identifies the currency for the transactions. Country Code. Code that identifies the country where the merchant is located. CPM Release Notes CyberSource Corporation August

138 Chapter 20 CyberSource Payment Manager 6.2 New BA Merchant Services Gateway Location Type. Type of transactions that can occur at this location. Note If you are using BA Merchant Services and have terminals using different location types (for example, if you have both a credit card terminal and a phone terminal), you must define separate merchant IDs for each type of terminal. You define your merchant IDs in the Administration Client s server properties, on the Merchants tab. Tax ID. Merchant s Tax ID number. Category Code. Code that identifies the merchant's industry classification. Contact BA Merchant Services for this information. Terminal ID. Code that identifies a specific terminal at a merchant location. This field is optional and can be defaulted to Customer Service Number. Merchant phone number that a cardholder may call to receive service. The format must be NNN-NNNNNNN. AMEX Establishment Number. Merchant s American Express Establishment Number. This number is required only when a different establishment number is assigned to each merchant store location. If the same establishment number is used for all locations, this field can be left blank. Discover Establishment Number. Merchant s Discover Establishment Number. This number is required only when a different establishment number is assigned to each merchant store location. If the same establishment number is used for all locations, this field can be left blank. Business Type. Code for the incorporation status of the business. CPM Release Notes CyberSource Corporation August

139 Chapter 20 CyberSource Payment Manager 6.2 New BA Merchant Services Gateway Gateway Settings To set up the BA Merchant Services gateway, enter the gateway settings in the Administration Client s Gateway Settings dialog box: Online Settings Online Transaction Host. IP address of the processor's server to which CPM connects for authorizations. Contact BA Merchant Services for this information. Online Transaction Port. IP port to which the processor's server listens. Contact BA Merchant Services for this information. Online Transaction Timeout (seconds). Timeout limit for online authorizations. Minimum is 30 seconds; maximum is 300 seconds. FTP Settings FTP Host. Host name or IP address of the processor's server to which CPM connects for settlement. Contact BA Merchant Services for this information. FTP Port. IP port to which the processor's server listens. Contact BA Merchant Services for this information. FTP User ID. User ID for the FTP session. Contact BA Merchant Services for this information. CPM Release Notes CyberSource Corporation August

140 Chapter 20 CyberSource Payment Manager 6.2 Enhancement: NOVA Gateway FTP Password. Password for the FTP session. Contact BA Merchant Services for this information. Output File Path. Path that specifies where the Settlement Batch Files and FTP Status Log are created and stored on the CPM server. CyberSource recommends that you use a folder below the CPM Server installation directory, such as C:\Program Files\CyberSource\PaymentManager\Server\BAMS_FTP. The files will automatically be hidden. If you are using a Windows-based CPM Server, make sure to configure the folder that holds these files so that it does not display hidden files (in Windows file Explorer, navigate to the folder, click Tools > Folder Options... and go to the View tab, then select the radio button for Do not show hidden files and folders). Filename. Filename for the settlement file when it is stored on the BA Merchant Services FTP server. Contact BA Merchant Services for your assigned data set name. Keep Settlement Batch files for? days. How long CPM keeps the settlement batch files on the hard drive before automatically deleting them. Enable FTP. When FTP is enabled, the CPM Server transfers the settlement batch files to BA Merchant Services using FTP. When FTP is not enabled, CPM creates the settlement batch files but does not transfer them to BA Merchant Services. FTP is usually not enabled during testing when it is not necessary for the file to be submitted to BA Merchant Services for processing. Enhancement: NOVA Gateway Support for American Express CAPN was added to the NOVA gateway. The 602 record in the settlement file is now included for each American Express transaction. CPM Release Notes CyberSource Corporation August

141 Chapter 21 CyberSource Payment Manager 6.1 This chapter lists enhancements for the CyberSource Payment Manager (CPM) 6.1 release. See the CPM Setup Guide for information about installing CPM for the first time. Upgrading from Previous Versions You can upgrade to version 6.1 from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on how to upgrade your CPM software. New NOVA Debit Gateway CPM 6.1 includes a new processor gateway: NOVA Debit. CPM now has two NOVA gateways: the original NOVA gateway for credit cards and this new NOVA Debit gateway, which is for PIN-based debit cards. PIN-based debit cards are used in retail, card-present environments. To use a debit card as method of payment, the customer swipes the card and then enters a personal identification number (PIN). If the merchant supports it, the customer may also request to receive cash back from the transaction. The authorization is processed online immediately through a debit network. Unlike credit cards, the customer does not sign a receipt to authorize the transaction. To process PIN-based debit cards with NOVA, you must have a PIN pad that is compatible with DUKPT PIN encryption. The PIN pad must also contain the appropriate encryption key from NOVA. CPM Release Notes CyberSource Corporation August

142 Chapter 21 CyberSource Payment Manager 6.1 New NOVA Debit Gateway Processing a PIN-based Debit To process the debit card, you must use the combined Authorization and Capture transaction. The following table lists the fields you need to provide and whether they are required or optional. For more information about the fields, see the CPM API Reference Guide. Table 15 PIN-Based Debit Authorization and Capture Input Fields Field Name and Identifier Merchant ID (ID_MERCHANT_ID 51) Amount (ID_AMOUNT 103) Card Type (ID_CARD_TYPE 104) Track 2 Data (ID_TRACK_2_DATA 251) Last Record Number (ID_LAST_RECORD_NUMBER 2100) PIN Block (ID_PIN_BLOCK 252) Key Sequence Number (ID_KEY_SEQUENCE 253) Terminal Fee (ID_TERMINAL_FEE 254) Cash Back Amount (ID_CASH_BACK_AMOUNT 138) Required or Optional Required Required Required Required Required Required Required Optional Optional Comment The amount for the transaction. Set to 029 for a debit card. Track 2 data from the customer s card. The expected last record number assigned to that particular transaction in the TID s daily batch. See Using the Last Record Number on page 133. The terminal receives the encrypted PIN from the PIN pad. The terminal receives the key sequence number from the PIN pad. Remove any leading F s before sending the value. Any terminal fee that you charge for the transaction. Note The Amount that you provide for the debit card s Authorization and Capture should include the Terminal Fee. The amount of cash back for the transaction. Note The Amount that you provide for the debit card s Authorization and Capture should include the Cash Back Amount. CPM Release Notes CyberSource Corporation August

143 Chapter 21 CyberSource Payment Manager 6.1 New NOVA Debit Gateway Table 15 PIN-Based Debit Authorization and Capture Input Fields Field Name and Identifier Card Present Flag (ID_CARD_PRESENT_FLAG 350) Customer Present Flag (ID_CUSTOMER_PRESENT_FLAG 350) POS Entry Mode (ID_POS_ENTRY_MODE 353) Terminal Capability (ID_TERMINAL_CAPABILITY 351) Terminal Type (ID_TERMINAL_TYPE 352) Required or Optional Required Required Required Required Required Comment Set this value to 1, which indicates that the card is present. Set this value to 0, which indicates that the customer is present. Set this value to 2, which signifies track 2. POS terminal capability used in transaction. See the CPM API Reference Guide for the possible values for this field. POS terminal type used in transaction. See the CPM API Reference Guide for the possible values for this field. In the response, these fields contain particular information pertinent to the transaction: Table 16 PIN-Based Debit Authorization and Capture Output Fields Field Name Sequence Number (ID_SEQUENCE_NUMBER 105) Comments A unique number assigned to each transaction by CPM. This sequence number provides an index to refer to the transaction and references authorization information stored in the CPM database. Do not confuse this with the Last Record Number (see below). CPM Release Notes CyberSource Corporation August

144 Chapter 21 CyberSource Payment Manager 6.1 New NOVA Debit Gateway Table 16 PIN-Based Debit Authorization and Capture Output Fields Field Name Last Record Number (ID_LAST_RECORD_NUMBER 2100) Authorization Response Code (ID_AUTH_RESPONSE_CODE 107) Authorization Response Message (ID_AUTH_RESPONSE_MESSAGE 108) Approval Code (ID_APPROVAL_CODE 106) Retrieval Reference Number (ID_RETRIEVAL_REFERENCE_NUMBER 130) Return Code Message (ID_RETURN_CODE_MESSAGE 109) Processor Authorization Response Code (ID_PROCESSOR_AUTH_RESPONSE_CODE 401) Comments If the Authorization Response Message (see below)=seq ERR PLS CALL, then this field contains the number that you should have provided in the Last Record Number when you submitted the request. Resubmit the request with this value as the Last Record Number. If the authorization was approved, this field contains the number that you should provide as the Last Record Number for the next transaction you submit (either sale or return). See Using the Last Record Number on page 133. Indicates whether the transaction is approved. See the CPM API Reference Guide for the possible values for this field. A text message supplied by the financial processor or CPM Server describing the results of the authorization request. If this value=seq ERR PLS CALL, you are out of sync with NOVA on the Last Record Number for the TID. Resubmit the request and use the Last Record Number NOVA provided in the reply as the Last Record Number for the resubmitted request. See Using the Last Record Number on page 133. The 6-digit authorization code returned by the processor. Contains an 8-digit reference number associated with the transaction. You need to provide this number when you do a return. A description of the return code supplied from the CPM API function call. The processor-specific raw authorization response code. CPM Release Notes CyberSource Corporation August

145 Chapter 21 CyberSource Payment Manager 6.1 New NOVA Debit Gateway Using the Last Record Number Debit transactions are submitted to NOVA on a Terminal ID (TID) basis. Typically, each PIN pad device is assigned a unique TID for which a sequential count of debit transactions is maintained. You need to assign a TID to each PIN device and keep track of the Last Record Number for each TID as follows: NOVA batches PIN-based transactions by TID on a daily basis. For each TID that you have, NOVA assigns a Last Record Number to each transaction (each sale or return) in the TID s daily batch. The Last Record Number is 0 for the first transaction in the TID s daily batch and increments by 1 for each subsequent transaction. After the TID s daily batch is closed, the numbering again starts with 0 for the first transaction in the TID s next batch. You must provide the Last Record Number API field for each transaction. You will not know when NOVA closes the TID s batch, so you will not know when the numbering starts again at 0. However, NOVA replies to each transaction with the Last Record Number that you should use for the next transaction that you send for that TID. When a TID s batch closes, the reply for the next transaction will have a 1 as the Last Record Number, indicating that the transaction you just sent was the first transaction (the 0 transaction) for the TID s new batch. Use Last Record Number=1 for the next transaction that you send. To stay in sync with NOVA for each TID, store the most recent Last Record Number sent by NOVA for that TID. Use the stored number as the Last Record Number for the next transaction you submit for the TID. If you get out of sync with NOVA and submit a Last Record Number that NOVA does not expect for the TID, you will receive Authorization Response Message=SEQ ERR PLS CALL. The Last Record Number that NOVA replies with is the one they expected to receive. You do not need to call NOVA; all you need to do is resubmit the transaction with the Last Record Number that NOVA provided in the reply. This error does not occur when you send the first transaction of a batch with a value other than the expected 0; NOVA will accept that transaction (assuming you supply the rest of the required information correctly) and will reply with Last Record Number=1. Processing a Refund With the NOVA Debit gateway, if you need to process a refund for a PIN-based debit transaction, you use CPM s Return transaction. With a return, CPM needs the track data and the terminal setup information as you provided it in the sale request. You also need to provide the Last Record Number with the expected value (see Using the Last Record Number on page 133). Lastly, you need to provide the Retrieval Reference Number from the original debit sale transaction. Note that for PIN-based debit card returns with NOVA, CPM Release Notes CyberSource Corporation August

146 Chapter 21 CyberSource Payment Manager 6.1 New NOVA Debit Gateway you do NOT need to provide the CPM Sequence Number that you received in the debit reply. CPM does not use that information for the Return. The following table lists the API fields to use and whether they are required or optional. Table 17 PIN-Based Debit Return Input Fields Field Name and Identifier Merchant ID (ID_MERCHANT_ID 51) Last Record Number (ID_LAST_RECORD_NUMBER 2100) Retrieval Reference Number (ID_RETRIEVAL_REFERENCE_ NUMBER 130) Card Type (ID_CARD_TYPE 104) Required or Optional Required Required Required Required Comment The expected last record number assigned to that particular transaction in the TID s daily batch. See Using the Last Record Number on page 133. Must contain the 8-digit Retrieval Reference Number that you received in the reply for the debit sale transaction. Set to 029 for a debit card. Amount (ID_AMOUNT 103) Required The amount of the refund. Track 2 Data (ID_TRACK_2_DATA 251) PIN Block (ID_PIN_BLOCK 252) Key Sequence Number (ID_KEY_SEQUENCE 253) Card Present Flag (ID_CARD_PRESENT_FLAG 350) Customer Present Flag (ID_CUSTOMER_PRESENT_FLAG 350) POS Entry Mode (ID_POS_ENTRY_MODE 353) Required Required Required Required Required Required Track 2 data from the customer s card. The terminal receives the encrypted PIN from the PIN pad. The terminal receives the key sequence number from the PIN pad. Remove any leading F s before sending the value. Set this value to 1, which indicates that the card is present. Set this value to 0, which indicates that the customer is present. Set this value to 2, which signifies track 2. CPM Release Notes CyberSource Corporation August

147 Chapter 21 CyberSource Payment Manager 6.1 New NOVA Debit Gateway Table 17 PIN-Based Debit Return Input Fields (Continued) Field Name and Identifier Terminal Capability (ID_TERMINAL_CAPABILITY 351) Terminal Type (ID_TERMINAL_TYPE 352) Required or Optional Required Required Comment POS terminal capability used in transaction. See the CPM API Reference Guide for the possible values for this field. POS terminal type used in transaction. See the CPM API Reference Guide for the possible values for this field. For the response, you receive the same reply fields that you received for the original debit transaction (see Table 16 on page 131). Agreement Settings When you set up the NOVA Debit gateway, you enter the agreement settings in the Administration Client s agreement settings dialog box, shown below: Bank Number. Number that identifies your settlement institution. Contact NOVA for this information. Terminal ID. Number that identifies a specific terminal at the merchant location. Contact NOVA for this information. Merchant Number. Your NOVA merchant number. Contact NOVA for this information. Important If you are using NOVA and have terminals using different location types (for example, if you have both a retail terminal and a phone terminal), you must define separate merchant IDs for each type of terminal. Define your merchant IDs in the Administration Client s server properties on the Merchants tab. CPM Release Notes CyberSource Corporation August

148 Chapter 21 CyberSource Payment Manager 6.1 New NOVA Debit Gateway Merchant FI Number. Your Financial Institution number. Contact NOVA for this information. If you do not provide the value here, CPM uses the value in the gateway settings. Location Type. The location of the terminal. The drop-down list offers many choices, but only the following selections are valid for NOVA Debit: Retail POS Unattended POS Gateway Settings When you set up the NOVA Debit gateway, enter the gateway settings in the Administration Client s gateway settings dialog box: Online Transaction Host. The hostname or IP address of the processor s server that CPM connects to for online transactions such as authorizations. Online Transaction Port. The IP port to which the processor s server listens. Online Transaction Timeout. Timeout for online transactions. CPM Release Notes CyberSource Corporation August

149 Chapter 21 CyberSource Payment Manager 6.1 Enhancements Enhancements Parameters for the Settlement Wake Up Interval By default, the Settlement Manager is scheduled to wake up every 5 minutes to determine if settlement conditions have been met. This enhancement lets you schedule the Settlement Manager to wake up less frequently by setting the wake up interval. The minimum value for the wake up interval is 5 minutes. Two new parameters in the cpm.cfg file allow you to control the wake up interval: SettlementWakeupDisabled defaults to false, which causes the Settlement Manager to use the value of SettlementWakeupInterval to periodically wake up. When SettlementWakeupDisabled is true, the wait time is set to INFINITE and the Settlement Manager does not wake up periodically. Instead, the Settlement Manager wakes up when a Settle Now, Settle Lost Batch, or Shutdown command is issued. SettlementWakeupInterval defaults to 5 minutes. The Settlement Manager uses this value only if SettlementWakeupDisabled is false. Options for Encryption The ENCRYPT function in the CPM Database Utility has been enhanced with new options that allow you to specify a date and time range for the encryption. These options let you encrypt the portion of your CC_TRANSACTION table that corresponds to the specified range instead of encrypting the entire table. If you do not set values for these new options, ENCRYPT will encrypt all of the CC_TRANSACTION table. To use this new feature: 1 Click ENCRYPT on the CPM Database Utility s main screen. CPM Release Notes CyberSource Corporation August

150 Chapter 21 CyberSource Payment Manager 6.1 Enhancements The Database Utility displays the Update CPM Database Encryption Key dialog: 2 Choose one or both of the Selected date options and enter the desired dates and times. 3 Enter the New Key Serial Number. 4 Click OK. Lower Transaction Amounts for Paymentech Processing for American Express, Discover, Diners Club, and Carte Blanche cards through the Paymentech gateway has been enhanced to allow authorizations, returns, and captures for transaction amounts less than one dollar. Online Transaction Timeout Online Transaction Timeout is a value you can set on the Gateway Settings screen for the NOVA, Paymentech Tampa, and FDMS South Debit gateways. Starting with this release, the minimum value is 30 seconds, which is the default. Multiple Batch Files While the CPM Server is processing multiple batch files, an error in one batch file prevents the other batch files from being processed. This enhancement lets you direct the CPM Server to skip over the failed batch file and process subsequent batch files. CPM Release Notes CyberSource Corporation August

151 Chapter 21 CyberSource Payment Manager 6.1 Issues Resolved OverrideBatchError is a new parameter in the cpm.cfg file that lets you control the batch override: false is the default, which causes the CPM Server to stop processing batch files when an error occurs. true enables the batch override. Batch Status for the NOVA Gateway Previously, Batch Status=COMPLETE signified that the settlement file was created and stored locally. With this release, Batch Status=COMPLETE also signifies that the settlement file was successfully transmitted by means of FTP. Issues Resolved Issues Resolved for the NOVA Gateway Amount Field in the Settlement Record Prior to this release, the amount fields in the 501 and 602 records were set to the same value. With this release, the amount field in the 602 record reflects the original authorized amount and the amount field in the 501 record reflects the purchase amount. These two amounts are not necessarily the same because in card-not-present environments your purchase amount may be less than your original authorized amount. FI Number The way the FI number for the NOVA gateway is formatted has been changed. Now it is right justified and zero filled if less than 100. CPM Release Notes CyberSource Corporation August

152 Chapter 22 CyberSource Payment Manager This chapter lists enhancements for the CyberSource Payment Manager (CPM) release. See the CPM Setup Guide for information about installing CPM for the first time. Upgrading from Previous Versions You can upgrade to version from previous 6.x, 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on how to upgrade your CPM software. Enhancements New API Field for Payer Authentication CPM includes a new field for use with MasterCard SecureCode payer authentication. The field is called UCAF Indicator (ID_UCAF_INDICATOR 467). Currently the field is used only by the FDMS Nashville and Vital gateways. For information about the field s use with FDMS Nashville, see Payer Authentication on page 141; for Vital, see Payer Authentication for the Vital Gateway on page 142. CPM Release Notes CyberSource Corporation August

153 Chapter 22 CyberSource Payment Manager Enhancements Enhancements to the FDMS Nashville Gateway American Express and Discover CID CPM supports usage of the American Express and Discover card verification number (called the CID) on the FDMS Nashville gateway. Note that American Express does not return a card verification response code. If the card fails the card verification check, American Express refuses the card without indicating that it was because of the card verification failure. CVV Indicator CPM supports usage of the CVV Indicator field (ID_CVV_INDICATOR 167) for VISA, MasterCard, and Discover with the FDMS Nashville gateway. For information about the field, see the CPM API Reference Guide. Payer Authentication CPM supports Verified by VISA and MasterCard SecureCode for the FDMS Nashville gateway. Use these API fields to provide the payer authentication data in the authorization or sale request: For Verified by VISA ECommerce Type CAVV For MasterCard SecureCode ECommerce Type UCAF Indicator CAVV ECommerce Type. Use one of these values to indicate the type of payer authentication transaction: 03: Successful Verified by VISA transaction. 04: Attempted Verified by VISA transaction (you attempted but the transaction was not authenticated). 05: MasterCard SecureCode transaction. UCAF Indicator. Indicates whether the UCAF data was collected for a MasterCard SecureCode transaction. The field is required when ECommerce Type=05. Use one of these values: CPM Release Notes CyberSource Corporation August

154 Chapter 22 CyberSource Payment Manager Enhancements 1: UCAF data collection is supported, but UCAF data was not populated. You are not required to provide the CAVV field. 2: UCAF data collection is supported, and UCAF data was populated. You must also send the CAVV field with the AAV (UCAF data). CAVV. Cardholder Authentication Verification Value used for payer authentication. Use this field for the Verified by VISA CAVV and for the MasterCard SecureCode AAV (also referred to as the UCAF data). For Verified by VISA transactions with FDMS Nashville, you must send the value in hex binary format. For MasterCard SecureCode transactions with FDMS Nashville, you must send the value in base64 format. See the CPM API Reference Guide for more information about these API fields. Payer Authentication for the Vital Gateway CPM supports Verified by VISA and MasterCard SecureCode for the Vital gateway. Use these API fields to provide the payer authentication data in the authorization or sale request: For Verified by VISA ECommerce Type CAVV XID (optional) For MasterCard SecureCode ECommerce Type UCAF Indicator CAVV ECommerce Type. Use one of these values to indicate the type of payer authentication transaction: 03: Successful Verified by VISA transaction. 04: Attempted Verified by VISA transaction (you attempted but the transaction was not authenticated). 05: MasterCard SecureCode transaction. UCAF Indicator. Indicates whether the UCAF data was collected for a MasterCard SecureCode transaction. The field is required when ECommerce Type=05. Use one of these values: 0: UCAF data collection is not supported at your Web site. 1: UCAF data collection is supported, but UCAF data was not populated. You are not required to provide the CAVV field. CPM Release Notes CyberSource Corporation August

155 Chapter 22 CyberSource Payment Manager Enhancements 2: UCAF data collection is supported, and UCAF data was populated. You must also send the CAVV field with the AAV (UCAF data). CAVV. Cardholder Authentication Verification Value used for payer authentication. Use this field for the Verified by VISA CAVV and for the MasterCard SecureCode AAV (also referred to as the UCAF data). For Vital, you must send the value in hex binary format. XID. Use this field for the Verified by VISA XID. For Vital, the XID is optional, but if you provide it, you must send the value in hex binary format. See the CPM API Reference Guide for more information about these API fields. CPM Release Notes CyberSource Corporation August

156 Chapter 23 CyberSource Payment Manager 6.0 This chapter lists enhancements for the CyberSource Payment Manager (CPM) 6.0 release. See the CPM Setup Guide for information about installing CPM for the first time. Upgrading from Previous Versions You can upgrade to version 6.0 from previous 5.x, 4.x, and 3.x versions. See the CPM Setup Guide for instructions on how to upgrade your CPM software. Important If you are using a Unix-based CPM Server, the default installation path for the CPM software has changed with CPM 6.0 to: /opt/cybersource/payment_manager/server Minimum Requirement for Windows Systems CPM 6.0 supports Windows Server 2000 and newer. Summary of Enhancements The focus of the CPM 6.0 release is on enhancements that help you meet PCI compliance requirements. The term PCI refers to the Payment Card Industry (PCI) Data Security Standard. PCI gives common industry security requirements for safeguarding cardholder data (see for more information). If you do not become compliant with these requirements, the card associations or your acquirer may choose to impose fines or restrictions on you. CPM Release Notes CyberSource Corporation August

157 Chapter 23 CyberSource Payment Manager 6.0 Summary of Enhancements Important Also read the CPM PCI Compliance Guide to understand how to implement and configure CPM 6.0 to help you meet PCI requirements. The list below summarizes the changes in CPM 6.0. See the subsequent sections for more details. Database Encryption. With CPM 6.0, the method for generating the database encryption key has changed, and for Windows-based CPM Servers, the method for storing the key has changed. Also with 6.0, database encryption is turned on by default for new CPM users installing CPM for the first time. See Database Encryption on page 146. Administrator Password Management. CPM 6.0 requires more rigorous password management. This includes the use of complex passwords with expiration dates, temporary lockout from the Administration Client after multiple unsuccessful attempts, and other features. CPM 6.0 also handles the management of administrator accounts differently. See Administrator Account Management on page 153. Removal of Automatic Connect Feature. With CPM 6.0, you can no longer have the Administration Client automatically connect to one or more CPM Servers. For security purposes, you must log in to each CPM Server manually. See Removal of Automatic Connect Feature on page 156. Administration Client Automatic Close. CPM 6.0 now automatically closes the Administration Client if the system running the Administration Client is left idle for more than 15 minutes. See Administration Client Automatic Close on page 156. Administration Client Activity Log. CPM 6.0 includes a new log that records all administrator use of the Administration Client. See Administration Client Activity Log on page 156. Database Utility Activity Log. CPM 6.0 includes a new log that records all use of the Database Utility. See Database Utility Activity Log on page 157. SSL Encryption. With CPM 6.0, if you are using the C Solaris API, C Windows API, or Active X API, you are now able to generate your own SSL encryption keys (users of the Java API could already generate their own). See SSL Encryption on page 158. CPM Security. With CPM 6.0, CPM Security (where CPM requires a username and password to process transactions) is turned on by default for new CPM users installing CPM for the first time. See CPM Security on page 163. Settlement Files. With CPM 6.0, for gateways that use FTP to transfer settlement information to the processor, the settlement files are now hidden in the file system after FTP is complete. Also, you can now configure CPM to automatically delete the settlement files after a certain number of days. See Settlement File Management on page 164. CPM Release Notes CyberSource Corporation August

158 Chapter 23 CyberSource Payment Manager 6.0 Database Encryption Database Encryption With CPM 6.0, three things have changed regarding database encryption: Whether encryption is automatically enabled: With 6.0, the database encryption feature is still an option (and you must use the feature to be PCI compliant; see the CPM PCI Compliance Guide for information about PCI). However, prior to version 6.0, the database encryption option was automatically disabled when you installed the CPM software for the first time. With 6.0, it is automatically enabled if you are installing the software for the first time. If you are upgrading to 6.0, it is set the same way it was set prior to the upgrade. Depending on which type of user you are, this affects you differently (see How Do These Changes Affect You? on page 147). How the database encryption keys are generated: CyberSource no longer generates them for you; you can generate them yourself with a tool provided with CPM 6.0. See New Key Management Tool on page 147. Where you store the database encryption keys (this change affects Windowsbased CPM Servers only): For Windows-based CPM Servers, the keys no longer need to be in the Server directory. Instead, they must be imported into the CPM Server s registry at this location: HKEY_LOCAL_MACHINES\SOFTWARE\ CyberSource\Keystore. You can do this with the new tool provided with CPM 6.0. For merchants with Windows-based CPM Servers, this new key management tool lets you import your key from the key file to the registry and export it from the registry back to a key file. It also lets you delete keys from the registry, back up multiple keys from the registry to a batch file, and restore multiple keys from a batch file to the registry. CPM Server Registry CPM Server Registry Imported key Imported keys Export Import Back up Restore Key File <serial number>.key Backup Batch File <name>.dat CPM Release Notes CyberSource Corporation August

159 Chapter 23 CyberSource Payment Manager 6.0 Database Encryption How Do These Changes Affect You? If you are an existing CPM merchant using a Windows-based CPM Server, you are upgrading to 6.0, and you are already using database encryption, you must import your existing database encryption key into the CPM Server s registry. See Importing Your Existing Key (for Merchants Upgrading to 6.0) on page 151. If you are an existing CPM merchant upgrading to 6.0, and you were not previously using database encryption but want to start using it, database encryption will automatically be disabled. You need to enable it and set it up. See the CPM Database Utility Guide for instructions. If you are a new CPM user installing CPM 6.0 (without a pre-6.0 version being installed), database encryption is enabled by default. You still need to set it up, and steps for doing that are included in the installation process in the CPM Setup Guide. You can also reference the CPM Database Utility Guide for instructions. Split-Knowledge Keys The new key generation tool that comes with CPM 6.0 uses a split-knowledge technique that ensures that the key is under the control of two or more people. During key generation, two different people are required to provide passphrases separately. The key is generated based on those passphrases and can be reconstructed if needed with the passphrases. Each person must memorize his or her own passphrase and may not tell anyone the phrase at any time. You need two key custodians to provide passphrases. You also need to create a system whereby those two passphrases can be securely stored and retrieved in the event the key needs to be reconstructed and both of the key custodians are not available. For further best practices for managing your database encryption keys, see the database encryption section in the CPM Database Utility Guide. New Key Management Tool The 6.0 software includes a new Windows-based tool called DBKeyGenerator.exe that you use to create, import, export, delete, back up, and restore your database encryption keys. The tool is located in the Server directory, which is inside the CPM installation directory. With the tool you can: Generate a new key and either immediately import it into the registry (for Windows-based CPM Servers) or save it to a file (for Unix-based CPM Servers). CPM Release Notes CyberSource Corporation August

160 Chapter 23 CyberSource Payment Manager 6.0 Database Encryption Import an existing key into the registry from a key file. If you are using a Windows-based CPM Server, are upgrading to CPM 6.0, and are already using database encryption, you use this function to import your existing database encryption key into the registry. You do not need to create a new key. Or, if you are just now enabling database encryption for the first time and have multiple Windows-based CPM Servers, you use the import function to import your new database encryption key into the registry of each CPM Server. You can also use this function to re-import the key to the registry (from a backup key file) if your CPM Server s registry settings are somehow corrupted or lost. Export an existing key from the registry to a key file. If you are just now enabling database encryption and have multiple Windowsbased CPM Servers, you use this function to create the key file that you then import into the registry of each CPM Server. You can also use this function to create a backup file for a single encryption key that you then securely store outside the CPM Server. Delete an existing key from the registry. If you have multiple encryption keys, back up all of the keys in the registry to one batch file. The backup batch file can be used to restore your keys in an emergency if your CPM Server s registry settings are somehow corrupted or lost. If you have multiple encryption keys, restore all of the keys from a backup batch file to the registry. Note that the registry must be empty (and have no database keys already stored in it) for the restore function to work properly. Generating a New Key If you are upgrading to CPM 6.0 and were already using database encryption, you do not need to generate a new key. If you are using a Windows-based CPM Server, you simply need to import your existing key into the registry (see Importing Your Existing Key (for Merchants Upgrading to 6.0) on page 151). If you have not used database encryption before and want to start using it now, you must generate a new database encryption key with the procedure below. The instructions apply to both Windows-based and Unix-based CPM Servers. CPM Release Notes CyberSource Corporation August

161 Chapter 23 CyberSource Payment Manager 6.0 Database Encryption 1 On any CPM Server (if using a Unix-based CPM Server, instead go to the Windows system where the Administration Client is installed), go to the Server directory and double-click DBKeyGenerator.exe. The menu is displayed. 2 Click Generate New Key. 3 When prompted for the first passphrase, have the first person enter the first passphrase. 4 When prompted for the second passphrase, have the second person enter the second passphrase. CPM Release Notes CyberSource Corporation August

162 Chapter 23 CyberSource Payment Manager 6.0 Database Encryption The tool creates the key and displays the 8-character serial number (686F7573 in this example). 5 Write down the serial number, which you will need later when you set up the CPM Server(s) to use database encryption. You then have the option to save the key to the registry now or save it to a file. a b If you are using a Unix-based CPM Server, select Write to File, and the file is written to the Server directory of the Windows-based system. If you are using a Windows-based CPM Server, select Write to Registry and the key is automatically imported into the registry. 6 If you are using a Unix-based CPM Server, copy the key file from the Windowsbased system to the Server directory on each CPM Server, and change the permissions for each instance of the key file so that no one can access the file. 7 If you are using multiple Windows-based CPM Servers, import the key into the registries of all of the CPM Servers: a b c d e f On the first CPM Server, in the key tool menu, click Export Key. When prompted, select the key you want to export and click OK. When the Save As dialog box opens, click Save (do not change the name of the file). The database encryption key file is saved to the Server directory on the CPM Server as <serial number>.key. Copy the key file to the Server directory on each of the other CPM Servers. On each CPM Server, run the DBKeyGenerator.exe tool and click Import Key to import the key from the key file. Delete the key file from the Server directory on each of the CPM Servers. CPM Release Notes CyberSource Corporation August

163 Chapter 23 CyberSource Payment Manager 6.0 Database Encryption You have generated your database encryption key file (and imported it into the registry on Windows-based CPM Servers). This is the main procedural change for setting up database encryption that has occurred with the release of CPM 6.0. For the complete instructions for setting up database encryption, see the CPM Database Utility Guide. Importing Your Existing Key (for Merchants Upgrading to 6.0) If you are using a Windows-based CPM Server, are upgrading to CPM 6.0, and are already using database encryption, you simply need to import your existing database encryption key into the registry. You must also delete the existing key file from the file system on the CPM Server. 1 On any CPM Server, go to the Server directory and copy the database encryption key file from the Server directory to a secure storage device. This is your backup copy of the key file. 2 Return to the Server directory on the CPM Server and double-click DBKeyGenerator.exe. 3 In the menu, click Import Key. 4 In the dialog box that is displayed, navigate to the Server directory and doubleclick the database encryption key that you want to import. The key is imported to the registry. You can confirm that the key was imported by clicking Export Key in the menu. You should see the key in the list of keys in the registry that are available to export. 5 Click Exit to close the tool. 6 Delete the database encryption key file from the Server directory, as it is no longer needed there. 7 If you are using multiple CPM Servers, import the key into the registry on each CPM Server by repeating steps 2 6 above on each CPM Server. You have imported the key into the registry and removed the key file from the Server directory where it is no longer needed. Deleting a Key from the Registry If you are using a Windows-based CPM Server, you can delete a key from the registry with this procedure: 1 Go to the Server directory on the CPM Server and double-click DBKeyGenerator.exe. CPM Release Notes CyberSource Corporation August

164 Chapter 23 CyberSource Payment Manager 6.0 Database Encryption 2 In the menu, click Delete Key. 3 When prompted, select the key you want to delete and click Delete. The key is deleted from the registry. Backing Up Your Key(s) If you are using a Windows-based CPM Server, you must create a backup of your database encryption key(s) in the event that something happens to the registry settings of your CPM Server and your keys are lost. 1 Run the DBKeyGenerator.exe tool. 2 If you have only one active key: a In the menu, click Export Key. b Select the key you want to export and click OK. c When the Save As dialog box opens, click Save (do not change the name of the file). The database encryption key file is saved to the Server directory on the CPM Server. 3 If you have multiple active keys: a In the menu, click Backup. b When the Save As dialog box opens, enter the name of the backup batch file (for example, key_backup). The backup batch file is saved to the Server directory on the CPM Server. 4 Copy the single key file or backup batch file to a secure storage device as a backup. 5 Delete any copies of the file so that the file does not reside anywhere on any of your CPM Servers. You have backed up your key(s). Restoring Your Key(s) Important The registry must be empty (and have no database encryption keys already stored in it) for the restore function to work properly. CPM Release Notes CyberSource Corporation August

165 Chapter 23 CyberSource Payment Manager 6.0 Administrator Account Management If you are using a Windows-based CPM Server and need to restore your keys from a key file or backup batch file: 1 Retrieve your file from wherever you have it safely stored and copy it to the Server directory on the CPM Server. 2 Run the DBKeyGenerator.exe tool. 3 If you are restoring a single key file (<serial number>.key): a In the menu, click Import Key. b Select the key to import and click Open. The key is restored to the registry. 4 If you are restoring multiple keys from a backup batch file (<filename>.dat): a In the menu, click Restore. b Select the batch file to import and click Open. The keys in the batch file are restored to the registry. 5 Repeat the above steps on each CPM Server you are using. 6 Delete any copies of the key file so that the file does not reside anywhere on any of your CPM Servers. You have restored your key(s). Administrator Account Management With the release of CPM 6.0, management of administrator accounts has changed. This was done to enforce secure password rules. With 6.0, the default administrator account (cpm_local_admin) is still available. However, when you upgrade to 6.0, the default password (changeoninstall) will be reinstated for this account. The first time you log in to the Administration Client you must change the password for cpm_local_admin to a secure password. Make sure to remember this new password, as the only way you can restore the default password is to reinstall the CPM software. With CPM, you can create your own administrator accounts. Prior to CPM 6.0, you did this by going to the Administration Client, connecting to a CPM Server, opening the Security tab in the server s properties, and adding a new user to the Security group called Administrators. All management of administrators (creating, deleting, changing CPM Release Notes CyberSource Corporation August

166 Chapter 23 CyberSource Payment Manager 6.0 Administrator Account Management passwords) was done there. The username and password information for administrators was stored in the CPM database. Now with CPM 6.0, you create a new administrator by using a command-line tool called AcctMaint.exe. All management of administrators (creating, deleting, changing passwords) is done with this tool. The username and password information for administrators is now stored outside the CPM database in a special file called cpm_admin, which resides in the Server directory. If you have multiple CPM Servers, you need to place a copy of that file in the Server directory on each CPM Server and keep the files synchronized. If you make changes to the cpm_admin file on one CPM Server (for example, if you add a new administrator or change an administrator s password), you need to copy the updated cpm_admin file to all of your CPM Servers. Although administrators are managed differently with 6.0, the CPM Security group called Administrators still exists if you upgrade from a previous CPM version. When you upgrade to 6.0, any users that were part of the Administrators Security group prior to 6.0 still exist for the purposes of the CPM Security functionality and still have their account information stored in the CPM database. However, those users can no longer log in to the Administration Client unless you create administrator accounts for them with the AcctMaint.exe tool. CPM was changed with version 6.0 so that new merchants installing CPM 6.0 for the first time will not see a default Administrators Security group in the Administration Client s Security tab. With 6.0, that default group has been removed for new installations. See the next few sections for more details about the changes discussed above. Important Upgrading Information Because of this new structure for storing administrator passwords, if you are upgrading to 6.0 from a previous version of CPM, after you upgrade you must recreate your administrators (which stores the password information in the new cpm_admin file in the Server directory). These are the main steps: 1 Before upgrading the software, compile a list of the administrator usernames and passwords. 2 After upgrading the software, recreate the administrator accounts by using the new AcctMaint.exe tool (see Using the AcctMaint.exe Tool to Manage Administrators below). This places the account information in the new password file. You have recreated your administrator accounts. CPM Release Notes CyberSource Corporation August

167 Chapter 23 CyberSource Payment Manager 6.0 Administrator Account Management Using the AcctMaint.exe Tool to Manage Administrators The AcctMaint.exe program is a command-line program that works on Windows and Unix systems and resides in the Server directory. With it you can create a new administrator, change a password, and delete an administrator. To use the program: 1 Go to the Server directory of the CPM Server and run the AcctMaint.exe program. 2 When prompted, enter an existing administrator s username and password. If you have not yet created any administrators, use the default administrator (username: cpm_local_admin, password: changeoninstall). The first time you log in to the Administration Client you will be prompted to change the default administrator s password. 3 Select the number (1 4) from the menu corresponding to the task you want to perform: add an administrator, change a password, delete an administrator, or quit the program. 4 Depending on which task you choose, you will be prompted to enter the relevant information. If you are changing a password, be aware that CPM stores the recent password history and prohibits you from reusing any of the last four passwords that you have used for that administrator. When the task is complete the program automatically terminates. New Password Requirements CPM 6.0 enforces these new requirements for administrator passwords: Your passwords must have at least seven characters and must include at least one alphabetic character, one numeric character, one lowercase character, and one uppercase character You must replace your passwords every 90 days When replacing an expired password, you cannot use any of the last four passwords that you have used for that administrator If you try to log in to the Administration Client and enter the wrong password six times in a row, the account will be locked out for five minutes or until another administrator restarts the CPM Server in the Administration Client (note that there is no time window for your failed attempts; for example, if you fail three times and do not try again until a month later, your next failed login attempt is still considered your fourth failed attempt) CPM Release Notes CyberSource Corporation August

168 Chapter 23 CyberSource Payment Manager 6.0 Removal of Automatic Connect Feature Removal of Automatic Connect Feature Prior to CPM 6.0, you could set up the Administration Client to automatically connect to one or more CPM Servers whenever you opened the Administration Client. You did this by going to the View menu and selecting Options... With CPM 6.0, this capability has been removed for security purposes. The Options window no longer displays fields for automatically connecting to CPM Servers on startup. Administration Client Automatic Close With CPM 6.0, if you are logged in to the Administration Client and leave the machine idle for more than 15 minutes, CPM will automatically close the Administration Client. CPM will then display an alert window with a button you can click to reopen the Administration Client. You will have to log in again when it reopens. Administration Client Activity Log CPM 6.0 includes a new log that records all administrator use of the Administration Client. The log is called AdminClientActivity.log and is stored in the Server\Log directory of the CPM installation directory. The log records these actions: Administrator log in Use of any of the Administration Client s Server and View menu options Changes to any of the CPM Server s properties For each action, the log includes: Date and time stamp Location where the Administration Client was being run Name of administrator performing the action Type of event (examples: Log on to CPM server, Start CPM Server, Stop CPM Server, Settle Now, Create Merchant, Update Merchant, Get Batch Status, Update Gateway) Success or failure indicator, if applicable CPM Release Notes CyberSource Corporation August

169 Chapter 23 CyberSource Payment Manager 6.0 Database Utility Activity Log This is an excerpt of an example log: Database Utility Activity Log CPM 6.0 includes a new log that records use of the Database Utility. The log is called DBUtilityActivity.log and is stored in the Server\Log directory (server/log for Unix) of the CPM installation directory. The log records use of any of the Database Utility s functions (create tables, encrypt, export, purge, and so on). For each action, the log includes: Date and time stamp Location where the Database Utility was being run Database username Type of event (examples: Create CPM Tables, Encrypt Data, Export Data) Success or failure indicator, if applicable This is an excerpt of an example log: CPM Release Notes CyberSource Corporation August

170 Chapter 23 CyberSource Payment Manager 6.0 SSL Encryption SSL Encryption Prior to CPM 6.0, if you configured CPM to use SSL with CPM s C Windows API, C Solaris API, or Active X API, you had to have CyberSource generate your SSL encryption key for you. With CPM 6.0, you can now generate your own SSL encryption key. Users of CPM s Java API were already able to create their own SSL encryption keys prior to CPM 6.0 (for more information, see the chapter about the Java SDK and SSL Proxy Server in the CPM Setup Guide). The instructions below describe the overall procedure for configuring CPM to use SSL for C (Windows or Solaris) and Active X users. You no longer a certificate request to CyberSource or get the SSL key from CyberSource. You now use a tool called SSLKeyGenerator.exe to generate your SSL key. For users with Windows-based CPM Servers, the tool is installed on the CPM Server in the Server directory. For users with Unix-based CPM Servers, the tool is installed in the Server directory on the Windows system where the Administration Client is installed. To generate an SSL key and enable SSL for CPM: 1 Generate the certificate request: a Open the Administration Client and in the server properties go to the SSL Server Information tab. b Click Generate Certificate Request. CPM Release Notes CyberSource Corporation August

171 Chapter 23 CyberSource Payment Manager 6.0 SSL Encryption c In the SSL Server Information dialog box, enter the requested information and click OK. The passphrase can be any phrase that you want to use. The certificate request information appears in the Certificate Request window. d e Click Save to File and save the file with any name to the desktop. Click Close to close the Certificate Request window. CPM Release Notes CyberSource Corporation August

172 Chapter 23 CyberSource Payment Manager 6.0 SSL Encryption The window on the SSL Server Information tab shows information beginning with Awaiting key certificate import. 2 Generate the certificate with the SSLKeyGenerator.exe tool: a Go to the Server directory and run the SSLKeyGenerator.exe tool. CPM Release Notes CyberSource Corporation August

173 Chapter 23 CyberSource Payment Manager 6.0 SSL Encryption b Click Load from File and select the file you saved to the desktop in step d. c Click the Validate Request tab. The tool validates the information and populates the fields on the screen. CPM Release Notes CyberSource Corporation August

174 Chapter 23 CyberSource Payment Manager 6.0 SSL Encryption d Click the Generate Key tab and click Generate Key. e f Click Save to File and save the file with any name to the desktop. Click OK to close the SSLKeyGenerator.exe tool. 3 Import the certificate: a b Open the file you created in step e and copy all of the text. Go back to the Administration Client s SSL Server Information tab and click Import Certificate. CPM Release Notes CyberSource Corporation August

175 Chapter 23 CyberSource Payment Manager 6.0 CPM Security c Click Paste from Clipboard to paste the contents from the file into the window. d Click OK. 4 Restart the CPM Server. The information in the SSL Server Information window updates to indicate that SSL is enabled and shows the certificate s expiration date. You have enabled SSL. CPM Security CPM Security is an optional feature that, when enabled, requires all users to provide usernames and passwords to process transactions with the CPM Server. When CPM Security is disabled, anyone can process transactions. If you want to be PCI compliant and your system sends transactions to CPM from outside the framework of your trusted network environment, you must enable CPM Security (see the CPM PCI Compliance Guide for more information about PCI). With 6.0, the CPM Security feature is still an option. However, prior to version 6.0, the CPM Security option was automatically disabled when you installed the CPM software for the first time. With 6.0, it is automatically enabled when you install the software for the first time. If you are upgrading to 6.0, it is set the same way it was set prior to the upgrade. Depending on which type of user you are, this affects you differently. CPM Release Notes CyberSource Corporation August

176 Chapter 23 CyberSource Payment Manager 6.0 Settlement File Management Existing CPM Users Already Using CPM Security When you upgrade to 6.0, CPM Security will continue to work as is and you do not need to do anything. Existing CPM Users Not Already Using CPM Security When you upgrade to 6.0, CPM Security will automatically be disabled. If you want to be PCI compliant and your system sends transactions to CPM from outside the framework of your trusted network environment, you must enable CPM Security. You also need to set up your security groups and assign usernames/passwords to all of your CPM users. You do all of this in the Administration Client, on the Security tab in the CPM Server s properties. For more information, see the online help topic called Security Tab in the Administration Client s online help. If you are using one of the CPM APIs, you will also need to use the API fields in the Security Group and the API functions called Begin Session (150) and End Session (151) to establish a security session when you process transactions. For more information about the fields and functions, see the CPM API Reference Guide. New CPM Users For new CPM users installing 6.0, CPM Security will automatically be enabled. You still need to set up your security groups and assign usernames/passwords to all of your CPM users. You do this in the Administration Client, on the Security tab in the CPM Server s properties. For more information, see the online help topic called Security Tab in the Administration Client s online help. If you are using one of the CPM APIs, you will also need to use the API fields in the Security Group and the API functions called Begin Session (150) and End Session (151) to establish a security session when you process transactions. For more information about the fields and functions, see the CPM API Reference Guide. Settlement File Management Some of the CPM gateways use FTP to transfer settlement files to the payment processor. Each day when it comes time for settlement, CPM compiles the settlement information locally into one or more settlement files and then transfers the file(s) to the processor. Copies of the settlement files remain on the CPM Server. CPM Release Notes CyberSource Corporation August

177 Chapter 23 CyberSource Payment Manager 6.0 Settlement File Management The table below shows where CPM stores the files for the gateways that use FTP. Table 18 Location of Settlement Files for FTP Gateways Gateway American Express Phoenix FDMS North FDMS South MPS NOVA Paymentech Tampa File Location You define the location in the Gateway Settings FDMS_North_FTP subdirectory in the Server directory You define the location in the Job Card File path field in the Agreement Settings MPSFrame_FTP subdirectory in the Server directory You define the location in the Gateway Settings You define the location in the Gateway Settings Because these settlement files contain sensitive customer data, CPM 6.0 now hides them in the CPM Server s file system. This is accomplished by: Starting the file names with a period, which has the effect of hiding the files on Unix-based CPM Servers. Assigning hidden as the attribute for each settlement file on Windows-based CPM Servers. Make sure to configure the folder that holds your settlement files so that it does not display hidden files (in Windows file Explorer, navigate to the folder, click Tools > Folder Options... and go to the View tab, then select the radio button for Do not show hidden files and folders). With CPM 6.0, you can configure each FTP gateway so that CPM deletes these settlement files automatically after a certain number of days that you set. Each of the gateways has a new gateway setting indicated by the red arrows in the following screen shots: CPM Release Notes CyberSource Corporation August

178 Chapter 23 CyberSource Payment Manager 6.0 Settlement File Management American Express Phoenix CPM Release Notes CyberSource Corporation August

179 Chapter 23 CyberSource Payment Manager 6.0 Settlement File Management FDMS North CPM Release Notes CyberSource Corporation August

180 Chapter 23 CyberSource Payment Manager 6.0 Settlement File Management FDMS South CPM Release Notes CyberSource Corporation August

181 Chapter 23 CyberSource Payment Manager 6.0 Settlement File Management MPS NOVA CPM Release Notes CyberSource Corporation August

182 Chapter 23 CyberSource Payment Manager 6.0 Settlement File Management Paymentech Tampa CPM Release Notes CyberSource Corporation August