Transaction Registration POST Response

VPSProtocol

Protocol version used by the system supplied in the Transaction Registration POST.

Yes

Digits and periods
 

4 

4.00

Status

If the Status is not OK, the StatusDetail field will give more information about the problem.

• OK = The process executed without an error.

• NOTAUTHED = The Opayo gateway could not authorise the transaction because the details provided by the customer were incorrect, or insufficient funds were available. However, the transaction has completed. Also returned for PayPal transactions in response to the PayPal Completion Post (if Accept=NO was sent to complete PayPal transaction, see here).

• REJECTED = The Opayo System rejected the transaction because of the fraud screening rules you have set on your account. The bank may have authorised the transaction but your own rule bases for AVS/CV2 or 3D-Secure caused the transaction to be rejected.

• AUTHENTICATED = The 3D-Secure checks were performed successfully, and the card details secured at Opayo. Only returned if TxType is AUTHENTICATE.

• REGISTERED = 3D-Secure checks failed or were not performed, but the card details are still secured at Opayo. Only returned if TxType is AUTHENTICATE.

• 3DAUTH = The customer needs to be directed to their card issuer for 3D-Authentication.

• PPREDIRECT = The customer needs to be redirected to PayPal.

• MALFORMED = Input message was missing fields or badly formatted – normally will only occur during development.

• INVALID = Transaction was not registered because although the POST format was valid, some information supplied was invalid. e.g. incorrect vendor name or currency.

• ERROR = A problem occurred at Opayo which prevented transaction registration.

• Please notify Opayo if a Status of ERROR is seen, together with your Vendor, VendorTxCode and the StatusDetail.

Yes

Uppercase letters

15 

• OK

• NOTAUTHED

• REJECTED

• AUTHENTICATED

• REGISTERED

• 3DAUTH

• PPREDIRECT

• MALFORMED

• INVALID

• ERROR

StatusDetail

This text adds detail to the Status value. Always check StatusDetail when the Status is not OK.

Yes

Letters, digits, commas, periods, colons, spaces, and parentheses
      

255 

VPSTxId

The VPSTxId is returned to you when the transaction is registered. Only present if the Status is OK or 3DAUTH.

Yes

Letters, digits, hyphens, and curly brackets
   

38 

SecurityKey

Opayo uses this security key to generate an MD5 hash to sign the Notification message. The signature is called VPSSignature.

This value is used to enable the detection of tampering with notifications from the Opayo gateway.  It must be kept secret from the customer and held in your database.

Only present if Status is OK

Yes

Letters and digits
 

10 

TxAuthNo

Unique Opayo Authorisation Code for a successfully authorised transaction. Only present if Status is OK.

No

10 

AVSCV2

This is the response from AVS and CV2 checks. Provided for Vendor info and backward compatibility with the

banks.  Rules set up in MyOpayo will accept or reject the transaction based on these values.

More detailed results are split out in the next three fields. Not present if the Status is 3DAUTH, AUTHENTICATED,

PPREDIRECT or REGISTERED.

Yes

Uppercase letters

50

• ALLMATCH

• SECURITY CODE MATCH ONLY ADDRESS MATCH ONLY

• NO DATA MATCHES

• DATA NOT CHECKED

AddressResult

The specific result of the checks on the cardholder’s address numeric from the AVS/CV2 checks.  Not present if the Status is 3DAUTH, AUTHENTICATED, PPREDIRECT or REGISTERED.

Yes

Uppercase letters

20 

• NOTPROVIDED

• NOTCHECKED

• MATCHED

• NOTMATCHED

PostCodeResult

The specific result of the checks on the cardholder’s Postcode from the AVS/CV2 checks. Not present if the Status is 3DAUTH, AUTHENTICATED, PPREDIRECT or REGISTERED.

Yes

Uppercase letters

20 

• NOTPROVIDED

• NOTCHECKED

• MATCHED

• NOTMATCHED

CV2Result

The specific result of the checks on the cardholder’s CV2 code from the AVS/CV2 checks.  Not present if the Status is 3DAUTH, AUTHENTICATED, PPREDIRECT or REGISTERED.

Yes

Uppercase letters

20 

• NOTPROVIDED

• NOTCHECKED

• MATCHED

• NOTMATCHED

3DSecureStatus

This field details the results of the 3D-Secure checks (where appropriate).

• OK = 3D Secure checks carried out and user authenticated correctly.

• NOTCHECKED =  3D-Secure checks were not performed. This indicates that 3D-Secure was either switched off at an account level, or disabled at transaction registration with a setting like Apply3DSecure=2

• NOTAUTHED = 3D-Secure authentication checked, but the user failed the authentication.

• INCOMPLETE = 3D-Secure authentication was unable to complete.  No authentication occurred.

• ERROR = Authentication could not be attempted due to data errors or service unavailability in one of the parties involved in the check. It can also result if you have not submitted the creq to the ACSURL within thirty seconds, or your customer has not entered 2FA on the ACS’s authentication page within ten minutes.

• ATTEMPTONLY = The cardholder attempted to authenticate themselves, but the process did not

• complete. A CAVV is returned; therefore, a liability shift may occur for non-Maestro cards. Check your Merchant Agreement.

• NOAUTH = This normally means the card is not enrolled in the 3D-Secure scheme. Or the card issuer has not returned the CAVV / AAV / UCAF value in the 3D-Secure authentication response, even though the cardholder has attempted authentication.

• CANTAUTH = This normally means the card Issuer is not part of the 3D-Secure scheme.

• MALFORMED or INVALID = These statuses indicate a problem with creating or receiving the 3D-Secure data. These should not occur on the live environment.

Yes

Uppercase letters

50 

• OK

• NOTCHECKED

• NOTAUTHED

• INCOMPLETE

• ERROR

• ATTEMPTONLY

• NOAUTH

• CANTAUTH

• MALFORMED

• INVALID

CAVV

Cardholder Authentication Verification Value. The encoded result code from the 3D-Secure checks (CAVV or AAV or UCAF). Only present if the 3DSecureStatus field is OK or ATTEMPTONLY

No

32 

Token

The token generated by Opayo.

No

38 

FraudResponse

• ACCEPT = ReD recommends that the transaction is accepted

• DENY = ReD recommends that the transaction is rejected

• CHALLENGE = ReD recommends that the transaction is reviewed. You have elected to have these transactions either automatically accepted or automatically denied at a vendor level. Please contact Opayo if you wish to change the behaviour you require for these transactions

• NOTCHECKED = ReD did not perform any fraud checking for this particular transaction

No

Uppercase letters

10 

• ACCEPT

• CHALLENGE

• DENY

• NOTCHECKED

DeclineCode

The decline code from the bank. These codes are specific to the bank. Please contact them for a description of each code. e.g. 00

No

2 

ExpiryDate

Expiry date of the card used, in the format MMYY.

Yes

Digits

4 

BankAuthCode

The authorisation code returned from the bank. e.g. T99777

No

6 

ACSTransID

Access Control Server (ACS) transaction ID. This is a unique ID provided by the card issuer for 3DSv2 authentications. It can be returned in future transaction requests that will perform 3D-Secure authentication to increase the chances of a frictionless authentication, especially if a challenge authentication previously occurred. This value can be returned to Opayo when you submit your Direct payment request using the threeDSReqPriorRef element found within the ThreeDSRequestorPriorAuthenticationInfoXML object.

No

36 

DSTransID

Directory Server (DS) transaction ID. This is a unique ID provided by the card scheme for 3DSv2 authentications.

No

36 

SchemeTraceID

This is the unique reference number associated with an authorisation request. It is required when you use a

stored Credential on File, and links subsequent payments with the first payment.

No

ITU-T T.50 value codes.

ASCII range in hexadecimal from

20 to 7E (from

space to tilde)

56