Transaction Completion

 

 

For Opayo Form transactions, Opayo cannot guarantee to return the customer to your website. If the customer closes their browser mid-way through a transaction, or if something goes wrong at any redirect stages, it will be up to you to check the status of the transactions on the MySagePay reporting screens.

 

In normal circumstances, however, where the customer does not close their browser and there are no redirection problems, Opayo Form will return them to your site, either to the SuccessURL (in the event the transaction was successful), or the FailureURL (in all other circumstances).

 

The system will append to the SuccessURL or FailureURL a field called Crypt, in the manner:

 

[ResponseURL]?crypt=[encrypted_information]

 

Or if the URL already has your own fields attached, it will be appended thus:

 

[ResponseURL]?vendor1=test&vendor2=test2&crypt=[encrypted_information]

 

The SuccessURL and FailureURL fields should point to scripts on your server that extract the information in the crypt field and use it to update your database (if you have one) and/or format an appropriate response page for the customer. This is not compulsory, however, and you may choose to simply direct customers to a static HTML page that ignores the contents of the crypt field. In such cases, you will need to manually check the MySagePay report pages to determine if a transaction succeeded or failed. In fact, we recommend you always check the MySagePay pages before sending any goods just to confirm the status of each transaction.

 

The Crypt field contains the plain text shown overleaf. For details of the Encryption used see here.

 

Important: Remember to remove the ‘@’ symbol before decrypting.

 

 

 

Notification of Transaction Result Format

Name

Description

Mandatory

Format

Max Length

Allowed Values

VPSProtocol

Protocol version used by the system supplied in the Transaction Registration POST.

Yes

Digits and periods
 

4.00

TxType

Same as supplied in the Transaction Registration POST

Yes

Uppercase letters

15 

  • PAYMENT
  • DEFERRED
  • AUTHENTICATE

VendorTxCode

Same as supplied in the Transaction Registration POST

Yes

Letters, digits, hyphens, periods, underscores, and curly brackets
     

40 

 

Status

When the Status is not OK, then the StatusDetail contains the reason why.

  • OK = The process executed without error.

  • NOTAUTHED = The details provided by the customer were incorrect or insufficient funds were available. The Opayo gateway could not Authorise the transaction and the transaction is completed.

  • PENDING = European Payment methods only. This Indicates a transaction has yet to fail or succeed. We report the Status in MySagePay when we receive notice from PPRO.

  • ABORT = The Transaction could not be completed because the user clicked the CANCEL button on the payment pages or was inactive for 15 minutes or more.

  • REJECTED = The Opayo System rejected the transaction, which failed to meet the fraud screening rules you have set on your account.Note: The bank may have authorised the transaction but your own rule bases for AVS/CV2 or 3D-Secure caused the transaction to be rejected.

  • AUTHENTICATED = The 3D-Secure checks are completed successfully and the card details secured at Opayo. This Status is only returned when TxType is AUTHENTICATE.

  • REGISTERED = 3D-Secure checks failed or could not be performed and the card details are still secured at Opayo. This Status is only returned when TxType is AUTHENTICATE.

  • ERROR = A problem occurred at Opayo which prevented transaction registration. Please notify us when a Status of ERROR is returned together with the message Vendor, VendorTxCode and the StatusDetail contents.

 

 

 

Uppercase letters

15
  • OK

  • NOTAUTHED

  • PENDING

  • ABORT

  • REJECTED

  • AUTHENTICATED

  • REGISTERED

  • ERROR

StatusDetail

Human-readable text providing extra detail for the Status message. Always check StatusDetail if the Status is not OK

Yes

Letters, digits, commas, periods, colons, spaces, and parentheses
      

255 

 

TxAuthNo

Opayo unique Authorisation Code for a successfully authorised transaction. Only present if Status is OK.

No

Digits

10 

 

AVSCV2

This is the response from AVS and CV2 checks. Provided for Vendor info and backward compatibility with the banks. Rules set up in MySagePay will accept or reject the transaction based on these values.

More detailed results are split out in the next three fields. Not present if the Status is AUTHENTICATED or REGISTERED.

Yes

Uppercase letters and spaces
 

50 

  • ALLMATCH

  • SECURITY CODE MATCH ONLY

  • ADDRESS MATCH ONLY

  • NO DATA MATCHES

  • DATA NOT CHECKED

AddressResult

The specific result of the checks on the cardholder’s address numeric from the AVS/CV2 checks.  Not present if the Status is AUTHENTICATED or REGISTERED

Yes

Uppercase letters 

20 

  • NOTPROVIDED NOTCHECKED

  • MATCHED

  • NOTMATCHED

PostCodeResult

The specific result of the checks on the cardholder’s Postcode from the AVS/CV2 checks.  Not present if the Status is AUTHENTICATED or REGISTERED

Yes

Uppercase letters

20 

  • NOTPROVIDED

  • NOTCHECKED

  • MATCHED

  • NOTMATCHED

CV2Result

The specific result of the checks on the cardholder’s CV2 code from the AVS/CV2 checks.  Not present if the Status is AUTHENTICATED or REGISTERED.

Yes

Uppercase letters

20 

  • NOTPROVIDED

  • NOTCHECKED

  • MATCHED

  • NOTMATCHED

GiftAid

This field is always present even when Gift Aid is not active on your account.

  • 0 = The Gift Aid box was not checked this transaction.

  • 1 = The customer checked the Gift Aid box on the payment page

Yes

BOOLEAN

  • 0

  • 1

3DSecureStatus

The results of the 3D-Secure checks (where appropriate):

  • OK = 3D-Secure checks carried out and user Authenticated correctly.

  • NOTCHECKED = 3D-Secure checks were not performed. This indicates that 3D-Secure was either switched off at an account level or disabled at transaction registration.

  • NOTAVAILABLE = The card used was either not part of the 3D-Secure Scheme, or the authorisation was not possible.

  • NOTAUTHED = 3D-Secure authentication checked, and the user failed the authentication.

  • INCOMPLETE = 3D-Secure authentication was unable to complete.  No authentication occurred.

  • ATTEMPTONLY = 3D-Secure attempted but cardholder was not enrolled.

  • ERROR = Authentication could not be attempted due to data errors or service unavailability in one of the parties involved in the check.

Yes

Uppercase letters

50

  • OK

  • NOTCHECKED

  • NOTAVAILABLE

  • NOTAUTHED

  • INCOMPLETE

  • ATTEMPTONLY

  • ERROR

CAVV

The encoded result code from the 3D-Secure checks (CAVV or UCAF). Only present if the 3DSecureStatus field is OK or ATTEMPTONLY.

No

Letters and digits
 

32

 

AddressStatus

PayPal Transactions Only.

When the AddressStatus is CONFIRMED and PayerStatusis VERIFIED, the transaction may be eligible for PayPal Seller Protection. Please contact PayPal directly to learn more about PayPal Seller Protection or visit paypal.com.

Yes

Uppercase letters

20 

  • NONE

  • CONFIRMED

  • UNCONFIRMED

PayerStatus

Whetehr the cardholder identity is:

  • VERIFIED

  • UNVERIFIED

Yes

Uppercase letters

20 

  • VERIFIED

  • UNVERIFIED

CardType

The card type:

  • AMEX = American Express

  • DC = Diners Club International and Discover

  • DELTA = Visa Debit

  • JCB = Japan Credit Bureau

  • MAESTRO = Domestic and International issued Maestro

  • MC = MasterCard

  • MCDEBIT = Debit MasterCard

  • PAYPAL = PayPal

  • UKE = Visa Electron

  • VISA = Visa

 

Yes

Uppercase letters

15 

  • AMEX

  • DC

  • DELTA

  • JCB

  • MAESTRO

  • MC

  • MCDEBIT

  • PAYPAL

  • VISA

  • UKE

Last4Digits

The last 4 digits of the card number used in this transaction. PayPal transactions return 0000.

This field is supplied to allow merchants using wallet systems to identify the card to their customers.

Yes

Digits

 

FraudResponse

  • ACCEPT = ReD recommends that the transaction is accepted.

  • DENY = ReD recommends that the transaction is rejected.

  • CHALLENGE = ReD recommends that the transaction is reviewed.  You have elected to have these transactions either automatically accepted or automatically denied at a vendor level. Please contact Opayo if you wish to change the behaviour you require for these transactions.

  • NOTCHECKED = ReD did not perform any fraud checking for this particular transaction

No

Uppercase letters

10 

  • ACCEPT

  • CHALLENGE

  • DENY

  • NOTCHECKED

Surcharge

Returns the surcharge amount charged. This is only present if a surcharge was applied to the transaction.

No

Digits, periods, and commas
  

 

0.01 to 100,000.00

DeclineCode

The decline code from the bank. These codes are specific to the bank. Please contact them for a description of each code.

No

Digits

 

ExpiryDate

Expiry date of the card used, in the format MMYY.

Yes

Digits

 

BankAuthCode

The authorisation code returned from the bank. For example, T99777.

No

Letters and digits
 

 

ACSTransID

The Access Control Server (ACS) transaction ID is a unique ID provided by the card issuer for 3DSv2 authentications. It is returned in future transaction requests that perform 3D-Secure authentication. It encourages a frictionless authentication, especially if a challenge authentication has occurred previously.

This value is returned to Opayo when you submit your Direct payment request using the threeDSReqPriorRef element found within the ThreeDSRequestorPriorAuthenticationInfoXML object.

No

 

36 

 

DSTransID

The Directory Server (DS) transaction ID is a unique ID provided by the card scheme for 3DSv2 authentications.

No

 

36

 

SchemeTraceID

This is the unique reference number associated with an authorisation request. It is required when you use a

stored Credential on File and links subsequent payments to the first payment.

Note: The SchemeTraceID will always be returned for a successful authorisation (where Status=OK).

No

ITU-T T.50 value codes.

ASCII range in hexadecimal from

20 to 7E (from

space to tilde ~)

56