Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

ALIGNET MERCHANT SOLUTION Virtual POS (V-POS)

ALIGNET MERCHANT SOLUTION
Virtual POS (V-POS)
Merchant Integration Guide
Technical-functional document that describes
the process of integration of new commerce
through the Virtual Point Of Sale (V-POS) to the
AMS platform
Version 2.4.0
Updated: 19 de July de 2012
© 2008 - 2012 ALIGNET. All Rights reserved.
This document is confidential. The contents and concepts developed in the document cannot be used by natural or
legal entities to whom this information has not been sent explicitly to.
Review History
Date
2005-08-25
2005-09-02
Version
0.1
0.2
2005-09-15
0.8
2005-09-19
0.9
Description
Initial production of the document
Definition of the objectives in the
document
Sequence diagram, several
improvements
Technical specifications
2005-09-19
2005-09-30
2005-11-30
2005-11-30
2005-12-06
2006-03-27
2006-05-30
1.0
1.2
1.3
1.3
1.4
1.5
1.5
Final review
Key generation for the security outline
Update on points 7, 8 , 9
Final review
Update on points 7, 8 and appendixes
Update on points 7, 8 and appendixes
Review and control
2006-06-26
1.5
Payroll modification
2008-06-30
2009-01-20
2010-12-01
2.0.1
2.0.1
2.2.0
2012-07-19
2.4.0
General review
General review
Update definition of
authorizationResult and errorCode
fields. List of error codes
Update of testing URL
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Author
R. Barturen
H. Alosilla
R. Barturén
J. Botta y
D. Cruz
D. Cruz
D. Cruz
R. Barturén
D. Cruz
R. Barturén
R. Barturén
T. J.
Carrasco
T. J.
Carrasco
M. Alcalá
G. Quispe
J. Bautista
J. Bautista
Page 1
Contents
CONTENTS .....................................................................................................2
1. INTRODUCTION .......................................................................................3
1.1. OBJECTIVES .......................................................................................3
1.2. GLOSSARY .........................................................................................3
1.3. PURCHASE FLOW ...............................................................................3
1.4. PURCHASE EXPERIENCE .....................................................................5
2. WHAT IS V-POS? .....................................................................................8
2.1. DESCRIPTION .....................................................................................8
2.2. ARCHITECTURE ..................................................................................8
2.3. REQUEST AND RESPONSE OF THE PAYMENT FLOW ..............................9
3. V-POS INTEGRATION............................................................................10
3.1. V-POS INTEGRATION PROCESS ........................................................10
3.2. ADMINISTRATION OF CRYPTOGRAPHIC KEYS .......................................11
3.3. PAYMENT REQUEST ..........................................................................12
3.4. PAYMENT RESPONSE ..........................................................................1
4. INTEGRATION WITH THE PLUG-IN .......................................................1
5. FREQUENTLY ASKED QUESTIONS ......................................................2
6. ADDITIONAL DATA .................................................................................3
7. APPENDIX 1: INTEGRATION WITH THE PLUG-IN FOR .NET C# ........4
INSTALLATION OF THE PLUG-IN C#................................................................4
USING THE PLUG-IN C# TO SEND INFORMATION TO V-POS ............................5
USING THE PLUG-IN C# TO RECEIVE INFORMATION FROM THE V-POS ............6
KEY GENERATION IN C#...............................................................................7
8. APPENDIX 2: INTEGRATION WITH THE PLUG-IN AND KEY
GENERATOR ON JAVA .................................................................................9
8.1. JAVA PLUGIN SETUP ...........................................................................9
8.2. PLUGIN DE JAVA 2.0.1 COMPONENTS ..................................................9
8.3. USING JAVA PLUG-IN TO SEND INFORMATION TO VPOS........................9
8.4. USING JAVA PLUG-IN JAVA TO RECEIVE INFORMATION FROM V-POS ...11
8.5. KEY GENERATION IN JAVA .................................................................12
9. APPENDIX 3: INTEGRATION WITH THE PLUG-IN FOR PHP 5 ON
LINUX ............................................................................................................14
PRINCIPAL REQUIREMENTS: .......................................................................14
INSTALACIÓN DEL PLUG-IN EN PHP5 ..........................................................15
USING PLUG-IN EN PHP TO SEND INFORMATION TO THE VPOS....................22
USING PLUG-IN ON PHP TO RECEIVE INFORMATION FROM THE V-POS .........26
KEY GENERATION ......................................................................................27
10. ERROR CODE LIST GIVEN BY VPOS ..................................................28
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 2
1. Introduction
In order to make electronic transactions merchants require a
platform that will allow them to connect with the transactional
world of virtual payments.
Nowadays, the payment flow is made up by two main processes.
The first is the authentication; this allows the cardholder to be
more secure when placing a purchase online. The Authentication
Process consists of three principal domains: Buyer with the
Merchant Plug-in (MPI) service, Issuer with the Access Control
Server (ACS) and Interoperability with the Directory Server service.
The second main process is the authorization that allows the
payment request of an electronic purchase.
These processes will be taken care of by the V-POS, a centralized
service that will allow all companies to easily integrate themselves
with the payment process.
1.1. Objectives
This document has the following objectives:
•
•
Describe the V-POS functionalities.
Describe the necessary steps for the V-POS integration.
1.2. Glossary
In this document the following terms are used and defined as
follows:
•
•
•
•
•
•
Authentication Process: Cardholder verification service.
Authorization Process: Payment authorization service.
MPI: Merchant Plug-In. Authentication Service for the buyer
and merchants.
ACS: Access Control Server. Authentication Service for the
Issuer.
V-POS: Virtual Point Of Sale. Interface of the transactional
world of virtual payments.
Cardholder: one who possess a card.
1.3. Purchase Flow
The purchase flow begins when a cardholder wants to purchase
something in an electronic merchant.
The cardholder chooses the products he wishes to purchase adding
them to the merchant’s shopping cart. Next, the steps in the
purchase flow will be detailed (see Image 1. Purchase Flow):
1. The Merchant, using an application, sends the data of the
purchase to the V-POS using the plug-in given by ALIGNET,
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 3
2.
3.
4.
5.
6.
7.
8.
9.
the data does not include the Credit Card number,
expiration date and the CVV2.
A screen will appear where the cardholder will be able to
register his credit card number, expiration date and the
CVV2 value. V-POS will show said webpage.
The user will register the requested information on the
previous page.
V-POS will send the corresponding information to the MPI in
order to begin the authentication process.
If the card is enrolled with Verified by Visa/MasterCard
SecureCode, another page will pop up and request a
password in order for the purchase to be authenticated.
When finalizing the authentication process, the MPI returns
the information of the authentication to V-POS.
V-POS, after analyzing the information returned by the MPI,
sends a payment request to the V-Payment system that
initiates the authorization process.
V-Payment returns the information to V-POS after carrying
out the authorization process for the posterior analysis of
the purchase process.
V-POS returns the purchase result to the merchant. The
merchant using the plug-in (see Appendixes) gets the
response information, which finally shows the cardholder the
purchase result.
MERCHANT
Image 1: Purchase Flow
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 4
1.4. Purchase Experience
Next we will see the purchase experience that a cardholder has
when making an electronic purchase using the platform:
1. The cardholder enters the merchant’s commercial web side.
Image 2: Screenshot of Merchant’s Homepage
2. The cardholder fills the shopping cart, and then enters their
purchase data which will begin the purchase flow.
Image 3: Screenshot of the Merchant’s Shopping Cart
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 5
3. Then the cardholder will see a centralized V-POS screen, this
screen will ask for the credit card information.
Image 4: Centralized V-POS screenshot for credit card
data entry.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 6
4. If the cardholder is enrolled or affiliated to Verified by Visa
(process which is requested by the cardholder to the Issuer
of the credit card) then the authentication screen will
appear.
Image 5: Screenshot of Cardholder’s authentication.
5. Finally, the cardholder will see a screen with the result of
their purchase.
Figura 6: Screenshot with the purchase result.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 7
2. What is V-POS?
V-POS is a system that tends to the payment requests sent from
virtual merchants and its main functions are to concentrate and
process all payment requests. It centralizes two main processes of
the purchase flow (authentication and authorization); it also
preprocesses because it processes the validation data of the credit
card before it begins the authentication and authorization process.
2.1. Description
The main function is to concentrate purchase transactions through
an electronic merchant in order to validate general purchase data,
as well as centralizing security when obtaining sensitive data from
the cardholder (credit card number, expiration date and CVV2),
initiating the payment process – Authentication and Authorization
Process – in order to finally give the transaction response to the
requesting merchant.
2.2. Architecture
The merchant will contact V-POS via Internet through a secure
channel (HTTPS) in order to send the purchase data from a form
through the cardholder’s navigator. Then, the cardholder will see a
screen presented by V-POS to enter sensitive data so that later the
payment
processes
can
commence:
Authentication
and
Authorization. Finally, V-POS will send from the form the
merchant’s transaction result via Internet using a secure channel
(HTTPS).
The V-POS general architecture is displayed in the following chart:
Authentication
Process
Cardholder
Authorization
Process
Merchant
Image 7: Architecture with V-POS
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 8
2.3. Request and Response of the Payment Flow
The merchant will send an application or payment request to V-POS
which will handle carrying out the authentication and authorization
process and will receive a response to the two processes as it is
shown in the previous image.
Tarjeta
Habiente
Sitio Web
Comercio
V-POS
Autenticación
V-Payment
Autorización
1: Completa Datos de Compra
2: Envía datos de Compra
3: muestra página centralizada
4: Ingresa datos de tarjeta
5: Solicita Autenticación
6: Solicita clave VbV
7: Ingresa su clave VbV
8: envía resultado de Autenticación
9: Solicita Autorización
10: envía resultado de Autorización
11: resultado a la página de respuesta
12: Muestra resultado
Image 8: Diagram of the sequence of request and response of the
payment flow
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 9
3. V-POS Integration
3.1. V-POS Integration Process
Initially, the integration is done in a Test environment and then is
transferred to a Production environment.
Test Environment:
The principal steps for the integration of a merchant to V-POS in a
test environment are:
1. The merchant is given a platform document of the website, said
document must be returned with all the requested data.
2. The document is approved and the security KIT is handed in.
The KIT is made up of a Security Component (plug-in),
cryptographic key generator and the digital signature which will
be used during the purchase process.
3. The merchant will review and evaluate the Merchant Integration
Guide, the Security Component (plug-in), as well as the
cryptographic key generator and the digital signature for the
necessary development that will have to be made.
4. The merchant will confirm the completion date of their
development and request the authorization of the test
environment.
5. The merchant will be registered in the authentication and
authorization systems before initiating a purchase trial process.
In this phase of the merchant’s registry, the necessary data will
be requested for its integration in the different systems involved
(Directory Server, MPI, V-Payment).
6. References o the contact people responsible of the tests and of
initiating the exchange of the cryptographic keys and the digital
signature between ALIGNET and the merchant.
7. The merchant will be given the configuration values
(IDACQUIRER, IDECOMMERCE) required for the Security
Component (plug-in).
8. The merchant will use the Cryptographic Key Generator and
digital signature that it was given (see cryptographic key
administration).
The public test keys generated for the
merchant will be sent to ALIGNET through a secure channel
(secure mail). The V-POS public keys will be sent since they are
a requirement for the security component (plug-in). The
merchant will give a value for the initialization vector which will
be sent using the same channel.
9. The merchant and ALIGNET will confirm by mail to the Buyer
that his keys have been configured in the test environment.
10. The merchant will receive the test data and the Access route to
V-POS in the test environment.
11. The business will agree on a date and time to carry out the
tests. The people responsible for the tests are defined for
ALIGNET as well as for the merchant.
12. The tests are carried out.
13. ALIGNET informs the Buyer of the completion and result of the
tests in the Test Environment.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 10
14. The Buyer may carry out additional validation tests.
Note: According to the Buyer procedure, the merchant can register
in Verified by Visa when it sees fit to do so.
Production Environment:
The main steps for the merchant integration to V-POS in the
production environment are:
1. The merchant is asked for the required production data for the
V-POS integration. The format will be given by ALIGNET. The
Merchant will be registered in the systems of Authentication and
Authorization of Production.
2. References or contact people of the merchant will be sent in
order to start the cryptographic key and digital signature
exchange between ALIGNET and the Merchant as well as the
delivery
of
the
configuration
values
(IDACQUIRER,
IDECOMMERCE) to the merchant.
3. Again, the merchant will use the Cryptographic Key Generator
and digital signature that it was given (see cryptographic key
administration).
The new public keys generated by the
merchant will be sent to ALIGNET through a secure channel
(secure mail). The V-POS public keys will be sent since they are
a requirement for the security component (plug-in). The
merchant will give a value for the initialization vector which will
be sent through the same channel.
4. Both the merchant and ALIGNET will confirm via mail to the
Buyer that the keys are configured in the Production
Environment.
5. The merchant sends the access route and the necessary data to
the V-POS Production to carry out the production tests.
6. The merchant will set a date and time to carry out the tests.
Both the merchant and ALIGNET will determine the people
responsible for carrying out the tests.
7. The tests are carried out.
8. ALIGNET informs the Buyer of the completion of the tests in the
production environment.
9. The Buyer may want to carry out additional validation tests.
Note: According to the Buyer procedure, the merchant can register
in Verified by Visa when it sees fit to do so.
3.2. Administration of cryptographic keys
With the purpose that the information transmission between the
merchant and V-POS be made in a secure manner, maintaining the
three main security principles: Protection, Integrity and
Authenticity of data, the merchant will generate a set of keys
(public and private) to encode the information and a set of keys
(public and private) for the creation of a digital signature of the
payment request. The public keys will be sent by the merchant to
V-POS during the merchant’s integration stage (see V-POS
Integration). V-POS will also generate a set of keys for the
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 11
encoding and another set of keys for the digital signature creation
of the payment response. The public keys will be sent through VPOS to the merchant during the its integration stage (see V-POS
Integration).
Once the keys have been generated, both the merchant as well as
V-POS will exchange their respective public keys and send them
through secure e-mail. Additionally, the merchant will define a
value for the initialization vector that will be used for the
cryptography and will also be sent. Said value will be a
hexadecimal of 16 characters, for example: d412589745df36fa. It
is the merchant’s responsibility to store the keys in a safe
environment.
Next we will present a chart that sums up the key exchange
between the merchant and ALIGNET’s V-POS:
COMERCIO
Merchant
V-POS
Set
Set
ofof
RSA
keys
keys
RSA
1024
PAR
DE
LLAVES
RSA
BITS
1024
forBITS
the
digital
for the
1024
BITS
PARA
FIRMA
signature
digital signature
DIGITAL
PAR
LLAVES
Set DE
of RSA
keys RSA
1024
BITS
PARA
1024
BITS
for the
CIFRADO
encoded RSA
RSA
KEY
GENERACION
GENERATION
DE
LLAVES
Set of
keys 1024
PAR
DERSA
LLAVES
RSA
BITSBITS
for the
digital
1024
PARA
FIRMA
signature
DIGITAL
Set of
keys 1024
PAR
DERSA
LLAVES
RSA
BITSBITS
for the
encoded
1024
PARA
RSA
CIFRADO RSA
Set of PUBLICA
RSA keys
LLAVE
1024BITS
BITSPARA
for the
1024
digital signature
FIRMA DIGITAL
CORREO
SECURE
E-MAIL
SEGURO
LLAVE
Set of PUBLICA
RSA keys
1024
1024BITS
BITSPARA
for the
CIFRADO
encoded RSA
RSA
KEY EXCHANGE
INTERCAMBIO
DE LLAVES
SEBothe
ENVIAN
AMBAS
public
keys
LLAVES
PUBLICAS
generated
by the
GENERADAS
merchant arePOR
sentEL
COMERCIO
CORREO
SECURE
E-MAIL
SEGURO
Image 9: Merchant key exchange and V-POS
3.3. Payment Request
A payment request is defined as data that needs V-POS in order to
generate the authentication as well as the authorization application.
To initiate the payment request, the merchant must prepare a
POST HTTPS petition in which the security component (plug-in) will
be used in order to send the petition securely to V-POS.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 12
Dispatch Parameters
The parameters that the merchant will send to V-POS in order to
initiate the payment request are:
Field
IDACQUIRER
IDCOMMERCE
XMLREQ
DIGITALSIGN
SESSIONKEY
Description
The Buyer’s fixed identification which allows VPOS to recognize the buying entity of the
merchant. This value is generated by ALIGNET.
Fixed identification of the merchant or virtual
store that allows V-POS to recognize the
merchant that is sending the payment request.
Message of the payment request that contains
the purchase data. This message is generated by
the plug-in, that is in charge of encoding the
message for it to be sent to V-POS.
Digital signature of the message XMLREQ that
insures the authenticity of the issuer and
recipient, as well as the integrity of the
information. This digital signature is generated by
the plug-in.
Session key with which the message XMLREQ will
be encoded. This key is generated by the plug-in.
In order to dispatch the payment request a POST HTTPS request
must be generated using a HTML form, implemented in the
merchant or virtual store programming language. This form must
have the following form:
<form name=”frmSolicitudPago” method=”post”
action=”https://test2.alignetsac.com/VPOS/MM/transactionStart20.do”>
<input type=”hidden” name=”IDACQUIRER” value=”2”>
<input type=”hidden” name=”IDCOMMERCE” value=”359”>
<input type=”hidden” name=”XMLREQ” value=”D2ZQMEg4c9qlxJE3r2u3Y8PXT7vZ
5JNkrY84pEg4c94c9hS14k9OUWk4Y1”>
<input type=”hidden” name=”DIGITALSIGN” value=”hS14k9OUWk4c9qldiN2vfBdjg4jB9
Wk4D2ZQMEg4c94c9qlOxVUg4yj2Q9atvfByY”>
<input type=”hidden” name=”SESSIONKEY” value=”S14k9OUWk”>
</form>
Necessary parameters for the Security Component
In order for the Security Component (plug-in) to generate the
message parameter XMLREQ, the merchant must fill in the
following parameters with the respective values:
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 13
Plug-in Field
Type
acquirerId
NUMERIC
commerceId
NUMERIC
commerceMallId
purchaseOperationNumber
NUMERIC
12
ALPHANUMERIC
12
purchaseAmount
NUMERIC
12
Only identification for each transaction, given by the
merchant (1)
Total value of the purchase, given by the Merchant. The
amount must not be spaced by decimals (if the amount
is 100.30 dollars the amount sent is 10030) (1)
15
IP Address of the cardholder
12
Currency according to the numeric ISO standard
Alphanumeric type, 3 characters long (it must be in the
currency that the merchant allows) (1)
Language used, there must be two possible values:
Spanish (SP), English (if no value is sent then the
language by default will be Spanish)
purchaseIPAddress
Maximum
Width
purchaseCurrencyCode
ALPHANUMERIC
NUMERIC
language
ALPHANUMERIC
2
billingFirstName
ALPHANUMERIC
30
billingLastName
ALPHANUMERIC
50
billingEMail
billingAddress
billingZIP
billingCity
billingState
billingCountry
ALPHANUMERIC
50
50
10
50
15
2
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
Observations
Buyer’s code assigned by Alignet. Fixed value equal to
the IDACQUIRER parameter (1)
Merchant’s only code assigned by Alignet. Fixed value
equal to the IDCOMMERCE parameter (1)
Value of ID del Mall to which the merchant belongs
Name of the cardholder. (as it appears on the credit
card)
Last name of the cardholder (as it appears on the credit
card)
E-mail address of the cardholder
Address of the cardholder
Cardholder’s zip code
Name of the cardholder’s city.
Name of the cardholder’s state.
Name of the cardholder’s country.
© 2008 - 2012 ALIGNET. All Rights reserved.
This document is confidential. The contents and concepts developed in the document cannot be used by natural or legal entities to whom this information has not been sent explicitly to.
billingPhone
shippingAddress
ALPHANUMERIC
shippingZIP
shippingCity
shippingState
shippingCountry
shippingPhone
shippingFirstName
shippingLastName
HTTPSessionId
ALPHANUMERIC
additionalObservations
terminalCode
reserved1
.
.
.
reserved40
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
ALPHANUMERIC
15
50
Cardholder’s telephone number.
Delivery address of the cardholder’s order.
10
50
15
2
15
30
50
30
Shipping zip code.
Name of the shipping city.
Name of the state/region or department of shipment.
Name of the shipping country.
Shipping phone number.
Name of the person who will receive the products.
Last name of the person who will receive the products.
HTTP session, only in the case when the merchant
requires it.
Additional observations of the purchase.
Purchase terminal code.
Additional fields not reviewed by the VPOS (2)
50
12
30
(1) Fields required by VPOS
(2) What is sent in these fields will be returned with a response
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 1
Security Parameters necessary for the Plug-in
As well as the values or given fields, the values or necessary fields
will have to be entered in the plug-in in order to encode the
message XMLREQ and the same goes for the digital signature
creation of the same message. These values are described as
follows:
Field
Initialization
Vector
Plug-in Field
VectorInicializacion
(Initialization Vector)
Private
LlavePrivadaFirmaRSA
Signature Key (PrivateSignatureKeyRS
A)
Public
Encoded Key
LlavePublicaCifradoRSA
(PublicEncodedKeyRSA)
Observations
Necessary value to encode the
XMLREQ message. This value is to be
generated at the time of the
merchant’s registry to V-POS.
Private key of the merchant with which
the digital signature will be created of
the XMLREQ message. This private key
is created and stored by the merchant.
Public key with which the message
XMLREQ will be encoded. This public
key is created by ALIGNET and must
be stored by the merchant.
© 2008 - 2012 ALIGNET. All Rights reserved.
This document is confidential. The contents and concepts developed in the document cannot be used by natural or
legal entities to whom this information has not been sent explicitly to.
3.4. Payment Response
Receipt Parameters
The payment response that V-POS will be sent to the merchant and
will be made up of the following fields:
Field
IDACQUIRER
IDCOMMERCE
XMLRES
DIGITALSIGN
SESSIONKEY
Description
Buyer’s fixed identification with which V-POS will
be able to identify the buying entity of the
merchant. This value will be created by ALIGNET
during the Buyer’s configuration.
Identification of the merchant or virtual store that
will allow V-POS to recognize the merchant that is
sending a payment request. This value is created
by ALIGNET during the merchant’s configuration.
This is the payment response that contains the
authorization result data.
This is the digital signature of the XMLRES
message and it also insures the authenticity of
the issuer and recipient as well as the integrity of
the information. This digital signature is created
by V-POS.
This is the session key with which the XMLRES
message will be deciphered.
In order to receive a payment response from V-POS it is necessary
that the merchant implement a dynamic page where the values of
the parameters will be extracted as shown in the previous table.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 1
Response parameters obtained from the Plug-in
The XMLRES will return the same fields sent in the XMLREQ which were sent when the purchase commenced and will also
add the following fields:
Plug-in Field
Type
authorizationResult
NUMERIC
authorizationCode
ALPHANUMERIC
errorCode
ALPHANUMERIC
errorMessage
ALPHANUMERIC
Maximum
Width
2
4
Observations
This field contains the authorization result. There are three
possible values sent through V-POS:
00, indicates the transaction has been authorized,
01, indicates the transaction has been denied in the Issuing
Bank, and
05, indicates the transaction has been rejected by VPOS, when
the transaction is cancelled, not sent to the authorization
process for pre authorization rules application or reversed for
post authorization rules application.
IMPORTANT NOTE: The merchant will show the result
messages to the cardholder according to the following three
codes. For example:
“Authorized Operation”.
“Denied Operation”.
“Rejected Operation” (1)
When the transaction has been authorized, this field will
contain the transaction authorization code. (1)
When the transaction has been denied or rejected this field will
contain the respective error code that will indicate the rejected
amount. The list of codes can increase or decrease according to
the improvements carried out in THE V-Payment and/or new
specifications of the brand.
IMPORTANT NOTE: The cardholder must not see this
response code.
This field contains the description of the error code in case a
rejection has occurred.
IMPORTANT NOTE: The cardholder must not see this error
© 2008 - 2012 ALIGNET. All Rights reserved.
This document is confidential. The contents and concepts developed in the document cannot be used by natural or legal entities to whom this information has not been sent explicitly to.
message. The Buyer must coordinate with the merchant so that
a group of messages be shown.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 1
Besides these fields, the payment response or XMLRES, contains all
the sent fields to V-POS that were entered in the XMLREQ of the
payment request and will be recuperated using the security
component (plug-in).
Necessary parameters in order to obtain the XMLRES data
In order to decipher the XMLRES message, the necessary values or
cryptographic fields will have to be configured in the plug-in, as
well as the digital signature confirmation of the same message.
These values are described as follows:
Field
Initialization
Vector
Public Key
Signature
Private Encoded
Key
Plug-in Field
VectorInicializacion
(Initialization
Vector)
Observations
Necessary value to decipher the
XMLRES message. This value is
created
when
the
merchant
registers in V-POS.
LlavePublicaVerificac This is the V-POS public key with
ionFirma
which the validity of the digital
(SignatureVerificatio signature of the XMLRES message
nPublicKey)
will be confirmed. This key is
generated by V-POS and stored by
the merchant.
LlavePrivadaCifrado This is the private key with which
(PrivatedEncodedKe the XMLRES will be deciphered.
y)
This key is generated and stored
by the merchant.
© 2008 - 2012 ALIGNET. All Rights reserved.
This document is confidential. The contents and concepts developed in the document cannot be used by natural or
legal entities to whom this information has not been sent explicitly to.
4. Integration with the Plug-in
The merchant will receive the Security Component (plug-in) that
will be connected to a Web solution in order for it to be activated at
the time of the final purchase request (normally when clicking on
the “Shop” button).
The Security Component (plug-in) is available for the following
programming languages:
•
•
•
Plug-in .Net (C#)
Plug-in .Java
Plug-in .PHP
A plug-in will be given according to the merchant’s platform. For
more details regarding the integration see the corresponding
Appendix of the required programming language.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 1
5. Frequently Asked Questions
What languages does the Security Component (plug-in) support?
Right now the plug-in has a version for each of the following
languages: : Microsoft .Net (C#), Java and PHP. According to
the merchant’s Website platform, a corresponding version will
be sent.
The document says that merchants must generate encrypted keys
and digital signatures. How will the generation of said items occur?
Besides the Security Component (plug-in) an application will be
given for the merchant’s platform through which said keys will
be generated.
The document says that we should exchange encrypted keys and
digital signatures. How will the exchange take place?
The key exchange will be carried out through a safe channel
between the merchant and ALIGNET. One of the possibilities to
carry out the exchange of the keys is to request the safe e-mail
address of your supplier.
Is there a merchant shopping cart that can be integrated to the
plug-in?
No. There are various Websites that offer shopping carts or
Websites for merchants, but in order to carry out the
integration the support of a programmer is necessary or a
developer so that he can integrate into the merchant’s platform
the plug-in code.
If the merchant supports the English language, why does the entry
page of the Verified by Visa/MasterCard Secure Code appear in
Spanish?
The entry page of the Verified by Visa/MasterCard Secure Code
password is a page that belongs to the credit card Issuer and
does not belong to the Buyer nor the Merchant. The language of
the page will be the one the Issuer has decided to configure for
its cardholders.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 2
6. Additional Data
The specified keys in every form differs according to the
environment where the merchant is integrated, so the URLs of
VPOS.
Here is listed the URLs:
-TESTING URL VPOS:
https://test2.alignetsac.com/VPOS/MM/transactionStart20.do
-PRODUCTION URL VPOS:
https://vpayment.verifika.com/VPOS/MM/transactionStart20.do
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 3
• Appendix 1: Integration with the Plug-in for .Net C#
Installation of the Plug-in C#
The merchant will be given a dll VERIFIK_PROTOCOL.dll that will
have to be connected to their web solution; next we will present
the steps in the plug-in integration:
2.Examinar
2. Browse
1.Click
1. Right derecho
click: Add :
Agregar
referencia
Reference
3. 3. Choose
Escoger
VERIFIK_PROTOC
VPOS20_PLUGIN.
OL.dll
y Abrir
dll and
Open
o
o
Reference to the plug-in in l a References folder of the Web
application
In
the
Add
Reference
window
search
for
the
VPOS20_PLUGIN.dll component
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 4
Using the Plug-in C# to send information to V-POS
Keys to send information:
Testing:
ALIGNET.TESTING.NOPHP.CRYPTO.PUBLIC.txt
Signature private key of the merchant
Producción:
ALIGNET.PRODUCCION.NOPHP.CRYPTO.PUBLIC.txt
Signature private key of the merchant
Next we will show an example of the plug-in using C#:
//Asemblies adicionales a usar
using System.IO;
using VERIFIK_PROTOCOL;
//Instanciando e inicializando
VPOSBean oVPOSBean = new VPOSBean();
oVPOSBean.acquirerId = "2";
oVPOSBean.commerceId = "359";
oVPOSBean.purchaseCurrencyCode = "840";
oVPOSBean.purchaseAmount = "10000";
oVPOSBean.purchaseOperationNumber = "40";
oVPOSBean.language = "EN";
StreamReader
srVPOSLlaveCifradoPublica
=
new
StreamReader("D:/LLAVE.VPOS.CRYPTO.1024.txt");
StreamReader
srComercioLlaveFirmaPrivada
=
new
StreamReader("D:/LlaveFirmaComercioPrivada.txt");
VPOSSend
oVPOSSend
=
new
VPOSSend(srVPOSLlaveCifradoPublica,
srComercioLlaveFirmaPrivada, "0000000000000000");
oVPOSSend.execute(ref oVPOSBean);
//Recuperando datos cifrados
String sCipheredSessionKey = oVPOSBean.cipheredSessionKey;
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 5
String sCipheredXML = oVPOSBean.cipheredXML;
String sCipheredSignature = oVPOSBean.cipheredSignature;
Using the Plug-in C# to receive information from the V-POS
Keys to receive information:
Testing:
ALIGNET.TESTING.NOPHP.SIGNATURE.PUBLIC.txt
Private encryption key of the merchant
Production:
ALIGNET.PRODUCCION.NOPHP.SIGNATURE.PUBLIC.txt
Private encryption key of the merchant
Next we will show an example of the code implemented in the C#
in order to decipher the data and the verification of the digital
signature:
using System.IO;
using System.Collections.Specialized;
using VERIFIK_PROTOCOL;
NameValueCollection coll = new NameValueCollection();
coll = Request.Params;
String sIDACQUIRER = coll.Get("IDACQUIRER");
String sIDCOMMERCE = coll.Get("IDCOMMERCE");
String sXMLRES = coll.Get("XMLRES");
String sSESSIONKEY = coll.Get("SESSIONKEY");
String sDIGITALSIGN = coll.Get("DIGITALSIGN");
VPOSBean oVPOSBean = new VPOSBean();
oVPOSBean.cipheredXML = sXMLRES;
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 6
oVPOSBean.cipheredSessionKey = sSESSIONKEY;
oVPOSBean.cipheredSignature = sDIGITALSIGN;
StreamReader
srVPOSLlaveFirmaPublica
=
new
StreamReader("D:/LLAVE.VPOS.FIRMA.1024.txt");
StreamReader
srComercioLlaveCifradoPrivada
=
new
StreamReader("D:/LlaveCifradoComercioPrivada.txt");
VPOSReceive oVPOSReceive = new VPOSReceive(srVPOSLlaveFirmaPublica,
srComercioLlaveCifradoPrivada, "0000000000000000");
oVPOSReceive.execute(ref oVPOSBean);
if ( oVPOSBean.validSign == true )
{
//El descifrado fue correcto y la firma digital es correcta
//Luego
evaluar
oVPOSBean.authorizationResult
para
saber
si
la
transacción fue aceptada o denegada
}
Key Generation in C#
In order to generate keys the following application is used:
KeyGeneratorVerifika.exe, to execute it, it needs to be installed in
the .net Framework of a PC with Windows 98, XP, 2000, etc. and
the VERIFIK_PROTOCOL.dl library must be placed in the same
folder as the one where the exe file will executed from.
1. Execute the KeyGeneratorVerifika.exe
Generate Keys button.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
file
and
press
the
Page 7
PRIVATE KEY
PUBLIC KEY
Generate
Keys
PRIVATE KEY
PUBLIC KEY
2. Once the keys are generated save the private keys in a secure
device and the public keys will be sent through a secure
environment.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 8
7. Appendix 2: Integration with the Plug-in and Key
Generator on Java
7.1. Java Plugin setup
The merchant will receive a .jar file that must be installed in its
web project. Next, it is presented the steps for the Java plugin
integration with the merchant:
•
•
In case the application is a stand alone, configure in the
classpath variable, the plugin-vpos-1.2.jar library
In case the application is a Web project, include in the folder
library WEB-INF\lib the file plugin-vpos-1.2.jar
7.2. Plugin de Java 2.0.1 Components
• VPOS Data bean (com.alignet.bean.VPOS20Bean), which
contains the data to be sent to VPOS and data to be received
from VPOS.
7.3. Using Java Plug-in to send information to VPOS
Keys for sending information:
Testing:
ALIGNET.TESTING.NOPHP.CRYPTO.PUBLIC.txt
Private signature key of the merchant
Production:
ALIGNET.PRODUCCION.NOPHP.CRYPTO.PUBLIC.txt
Private signature key of the merchant
Next, it is presented Java code for sending information to VPOS:
// referencing the componen
import com.alignet.bean.*;
import com.alignet.exception.*;
import com.alignet.plugin.*;
//Create an instance of VPOSBean class of the package com.alignet.bean
VPOS20Bean bean = new VPOS20Bean();
//Set parametersinside the Plugin object properties
try
{
bean.setAcquirerId (“34”);
bean.setCommerceId (“588425”);
bean.setPurchaseAmount (“15000”);
bean.setPurchaseCurrencyCode (“840”);
bean.setPurchaseOperationNumber (“5646554”);
// Set the other parameters.
}
catch(InvalidVPOSParameterException e)
{
//errors setting mandatory data
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 9
e.printStackTrace();
}
// set optional fields, if it is necessary
// set reserved fields, if its necessary
bean.setReserved1(“5646554”);
// set the plugin with encryption values
try
{
//instance Send class, with parameters the public
//encryption key, privada signature key and
//initialization vector
Send20 send= new Send20(
new FileReader("c:\\LLAVE.VPOS.CRYPTO.1024.txt"),
new FileReader("c:\\LlavePruebaFirmaComercioPriv.txt"),
"0000000000000000");
//encrypt
send.execute(bean);
}
catch(PlugInVPOSException e)
{
//handle encryption errors
e.printStackTrace();
}
catch(FileNotFoundException e)
{
//handle reading the keys errors
e.printStackTrace();
}
//get encrypted values to set them in the sending form to VPOS
bean.getCipheredSessionKey ();
bean.getCipheredXML ();
bean.getCipheredSignature ();
To get the SESSIONKEY, XMLREQ y DIGITALSIGN fields that must
be set in the payment request form, first, it must be requestd the
execute method of the plug-in object:
send.execute(bean);
For the SESSIONKEY field that must be set in the payment request
form, first, the following method must be called:
String SESSIONKEY = bean.getCipheredSessionKey();
For the XMLREQ field that must be set in the payment request
form, first, the following method must be called:
String XMLREQ = bean.getCipheredXML();
For the DIGITALSIGN field that must be set in the payment request
form, first, the following method must be called:
String DIGITALSIGN = bean.getCipheredSignature();
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 10
The XMLREQ, SESSIONKEY y DIGITALSIGN values must
captured in the form (page 13).
be
7.4. Using Java Plug-in Java to receive information from V-POS
Keys to receive information:
Testing:
ALIGNET.TESTING.NOPHP.SIGNATURE.PUBLIC.txt
Private encryption key of the merchant
Producción:
ALIGNET.PRODUCCION.NOPHP.SIGNATURE.PUBLIC.txt
Private encryption key of the merchant
Next it is presented a Java code sample for data and digital
signature verification:
//Reference the component
import com.alignet.bean.*;
import com.alignet.exception.*;
import com.alignet.plugin.*;
//Create an instance of VPOSBean class com.alignet.bean package
VPOSBean bean = new VPOSBean();
//Set the parameters in Plugin object properties:
try
{
bean.setCipheredSessionKey (llaveSessionCifrada);
bean.setCipheredXML(xmlreq);
bean.setCipheredSignature(firma);
}
catch(InvalidVPOSParameterException e)
{
//handle parameters setting errors
e.printStackTrace();
}
//Invoke the execute method, which decrypts the xml
try
{
Receive receive= new Receive(
new FileReader("c:\\LLAVE.VPOS.FIRMA.1024.txt"),
new FileReader("c:\\LlavePruebaCifradoComercioPriv.txt"),
"0000000000000000");
receive.execute(vPOSBean);
}
catch(PlugInVPOSException e)
{
//handle decryption errors
e.printStackTrace();
}
catch(FileNotFoundException e)
{
//handle key reading errors
//if the signature is invalid, the exception is thrown
e.printStackTrace();
}
//Verifying the digital signature, that allowed data interity verification
bolean esFirmaValida = vPOSBean.isValidSign();
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 11
Next, it is presented a Java sample code to get the data using the
plug-in:
//Set decryptedvalues to variables
//In case the transaction is approved
String codigoAutorizacion = bean.getAuthorizationCode ();
//In case the transaction is denied
String codigoError = bean.getErrorCode();
String mensajeError = bean.getErrorMessage();
//Extracting other data
String variable1 = bean.getAcquirerId();
String variable2 = bean.getCommerceId();
...
String variable17 = bean.getReserved1();
7.5. Key generation in Java
To execute the Java key generator, it is required a JDK installation
and invoke the next command:
java –jar
keygeneratorverifika.jar
To generate the keys, press GenerarLlaves
When the keys are generated, with copy and paste functions, save
the private keys in an electronic device and secure it physically, or
in a secure device. The public keys must be sent through a secure
way for the VPOS integration.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 12
It is important to mention, that the keys are critic and while the
keys are very secured, it will be preserved the security of all the
system for processing transactions of the merchant.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 13
8. Appendix 3: Integration with the Plug-in for PHP 5
on Linux
Principal Requirements:
To use the PHP component on Linux is necessary have installed the
following libraries
PHP5 installed with functionalities --with-openssl and --with-expatdir (from 4.0.5)
• OpenSSL 0.9.7 en herinafter
• Library libmcrypt intalled
Checking to see if PHP libraries have been installed properly
Should generate a page containing the following PHP sentence
phpinfo();
Which generates a page like this:
See highlighted words to note that PHP now has the characteristics
required
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 14
Now, we have to look if PHP have the necessary modules installed,
for this we have to search if the following libraries exists in the
Information PHP page
•
•
•
MCRYPT
OPENSSL
XML
This way we can note that PHP is ready to used the compiled PHP
script
Instalación del Plug-in en PHP5
Download the Zend Optimizer (check this Zend Oprtimizer is
correct for the PHP version) according with the platform
(Windows, Linux, BSD, others)
URL download Zend Optimizer (choose version 3.0.2):
http://www.zend.com/free_download/optimizer
•
•
Extract the downloaded Zend Optimizer file, if the machine
architecture is i386, you have to used the following
command:
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 15
tar –zxvf ZendOptimizer-3.0.2-linux-glibc21-xxx.tar.gz
Where xxx means the machine architecture (i386 o x86_64)
•
It creates a directory called ZendOptimizer-2.6.2-linuxglibc21-i386 so we have to enter to the directory newly
created
cd ZendOptimizer-3.0.2-linux-glibc21-xxx
•
As user root is necessary install Zend Optmizer using this
command:
./install
•
It shows an screen indicating how to install the Zend
Optimizer, follow the next steps just like shows in the
screens below
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 16
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 17
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 18
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 19
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 20
•
•
At the end everything correctly Zend optimizar has been
installed, so
Al finalizar todo correctamente ya ha sido instalado el Zend
Optimizer so you can execute ofuscadas pages.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 21
Using Plug-in en PHP to send information to the VPOS
To use Plug-In it’s necessary to do the following indications:
1. Should create an entry array with all the fields that will be
send to the Plug-In.
2. The Plug-in returns an array with all the fields encrypted
and encoded ready to be send to the VPOS
a. XMLREQ
b. SESSIONKEY
c. DIGITALSIGN
3. The pages have to include the vpos_plugin.php file in the
code using the following PHP sentence:
<?php include("vpos_plugin.php");?>
Next, it will show an example about the use of the plug-in using
PHP:
array_send is the array that contains the parameters to be send to
the VPOS Plug-In
array_get is the array that contains the returns parameters of the
Plug-In to be send to the VPOS
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 22
//arraySend is the array that contents the parameter given by
the plug in ready to sent them to VPOS
//Every parameter are places in a string array
//which index field is the name of the parameter
$array_send['acquirerId']=$CodigoAdquirente;
$array_send['commerceId']=$CodigoComercio;
$array_send['purchaseAmount ']=$Monto;
$array_send['purchaseCurrencyCode']=$CodigoMoneda;
$array_send['purchaseOperationNumber']=$CodigoOperacion;
$array_send['billingAddress']=$direccionCobranza;
$array_send['billingCity']=$ciudadCobranza;
$array_send['billingState']=$estadoCobranza;
$array_send['billingCountry']=$paisCobranza;
$array_send['billingZIP']=$codigoPostalCobranza;
$array_send['billingPhone']=$telefonoCobranza;
$array_send['billingEMail']=$correoElectronicoCobranza;
$array_send['billingFirstName']=$primerNombreTarjetaH;
$array_send['billingLastName']=$ segundoNombreTarjetaH;
$array_send['language']=’SP’; //in Spanish
//Set a string array with the parameters that will be given
by the plugin
$array_get['XMLREQ']="";
$array_get['DIGITALSIGN']="";
$array_get['SESSIONKEY']="";
The keys can be write in the code:
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 23
//Example of a hard code key
//Notice that \n are placed athe the end of the lines, are
line jump hended for the PEM format
$llavePub
=
"-----BEGIN
PUBLIC
KEY-----\n".
"MIGJAoGBAKkJKIAJgm8/zA10FIpGUMAF6WTuTTKd1nqFHUokyXCNYn1oZAz6
vVqy\n".
"BfJjWxL0o8r8ooBKQ/jKIVm4mFtVgQ5EamzYQFxsmU1dFfuBZdm7o3eId7xh
mSnD\n".
"ZNiwGv7xmTybY4QH7VMqPAgaeKN9cPAnN1+F2Jzw/WVWtD7E7xXhAgMBAAE=
\n".
"-----END RSA PUBLIC KEY-----";
The keys can be read it from a flat text existing in the S.O, too.
//Initialization Vector
$vector = "0000000000000000";
//Example of a key that is read from a plain text file
$llavePriv = "file://camino_archivo_completo";
To execute the component, is necessary invocated the function
VPOSSend with all the fields to send, the exit parameters of the
function , the SESSIONKEY, el DIGITALSIGN y el XMLREQ will be
returned in the exit array, in this case the array_get
VPOSSend($array_send,$array_get,$llaveVPOSCryptoPub,$llaveComercioFirma
Priv,$VI);
Read the values incide of the array $array_get and send them by a
form to the VPOS.
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 24
<INPUT
TYPE="hidden"
NAME="IDACQUIRER"
$CodigoAdquirente; ?>">
<INPUT
TYPE="hidden"
NAME="IDCOMMERCE"
$CodigoComercio; ?>">
<INPUT
TYPE="hidden"
NAME="XMLREQ"
$array_get['XMLREQ'];?>">
<INPUT
TYPE="hidden"
NAME="DIGITALSIGN"
$array_get['DIGITALSIGN'];?>">
<INPUT
TYPE="hidden"
NAME="SESSIONKEY"
$array_get['SESSIONKEY'];?>">
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
value="<?php
echo
value="<?php
echo
value="<?php
echo
value="<?php
echo
value="<?php
echo
Page 25
Using Plug-in on PHP to receive information from the V-POS
An example of the code already implemented in PHP for deciphered
information and the check of the digital sign:
$vector = "0000000000000000";
$llavePriv
=
“file:///var/llaves/LlavePruebaCifradoComercioPriv.txt”;
$llavePriv = "file:/// var/llaves/LLAVE.VPOS.FIRMA.1024.txt";
Must be prepared the data to be enter in the function
VPOSResponse, the end of the function is true or false which
indicates if the send values of the VPOS has been deciphered and
validated correctly
if(VPOSResponse($arrayIn,$arrayOut,$llavePublicaFirma,$llavePriv
adaCifrado,$VI)){
//The output is in $arrayOut eith every deciphered parameter
parámetros given by VPOS
$ resultadoAutorizacion = $arrayOut['authorizationResult'];
$codigoAutorizacion = $arrayOut['authorizationCode'];
...
}else{
//It could be a problem of keys or vector misconfiguration
//or el VPOS has not sent correct values.
}
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 26
Key Generation
To generate the keys must use OpenSSL by command lines
Befote start the generation of the keys is preferable keep the
standars about the generation of keys, the standar is the follow:
GENERADORA.USO.TIPO.pem
Where:
GENERADORA:is the entity which generated the keys. For example
if the commerce name is “Panaderia Miga” then, could be MIGA
USO: Couldbe two values(CRYPTO or SIGNATURE) depending if the
keys works in the digital sign or in the asimetric ciphered of values.
TIPO:Indicates the key type (PUBLIC or PRIVATE)
Now Hill be indicate the steps to generate each key:
1.- First generated the Private Key by this line
openssl genrsa –out MIGA.CIFRADO.PRIVADA.pem 1024
This generate a private key of 1024 bits in the file
MIGA.CIFRADO.PRIVADA.pem
2.- Now from the private key has to extract the public key
openssl rsa –in MIGA.CIFRADO.PRIVADA.pem –out
MIGA.CIFRADO.PUBLICA.pem –pubout
This
colocate
the
public
MIGA.CIFRADO.PUBLICA.pem
key
in
the
file
3.- Repeat the same process to the other pair of keys
4.- Send to your Acquirer the public keys like this:
MIGA.CIFRADO.PUBLICA.pem
MIGA.FIRMA.PUBLICA.pem
5.- The initialization Vector value could be generate from an
random form, here are the conditions for the Vector:
a. Have to have a 16 characters maximum of length.
b. Only have to contain numbers or letter from A to F
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 27
9. Error code list given by VPOS
authorizationResult
00
01
01
01
01
01
01
01
errorCode
00
01
02
03
04
05
06
07
01
00
01
01
01
01
01
01
01
10
11
12
13
14
15
19
21
25
01
01
01
01
01
01
01
01
01
01
01
28
41
43
51
52
53
54
55
57
58
61
01
01
01
01
01
62
63
65
75
76
01
77
01
80
01
81
01
01
82
83
errorMessage
Successful approval/completion
Refer to card issuer
Refer to card issuer, special condition
Invalid merchant/service provider
Pickup card
Do not honor
Error
Pick up card, special condition (other than
lost/stolen card)
Partial approval
VIP approval
Invalid transaction
Invalid amount
Invalid account number (no such number)
No such issuer
Re-enter transaction
No action taken
Unable to locate record in file, or account number is
missing from the inquiry
File is temporarily unavailable
Pickup card (lost card)
Pickup card (stolen card)
Not sufficient funds
No checking account
No saving account
Expired card
Incorrect PIN
Transaction not permitted to cardholder
Transaction not allowed at terminal
Exceeds withdrawal amount limit (activity amount
limit exceeded)
Restricted card
Security violation
Activity count limit exceeded
Allowable number of PIN-entry tries exceeded
Unable to locate previous message (no match on
Retrieval Reference number)
Previous message located for a repeat or reversal,
but repeat or reversal data are inconsistent with
original message
Invalid date (For use in private label card
transactions and check acceptance transactions)
PIN or CVV cryptographic error found (Used by VIC
for error condition found by security module during
PIN decryptation/CVV processing
Incorrect CVV
Unable to verify PIN
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 28
01
85
01
91
01
01
01
92
93
96
01
01
01
01
01
01
01
01
01
01
01
01
01
01
05
05
05
05
01
01
01
05
05
01
05
05
05
05
05
05
N0
N3
N4
N7
P2
P5
P6
R0
R1
R3
Z3
XA
XD
Q1
1001
1002
1003
1004
1101
1102
1103
1104
1107
1114
1115
1117
2003
2100
2101
2102
05
05
05
05
05
05
05
2200
2201
2202
2300
2301
2302
2303
05
05
05
05
2305
2306
2307
2308
No reason to decline a request for account number
verification or address verification, or CVV2
verification
Issuer or switch inoperative (stand-in not applicable
or available for this transaction)
Destination cannot be found for routing
Transaction cannot be completed; violation of law
System malfunction/System malfunction or certain
field error conditions
Force STIP
Cash service not available
Cash request exceeds issuer limit
Decline for CVV2 failure
Invalid biller information
PIN Change/Unblock request declined
Unsafe PIN
Stop Payment Order
Revocation of Authorization Order
Revocation of All Authorizations Order
Unable to go online; declined
Forward to issuer
Forward to issuer
Card Authentication failed
Invalid Data sent by Commerce
Invalid Currency for Commerce
Invalid Commerce Code
Duplicated order number
Communication Problem
Processing Problem
Communication Problem
Invalid Data
Invalid VCI
Card Number does not belong to selected brand
Reverse rejected
Automatic reverse approved
Action code doesn't exist
Implementor Class not existent
Default Plan Quotas inexistent
Existing BIN for the acquirer but does not have Plan
Quotas assigned
Acquirer must need more data sent in the Plug-In
Plan Quotas not sent by Commerce
Duplicated order number
User Cancelled in PASS 1
User Cancelled in PASS 2
User Cancelled in PASS 3
CodigoOperacion Field must not be greater than 12
characters
Commerce is not active
Acquirer is not active
Transaction has been processed
Card Brand is not correct
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 29
05
05
05
05
05
05
05
2309
2310
2311
2312
2313
2314
2315
05
2316
05
2317
05
2318
05
2319
05
2320
05
2400
05
05
05
2401
2402
2403
05
2404
05
05
05
2405
2406
2407
05
05
05
05
05
05
2410
2411
2412
2413
2414
2415
05
05
2500
2501
05
05
05
3001
3002
3003
Card Number is not correct
Card Expiry Date is not correct
Card Security Code is not correct
Card Number is not present and is required
Commerce not well configured
Acquirer not well configured
Will not go to authorization due to Pre-Authorization
Rules
Transaction has been authorized but PostAuthentication Rules refused it
Transaction has been authorized but has been
reversed by Post-Authentication Rules
PurchaseOperationNumber is greater than 8
characters (Maximum for Associated Commerce)
PurchaseOperationNumber is greater than 12
characters
Commerce has not been authorized to send PAN
number
Transaction is rejected and will not be authorized
due to pre-authorization rules
Pre Authentication rules not approved
Post Authentication rules not approved
Maximum Monthly accumulated amount has been
reached
Maximum Daily accumulated amount has been
reached
Maximum Daily order number has been reached
Maximum Monthly order number has been reached
Transaction is rejected and will not be authorized
due to post-authorization rules
Mall cannot start transactions
Shipper is needed but not found
Shipping amount is not valid
Purchase amount is not valid
Associated Commerce amount is not valid
Purchase Amount and Associated Commerce
amount are not valid
Invalid amount format
Entered data is too large, please check and try
again
Rejected by Ecommerce rule
Rejected by Ecommerce rule Error
Rejected by Ecommerce rule Comm. Error
Merchant Integration Guide
Virtual POS (V-POS)
ALIGNET Merchant Solution [Confidential – ALIGNET]
Page 30
Related documents
University of North Carolina Wilmington Credit Card Acceptance Questionnaire
University of North Carolina Wilmington Credit Card Acceptance Questionnaire
Download