PHP API for AVS Option as Mandatory

Hi,

We have business requirement

1. Validate/Verify customer address,zipcode (AVS) information from bank before we lock fund in Pre-authorization. 

2. If we get positive response from step 1 then we need to send another request with Customer's CVD & AVS to lock fund for transaction. 

I gone through some PHP API like Pre-Authorization with CVD & AVS but here AVS is optional. It is not mandatory to send AVS information in single request to Moneris payment server. 

Our current process following this PHP API but problem is AVS is mandatory in our software (But it is optional from Moneris side). We are sending CVD & AVS information with Pre-authorization and Moneris approve this transaction and hold the fund but it is failed in our side because we were unable to validate customer's AVS at our end.

Do Moneris has PHP API which will able to achieve our business requirement ? Any API which validate customer AVS information before holding fund ?

 

I appreciate your support 

 

Thanks!!

Baljeet Singh

 

 

 

 

 

  • Hi,

    you can either do a Card Verification with AVS and CVD, and based on CVD / AVS results do a preauth (make sure to pass CVD again in preauth for compliance reasons). Or just do a preauth, and if not satisfied with CVD / AVS, reverse the preauth and throw error to your customer.

    The advantage of the first is that no auth is taken in the event that you are not satisfied with the AVS results. Just keep in mind that the Card Verification is not supported for all card types (e.g. like Amex).
  • In reply to RR_Moneris:

    Hi Renuad,

    Thanks for your reply. I did not find AVS, CVD template variables in Card Verification for PHP API. Here is the url

    developer.moneris.com/.../Card Verification

    I have also downloaded PHP API for" eCommerce-Unified-API-PHP-master" zip file. It contains different examples and in card verification it includes $enc_track2 & $device_type variable. I could not understand what are their types and what kind of data they store. Here is the example

    $enc_track2='02840085000000000416570F44857F2F7867342C66F7CDB57128A48F6E8DD8AD30AC1A6C727B5C400DC3AC8169BF2398B6C664FD3BE40431383131FFFF3141594047A00093031D03';
    $device_type='idtech_bdk';

    Are these variables optional ? What API I should use for Card Verification either from the url I provided above or examples I downloaded for eCommerce-Unified-API-PHP-master zip file ?

    Thanks!!
    Baljeet Singh
  • In reply to Baljeet:

    Looks like the PHP example doesn't include the CVD / AVS objects... just check the objects under the Card Verification with Vault, it will be the same when not using the vault.

    Enc_track2 is for one of our Mag readers... its not related to Card Not Present.
  • In reply to RR_Moneris:

    Hi Renaud,

    I tried using Card verification with Vault and CVD & AVS. I skipped Vault information and filled all other object values like CVD, AVS details as

    $avs_street_number = '';
    $avs_street_name = 'bloor st';
    $avs_zipcode = '111111';


    Here is the transaction array

    $txnArray=array('type'=>'card_verification',
    'order_id'=>$order_id,
    'cust_id'=>$cust_id,
    'pan'=>$pan,
    'expdate'=>$expdate,
    'crypt_type'=>$crypt_type
    );

    Here is the result I got

    DataKey = ReceiptId = CAN-VERIF-160818151432 ReferenceNum = 660148420017830460 ResponseCode = 027 ISO = 01 AuthCode = 000000 Message = APPROVED * = TransDate = 2018-08-16 TransTime = 15:14:32 TransType = 06 Complete = true TransAmount = 0.00 CardType = V TxnNumber = 323045-0_11 TimedOut = false CVDResponse = 1M AVSResponse = null ResSuccess = PaymentType = Cust ID = Phone = Email = Note = Masked Pan = Exp Date = Crypt Type = Avs Street Number = Avs Street Name = Avs Zipcode =

    Response did not return AVS information and even did not validate AVS. It seems "card_verification" API just validate the CVD but not validating AVS. How we can validate AVS with card validation API.

    Thanks!!
    Baljeet
  • In reply to Baljeet:

    If you are building something new ideally you should be using our unified APIs. As the unified APIs offer support for some of the new mandates coming like Credentials On File...

    But in regards to code above are you doing the setAvsInfo and setCvdInfo with your transaction object?

    Also AVS / CVD responses for card verification are simulated based on the card. You can refer to the card verification tables here: developer.moneris.com/.../E-Fraud Simulator
  • In reply to RR_Moneris:

    I am confused here. Please answer the following

    1. As you mentioned , these are results are simulated/fake based on card. Is it good to go with current card verification method with AVS, CVD object array only ?

    2. Do we need to use "card verification" method defined in "Unified API Guide - PHP V1.2.1" with Credentials on file object ?

    If yes , what is Issue ID ? Is it any random or unique number which identify cardholder stored credentials ?

    Please suggest which is the best method we should use in order to meet our business objective (Validate Customer with AVS & CVD before lock fund)

    Thanks!!
    Baljeet Singh
  • In reply to Baljeet:

    So we recommend you use the unified API, and not the old APIs.

    The Credentials On File requirement only applies if you are storing cards (using our vault service or other storage service). Are you storing cards?
  • In reply to RR_Moneris:

    Here is requirement.

    Customer need to pay only once via our website (moneris payment gateway). We are not storing customer cards either in our database or in API. What are the unified API ?

    Is it Basic Transaction (Purchase, Pre-authentication, refund etc.) set defined in Unified PHP API guide in PDF file ?

    Please provide me more detail information about unified api so that we can figure out the best solution.

    Thanks!!
    Baljeet Singh
  • In reply to Baljeet:

    Since you are not storing cards, Credentials On File (COF) doesn't apply to you.

    The Unified API is just an updated version of the original API: github.com/.../eCommerce-Unified-API-PHP
  • In reply to RR_Moneris:

    Hi Renaud,

    Now I am using updated Unified API PHP version but still I am not able to figure out whether is it valid AVS or not.

    Here is my payment page url

    https://canoncanada--tst.custhelp.com/cgi-bin/canoncanada.cfg/php/custom/cardverification.php

    I am using the following credentials on this page

    Card Number - 4242424242424242 , Exp Date - 2410, CVV = 198 , Total Charge = $5.00, Street # = 201, Street Name = Michigan Ave, Postal Code = M1M1M1

     

     

    Here is the response I am getting

     

    CardType = V TransAmount = 0.00 TxnNumber = 333268-0_11 ReceiptId = CAN-ORDER-210818172049 TransType = 06 ReferenceNum = 660148420019350470 ResponseCode = 027 ISO = 01 Message = APPROVED * = IsVisaDebit = false AuthCode = 000000 Complete = true TransDate = 2018-08-21 TransTime = 17:20:49 Ticket = null TimedOut = false IssuerId =

    Here I am not getting AVS or CVD response from where I can verified this is valid address for this card. As I have told you, we have requirement to validate customer card with their address (AVS) before we charge him. I am also not able to see TransAmount response. Currently it is 0.00. Does card validation response display amount ? Can you please check my code and figure out If I am missing something. I am attaching my PHP Code file. Please have a look and figure out solution.

     

    Thanks!!

    Baljeet Singh

     

    cardverificaiton.txt
    <?php
    require "../../mpgClasses.php";
    
    foreach($_POST as $key => $value)
    	$$key = $value;
    
    if(isset($_POST['incident_id']))
    {
    
    	
    /************************ Request Variables **********************************/
    
    $store_id='store5';
    $api_token='yesguy';
    
    /************************ Transaction Variables ******************************/
    
    $cust_id		=	'CAN1234';
    $order_id		=	'CAN-ORDER-'.date("dmyHis");
    $crypt_type		=	'7';
    $amount			=	$trans_amount;
    $pan			=	$card_number; //Credit Card Number For Testing 4242424242424242
    $expdate		=	$exp_year.$exp_month;  //Card Expiry Date in YYMM Format
    /************************ Transaction Array **********************************/
    
    $txnArray=array('type'=>'card_verification',
    			 'order_id'=>$order_id,
    			 'cust_id'=>$cust_id,
    			 'amount'=>$amount,
    			 'pan'=>$pan,
    			 'expdate'=>$expdate,
    			 'crypt_type'=>$crypt_type
    			   );
    			   
    $mpgTxn 			= new mpgTransaction($txnArray);		   
    /************************** AVS Variables *****************************/
    $avs_street_number 	= $street_number; //'201';
    $avs_street_name 	= $street_name;  //'Michigan Ave';
    $avs_zipcode 		= $postal_code;  //'M1M1M1';
    /************************** CVD Variables *****************************/
    $cvd_indicator 		= '1';
    $cvd_value 			= $secure_code;
    /********************** AVS Associative Array *************************/
    $avsTemplate 		= array(
    						'avs_street_number'=>$avs_street_number,
    						'avs_street_name' =>$avs_street_name,
    						'avs_zipcode' => $avs_zipcode
    						);
    /********************** CVD Associative Array *************************/
    $cvdTemplate 		= array(
    						'cvd_indicator' => $cvd_indicator,
    						'cvd_value' => $cvd_value
    						);
    /************************** AVS Object ********************************/
    $mpgAvsInfo 		= new mpgAvsInfo ($avsTemplate);
    $mpgTxn->setAvsInfo($mpgAvsInfo);
    /************************** CVD Object ********************************/
    $mpgCvdInfo 		= new mpgCvdInfo ($cvdTemplate);
    $mpgTxn->setCvdInfo($mpgCvdInfo);
    
    /***********************  Request Object ************************/
    $mpgRequest 		= new mpgRequest($mpgTxn);
    $mpgRequest->setProcCountryCode("CA"); //"US" for sending transaction to US environment
    $mpgRequest->setTestMode(true); //false or comment out this line for production transactions
    
    /************************ mpgHttpsPost Object ******************************/
    
    $mpgHttpPost 		=	new mpgHttpsPost($store_id,$api_token,$mpgRequest);
    
    /************************ Response Object **********************************/
    $mpgResponse		=	$mpgHttpPost->getMpgResponse();
    
    print("\nCardType = " . $mpgResponse->getCardType());
    print("\nTransAmount = " . $mpgResponse->getTransAmount());
    print("\nTxnNumber = " . $mpgResponse->getTxnNumber());
    print("\nReceiptId = " . $mpgResponse->getReceiptId());
    print("\nTransType = " . $mpgResponse->getTransType());
    print("\nReferenceNum = " . $mpgResponse->getReferenceNum());
    print("\nResponseCode = " . $mpgResponse->getResponseCode());
    print("\nISO = " . $mpgResponse->getISO());
    print("\nMessage = " . $mpgResponse->getMessage());
    print("\nIsVisaDebit = " . $mpgResponse->getIsVisaDebit());
    print("\nAuthCode = " . $mpgResponse->getAuthCode());
    print("\nComplete = " . $mpgResponse->getComplete());
    print("\nTransDate = " . $mpgResponse->getTransDate());
    print("\nTransTime = " . $mpgResponse->getTransTime());
    print("\nTicket = " . $mpgResponse->getTicket());
    print("\nTimedOut = " . $mpgResponse->getTimedOut());
    print("\nIssuerId = " . $mpgResponse->getIssuerId());
    }
    ?>

     

  • In reply to Baljeet:

    In the example you have there you are not pulling the CVD / AVS response. Eg.:
    print("\nAVSResponse = " . $mpgResponse->getAvsResultCode());
    print("\nCVDResponse = " . $mpgResponse->getCvdResultCode());

    Also as mentioned for card verification AVS results will be simulated based on the card you are passing. You can refer to the table I sent previous post.

    Card Verification is a $0 transaction. Because its just a check on the card.

    Also I'm not sure what you are building, but have you considered using our hosted tokenization solution to capture the card data? Advantage of hosted tokenization is that its customizable and it reduces PCI scope.
  • In reply to RR_Moneris:

    Thanks for your reply. Sorry I forget to pull response for AVS/CVD. I did not use hosted tokenization. how it is helpful in order to verify customer address ? Our requirement is just to validate customer's card along with their address (Street no, Street Name, Postal Code) and we are not storing their credit card information.

    If Hosted Tokenization is the solution then I would love to get more detail about it.

    Thanks!!
    Baljeet
  • In reply to Baljeet:

    Hosted Tokenization is for the card capture. So for example if card holder entering his card online, instead of entering it on your form where the card data is sent to your server, its entered on our form and we return a temp token which represents that data. After that you can do a resCardVerification, or etc. Even if you don't store card data there is still PCI involved when you capture the card data and your server is touching it.

    So weather you used Hosted Tokenization or not you can do a card verification, hosted tokenization has to do with how your capture the card details.
  • In reply to RR_Moneris:

    We need to get input on our server. Our agent is going to get customer's card detail. Agent will fill credit card information on behalf of customer. I think that would be lengthy process and our business requirement is different.

    I think card validation/verification would be good (instead of host tokenization) then would go for pre-authorization.
    What you think about this process - Validate customer card (CVD & AVS) once AVS (AVS is Mandatory) is validated then charge him/her for transaction amount.

    Card Verification (CVD & AVS) ----> Pre-Authorization ---->Payment Complete

    Would you have better idea to get this process done

    Thanks for your response. I appreciate your support.
  • In reply to Baljeet:

    Hosted Tokenization wouldn't be a replacement for Card Verification. Hosted Tokenization is just about the card capture, you can always do a card verification after. but if it doesn't suite your business model that is fine.

    So yes you can do Card Verification with CVD and AVS. If satisfied with AVS / CVD results do a preauth (make sure to pass CVD in that preauth as its now mandatory). You can then complete the payment.

    Note that currently Card Verification is not supported for all card plans (like Amex).