FXC's Gateway processes all major cards and currencies worldwide. Card data is protected against unauthorised access by TLS encryption. Additional security functions are integrated fraud prevention and risk management. Our standardized settlement files guarantee a straightforward reconciliation processes in your accounting.

Verified by Visa and MasterCard SecureCode secure your payment claim by password validation if a customer disputes the payment later. American Express SafeKey also uses the 3D-Secure technology, which means that the card holder must confirm their identity with a password.

Transaction processing can be made via FXC Gateway standard form, via customized forms, via server-to-server-connection or via batch transfer. Likewise, FXC Gateway can process transactions from stationary terminals.

Using the card form provides several advantages:

1. Merchants can bypass the costly PCI-security authorisation
2. The programming of 3DSecure with forms is much easier and quicker than via Server-to-Server connection

MasterCard SecureCode (UCAF), Verified by Visa (VbV), Diners ProtectBuy, JCB J/Secure and American Express SafeKey are authentication methods which verify the identity of the card holder before making the payment. The name 3D Secure used by technicians describes only the protocol. The correct brand names are Verified by Visa, MasterCard SecureCode, SafeKey, ProtectBuy and J/Secure.

Merchants benefit from authentication with 3D Secure because the card schemes provide a liability shift: If you are using Verified by Visa, MasterCard SecureCode, Diners ProtectBuy, JCB-Card J/Secure or American Express SafeKey, the burdon of proof and thereby generally the liability is shifted from the merchant to the card issuing bank, should the customer dispute the payment. Irrespective of whether the card holder actually uses the authentication you obtain a very high protection against payment defaults / chargebacks in case the customer states they have not authorized the card payment. Your Acquirer will be able to discuss the details of 3D Secure and the cover that it provides.

From a technical perspective 3D Secure is not a payment method but an authentication process which precedes the payment: Once the credit card data has been entered, FXC Gateway checks the identity of the card holder and does not process the payment until after the authentication.

For further steps it is crucial if the credit card connection is made via form interface or via Server-to-Server-connection. In the first case the FXC Gateway form assumes the further authentication process, with Server-to-Server-connection the merchant has to manage the authentication through a separate interface.

The customer selects the Credit card payment method in the Internet shop and enters the card number and expiry date. FXC Gateway receives the card number and checks, via a connection to Visa, MasterCard, Diners, JCB or American Express, whether this credit card is registered for Verified, SecureCode, Diners ProtectBuy, JCB-Card J/Secure or SafeKey. If the credit card is not registered a credit card payment is carried out with TLS. With that the transaction gets a flag which identifies payments with 3D Secure. This marking tells the Acquiring Bank that you use the authentication and a secured payment claim is obtained based on the Liability Shift in case the card holder disputes the payment.

If the customer's credit card has been registered by the issuing bank for Verified by Visa, MasterCard SecureCode, Diners ProtectBuy, JCB-Card J/Secure or American Express SafeKey the authentication process now starts: FXC Gateway opens a new browser window which connects the customer to its bank. In this window the customer enters the password received by its bank.

If the password is correct FXC Gateway obtains confirmation in the form of a signature. Only after confirmation does FXC Gateway start the payment and send the transaction with the signature to the Acquiring Bank.

To carry out authentication, FXC Gateway connects the card holder to his bank, which confirms the identity. A payment process with Verified by Visa or MasterCard SecureCode, Diners ProtectBuy, JCB-Card J/Secure or American Express SafeKey comprises two steps: authentication and payment.

Following scheme illustrates the processes of a Server-to-Server-payment with 3D Secure.

In the next phases there are three different cases in which FXC Gateway responses differ. The individual connection parameters can be found in the credit card payments section of the handbook.

Case 1: Credit card not registered for 3D Secure

FXC Gateway initially contacts Visa or MasterCard, Diners, JCB or American Express Directory Server to determine whether the purchaser's credit card is registered for Verified or SecureCode or SafeKey.

Case 2 with Popup: Credit card registered for a 3D Secure system

IMPORTANT NOTICE: We strongly recommend the use of the iFrame solution since MasterCard has revised the regulations. MasterCard prohibits the use of a popup. For this an excerpt from the regulations (Excerpt from: MasterCard® SecureCode™ Merchant Implementation):

"Inline window implementations, which have proven to virtually eliminate the issues caused by pop-up authentication windows, are required for all new merchant implementations and existing pop-up implementations must convert to inline windows."

If the credit card is registered for Verified or SecureCode, ProtectBuy, J/Secure or SafeKey, FXC Gateway returns the socket-connection HTML source code with a JavaScript function. This JavaScript function creates the connection to the bank with which the customer is authenticated by entering its password into a popup-window. The HTML source code with the JavaScript function Initiate3DSec() which FXC Gateway sends to the shop must be embedded in the response page which the shop displays in the customer's browser.

Notice: Please note that the use of a popup window can lead to problems with popup blockers in the customer's browser. Therefore case 3 describes an alternative in the form of an Inframe variant.

The listing to the right shows a response page in which the HTML code is embedded:

Notice: You can also use this code if you only want to verify the identity of the card holder without making a credit card payment. Our Support team can set your account in a way that FXC Gateway can carry out just the authentication with Verified or SecureCode, ProtectBuy, J/Secure or SafeKey without payment (Authentication Hosting).

After the customer has been authenticated with its bank, the bank's Access Control Server (ACS) requests the TermURL in the shop. In the case of this Request the ACS transfers the following parameters via GET (QueryString) to the TermURL of the shop: MID, PayID and TransID. The PARes parameter is transferred via POST.

Notice: The PAResponse parameter must be URL encoded but not Blowfish-encrypted since the content can include special characters.

The parameter must be transferred in whole via POST to the following URL:

Notice: If you forward the PARes and MID of the ACS parameters please use the specified parameter name MerchantID, PAResponse for the direct3d.aspx page.

Case 3 without Popup: Credit card registered for a 3D Secure system.

Alternatively to the popup window the card holder can also carry out authentication with the bank in an iFrame variant; this avoids difficulties with popup blockers in the customer's browser. Provided the card is registered on the Directory Server, FXC Gateway returns the following parameters via the socket connection.

Response parameters of Socket-connection for the Authentication Request

Notice: Please note in this process that data must sometimes be transferred directly from the bank network. Therefore e.g. the ACSURL parameter is not URL-encoded, although FXC Gateway uses other URL-encoded data.

These parameters should be included as HIDDEN fields in an HTML page which posts itself to the ACS-URL.

The listing above to the right shows one such HTML page, in which the return parameters are embedded:

Notice: You can also use this code if you only want to verify the identity of the card holder without immediately making a credit card payment (Authentication Hosting). FXC Support can configure your checkout so that FXC Gateway can carry out Verified by Visa or SecureCode without payment.

After the customer has been authenticated with its bank, the bank's Access Control Server (ACS) requests the TermURL in the shop. In the case of this Request the ACS transfers the following parameters via GET (QueryString) to the TermURL of the shop: MID, PayID and TransID (unencrypted). The PARes parameter is transferred unencrypted via POST.

Notice: The PAResponse parameter must be URL encoded but not Blowfish-encrypted since the content can include special characters.

The parameter must be transferred in whole via POST to the following URL:

Notice: If you forward the PARes and MID of the ACS parameters please use the specified parameter name MerchantID, PAResponse for the direct3d.aspx page.

Credit card brand, correct spelling for CCBrand
MasterCard
VISA

Data formats:

Abbreviations:

Notice: Please not that the names of parameters can be returned in upper or lower case.

FXC Gateway forms are framed as standard in white and grey. Merchants can customise the layout of the forms with the help of layout parameters. The simplest way to change the layout is to set the parameters for the background colour (BGColor), background image (BGImage) and the font (FFace). You can use XSL-templates to change the layout further:

In the case of credit card payments, you can change the parameter Template to create an individual layout for your PaySSL form which exactly matches the shop layout. To this end your graphic designer can design an HTML-template in the shop-design based on XSLT (Extensible Stylesheet Language Transformation). FXC Support copies this XSLT-template to our FXC Gateway Server. If you enter the name of your XSLT-file in the Template parameter, the FXC Gateway form will appear in your layout.

For general information about XSLT see www.w3.org.

The subsequent conventions apply for the use of the Corporate Paypage with XSLT:

A XSL file designed by you defines your individual layout. The associated XML file contains the texts that are to be displayed on the form. Hence, multilingualism is easy. Always use your MerchantID in the names of the files.

XSL template:

XML text file:

Sub-folder for images:

In order not to receive safety notices, please ensure that external image sources are retrieved via SSL.

In order to call the individual layout, use the 'template' parameter with your MerchantID and attach it unencrypted to the call of the FXC payment page, for example:

https://fxcpay.com/payssl.aspx?MerchantID=YourMID&Len=123&Data=AGSD_ASDF&template=YourMerchantID

When implementing the text field for the credit card number, use the following values for the parameters 'name' and 'id':

Year of expiry:

Expiry date month:

Credit card number:

Card verification number:

Card brand: 

"KKName"

You can view the text field for the input in the image to the right.

The following hidden fields must be implemented so that the values can be passed on when sending the form:

MerchantID:
"MerchantID"

Request length:
"Len"

Request data:
"Data"

Template:
"Template"

Repeat attempts:
"Counter"

Language:
"Language"

Notify:
"Norify" - (optional in the case of repeat attempts)

Address choice
"AddrChoice" (only for American Express address verification service)

The language selection in form PaySSL.aspx is automatically based on the parameterLanguage. Other language areas are filtered out. If you wish to access the field of another language area e.g. with JavaScript, you can do so via the following path: FXC Gateway/language/@name.

The 'language' parameter controls which section of the XML text file is read out. German 'de' is always used as standard.

The XML file should have the basic structure as shown in the top image to the right:

'UTF-8' is also possible for the coding.

With<xsl:variablename=““ select="FXC Gateway/language/@name"/> you can directly address an XML language section from the XSL file.

For an overview of which parameters are additionally rendered by the PaySSL, please examine the structure (XSL file is rendered against the following XML string) as shown in the second image to the right.

Since merchants use its own layout for the form, you do not require the layout parameter. However, it is possible after prior consultation with FXC to use the parameters for the transfer, e.g. the SessionID.

In the case of the error codes, as shown in the column to the right, FXC returns the form in order to enable the credit card data to be entered again. You only have to evaluate the 'error code' parameter and display the desired text from your XML file.

See image to the right to see at this point what the ‘error code’ template is called.

The second image to the right shows the called-up ‘error code’ template which may look like this. It can alternatively be implemented with ‘if’.

It is also possible to integrate the error messages directly into the (main) template as shown in the final image on the right side.

If JavaScript functions are desired, you must implement them in your template (as shown to the right).

Please do not use any external link to your JavaScript.

FXC is obliged to provide the cardholder at all times with information on which server they are on. Please implement an FXC logo like it is implemented on the standard form or display a small imprint link. Logos are part of the programming examples.

Both items of information must refer to the FXC page impressum.aspx. This expects the 'Data' parameter, which is appended to the URL as in the following example.

impressum.aspx?data=<xsl:value-of select="/FXC Gateway/language/@name">|<xsl:value-of select="FXC Gateway/merchantID"></xsl:value-of></xsl:value-of>

Visa and MasterCard regulations require that your pay page displays the Verified and SecureCode logo. Please link the Verified-Logo to vbv.aspx and the SecureCode-Logo to http://www.mastercardbusiness.com/mcbiz/index.jsp?template=/orphans&content=securecodepopup

First design a HTML page with the layout for your payment page and initially save it for testing with the file extension .htm or .html. Open this file in the browser. Next, save this as an xsl file. (See image to the right).

The interface of the FXC Gateway form is consistently payssl.aspx for all connections. In order to make a credit card payment via FXC Gateway form, go to the following URL:

This section explains the parameters which are the same for each connection. These values are always required, along with the special parameters explained in the following sections for each individual connection, e.g. GICC. The second table explains all response parameters which are also the same for all credit card connections. There are separate handbooks for credit card transactions via PagBrasil, PayU CEE and PayU LatAm connections.

Notice: For security reasons, FXC Gateway rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

General parameters for credit card payments via form

To adapt the layout of the SSL-page to your shop you can use the following unencrypted parameters to configure colours, fonts and images.

Layout parameters for FXC Gateway forms for credit card payments

The following table describes the result parameters that FXC Gateway transmits to your URLNotify, URLSuccess or URLFailure. If you have specified the Response=encrypt parameter, the following parameters are sent Blowfish encrypted to your system:

General results parameters for URLNotify, URLSuccess and URLFailure

Besides the general parameters described above

Call of interface: general parameters for the credit card connection, GICC requires the following additional parameters. An authorization with 3D Secure is possible. The following table describes the encrypted payment request parameters:

Additional parameters for the credit card connection GICC via FXC Gateway form

The following table gives the result parameters which the FXC Gateway transmits especially for the GICC connection to your URLSuccess or URLFailure and URLNotify. If you have specified the Response=encrypt parameter, the following parameters are sent Blowfish encrypted to your system:

Additional result parameters for URLNotify, URLSuccess and URLFailure in case of GICC connection

Notice: For credit card payments with 3D Secure, please note the different cases as explained separately in the chapter at the start of the handbook. If the credit card is registered for Verified or SecureCode or SafeKey, the next phase is divided into two steps of authentication and payment. However it always begins in the same way via the direct.aspx interface. The first response however is the receipt of Javascript code or other parameters in order to carry out a second call up of the direct3d.aspx interface. Only after that, do you receive the listed parameter as a response.

To carry out a TLS credit card payment via a Server-to-Server connection, call the following URL:

Notice: For security reasons, FXC Gateway rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

General parameters for credit card payments via socket connection

General response parameters for credit card payments via socket connection

Besides the general parameters described above

Call of interface: general parameters for the credit card connection, GICC requires the following additional parameters. An authorization with 3D Secure is possible. The following table describes the encrypted payment request parameters:

Additional parameters for the credit card connection GICC via FXC Gateway form

The following table gives the result parameters which the FXC Gateway transmits especially for the GICC connection to your URLSuccess or URLFailure and URLNotify. If you have specified the Response=encrypt parameter, the following parameters are sent Blowfish encrypted to your system:

Additional result parameters for URLNotify, URLSuccess and URLFailure in case of GICC connection

Captures are possible via a Server-to-Server connection. To perform a capture via a Server-to-Server connection please use the following URL:

Notice: For security reasons, FXC Gateway rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Parameters for captures of credit card payments

The following table describes the FXC Gateway response parameters:

Response parameters for captures of credit card payments

Credits (refunds) are possible via a Server-to-Server connection. FXC Gateway permits credits which relate to a capture previously activated by FXC Gateway and allows merchants to carry out credits without a reference transaction. This section describes the processing of credits with reference transactions. If you refer to a capture for a Credit, the amount of the Credit is limited to the amount of the previous capture.

To carry out a credit with a reference transaction, please use the following URL:

Notice: For security reasons, FXC Gateway rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Parameters for credits of credit card payments

The following table describes the FXC Gateway response parameters:

Response parameters for credits of credit card payments

FXC Gateway can carry out Credits which do not relate to a previous capture. In this case the credit must be transferred to FXC Gateway as a completely new payment transaction. Please contact the FXC Helpdesk for help in using the described additional functions.

Notice: Please note that credits without reference to a previous capture generate higher costs with your Acquiring Bank. If you are frequently unable to make reference to the capture you should agree this with your Acquiring Bank.

To carry out a Credit without a reference transaction via a Server-to-Server connection, please use the following URL:

Notice: For security reasons, FXC Gateway rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Further address parameters in case of ECPCC connection

Parameters for credits of credit card payments without reference

The following table describes the FXC Gateway response parameters:

Response parameters for credits of credit card payments without reference

A credit card authorisation lowers the customer's credit line. FXC Gateway can reverse an authorisation so that it no longer block the limit any more. Use the following URL:

Notice: For security reasons, FXC Gateway rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

Notice: Reverse.aspx does not only reverse authorisations, but any LAST TRANSACTION STAGE! If the last transaction was a capture, Reverse.aspx initiates the reverse, e.g. a credit. Therefore, the utmost caution is urged. Use is at your own risk. We recommend checking the transaction status with Inquire.aspx before using Reverse.aspx.

The following table describes the encrypted payment request parameters:

Parameters for reversals of credit card payments

The following table describes the FXC Gateway response parameters:

Response parameters for reversals of credit card payments

A credit card authorisation is valid for only 7 to 30 days. In order to maintain your payment claim in the case of longer delivery times, FXC Gateway enables the automatic renewal of the authorisation. Renewal of the authorisation is also important for instalments or partial deliveries because the outstanding amount is invalid in the case of partial captures.

If you use authorisation renewal, FXC Gateway renews your authorisations until the payment has been captured fully. Amongst other things the customer's card limit is reduced by the authorised amount. In order to restore the card limit again, for example because the order cannot be fully delivered, you need to specifically cancel the authorisation renewal with the following URL:

Notice: CancelAuth cancels only the recurrence of the authorisation. If you wish to unblock the customer's card limit, please reverse the authorisation in accordance with the section above.

Notice: For security reasons, FXC Gateway rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.

The following table describes the encrypted payment request parameters:

Parameters for reversal of an authorisation extension

The following table describes the FXC Gateway response parameters:

Result parameters for reversals of an authorisation extension

The PayNow solution links the benefits of FXC Gateway forms and Server-to-Server connections: As opposed to the FXC Gateway form, where the form is loaded from the FXC Gateway server via calling payssl.aspx the PayNow form has to be provided by the merchant's system. The form uses the same parameters as described here in the image to the right.

In contrast to the FXC Gateway form the parameters are not forwarded as URL parameters as in the case when calling payssl.aspx, but as form input parameters.

After the customer has entered his credit card data, the payment data is forwarded to the PayNow page, where the further payment processing takes place incl. 3D-Secure. The form details must be directly forwarded to the PayNow page and may not be transmitted to the merchant's system! Also, no PCI-relevant data may be transmitted to the PayNow page as additional input parameters!

Notice: Please note, that automatic retry attempts at the FXC Gateway must be deactivated when using the Paynow.aspx. The background is that at a retry attempt FXC Gateway cannot send back the customer to the previously used special shop form. Please contact the FXC Support to deactivate the retry attempts.

The credit card data must be transmitted to paynow.aspx with the following parameters:

PayNow parameters for 3D Secure processing

Interfacing with any of the exposed API endpoints requires the requesting application to have gone through the authentication process.

API Keys are generated and assigned to each client's integrated application and are used during the authentication process.

The MerchantID and API Key values are the parameters used in the authentication process. Merchant administrator can manage their integrated applications in the FXC Gateway's Web Portal.

https://api.fxcpay.com/auth?MerchantID=5asds5s68asdf5cvx123zefsa98&ApiKey= VG0RQ7L9A13NF7LSH031N0D9OY1WKOGIA10YGB7ITI320

Every subsequent request to the API should have the Auth-Token in the HTTP Header.

The Foreign Exchange module provides FX Quotes for base currencies that have been setup for the client during initial registration.

The GetFXQuote endpoint returns FX quote objects to the requesting client application. The retrieved FX Quote is generated based on the currency pair requested as per the currency pair catalogue in the later section of the document.

https://api.fxcpay.com/getfxquote? BaseCurrency={BaseCurrency}&ExchangeCur rency={ExchangeCurrency}&fxTransac tionType={fxTransactionType}

• Auth-Token must be present in the HTTP Request Header.
• Auth-Token must be valid.
• Auth-Token must not have expired.
• The currency pair requested must be available in the catalogue.

The following are the supported currencies.

The currency pairs supported by the GetFXQuote endpoint are as follows: