Special acquirer functionalities
American Express uses AVS check, see the description on AVS below.
Barclays supports the AVS check, but an automatic decline is not possible through DIBS.
To use the AVS check through Barclays, the response is returned to the shop, through both "accepturl" and "callbackurl", has an additional parameter called "avsstatus" that has 6 digit value. This value contains the result of the AVS check, so the shop can choose to decline a payment.
To read this value, use the following table:
| Postion | Feature | |
|---|---|---|
| First position - CVC (This is checked and used by DIBS to decline payments as standard). | Value | Status |
| 1 | Not checked | |
| 2 | Matched | |
| 4 | Not matched | |
| 8 | Reserved for the UK Cards Association | |
| Second position - Postcode | Value | Status |
| 1 | Not checked | |
| 2 | Matched | |
| 4 | Not matched | |
| 8 | Reserved for the UK Cards Association | |
| Third position - Address numeric | Value | Status |
| 1 | Not checked | |
| 2 | Matched | |
| 4 | Not matched | |
| 8 | Reserved for the UK Cards Association | |
| Fourth position - Authorising entity | Value | Status |
| 1 | Not checked | |
| 2 | Matched | |
| 4 | Not matched | |
| 8 | Reserved for the UK Cards Association | |
| Fifth position - Reserved for the UK Cards Association | Value | Status |
| 1 | Reserved for the UK Cards Association | |
| 2 | Reserved for the UK Cards Association | |
| 4 | Reserved for the UK Cards Association | |
| 8 | Reserved for the UK Cards Association | |
| Sixth position - Reserved for the UK Cards Association | Value | Status |
| 1 | Reserved for the UK Cards Association | |
| 2 | Reserved for the UK Cards Association | |
| 4 | Reserved for the UK Cards Association | |
| 8 | Reserved for the UK Cards Association | |
If the parameter returned is as the following example:
This means:
| avsstatus | result |
|---|---|
| 2 | Matched (CVC is correct) |
| 1 | Not checked (not possible to check) |
| 1 | Not checked (not possible to check) |
| 8 | Reserved for the UK Cards Association (Not supported by the card) |
| 0 | Not supported |
| 0 | Not supported |
Se how to setup AVS in the following description of AVS.
For Giropay to work in FlexWin, the following parameters are mandatory beside the essential parameters:
| Parameter | Type | Description |
|---|---|---|
| billingCompanyOrPerson | String | Customer type, if the customer is a person the parameter should contain 'P', if the customer is a company it should contain a 'C'. Must be in upper case. |
| billingCountryCode | String | Customers country code Available country codes: FR, EN, ES, NL, DE, IT. Must be in upper case. |
| billingLastName | String | Customers billing last name. |
| billingPostalCode | String | Customers billing postal code |
| billingPostalPlace | String | Customers billing postal place (city, town, etc). |
| billingStreet | String | Customers billing street |
| lang | String | Same value as the billingCountryCode. Must be in upper case. |
In some cases, iDeal may respond with an "open" status for new payments, which indicates that the actual outcome has not yet been determined. In these cases, the payment will have the status "postponed" (with status code 26) in the DIBS Administration interface, and DIBS will continuously repoll iDeal to get an update with the status.
If the shop uses callback (automatic server-to-server call) to receive responses from transactions, the initial callback will indicate status 26. To be able to update the system according to the actual outcome of the payment, a notification url may be submitted. When we receive an update for the payment, an additional callback will be sent to this URL with the updated status:
| Parameter | Type | Description |
|
notifyurl |
String |
If this parameter is given, a "server-to-server" call will be made when the payment changes status from "postponed" (26) to "capture approved" (5), "authorization approved" (2) or "authorization declined" (1). Example: htts://www.mydomain.com/paymentReturn/notification
|
MobilePay online supports sending the customer's mobile number in a parameter called cardholder_mobile:
| Parameter | Type | Description |
|---|---|---|
| cardholder_mobile | String | Prefills the mobile number in the MobilePay Online window. Must be a string containing at least 8 digits. Any invalid characters will be discarded (trimmed). So both "87 65 43 21", "87_65_43_21" and "phone:87-65-43-21" will lead to the phone number "87654321" being prefilled. |
In some cases, P24 may respond with an "open" status for new payments, which indicates that the actual outcome has not yet been determined. In these cases, the payment will have the status "postponed" (with status code 26) in the DIBS Administration interface, and DIBS will continuously repoll P24 to get an update with the status.
If the shop uses callback (automatic server-to-server call) to receive responses from transactions, the initial callback will indicate status 26. To be able to update the system according to the actual outcome of the payment, a notification url may be submitted. When we receive an update for the payment, an additional callback will be sent to this URL with the updated status.
P24 requires the following input parameter to be sent to the FlexWin:
| Parameter | Type | Description |
|---|---|---|
| delivery1.email * | String. Max 128 characters | Customer's email address. |
| notifyurl (optional) | String. Max 128 characters | If this parameter is given, a "server-to-server" call will be made when the payment changes status from "postponed" (26) to "capture approved" (5), "authorization approved" (2) or "authorization declined" (1).
Example: htts://www.mydomain.com/paymentReturn/notification
|
Pohjola restricts the maximum length of the orderid parameter to 35 characters.
Tapiola requires the use of the lang parameter.
Available country codes: FR, EN, ES, NL, DE, IT. Can be specified in upper or lower case.
When using Wirecard as your acquirer, an extra parameter is required. Add the following parameter (if not allready included) to the call to DIBS.
<input type="hidden" name="cardholder_name" value="insert_cardholder_name_here" />
If this parameter is not sent, the payments may be declined by Wirecard.
Wirecard uses AVS check, see the description on AVS below.
Address Verification System (AVS)
The Address Verification System (AVS) is an advanced level of credit card security that is built in to the specific credit card acquirer to counter identity theft. When a customer makes an online purchase with a credit card their address is required. The address and zip code of the billing address they enter are compared to the address held on file by the card issuing bank. If the address does not match, the transaction can be declined. AVS is an on-demand service so depending on the acquirer you need to at least contact DIBS to activate this feature and do some alterations in DIBS admin. There is different ways of integrating the AVS check in your payment gateway service, the possibilities will be mentioned below.
The following list of acquirers support AVS.
| Acquirers | Note |
|---|---|
| American Express | Only when the agreement is made ??with American Express directly |
| Barclays | When using Barclays, DIBS does not need the following configurations. The AVS check is returned to the shop for processing, see the description of how the information is sent to the shop below. The setup is the same as for American Express and Wirecard. |
| Wirecard | Wirecard has to be contacted to activate AVS for each Wirecard merchant. |
To set up the AVS you have to contact DIBS support department. The functionality of your AVS has to be described with the following list.
| Functionality | Description |
|---|---|
| requiresAvsCheck | DIBS requires that the acquirer performs an address check |
| requiresZipCheck | DIBS requires that the acquirer performs a zip code check |
| denyOnAvsFail | DIBS declines the transaction if there is a mismatch between the address sent to the acquirer and the address registrered at the acquirer |
| denyOnZipFail | DIBS declines the transaction if there is a mismatch between the zip code sent to the acquirer and the zip code registrered at the acquirer |
| denyOnAvsUnchecked | DIBS accepts the transaction if an address check is not completed at the acqirer for any reason (e.g. if the address is not registrered in the AVS) |
| denyOnZipUnchecked | DIBS accepts the transaction if a zip code check is not completed at the acqirer for any reason (e.g. if the zip code is not registrered in the AVS) |
In order to get this to work on your payment window, you need to make a change in your DIBS administration (se the guide in the following section).
The only modification you have to make (if you haven't changed the standard styling) in order to activate AVS from your side, is to go to the Cardholder Info menu in the DIBS administration.
In this menu "Address (1)" is used for the address check and "Zipcode" is used for the zip check, see the following example (if you want other cardholder information to be used by DIBS you have to check the field, otherwise DIBS will see the information as your own parameters).
| Configuration | Flexwin apperance |
|---|---|
 |
 |
Now you are ready to do Address Verification.
If you want a more custom AVS proceed to step 2.
If you don't want the customer to fill out the information in the payment process, you can parse the "Cardholder address" and the "Cardholder zipcode" by sending the following parameters along with the FlexWin call.
<input type="hidden" name="cardholder_address1" value="cardholder_address" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_zipcode" />
This way the cardholder address and zipcode will be prefilled in the payment window.
All the other cardholder information can be parsed the same way by adding parameters. See which parameter correspond to which field in the table below.
| Parameter | Type | Description |
|---|---|---|
| cardholder_name | String | Prefills the Name field if "Name" is checked. |
| cardholder_address1 | String | Prefills the Address (1) field if "Address (1)" is checked. |
| cardholder_address2 | String | Prefills the Address (2) field if "Address (2)" is checked. |
| cardholder_zipcode | String | Prefills the Zipcode field if "Zipcode" is checked. |
| cardholder_city | String | Prefills the City field if "City" is checked. |
| cardholder_country | String | Prefills the Country field if "Country" is checked. |
| cardholder_phone | String | Prefills the Phone field if "Phone" is checked. |
| cardholder_mobile | String | Prefills the Mobile phone field if "Mobile phone" is checked. |
| cardholder_fax | String | Prefills the Fax field if "Fax" is checked. |
| cardholder_email | String | Prefills the Email field if "Email" is checked. |
A full example looks like the following.
<input type="hidden" name="cardholder_address1" value="cardholder_name" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_address1" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_address2" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_zipcode" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_city" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_country" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_phone" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_mobile" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_fax" /> <input type="hidden" name="cardholder_zipcode" value="cardholder_email" />
To archive this, the address and/or zip have to be parsed to FlexWin (please complete Step 1 and Step 2 before proceeding with this guide).
The only way to do a secret AVS check is to remove the input fields in FlexWin by changing the decorator files. This is done by adding the following (or a similar) javascript function in your decorator.js file. If more of the cardholder information should be parsed to DIBS, but without showing them in FlexWin, the array "contentToHide" can be extended with the parameter names.
function hideContent(){
var contentToHide = ["cardholder_address1","cardholder_zipcode"]
for(var i=0;i<contentToHide.length;i++){
document.getElementById("wwgrp_auth_"+contentToHide[i]).style.display = "none";
}
}
This function hides the cardholder address and zip from FlexWin when activated. Addtional changes in the FlexWin decorators have to be made in the decorator.xml file. In the head of the xml file the following line has to be added.
<head> ... <script src="/decorator.js" type="text/javascript"></script> ... </head>
The body tag, or a similare tag, has to be modified as follows corresponding to the javascript function.
<body onload="hideContent()"> </body>
Remember that if you uploade decorator files to FlexWin, you have to follow the Styling documentation.