Click and scroll to view topics contained in our Merchant Guide:
- First Data Payeezy Gateway Web Service API
- Account Information
- Payeezy Gateway Features
- Gateway Server Options
- Bank Related Issues
Business Requirements (Getting Started)
Before starting development of your transaction processing solution, you need to have a clear understanding of your business objectives and business requirements in order to successfully deploy the First Data Payeezy Gateway web service API. This guide is intended to help you deploy First Data’s services through the use of the Payeezy Gateway Web Service API. Before launching the Payeezy Gateway web service API you will need to:
- Establish merchant accounts through your financial institution for the card types you wish to process.
- Acquire a 128-bit Secure Socket Layer (SSL) Server Certificate if you plan to use a web online storefront
- Integrate the Payeezy Gateway web service API with your website to enable gateway connectivity between your payment interface and First Data’s servers.
Key Players in Payment Processing
- Merchant – Provides the point-of-sale payment solution in order to sell their product or services to a Customer.
- Customer/Consumer – The credit cardholder placing a purchase via the merchant’s payment solution. The cardholder receives their credit card from an Issuer.
- Issuer/Issuing bank – The card company (Visa, MasterCard etc) or bank that issues the credit card to a cardholder.
- Acquirer/Merchant bank – The financial institution that provides the merchant with the necessary merchant accounts for accepting credit card payments (e.g. Visa, MasterCard). The Acquirer processes authorizations and settlements to the merchant’s accounts and handles the financial exchanges between the merchant and customer’s credit card issuer bank.
- Payment Gateway Provider/CSP – This is Payeezy Gateway. We provide the gateway technology to process payments via the Internet. We are the bridge between the merchant’s Point-Of-Sale and the acquirer’s financial processing system.
As a merchant business, you will need merchant accounts in order to accept payments. The type of account will depend on the device and method by which you accept credit card data. Separate merchant accounts must be obtained for Card Present and Card-Not-Present transactions. Payeezy Gateway technology can process for both Card-Not-Present and Card Present environments.
Card-Not-Present means that the merchant does not handle the card physically or receive the cardholder’s signature. Two variations are:
- Internet Merchant Accounts – specialized for merchants setting up e-commerce and online web businesses.
- MO/TO (mail order/telephone order) – for merchants accepting card numbers by phone or fax. Commonly used by call centers.
Because of the nature of Internet Merchant Accounts there is a higher risk of charge-backs and fraud. Familiarizing yourself with these concerns will help you address the banks’ requirements for your business.
For businesses that handle the credit card physically and receive the cardholder’s signature. Deployed primarily in brick-and-mortar outlets, usually a card-swipe device is utilized.
Credit Cards Supported
Cardholders will be charged in whatever currency your merchant account is in. A conversion rate is then applied to the cardholder's purchase by their bank. The ticket price will appear with the converted local currency on a foreign cardholder’s bill. The credit card exchange rate may be different from the standard daily currency exchange rates, and for a purchase versus a refund.
Currently, Payeezy Gateway can handle multiple currencies. A list of supported currencies can be found here.
First Data Payeezy Gateway Web Service API
The Payeezy Gateway web service API uses IP Socket connections and banking networks to implement real-time transaction processing for merchant businesses. Once integrated into the merchant’s payment processing environment, the Payeezy Gateway web service API creates an individual payment gateway. The Payeezy Gateway web service API can also be implemented into recurring billing, reservation systems, IVR telephony, physical POS terminals, and other applications. You can find all the info you'll need by going to our API Forum.
3-D Secure is a program that requires cardholders to authenticate themselves to their issuing bank, thus helping to reduce fraudulent transactions, and can in turn reduce charge backs to merchants under some circumstances.
This is provided as a Thin Client.
3-D Secure Transaction Flow
The following steps illustrate the flow for processing a transaction using 3-D Secure.
- Customer clicks pay on their website.
- The 3-D Secure software implemented at the merchant’s site checks the 3-D Secure Merchant Service and Visa’s Directory Server to see if the credit card issuer and card are enrolled in 3-D Secure.
- The 3-D Secure software continues handling the enrolment check.
- If the card is not enrolled, the merchant’s 3-D Secure software hands off the transaction to the payment software (step 4).
- If the card is enrolled in 3-D Secure, the merchant software will initiate a dialog between the cardholder’s Internet browser and their card-issuing bank. The cardholder is then required to enter a password that they have previously set up with their issuer as part of their enrolment in the 3-D Secure program.
- The 3-D Secure software hands off the transaction to the payment software.
- If the card was not enrolled or the authentication password was entered correctly, the merchant’s software is advised to proceed with the transaction. This results in increased charge back protection. (See the Bank Related Issues section below for more information.)
- If the cardholder fails authentication, the merchant should not proceed with processing the transaction.
Payeezy Gateway Account Information
Realtime Payment Manager (RPM)
Each merchant receives access to First Data Payeezy Gateway Real-time Payment Manager (RPM), a real-time web-based back-office application that logs the transactions conducted through the Virtual POS, POS Batch, First Data Payeezy Gateway Payment Pages or the Payeezy Gateway web service API. Searches and refunds can be conducted. RPM does not require any software installation, but does require User IDs for access.
User Logins are needed to access the Payeezy Gateway Real-time Payment Manager (RPM) at globalgatewaye4.firstdata.com. User Logins consist of Login Name and Password. Users will encounter two sets of User Logins:
Payeezy Gateway Real-time Payment Manager (RPM)
Production Account User Login: Provides access to the merchant’s Payeezy Gateway account in the production system. These User Logins are created and provided by First Data upon your account setup.
Demo Account ID: For demo environment to test gateway features and functionality. A demo account is not connected to a production account. For more information on a demo account or to sign up for one click here.)
Payeezy Gateway Terminal Credentials
Payeezy Gateway Servers identify a merchant’s accounts (demo or production) by assigning virtual Gateway Terminals to them. A Terminal is identified by Gateway Terminal Credentials. The Terminal credentials establish the interaction between the Payeezy Gateway software and our payment servers.
All Terminal Credentials consist of:
- Gateway Terminal ID (9 character identifier)
- Password (8 characters, alphanumeric)
There are a series of Gateway Terminal Credentials you and your developer will encounter:
- Demo IDs (For demo environment to test gateway features and functionality. To set up a demo account, click here)
- Payeezy Gateway Production ID (For production environment; you’ll receive these credentials after merchant account application is approved.)
When the code is ready to be moved from test mode to production mode, the Demo Account Credentials need to be replaced with the Payeezy Gateway Production Credentials. Please note that without Gateway Terminal Credentials, you will not be able to enable any type of account (demo or production).
Setting up Multiple Terminals & Currencies
A merchant may receive more than one Production Gateway Terminal ID. They are most likely to receive more than one Terminal ID if they:
- Have merchant accounts in different currencies
- Requested extra virtual Terminals assigned to identify separate payment revenue streams.
Recommended Testing Procedure
First Data suggests the following testing procedure for your developers to follow prior to launching your solution:
With Demo Account Credentials (Demo Environment)
- Connectivity testing
- Transactional testing
- Reconciliation of the records in online reports (Realtime Payment Manager and the Merchant’s database)
With Production Account Credentials (Production Environment)
- Connectivity testing
- Transactional testing
- Reconciliation of the records in online reports (RPM and the Merchant’s database)
- Funds Settlement (checking the bank statements)
Payeezy Gateway Features
Payeezy Gateway services provide flexibility to the merchant and developer regarding functionality and audit control of transactional data. Many of the features listed below are optional.
Customer Transaction Record (CTR) Display
Most financial institutions require that the CTR be displayed to the cardholder after all transactions. Payeezy Gateway offers a pre-configured CTR for all transactions. The CTR displays bank information, cardholder name, merchant name and address and status of the transaction (approved or declined) to the cardholder and merchant. The format of the CTR is fixed font, plain text.
If the standard format does not meet with the graphical requirements of the merchant’s web page and/or the merchant’s financial institution, the developer can build a customized CTR using the existing response properties (see the Payeezy Gateway Technical Users Guide or the Payeezy Gateway Programming Reference Guide).
Much of the transactional data displayed within the Payeezy Gateway Real-time Payment Manager (RPM) can be stored in your company’s database for quality assurance and data mining. Many of the information fields used for reporting are available for storage. The CTR properties can be stored in your company’s database allowing for transactions to be searched and archived.
The properties are:
- Account Information
- Type of Transaction
- Card Type, Amount & Currency
- Cardholder Name
- Reference #, Customer Ref# (determined by merchant)
- Authorization # (from bank)
- “Approved” or “Declined” and Bank Processor Response Code
- eCommerce Response Code
- CAVV Result
- Electronic Commerce Indicator
- Secure AuthRequired
- Secure AuthResult
Transaction Reference Numbers
You can include a Reference Number and Customer Reference Number along with the other transaction details sent to the Payeezy Gateway servers. Please note these Reference numbers are separate from the Bank Reference # that appears on the CTR.
Reference_No is a merchant-defined transactional property. It can be alphanumeric and up to 20 characters long. This appears on the CTR.
Customer_Ref is a merchant-defined transactional property. It can be alphanumeric and up to 20 characters long.
Both the bank network and Payeezy Gateway generate Response Codes for each transaction processed. If there is a decline or a failure in transmission, these Response Codes give further information on the transaction. The transaction Response Codes are detailed in the Payeezy Gateway Technical Users Guide.
Cardholder Verification Systems
Validating a cardholder’s identity helps protect against fraudulent transactions. Two methods exist for validating a cardholder’s identity when processing card not present (MOTO and e-commerce) transactions. Merchants who do not utilize AVS or CVD/CVV2 may be subject to additional fees imposed by their acquiring institution or bank.
Cardholder Verification Value (CVV2, CVC2 and CID)
Another new method of cardholder verification uses the Card Verification Value (CVV). The generic system name is labeled Card Verification Value 2 (CVV2) by Visa, Card Validation Code 2 (CVC2) by MasterCard and Cardholder Identification Code (CID) by American Express.
Card Verification information is not contained in the magnetic stripe information nor does it appear on sales receipts. It is an additional 3 to 4 character value, printed on the front or back of Visa, MasterCard, and American Express cards. To use Card Verification, enter the 3 to 4 character value along with the other transactional information at the time of processing the transaction. If the 3 to 4 character value is not authenticated by the cardholder’s bank, the transaction will be declined. If the 3 to 4 character value is authenticated, the transaction will be processed normally.
Payeezy Gateway Server Options
Payeezy Gateway Server Options consist of various settings that can be configured on each Payeezy Gateway account. Their primary purpose is to reduce human error and fraud. Each account is set up with a default of “Unrestricted” for all of these options. The Unrestricted status can only be modified by direct request to First Data Customer Service. See Payeezy Gateway Technical Users Guide for further details on setting up these options.
Duplicate checking will monitor for duplicate transactions within a specified time frame. If any duplicates are found, they will be denied by the Payeezy Gateway system.
Refund Restrictions will limit the number of refunds and the total dollar amount that can be refunded on a given day. The refund count and dollar amount is limited, and if exceeded, the transactions will be denied by the Payeezy Gateway system.
Velocity Controls place limits on the total purchase dollar amount by credit card number or by merchant account over a specified period of time.
It should also be noted that Velocity Controls are a risk management tool and not a fraud prevention tool. Velocity Controls can be used to avoid repeated approved transactions that might seem suspicious to the Merchant.
The purpose of velocity controls is to potentially lessen the opportunity for a cardholder to perpetrate fraudulent transactions.
Velocity Controls are calculated before a transaction is authorized and the threshold is based on approved transactions.
The AVS Filter works on negative matching. AVS codes are specified, and then set up on the AVS Filter. If a transaction meets the AVS criteria it is rejected. The AVS Filter can be set up in lieu of software-based AVS.
Credit Card Number Filter
Merchants can request that we enter a fraudulent credit card number into the Payeezy Gateway database so that all Payeezy Gateway customers are protected from the fraudulent card number. The card number needs to be verified as fraudulent by the credit card issuer prior to filtering. Further details available upon request to First Data Customer Service.
Please Note: First Data recommends that you save the Payeezy Gateway eCommerce Response Codes (see the Payeezy Gateway Technical Users Guide) that are returned from the Payeezy Gateway system, in case you wish to investigate transactions that have been affected by the Gateway Server Options.
Using the Payeezy Gateway Real-time Payment Manager (RPM)
Each merchant receives access to Payeezy Gateway Real-time Payment Manager (RPM), a real-time, web-based back-office product that audits your Payeezy Gateway transactions. Site functionality includes:
- Activity – for viewing all transactional activities through your Payeezy Gateway account. It includes approved and failed transactions.
- Deposits – for viewing all approved transactions sent for settlement within a 24-hour period.
- Search – a search engine for all transactions and details on individual transactions. Data is updated in real-time. Refunds can be conducted from this area, from the associated purchase/completion.
- POS – virtual Point-Of-Sale for manually entering sales.
- Administration – User and account administration page (Merchant Admins only).
Payeezy Gateway Real-time Payment Manager (RPM) is SSL secured, and requires a User Login (with User ID and Password).
Logging On to Payeezy Gateway Real-time Payment Manager (RPM):
1) Go to https://globalgatewaye4.firstdata.com.
2) Enter your User Login and Password and press Login (Please note – upon your first login, you will be prompted to change your password to a new 8 digit alphanumeric password. Once reset, you will be prompted to change your password every 90-days)
3) Once logged on you will be on the Home Page.
4) Familiarize yourself with the various screens available for viewing and interaction.
Users can have different access levels. Some of the more common access levels include:
- Merchant Administrator - access to change account address, view bank terminal information, edit the Payeezy Gateway Production Gateway Password, and can add and edit other Users in your account.
- Read Only – access to screens except POS. Also no transactional functions in Search
- Merchant – access to all screens. Can use POS and transactional functions through Search
Merchant users can be restricted to perform a limited combination of transaction types. For example, Purchases only, Purchases and Pre-authorizations only, Refunds only, etc.
Individuals can receive an email report that sends notification of possible scheduled or unscheduled interruptions in service, etc.
Making Changes to Users
If you need to change your login and/or password, add a new user or remove a current user please contact your Merchant Administrator.
Bank Related Issues
Merchant Category Code
Banks assign a merchant category code to describe your type of business. If your business description on a cardholder’s statement is not accurate, please contact your bank to have your record modified.
It is possible that voice authorizations can be processed through Payeezy Gateway. There are different transaction types associated with processing voice-authorized transaction. Please contact First Data for the access and information needed to process voice authorization transactions.
Refund or Purchase Limits
If you have high dollar amount refunds, or ticket items that you are not able to process through Payeezy Gateway, it is possible that you may have restrictions set on your merchant account(s). Please contact your bank agent to investigate. Refund limits are set for each merchant account by the bank. However, if you have set refund restrictions on Payeezy Gateway, then you may have two parties limiting transaction volumes on your account.
Payeezy Gateway is not involved in chargebacks. Chargebacks are charged against your merchant account if a cardholder contests a charge made to their credit card as either being mistaken or fraudulent and requests that it be charged back to the merchant. Banks monitor chargeback activities, expecting charge-backs to remain in the 1% range. If the percentage is higher, your discount rate and/or you account may be reviewed by the bank.
Talk about chargeback procedures with your bank representative or their customer service personnel. Also refer to online resources and merchant associations for further information on how to minimize charge-backs and potential fraud.