Merchant Initiated Transactions (MIT)
Merchant-Initiated Transactions (MIT) are payments initiated by the merchant without cardholder being in a session.
In case you are located in European Economic Area impacted by rules of Payment Services Directive II (PSD2), such payments require that:
- Strong Customer Authentication (SCA) is applied to the first transaction or action mandating the merchant to initiate payment(s) and
- There is an agreement between the cardholder and the merchant for the provision of products or services and potential costs associated with these.
In case you would prefer to register your customer and save his credit card credentials on file, you are obliged to obtain cardholder’s consent by using SCA in your transaction request.
In order to achieve that, your cardholders must authenticate themselves during transaction processing, while still in session. PSD2 and scheme rules demand a 3-D Secure challenge flow to be performed in such case. All mentioned above needs to be indicated to the Gateway, so that proper flagging is applied in the authorization message.
The following XML document represent an example of a first Credentials-on-File (COF) transaction indicating 3DS requestor’s preference to challenge a cardholder:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<ns4:IPGApiOrderRequest
xmlns:ns4="http://ipg-online.com/ipgapi/schemas/ipgapi"
xmlns:ns2="http://ipg-online.com/ipgapi/schemas/v1"
xmlns:ns3="http://ipg-online.com/ipgapi/schemas/a1">
<ns2:Transaction>
<ns2:CreditCardTxType>
<ns2:StoreId>1109950006</ns2:StoreId>
<ns2:Type>sale</ns2:Type>
</ns2:CreditCardTxType>
<ns2:CreditCardData>
<ns2:CardNumber>520474******2745</ns2:CardNumber>
<ns2:ExpMonth>12</ns2:ExpMonth>
<ns2:ExpYear>27</ns2:ExpYear>
<ns2:CardCodeValue>XXX</ns2:CardCodeValue>
</ns2:CreditCardData>
<ns2:CreditCard3DSecure>
<ns2:AuthenticateTransaction>true</ns2:AuthenticateTransaction>
<ns2:TermUrl>https://testwebshop/return</ns2:TermUrl>
<ns2:ThreeDSMethodNotificationURL>https://test</ns2:ThreeDSMethodNotificationURL>
<ns2:ThreeDSRequestorChallengeIndicator>04</ns2:ThreeDSRequestorChallengeIndicator>
</ns2:CreditCard3DSecure>
<ns2:unscheduledCredentialOnFileType>FIRST</ns2:unscheduledCredentialOnFileType>
<ns2:Payment>
<ns2:ChargeTotal>12.99</ns2:ChargeTotal>
<ns2:Currency>978</ns2:Currency>
</ns2:Payment>
</ns2:Transaction>
</ns4:IPGApiOrderRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<ipgapi:IPGApiOrderResponse
xmlns:a1="http://ipg-online.com/ipgapi/schemas/a1"
xmlns:ipgapi="http://ipg-online.com/ipgapi/schemas/ipgapi"
xmlns:v1="http://ipg-online.com/ipgapi/schemas/v1">
<ipgapi:ApprovalCode>Y:527777:4589932541:YYYM:497437</ipgapi:ApprovalCode>
<ipgapi:AVSResponse>YYY</ipgapi:AVSResponse>
<ipgapi:Brand>MASTERCARD</ipgapi:Brand>
<ipgapi:Country>GBR</ipgapi:Country>
<ipgapi:CommercialServiceProvider>BOSMS</ipgapi:CommercialServiceProvider>
<ipgapi:OrderId>A-55e3fab0-be09-4fb4-a45b-a2e60f97c1ef</ipgapi:OrderId>
<ipgapi:IpgTransactionId>84589932541</ipgapi:IpgTransactionId>
<ipgapi:PaymentType>CREDITCARD</ipgapi:PaymentType>
<ipgapi:ProcessorApprovalCode>527777</ipgapi:ProcessorApprovalCode>
<ipgapi:ProcessorCCVResponse>M</ipgapi:ProcessorCCVResponse> <ipgapi:ProcessorReferenceNumber>205415497437</ipgapi:ProcessorReferenceNumber>
<ipgapi:ProcessorResponseCode>00</ipgapi:ProcessorResponseCode>
<ipgapi:ProcessorResponseMessage>Functionperformederror-free</ipgapi:ProcessorResponseMessage>
<ipgapi:SchemeTransactionId>0223MCC599836</ipgapi:SchemeTransactionId>
<ipgapi:TDate>1645631609</ipgapi:TDate>
<ipgapi:TDateFormatted>2022.02.23 16:53:29 (CET)</ipgapi:TDateFormatted>
<ipgapi:TerminalID>80000860</ipgapi:TerminalID>
<ipgapi:TransactionResult>APPROVED</ipgapi:TransactionResult>
<ipgapi:TransactionTime>1645631609</ipgapi:TransactionTime>
<ipgapi:Secure3DResponse>
<v1:ResponseCode3dSecure>1</v1:ResponseCode3dSecure>
</ipgapi:Secure3DResponse>
</ipgapi:IPGApiOrderResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
After this request the transaction processing continues with EMV 3-D Secure flow and authorization is triggered automatically once the authentication has been successfully completed.
The API response you received after your customer got authenticated successfully contains also a SchemeTransactionId
what must be submitted in your next MIT transaction request in ReferencedSchemeTransactionId
parameter.
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<ipgapi:IPGApiOrderResponse
xmlns:a1="http://ipg-online.com/ipgapi/schemas/a1"
xmlns:ipgapi="http://ipg-online.com/ipgapi/schemas/ipgapi"
xmlns:v1="http://ipg-online.com/ipgapi/schemas/v1">
<ipgapi:ApprovalCode>Y:527777:4589932541:YYYM:497437</ipgapi:ApprovalCode>
<ipgapi:AVSResponse>YYY</ipgapi:AVSResponse>
<ipgapi:Brand>MASTERCARD</ipgapi:Brand>
<ipgapi:Country>GBR</ipgapi:Country>
<ipgapi:CommercialServiceProvider>BOSMS</ipgapi:CommercialServiceProvider>
<ipgapi:OrderId>A-55e3fab0-be09-4fb4-a45b-a2e60f97c1ef</ipgapi:OrderId>
<ipgapi:IpgTransactionId>84589932541</ipgapi:IpgTransactionId>
<ipgapi:PaymentType>CREDITCARD</ipgapi:PaymentType>
<ipgapi:ProcessorApprovalCode>527777</ipgapi:ProcessorApprovalCode>
<ipgapi:ProcessorCCVResponse>M</ipgapi:ProcessorCCVResponse> <ipgapi:ProcessorReferenceNumber>205415497437</ipgapi:ProcessorReferenceNumber>
<ipgapi:ProcessorResponseCode>00</ipgapi:ProcessorResponseCode>
<ipgapi:ProcessorResponseMessage>Functionperformederror-free</ipgapi:ProcessorResponseMessage>
<ipgapi:SchemeTransactionId>0223MCC599836</ipgapi:SchemeTransactionId>
<ipgapi:TDate>1645631609</ipgapi:TDate>
<ipgapi:TDateFormatted>2022.02.23 16:53:29 (CET)</ipgapi:TDateFormatted>
<ipgapi:TerminalID>80000860</ipgapi:TerminalID>
<ipgapi:TransactionResult>APPROVED</ipgapi:TransactionResult>
<ipgapi:TransactionTime>1645631609</ipgapi:TransactionTime>
<ipgapi:Secure3DResponse>
<v1:ResponseCode3dSecure>1</v1:ResponseCode3dSecure>
</ipgapi:Secure3DResponse>
</ipgapi:IPGApiOrderResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
After you completed the previous step successfully, you will be able to initiate an MIT transaction:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<ns4:IPGApiOrderRequest
xmlns:ns4="http://ipg-online.com/ipgapi/schemas/ipgapi"
xmlns:ns2="http://ipg-online.com/ipgapi/schemas/v1"
xmlns:ns3="http://ipg-online.com/ipgapi/schemas/a1">
<ns2:Transaction>
<ns2:CreditCardTxType>
<ns2:StoreId>1109950006</ns2:StoreId>
<ns2:Type>sale</ns2:Type>
</ns2:CreditCardTxType>
<ns2:CreditCardData>
<ns2:CardNumber>52392*******002</ns2:CardNumber>
<ns2:ExpMonth>12</ns2:ExpMonth>
<ns2:ExpYear>27</ns2:ExpYear>
<ns2:CardCodeValue>XXX</ns2:CardCodeValue>
</ns2:CreditCardData>
<ns2:unscheduledCredentialOnFileType>MERCHANT_INITIATED</ns2:unscheduledCredentialOnFileType>
<ns2:Payment>
<ns2:ChargeTotal>13.99</ns2:ChargeTotal>
<ns2:Currency>978</ns2:Currency>
</ns2:Payment>
<ns2:TransactionDetails>
<ns2:ReferencedSchemeTransactionId>0223MCC599836</ns2:ReferencedSchemeTransactionId>
</ns2:TransactionDetails>
</ns2:Transaction>
</ns4:IPGApiOrderRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Please note, that the solution and examples described above are available only if you utilize Fiserv as your 3DS service provider and your store is setup accordingly.
Updated about 1 month ago