Cardholder Present
Cardholder Present (CHP) payments refer to transactions using a Point of Sale (POS) terminal. The terminal may read card data by:
- dipping an EMV card
- NFC (Near Field Communication) from a contactless card
- swiping a magnetic stripe card
- keying the card number
Support for all of the above is available from API version 40 onwards.
A CHP payment is initiated by a terminal and sent to the gateway as a Verify, Authorize, Capture, Pay, or Refund transaction. For example, transactions that are authorized offline by the chip on the card will be sent as a Capture only, whereas transactions requiring authorization by the issuer will use an online Authorize transaction, and then a Capture transaction.
CHP transactions interwork with many of the other gateway features. You can:
- tokenize the card,
- refund using the same integration as your e-commerce transactions, or via the UI
- unify e-commerce and CHP reporting
Prerequisites
Your payment service provider and your acquirer must enable you for cardholder present transactions.
Common Fields Used for CHP Transactions
The following API fields are relevant to all cardholder present integrations via the gateway.
Mandatory Fields
transaction.source=CARD_PRESENT: If you do not provide this field, the default transaction source configured on your acquirer link by your payment service provider will be used. [REST][NVP]- card number: It is mandatory to provide the card number but depending on the card read manner, via key entry, magnetic stripe, or EMV chip, you may provide it in:
sourceOfFunds.provided.card.numberfor keyed transactions.sourceOfFunds.provided.card.track1and/orsourceOfFunds.provided.card.track2for magnetic stripe transactions, or their EMV tag equivalents, tag 56 and tag 57, respectively provided insourceOfFunds.provided.card.emvRequestfor contactless transactions where card data is in magnetic stripe format.- Tag 5A in
sourceOfFunds.provided.card.emvRequestfor EMV transactions (contact or contactless) where card data is in EMV format. sourceOfFunds.provided.card.p2pe.payloadfor Point-to-Point Encryption (P2PE) transactions where card data is in DUKPT encrypted format.
- terminal identifier: It is mandatory to provide the terminal identifier but depending on the card read manner, via key entry, magnetic stripe, or EMV chip, you may provide it in:
posTerminal.lanefor keyed transactions and magnetic stripe transactions.- Tag 9F1C in
sourceOfFunds.provided.card.emvRequestfor EMV transactions (contact/contactless) where card data is in EMV format.
Optional Fields
Ensure that values for the following POS terminal fields are set correctly based on how the terminal generated the card data for the transaction. If data for these fields is available, always provide it. The gateway will pass the data as required to the acquirer. If the acquirer requires a field and if it's not present, then the transaction will fail.
posTerminal.addressposTerminal.attended: If you do not provide this field, the gateway defaults the value toUNKNOWN_OR_UNSPECIFIEDposTerminal.authorizationMethodposTerminal.cardHolderActivated: If you do not provide this field, the gateway defaults the value toNOT_CARDHOLDER_ACTIVATEDposTerminal.inputCapability: This field is mandatory for EMV transactions.posTerminal.location: This field is mandatory for EMV transactions.posTerminal.panEntryModeposTerminal.pinEntryCapabilityposTerminal.onlineReasonCode: This field is mandatory for chip and chip fallback transactions (including reversals) for all online transactions.posTerminal.serialNumberposTerminal.mobile.cardInputDevice: This field is applicable to mobile POS (mPOS) devices where the device is capable of accepting tap on screen or physical keypad for entering the PIN. Software PIN should only be used for devices that do not have a hardware keypad to support PIN Entry. For mPOS integration requirements, see Integrating to use mPOS.order.gratuityAmount: Provide this field if the payment includes a gratuity amount.
[REST][NVP]order.cashbackAmount: Provide this field if the payment includes a cashback amount.
[REST][NVP]order.cashAdvance: Provide this field if the payment includes a cash advance amount.
[REST][NVP]
POS Terminal API Reference [REST][NVP]
Process an EMV Transaction
If card data was read from a card's chip (EMV cards only),
- Request the terminal for these EMV tags (tags supported by the gateway).
- Provide the returned tags in the
sourceOfFunds.provided.card.emvRequestfield as a JSON object in REST protocol, or as a collection of fields in NVP protocol (it's okay if your terminal does not supply all the supported EMV tags).EMV tag values must be formatted exactly as returned by the terminal — binary values will be represented in hex format. - Provide the mandatory fields.
- Provide the optional fields if needed.
sourceOfFunds.provided.card.emvRequest [REST][NVP]
Some of the supported EMV tags correspond to core payment concepts, such as primary account number. These concepts also appear as API request fields, such as sourceOfFunds.provided.card.number. The API Reference documentation for these corresponding API request fields shows their linkage in the description. For example, the description for sourceOfFunds.provided.card.number contains the text "This field corresponds to EMV tag 5A".
If you provide data as an EMV tag, then you need not provide the same as an API request field. The gateway populates the corresponding API request fields with the values provided in the EMV tags, where they exist, and uses these values across all internal processing, acquirer messaging, and transaction responses. For example, if you send sourceOfFunds.provided.card.emvRequest.9F1C with value 'Lane_03', then posTerminal.lane with value 'Lane_03' is sent to the acquirer and returned in the transaction response.
If required, you can choose to provide both EMV tags and the corresponding API request fields in the transaction request. See Advanced Usage: Transaction Data in Both EMV Tags and API Request Fields.
Example Request
Here's an example EMV request in REST for a Standalone Capture transaction where the authorization was performed offline at the terminal.
| URL | https://test-nbkpayment.mtf.gateway.mastercard.com/api/rest/version/72/merchant/{merchantId}/order/{orderid}/transaction/{transactionid} |
| HTTP Method | PUT |
{
"apiOperation": "CAPTURE",
"transaction": {
"currency": "EUR",
"amount": "10.99",
"source": "CARD_PRESENT"
},
"sourceOfFunds": {
"type": "CARD",
"provided": {
"card": {
"number": "5457210089020012",
"expiry": {
"month": "1",
"year": "39"
},
"emvRequest": {
"82": "0000",
"95": "0000000000",
"9F02": "000000001099",
"9A": "161021",
"5F2A": "840",
"9F1A": "840",
"9F10": "06011103A000000A0100000000000BB0ABAD",
"9F34": "1E0300",
"9F36": "0002",
"9C": "00",
"9F26": "D1F722D47FCA8273",
"9F27": "40",
"9F37": "2A4E1690",
"9F33": "E0B8C8"
}
}
}
},
"posTerminal": {
"inputCapability": "CONTACTLESS_CHIP",
"panEntryMode": "CHIP",
"pinEntryCapability": "PIN_SUPPORTED",
"location": "MERCHANT_TERMINAL_ON_PREMISES",
"lane": "Lane_03",
"attended": "ATTENDED",
"serialNumber":"123456789",
"onlineReasonCode":"FORCED_BY_MERCHANT",
"cardPresenceCapability":"CARD_PRESENT",
"authorizationMethod":"OFFLINE",
"address":
{
"country":"IRL",
"city":"Dublin"
}
}
}
Example Response
{
"gatewayEntryPoint": "WEB_SERVICES_API",
"merchant": "TESTSMOKE-RETAIL",
"order": {
"amount": 10.99,
"creationTime": "2017-06-06T09:42:54.280Z",
"currency": "EUR",
"id": "sa-dfc1b030-4520-48ec-a7e0-889999d7e4ab",
"status": "CAPTURED",
"totalAuthorizedAmount": 10.99,
"totalCapturedAmount": 10.99,
"totalRefundedAmount": 0
},
"posTerminal": {
"address": {
"city": "Dublin",
"country": "IRL"
},
"attended": "ATTENDED",
"authorizationMethod": "OFFLINE",
"cardPresenceCapability": "CARD_PRESENT",
"cardholderActivated": "NOT_CARDHOLDER_ACTIVATED",
"inputCapability": "CONTACTLESS_CHIP",
"lane": "Lane_03",
"location": "MERCHANT_TERMINAL_ON_PREMISES",
"onlineReasonCode": "FORCED_BY_MERCHANT",
"panEntryMode": "CHIP",
"pinEntryCapability": "PIN_SUPPORTED",
"serialNumber": "123456789"
},
"response": {
"gatewayCode": "APPROVED"
},
"result": "SUCCESS",
"sourceOfFunds": {
"provided": {
"card": {
"brand": "MASTERCARD",
"emvRequest": {
"82": "0000",
"95": "0000000000",
"5F2A": "840",
"9A": "161021",
"9C": "00",
"9F02": "000000001099",
"9F10": "06011103A000000A0100000000000BB0ABAD",
"9F1A": "840",
"9F26": "D1F722D47FCA8273",
"9F27": "40",
"9F33": "E0B8C8",
"9F34": "1E0300",
"9F36": "0002",
"9F37": "2A4E1690"
},
"emvResponse": {
"4D3E": "456",
"5A2F": "123"
},
"expiry": {
"month": "1",
"year": "39"
},
"fundingMethod": "DEBIT",
"issuer": "CAPITAL ONE BANK (CANADA BRANCH)",
"number": "545721xxxxxx0012",
"scheme": "MASTERCARD"
}
},
"type": "CARD"
},
"timeOfRecord": "2017-06-06T09:42:54.280Z",
"transaction": {
"acquirer": {
"batch": 1,
"id": "FOOBANK",
"merchantId": "11223344"
},
"amount": 10.99,
"currency": "EUR",
"frequency": "SINGLE",
"id": "1",
"receipt": "1706063974",
"source": "CARD_PRESENT",
"terminal": "0001",
"type": "CAPTURE"
},
"version": "43"
}
Supported EMV Tags
Here's a list of EMV tags supported by the gateway. If any of these are returned by the terminal, include it in sourceOfFunds.provided.card.emvRequest field.
EMV Tag |
Name |
Mandatory |
|---|---|---|
| 4F | Application identifier (AID) Name | - |
| 56 | Track 1 | - |
| 57 | Track 2 Equivalent Data | - |
| 5A | Application Primary Account Number (PAN) |
- |
| 5F24 | Application Expiration Date | - |
| 5F25 | Application Effective Date | - |
| 5F28 | Issuer Country Code | - |
| 5F2A | Transaction Currency Code | Yes |
| 5F34 | Application Primary Account Number (PAN) Sequence Number |
- |
| 82 | Application Interchange Profile (AIP) | Yes |
| 84 | Dedicated File Name | Yes |
| 87 | Application Priority Indicator | - |
| 95 | Terminal Verification Result (TVR) | Yes |
| 9A | Transaction Date | Yes |
| 9B | Transaction Status Information | - |
| 9C | Transaction Type | Yes |
| 9F02 | Amount Authorized | Yes |
| 9F03 | Cashback Amount | - |
| 9F06 | Application Identifier (AID) - Terminal | - |
| 9F07 | Application Usage Control | - |
| 9F08 | Application Version Number - ICC | - |
| 9F09 | Application Version Number - Terminal | - |
| 9F0D | Issuer Action Code - Default | - |
| 9F0E | Issuer Action Code - Denial | - |
| 9F0F | Issuer Action Code - Online | - |
| 9F10 | Issuer Application Data (IAD) | Yes |
| 9F1A | Terminal Country Code | Yes |
| 9F1C | Terminal Identification | - |
| 9F1E | Interface Device (IFD) Serial Number | - |
| 9F21 | Transaction Time | - |
| 9F26 | Application Cryptogram (AC) | Yes |
| 9F27 | Cryptogram Information Data (CID) | Yes |
| 9F33 | Terminal Capabilities | U.S only |
| 9F34 | Cardholder Verification Method (CVM) Results | Yes |
| 9F35 | Terminal Type | - |
| 9F36 | Application Transaction Counter | Yes |
| 9F37 | Unpredictable Number | Yes |
| 9F39 | Point-of-Service (POS) Entry Mode | - |
| 9F40 | Additional Terminal Capabilities | - |
| 9F41 | Transaction Sequence Counter | - |
| 9F49 | Dynamic Data Authentication Data Object List (DDOL) | - |
| 9F53 | Transaction Category Code | - |
| 9F5A | EMV (Kernel 3) : Application Program Identifier (Program ID) EMV (Kernel 4) : Membership Product Identifier |
- |
| 9F5B | EMV (Kernel 3) : Issuer Script Results EMV (Kernel 2) : DSDOL EMV (Kernel 4) : Product Membership Number |
- |
| 9F66 | EMV (Kernel 2) : PUNATC(Track2) EMV (Kernel 3) : Terminal Transaction Qualifiers (TTQ) |
- |
| 9F6E | Form Factor Indicator | Yes |
| 9F7C | Customer Exclusive Data (CED) | - |
Advanced Usage: Transaction Data in Both EMV Tags and API Request Fields
If you provide both EMV tags and the corresponding API request fields in the transaction request, the gateway uses the value provided in the corresponding API request field. For example, if you send sourceOfFunds.provided.card.emvRequest.9F1C with value 'Lane_03' and posTerminal.lane with value 'Lane_04', then posTerminal.lane with value 'Lane_04' is sent to the acquirer and returned in the transaction response. This may be useful if you want to override the EMV tags and control values on a per-field basis. Please note that such a usage is rare and hence must be considered only if your integration requires it.
Supported EMV tags and the corresponding API request fields
This table lists EMV tags where the gateway populates the corresponding API request fields with the values provided in the EMV tags.
EMV Tag |
EMV Tag Name |
Corresponding API Request Field |
|---|---|---|
| 56 | Track 1 | sourceOfFunds.provided.card.track1 |
| 57 | Track 2 Equivalent Data | sourceOfFunds.provided.card.track2 |
| 5A | Application Primary Account Number (PAN) | sourceOfFunds.provided.card.number |
| 5F24 | Application Expiration Date | sourceOfFunds.provided.card.expiry.year sourceOfFunds.provided.card.expiry.month |
| 5F34 | PAN Sequence Number | sourceOfFunds.provided.card.sequenceNumber |
| 9C | Cash Advance | order.cashAdvance |
| 9F03 | Cashback Amount | order.cashbackAmount |
| 9F1A | Terminal Country Code | posTerminal.address.country |
| 9F1C | Terminal Identification | posTerminal.lane |
| 9F1E | Interface Device Serial Number | posTerminal.serialNumber |
| 9F33 | Terminal Capabilities | posTerminal.inputCapability posTerminal.pinEntryCapability |
| 9F35 | Terminal Type | posTerminal.attended posTerminal.cardholderActivated |
EMV Transaction Response
The gateway returns sourceOfFunds.provided.card.emvResponse field in the Retrieve Order and Retrieve Transaction response. This field contains data generated by the issuer, which the card/device can use for verification to complete or decline the transaction. It may also contain additional EMV tags from the issuer including tags echoed from the request.
The table below shows some EMV tags that may be returned in an online Authorization response.
| EMV Tag | Name |
|---|---|
| 8A | Authorization Response Code |
| 89 | Authorization Code |
| 91 | Issuer Authentication Data |
| 71 | Issuer Script Template 1 |
| 72 | Issuer Script Template 2 |
The sourceOfFunds.provided.card.emvRequest field provided in the request is echoed back in the response where EMV tags identified as PCI sensitive are excluded.
Voiding an EMV Transaction
Your acquirer may require additional EMV data elements to be included when voiding an EMV transaction. For example, EMV tag DF01 (Issuer Script Results) may be required. Please contact your acquirer for specific requirements.
Process a Magnetic Stripe Transaction
If card track data was read from the card's magnetic stripe,
- Provide Track 1 data in
sourceOfFunds.provided.card.track1or Track 2 data insourceOfFunds.provided.card.track2fields. If both Track 1 and Track 2 are available from the terminal, then provide both in the transaction request. - Provide the mandatory fields.
- Provide the optional fields if needed.
sourceOfFunds.provided.card.track1 [REST][NVP]
sourceOfFunds.provided.card.track2 [REST][NVP]
Example Request
Here's an example of an online Authorization transaction using magnetic stripe data.
| URL | https://test-nbkpayment.mtf.gateway.mastercard.com/api/rest/version/72/merchant/{merchantId}/order/{orderid}/transaction/{transactionid} |
| HTTP Method | PUT |
{
"apiOperation": "AUTHORIZE",
"order": {
"amount": 80,
"currency": "AUD"
},
"transaction": {
"source": "CARD_PRESENT",
"frequency": "SINGLE"
},
"sourceOfFunds": {
"type": "CARD",
"provided": {
"card": {
"number": "5457210089020012",
"sequenceNumber": "015",
"expiry": {
"year": "39",
"month": "01"
},
"track2": ";5123456789012346=17051019681143384001?",
"track1": "%B5123456789012346^MR JOHN R SMITH ^17051019681143300001 840 ?;"
}
}
},
"posTerminal": {
"lane": "AdamLane",
"panEntryMode": "SWIPE",
"pinEntryCapability": "PIN_NOT_SUPPORTED",
"attended": "UNATTENDED",
"cardholderActivated": "SELF_SERVICE_TERMINAL",
"inputCapability": "MAGNETIC_STRIPE",
"location": "MERCHANT_TERMINAL_OFF_PREMISES"
}
}
Example Response
{
"authorizationResponse": {
"posData": "1605S0100130",
"transactionIdentifier": "AmexTidTest"
},
"gatewayEntryPoint": "WEB_SERVICES_API",
"merchant": "TESTSMOKE-RETAIL",
"order": {
"amount": 80,
"creationTime": "2017-05-31T07:49:46.351Z",
"currency": "AUD",
"id": "sa-e229682a-2163-47cf-b080-fb60dd148192",
"status": "AUTHORIZED",
"totalAuthorizedAmount": 80,
"totalCapturedAmount": 0,
"totalRefundedAmount": 0
},
"posTerminal": {
"attended": "UNATTENDED",
"cardholderActivated": "SELF_SERVICE_TERMINAL",
"inputCapability": "MAGNETIC_STRIPE",
"lane": "AdamLane",
"location": "MERCHANT_TERMINAL_OFF_PREMISES",
"panEntryMode": "SWIPE",
"pinEntryCapability": "PIN_NOT_SUPPORTED"
},
"response": {
"acquirerCode": "00",
"gatewayCode": "APPROVED"
},
"result": "SUCCESS",
"sourceOfFunds": {
"provided": {
"card": {
"brand": "MASTERCARD",
"expiry": {
"month": "1",
"year": "39"
},
"fundingMethod": "DEBIT",
"issuer": "CAPITAL ONE BANK (CANADA BRANCH)",
"number": "545721xxxxxx0012",
"scheme": "MASTERCARD",
"sequenceNumber": "015",
"trackDataProvided": true
}
},
"type": "CARD"
},
"timeOfRecord": "2017-05-31T07:49:46.351Z",
"transaction": {
"acquirer": {
"batch": 1,
"id": "SYSTEST_ACQ1",
"merchantId": "12345678"
},
"amount": 80,
"authorizationCode": "000001",
"currency": "AUD",
"frequency": "SINGLE",
"id": "1",
"receipt": "1705313",
"source": "CARD_PRESENT",
"terminal": "0006",
"type": "AUTHORIZATION"
},
"version": "43"
}
Process a Keyed Transaction
If the card number was manually entered on your terminal's keypad,
- Provide the keyed card number in
sourceOfFunds.provided.card.numberrequest field. - Provide the mandatory fields.
- Provide the optional fields if needed.
sourceOfFunds.provided.card.number[REST][NVP]
Example Request
Here's an example of an online Authorization transaction using a manually keyed card number.
| URL | https://test-nbkpayment.mtf.gateway.mastercard.com/api/rest/version/72/merchant/{merchantId}/order/{orderid}/transaction/{transactionid} |
| HTTP Method | PUT |
{
"posTerminal": {
"serialNumber": "13130PP800781435",
"cardholderActivated": "NOT_CARDHOLDER_ACTIVATED",
"lane": "S2_Lane",
"panEntryMode": "KEYED",
"pinEntryCapability": "UNKNOWN",
"attended": "ATTENDED",
"inputCapability": "KEY_ENTRY",
"location": "MERCHANT_TERMINAL_ON_PREMISES"
},
"apiOperation": "AUTHORIZE",
"sourceOfFunds": {
"type": "CARD",
"provided": {
"card": {
"number": "5457210089020012",
"sequenceNumber": "000",
"expiry": {
"year": "39",
"month": "01"
}
}
}
},
"order": {
"amount": "100.00",
"currency": "EUR"
},
"transaction": {
"source": "CARD_PRESENT",
"frequency": "SINGLE"
}
}
Example Response
{
"gatewayEntryPoint": "WEB_SERVICES_API",
"merchant": "TESTSMOKE-RETAIL",
"order": {
"amount": 100,
"creationTime": "2017-05-31T08:59:47.194Z",
"currency": "EUR",
"id": "sa-529e784a-e11d-474d-8012-c0790531bb0f",
"status": "AUTHORIZED",
"totalAuthorizedAmount": 100,
"totalCapturedAmount": 0,
"totalRefundedAmount": 0
},
"posTerminal": {
"attended": "ATTENDED",
"cardholderActivated": "NOT_CARDHOLDER_ACTIVATED",
"inputCapability": "KEY_ENTRY",
"lane": "S2_Lane",
"location": "MERCHANT_TERMINAL_ON_PREMISES",
"panEntryMode": "KEYED",
"pinEntryCapability": "UNKNOWN",
"serialNumber": "13130PP800781435"
},
"response": {
"gatewayCode": "APPROVED"
},
"result": "SUCCESS",
"sourceOfFunds": {
"provided": {
"card": {
"brand": "MASTERCARD",
"expiry": {
"month": "1",
"year": "39"
},
"fundingMethod": "DEBIT",
"issuer": "CAPITAL ONE BANK (CANADA BRANCH)",
"number": "545721xxxxxx0012",
"scheme": "MASTERCARD",
"sequenceNumber": "000"
}
},
"type": "CARD"
},
"timeOfRecord": "2017-05-31T08:59:47.194Z",
"transaction": {
"acquirer": {
"batch": 1,
"id": "FOOBANK",
"merchantId": "11223344"
},
"amount": 100,
"authorizationCode": "471223",
"currency": "EUR",
"frequency": "SINGLE",
"id": "1",
"receipt": "170531475",
"source": "CARD_PRESENT",
"terminal": "0001",
"type": "AUTHORIZATION"
},
"version": "43"
}
Integrating to use Online PIN
The online PIN entered by the cardholder is encrypted at source, within the PIN entry device. Mastercard Gateway supports ISO format 0 with TDEA (Triple Data Encryption Algorithm) keys and format 4 pin blocks with AES (Advanced Encryption Standard) keys under DUKPT (Derived Unique Key Per Transaction) from API 45 onwards.
- Provide the TDEA or AES encrypted PIN data from the terminal in the following fields:
sourceOfFunds.provided.card.pin.payloadsourceOfFunds.provided.card.pin.keySerialNumberposTerminal.pinLengthCapabilitysourceOfFunds.provided.card.pin.encryptionStatesourceOfFunds.provided.card.pin.initializationVector
- Provide the mandatory fields.
- Provide the optional fields if needed.
Integrating to use mPOS
The gateway supports accepting payments on mobile POS (mPOS) devices from API v56 onwards. To enable the functionality, provide the following in the Verify, Authorize, Capture, Pay, or Refund transaction:
posTerminal.cardholderActivated=MPOS_ACCEPTANCE_DEVICE- Provide the value of the card reader in the
posTerminal.mobile.cardInputDevice
BUILT_IN: Off-the-shelf mobile phone or tablet with only a built-in contactless reader. In this case, posTerminal.pinEntryCapability must be set to SOFTWARE_ONLINE_PIN_ONLY else the gateway rejects the transaction.INTEGRATED_DONGLE: Dedicated mobile terminal with an integrated card reader. In this case, posTerminal.pinEntryCapability must be set to PIN_SUPPORTED or OFFLINE_PIN_ONLY else the gateway rejects the transaction.SEPARATE_DONGLE: Off-the shelf device or dedicated mobile terminal, with a separate card reader. In this case, posTerminal.pinEntryCapability must be set to PIN_SUPPORTED or OFFLINE_PIN_ONLY else the gateway rejects the transaction.
- Provide the mandatory fields.
- Provide the optional fields if needed.
Transaction response
The PIN authentication may fail if the payer enters an invalid PIN, exceeds the allowed PIN entry attempts, or skips PIN entry when PIN is required to complete the transaction.
In these scenarios where the authorisation fails due to a PIN authentication error, the gateway will return specific authorisation response codes. You can reuse the same order ID on the next transaction.
Test Cardholder Present Integration
You can test your integration using test cards specific to your acquirer.