PTechCanadianDebit Control
Properties Methods Events Configuration Settings Errors
The PTechCanadianDebit component is used to authorize face-to-face Interac (Canadian) debit card transactions with the Paymentech NetConnect system on the Tampa platform. This component allows for simple, direct, secure communication to the Paymentech TLS/SSL gateway through a standard Internet connection. This component can be integrated into web pages or stand-alone Point Of Sale applications. Because all TLS/SSL communications are handled inside the component, any application or web page can be deployed without the need for expensive dedicated TLS/SSL servers.
Syntax
PTechCanadianDebit
Remarks
Canadian debit card processing on the Paymentech system is fundamentally different than authorizing US Debit cards. The US protocol requires an encrypted PIN block and Key Sequence Number (KSN), retrieved from a PIN Pad utilizing the DUKPT (DES/3DES) encryption protocols. However, Interac (Canadian) Debit uses Master/Session key authentication to retrieve an encrypted key from a PIN Pad. This is a much more complex procedure, and requires the use of a Chase Paymentech certified PIN pad (we recommend the Ingenico i3070).
A unique key per device for both the PIN key and the MAC key is required. All PIN pads must have a unique key injected at the time of deployment. In order for Chase Paymentech to identify the Master Key being used by the device, the PIN pad serial number (PinPadSerialNumber) is required to be sent with every transaction.
Before you can send any debit card transactions, you must first load the PIN Pad with a current session key. This is retrieved from Paymentech via the RequestCurrentKeys method. Two keys will be returned in the response: ResponsePINKey (also known as TPK) and ResponseMACKey (also known as TAK). Both keys must be loaded into the PIN pad device. The PIN key is used by the PIN pad to encrypt the customer's PIN, and the MAC key is used to generate hash values used in requests and responses. These keys are updated after every transaction, and the PIN pad must be updated with the current keys each time a response is received.
Each transaction you send (excluding RequestCurrentKeys and MACReversals) requires an accompanying MACValue. This value is a hash of the contents of GetRequestDataToMAC, and is hashed by the PIN Pad device using the ResponseMACKey returned in response to the last transaction.
In each response there is also a ResponseMACValue. You must use the PIN Pad to calculate the hash of the value returned by GetResponseDataToMAC for each response, and make sure that calculated value matches the ResponseMACValue. If they do not match, you cannot accept the transaction, and you must send an MACReversal transaction (tor MACReversals you may send the MACValue used in the original request, or omit it entirely - do not calculate a new one).
The following code illustrates the steps necessary to initialize the PIN Pad and begin sending transactions:
First, set up the control with your merchant information.
' Set up the control control.MerchantNumber = "yourMerchantNumber" control.TerminalNumber = "100" control.ClientNumber = "0002" control.UserId = "yourUserId" control.Password = "yourPassword"Then, retrieve the current PIN and MAC encryption keys with the RequestCurrentKeys method, as shown below. (The following code will also update the EncryptedKeyIndex).
control.SequenceNumber = 1 control.PinPadSerialNumber = "FFFFFFFFFFFFFFFF" ' retrieved from your PIN Pad control.RequestCurrentKeys()After receiving a valid response to RequestCurrentKeys, it is essential that you update the PIN pad with the ResponsePINKey and ResponseMACKey. The ResponsePINKey is used by the PIN pad to encrypt the customer's pin, and the ResponseMACKey is used by the PIN pad's MAC function. Now we are able to send an actual customer sale transaction. First, set up the transaction details:
control.SequenceNumber = 2 control.InteracTransactionType = ittSale ' Set this before calling GetRequestDataToMAC control.TransactionAmount = "1.00"Now, have the customer swipe his card, and pass the TransactionAmount, CardNumber, and GetRequestDataToMAC to the PIN pad in a PURCHASE transaction. After the customer enters his PIN, use the response from the PIN pad to fill the following properties:
control.CardTrack2Data = "9999999800002773=05121015432112345678" ' retrieved from your card reader control.AccountType = acctChecking ' retrieved from your PIN pad control.EncryptedPIN = "FFFFFFFFFFFFFFFF" ' retrieved from your PIN pad control.MACValue = "FFFFFFFF" ' retrieved from your PIN padOnce all the above properties are set, you can call the Authorize method to send the transaction to Paymentech for authorization.
control.Authorize()If the transaction was successful, the ResponseCode property will contain "A" (for Approval). Before processing the response, you must first analyze the response with the PIN pad to verify that the ResponseMACValue is correct, load the newly returned keys, and print the transaction's success or failure on the PIN pad device for the customer to read. To do this, you send the ResponsePINKey, ResponseMACKey, and GetResponseDataToMAC to the PIN pad in a "Response Analysis" transaction. The PIN Pad response will indicate if the MAC value matches and the keys were successfully loaded.
If the MAC validated correctly, you're done with this transaction. However, if it did not validate, then you must send a MACReversal to abort the transaction, and then re-send it. If you are unable to verify the contents of the ResponseMACValue after another transaction attempt, refresh your keys via the RequestCurrentKeys method and try again. You must call RequestCurrentKeys any time the PIN pad loses sync with the Paymentech server, or whenever the ResponseForceKeyRequest property is true (or when initializing the PIN pad for the first time).
The status of any of the above transactions will be stored in the ResponseCode property, with human-readable text appearing in ResponseText. Like the PTechCharge control, there are several other Response fields which will contain data that should be logged. However, there are a few new properties specific to the PTechCanadianDebit control that must be printed on each customer's receipt. These include ResponseRetrievalNumber, ResponseTime, and ResponseTrace.
Debit card transactions are instant funds transfers. There is no block placed on the debit card, funds are immediately removed and sent to the merchant. Therefore, only the Host Capture settlement mode is supported. At the end of the day you should release the current batch using the PTechHostSettle control (the batch may contain other authorizations that were made using different controls from this product. See the documentation for the other controls you are using for more information).
Note: All PIN pads must be certified with Chase Paymentech and Interac prior to being used or deployed. All injection services must be approved and certified by Chase Paymentech.
Property List
The following is the full list of the properties of the control with short descriptions. Click on the links for further details.
| AccountType | Account type selected by the cardholder. |
| CardNumber | The credit card number parsed from the CardTrack2Data . |
| CardTrack2Data | The Track2 portion of the debit card's magnetic stripe. |
| ClientNumber | Merchant configuration property, assigned by Paymentech. |
| DebitCashBack | Optional cash back amount for debit transactions. |
| DebitSurcharge | Extra amount the merchant charges the customer for using a debit card. |
| EncryptedKeyIndex | Specifies the current keys that are in use in the PIN pad and by Paymentech. |
| EncryptedPIN | Customer's PIN, encrypted by a PIN pad under the current PINKey . |
| InteracTransactionType | Indicates the type of transaction to authorize. |
| LastRetrievalNumber | The last RetrievalNumber received from the host. Used for Void transactions. |
| MACValue | Hash of transaction data used to verify message was not tampered with. |
| MerchantNumber | A unique number used to identify the merchant, assigned by Paymentech. |
| Password | Password for authentication with the NetConnect Server . |
| PinPadSerialNumber | The serial number retrieved from the PIN pad. |
| ProxyAuthScheme | This property is used to tell the component which type of authorization to perform when connecting to the proxy. |
| ProxyAutoDetect | This property tells the component whether or not to automatically detect and use proxy system settings, if available. |
| ProxyPassword | This property contains a password if authentication is to be used for the proxy. |
| ProxyPort | This property contains the TCP port for the proxy Server (default 80). |
| ProxyServer | If a proxy Server is given, then the HTTP request is sent to the proxy instead of the server otherwise specified. |
| ProxySSL | This property determines when to use SSL for the connection to the proxy. |
| ProxyUser | This property contains a user name, if authentication is to be used for the proxy. |
| ResponseForceKeyRequest | Indicates the host requires the component to re-synchronize keys. |
| ResponseMACKey | MAC Encryption key to be loaded into the PIN pad device. |
| ResponseMACValue | Hash value that must be validated by the PIN pad after each response. |
| ResponsePINKey | PIN Encryption key to be loaded into the PIN pad device. |
| ResponseApprovalCode | Contains an authorization code when a transaction has been approved, or an error code. |
| ResponseAuthSource | Indicates the source of the authorization code stored in ApprovalCode . |
| ResponseBatchNumber | Current open batch number This property is returned after sending a BatchInquiry or BatchRelease transaction with the PTECHHOSTSETTLE component, or after a SendSettlement sent using the PTECHMANUALSETTLE component. |
| ResponseCode | Indicates the status of the authorization request. |
| ResponseRetrievalNumber | Reference number returned from the Paymentech host. |
| ResponseSequenceNumber | SequenceNumber echoed from the authorization. |
| ResponseText | Approval/Decline/Error text message information This property contains a response or display text message, and is used by the terminal to display the authorization result. |
| ResponseTime | The server-normalized Date and Time of the transaction. |
| ResponseTrace | Trace number returned for Canadian Interac Debit transactions. |
| RetrievalNumberToVoid | Indicates the transaction to void. |
| SequenceNumber | Sequence number of the transaction. |
| Server | The URL for the PaymenTech NetConnect server. |
| SSLAcceptServerCertEncoded | The certificate (PEM/base64 encoded). |
| SSLCertEncoded | The certificate (PEM/base64 encoded). |
| SSLCertStore | The name of the certificate store for the client certificate. |
| SSLCertStorePassword | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| SSLCertStoreType | The type of certificate store for this certificate. |
| SSLCertSubject | The subject of the certificate used for client authentication. |
| SSLServerCertEncoded | The certificate (PEM/base64 encoded). |
| TerminalNumber | Terminal number assigned by Paymentech. |
| Timeout | A timeout for the component. |
| TransactionAmount | Purchase amount for an authorization. |
| UserId | UserId for authentication with the NetConnect Server . |
Method List
The following is the full list of the methods of the control with short descriptions. Click on the links for further details.
| Authorize | Authorizes a Canadian debit card transaction. |
| Config | Sets or retrieves a configuration setting . |
| GetRequestDataToMAC | Returns a string of data for the PIN pad to hash with the MAC algorithm. |
| GetResponseDataToMAC | Returns a string containing data to validate against the MACValue using a PIN pad device. |
| Interrupt | Interrupt the current method. |
| MACReversal | Reverses a transaction when MAC validation fails. |
| RequestCurrentKeys | Used to retrieve the current encryption keys from Paymentech. |
| Reset | Clears all properties to their default values. |
| ReversalAdvice | Used if no response is received from the Server to void the authorization. |
Event List
The following is the full list of the events fired by the control with short descriptions. Click on the links for further details.
| DataPacketIn | Fired when receiving a data packet from the transaction server. |
| DataPacketOut | Fired when sending a data packet to the transaction server. |
| Error | Information about errors during data delivery. |
| SSLServerAuthentication | Fired after the server presents its certificate to the client. |
| SSLStatus | Shows the progress of the secure connection. |
Configuration Settings
The following is a list of configuration settings for the control with short descriptions. Click on the links for further details.
| CustomerDefinedData | Additional transaction identification data. |
| SystemInformation | System Information field for Batch Inquiry and Release transactions. |
| SettlementMode | Indicates whether the component uses Paymentech's Host Capture or Terminal Capture system. |
| ResponsePOSRetrievalNumber | POS Retrieval Number sent in the request, echoed back in the response. |
| EMVData | The EMV data returned from a Pin Pad after reading an EMV card. |
| EMVEntryDataSource | The EMV Data Entry Source (DES). |
| ResponseEMVData | The response EMV data. |
| ResponseEMVCardAuthCode | The ChaseNet and Visa card authentication results code. |
| ResponseEMVDownloadIndicator | Whether EMV parameters should be updated. |
| AcceptEncoding | Used to tell the server which types of content encodings the client supports. |
| AllowHTTPCompression | This property enables HTTP compression for receiving data. |
| AllowIdenticalRedirectURL | Allow redirects to the same URL. |
| Append | Whether to append data to LocalFile. |
| Authorization | The Authorization string to be sent to the server. |
| BytesTransferred | Contains the number of bytes transferred in the response data. |
| EncodeURL | If set to true the URL will be encoded by the component. |
| FollowRedirects | Determines what happens when the server issues a redirect. |
| GetOn302Redirect | If set to true the component will perform a GET on the new location. |
| HTTPVersion | The version of HTTP used by the component. |
| IfModifiedSince | A date determining the maximum age of the desired document. |
| KeepAlive | Determines whether the HTTP connection is closed after completion of the request. |
| MaxRedirectAttempts | Limits the number of redirects that are followed in a request. |
| OtherHeaders | Other headers as determined by the user (optional). |
| ProxyAuthorization | The authorization string to be sent to the proxy server. |
| ProxyAuthScheme | The authorization scheme to be used for the proxy. |
| ProxyPassword | A password if authentication is to be used for the proxy. |
| ProxyPort | Port for the proxy server (default 80). |
| ProxyServer | Name or IP address of a proxy server (optional). |
| ProxyUser | A user name if authentication is to be used for the proxy. |
| TransferredDataLimit | The maximum number of incoming bytes to be stored by the component. |
| TransferredHeaders | The full set of headers as received from the server. |
| UseChunkedEncoding | Enables or Disables HTTP chunked encoding for transfers. |
| ChunkSize | Specifies the chunk size in bytes when using chunked encoding. |
| UserAgent | Information about the user agent (browser). |
| KerberosSPN | The Service Principal Name for the Kerberos Domain Controller. |
| ConnectionTimeout | Sets a separate timeout value for establishing a connection. |
| FirewallAutoDetect | Tells the component whether or not to automatically detect and use firewall system settings, if available. |
| FirewallHost | Name or IP address of firewall (optional). |
| FirewallPassword | Password to be used if authentication is to be used when connecting through the firewall. |
| FirewallPort | The TCP port for the FirewallHost;. |
| FirewallType | Determines the type of firewall to connect through. |
| FirewallUser | A user name if authentication is to be used connecting through a firewall. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| Linger | When set to True, connections are terminated gracefully. |
| LingerTime | Time in seconds to have the connection linger. |
| LocalHost | The name of the local host through which connections are initiated or accepted. |
| LocalPort | The TCP port in the local host where the component binds. |
| MaxLineLength | The maximum amount of data to accumulate when no EOL is found. |
| MaxTransferRate | The transfer rate limit in bytes per second. |
| RecordLength | The length of received data records. |
| TCPKeepAlive | Determines whether or not the keep alive socket option is enabled. |
| UseIPv6 | Whether to use IPv6. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| TLS12SignatureAlgorithms | Defines the allowed TLS 1.2 signature algorithms when UseManagedSecurityAPI is True. |
| ReuseSSLSession | Determines if the SSL session is reused. |
| SSLCipherStrength | The minimum cipher strength used for bulk encryption. |
| SSLEnabledProtocols | Used to enable/disable the supported security protocols. |
| SSLProvider | The name of the security provider to use. |
| SSLSecurityFlags | Flags that control certificate verification. |
| OpenSSLCADir | The path to a directory containing CA certificates. |
| OpenSSLCAFile | Name of the file containing the list of CA's trusted by your application. |
| OpenSSLCipherList | A string that controls the ciphers to be used by SSL. |
| OpenSSLPrngSeedData | The data to seed the pseudo random number generator (PRNG). |
| AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
| FirewallData | Used to send extra data to the firewall. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| CodePage | The system code page used for Unicode to Multibyte translations. |