Transcription
PayoutsREST APIChase Paymentech SolutionsDeveloper Guide
2022. Cybersource Corporation. All rights reserved.Cybersource Corporation (Cybersource) furnishes this document and the software described in this document underthe applicable agreement between the reader of this document (You) and Cybersource (Agreement). You may use thisdocument and/or software only in accordance with the terms of the Agreement. Except as expressly set forth in theAgreement, the information contained in this document is subject to change without notice and therefore should not beinterpreted in any way as a guarantee or warranty by Cybersource. Cybersource assumes no responsibility or liabilityfor any errors that may appear in this document. The copyrighted software that accompanies this document is licensedto You for use only in strict accordance with the Agreement. You should read the Agreement carefully before using thesoftware. Except as permitted by the Agreement, You may not reproduce any part of this document, store this documentin a retrieval system, or transmit this document, in any form or by any means, electronic, mechanical, recording, orotherwise, without the prior written consent of Cybersource.Restricted Rights LegendsFor Government or defense agencies: Use, duplication, or disclosure by the Government or defense agencies is subject torestrictions as set forth the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and in similarclauses in the FAR and NASA FAR Supplement.For civilian agencies: Use, reproduction, or disclosure is subject to restrictions set forth in subparagraphs (a) through (d)of the Commercial Computer Software Restricted Rights clause at 52.227-19 and the limitations set forth in CybersourceCorporation's standard commercial agreement for this software. Unpublished rights reserved under the copyright laws ofthe United States.TrademarksAuthorize.Net, eCheck.Net, and The Power of Payment are registered trademarks of Cybersource Corporation.Cybersource, Cybersource Payment Manager, Cybersource Risk Manager, Cybersource Decision Manager, andCybersource Connect are trademarks and/or service marks of Cybersource Corporation. Visa, Visa International,Cybersource, the Visa logo, the Cybersource logo, and 3-D Secure are the registered trademarks of Visa International inthe United States and other countries. All other trademarks, service marks, registered marks, or registered service marksare the property of their respective owners.Version: 22.01Payouts 2
ContentsRecent Revisions to This Document. 4About This Guide. 6Introduction to Payouts.7Overview.7Supported Recipient Card Types, Currencies, Transactions, and Business ApplicationIdentifiers. 7Requirements.8Services. 10Account Funding Transactions (AFTs). 10Required Fields for Performing an AFT.10Optional Fields for Performing an AFT.12Performing an AFT. 13Example: AFT Request Using the REST API.14Original Credit Transactions (OCTs). 16Required Fields for Performing an OCT. 16Optional Fields for Performing an OCT.17Performing an OCT.18Optional Features.19Aggregator Support for Payouts.19Introduction to Aggregator Support.19AFTs with Aggregator Support. 21OCTs with Aggregator Support. 25Authorization Features for AFTs.29BIN Lookup. 30Optional Features for AFTs.30Relaxed Requirements for Address Data and Expiration Date.30Token Management Service. 30Payouts Contents 3
Recent Revisions to This Document22.01Chase Paymentech SolutionsUpdated BIN digits from six to eight.Updated the requirements for these API fields. The fields are now required forperforming OCTs or an OCT with aggregator support: See Required Fields forPerforming an OCT (on page 16) and Optional Fields for Performing an OCT (onpage 17). For OCTs only, these fields are now required: senderInformation.firstName senderInformation.lastName senderInformation.NameUpdated the requirements for these API fields. These fields are now optional forperforming AFTs with aggregator support or OCTs with aggregator support: SeeOptional Fields for Aggregator Support for an AFT (on page 23) and Required Fieldsfor Aggregator Support for an OCT (on page 26). aggregatorInformation.aggregatorIdAdded support for Mastercard and disbursements. See Supported Recipient CardTypes, Currencies, Transactions, and Business Application Identifiers (on page 7).Added new requirements to Requirements (on page 8).Added support for aggregators. See Aggregator Support for Payouts (on page 19).Added lists of required and optional fields for each service: Required Fields for Performing an AFT (on page 10) Optional Fields for Performing an AFT (on page 12) Required Fields for Performing an OCT (on page 16)21.03 Optional Fields for Performing an OCT (on page 17)This revision contains only editorial changes and no technical updates.Payouts Recent Revisions to This Document 4
21.02Initial release for REST API.Payouts Recent Revisions to This Document 5
About This GuideThis section provides you with information about the REST API guide for Chase PaymentechSolutions.Audience and PurposeThis document is written for developers who want to use the Cybersource REST API to integrateCybersource Payouts services into their transaction management system.ConventionsThe following special statement is used in this document:Important: An Important statement contains information essential to successfullycompleting a task or learning a concept.Related DocumentationFor further technical documentation, visit the Cybersource Technical Documentation ustomer SupportFor support information about any service, visit the Support Center:http://www.cybersource.com/supportPayouts About This Guide 6
Introduction to PayoutsThis introduction contains an overview of the Payouts service and describes the supportedrecipient card types, currencies, transactions, and business application identifiers (BAIs) as well asrequirements.OverviewPayouts is a funds transfer service that enables you to withdraw funds from a sender’s payment cardaccount and deposits funds into a recipient’s payment card account.Payouts transfers funds to a recipient’s account in one of two ways: An account funding transaction (AFT) withdraws funds from a sender’s account using standardcredit card processing with two services, an authorization and a capture, before depositing thefunds into a recipient’s account. An original credit transaction (OCT) deposits funds into a recipient’s account.Even though an AFT usually precedes a corresponding OCT, the AFT and OCT are independenttransactions.In typical payment transactions, you initiate debits and credits to receive payments from cardholdersfor your goods and services. With Payouts, you provide a money transfer service by initiating AFTand OCT transactions that move funds between accounts: A business-to-person payment moves funds between you and a cardholder or between amerchant and a cardholder when you are the facilitator enabling the money transfer. A person-to-person payment moves funds between two cardholders.No merchant goods are involved in Payouts transactions.Supported Recipient Card Types, Currencies, Transactions, andBusiness Application IdentifiersRecipient card types: Mastercard—debit cards and prepaid cards onlyPayouts Introduction to Payouts 7
Visa—debit cards and prepaid cards onlyCurrencies: USDTransactions: Disbursements Fast Funds. A Fast Funds transaction makes funds available to the recipient within 30 minutes.Use the BIN lookup service to find out whether a payment card is enabled for Fast Funds. Money transfersBusiness Application Identifiers: Account to account (AA) Funds disbursement (FD), including: Commission payments Digital goods or games Insurance payments Loan disbursements Lottery payouts Shared economy Non-government-initiated tax refund services such as tax preparation businesses Merchant disbursement (MD) (acquirers or aggregators settling to merchants) Person to person (PP)RequirementsTo use Payouts services, you must meet these requirements: You must obtain a license from your processor for requesting this type of transaction. The acquirer and issuer must be in the U.S.Payouts Introduction to Payouts 8
Risk management requirements for AFTs: You must conduct a comprehensive risk assessment of your business policies andpractices, fraud prevention and detection techniques, anti-money-laundering program,and risk controls. In addition to implementing fraud prevention tools, you mustimplement business practices to minimize fraud losses. You must comply with the Visa Core Rules and Visa Product and Service Rules, localregulations, applicable sanctions, anti-money laundering laws, and anti-terroristfinancing laws. Cardholder data authentication requirements for AFTs: For each AFT, you must collect and verify data about the sender. You must also screensender data against relevant watch lists in accordance with local laws and regulations forthe purposes of risk management, sanctions enforcement, and anti-money-launderingand anti-terrorist financing control. The method you use to authenticate sender data must follow regulatory and industrystandards and best practices as well as applicable local laws and regulations. Examplesare the use of government-issued photo identification, PINs, Visa Secure, Internetbanking identification, telephone banking identification, and consumer device cardholderverification method. Transaction monitoring requirements for AFTs: You must implement transaction monitoring and screening procedures to flag highrisk transactions for review prior to submission. These procedures must include theseactivities: Modulus 10 checks Count, amount, and rolling limits Checks to determine whether the sender is on any applicable government or bankspecific blocked lists You must implement processes to identify signs of fraud or misuse, including moneylaundering and terrorist financing. You must make sure that Payouts transactions are not being used to pay for goods andservices. For example, you can check for a high number or variety of senders to a singlerecipient.Related informationVisa Core Rules and Visa Product and Service RulesPayouts Introduction to Payouts 9
ServicesThis section provides information about the following services: Account Funding Transactions (AFTs) (on page 10) Original Credit Transactions (OCTs) (on page 16)Account Funding Transactions (AFTs)Payouts uses the authorization service to support AFTs. An AFT withdraws funds from a sender’saccount.Required Fields for Performing an AFTThese fields are required in a request for an authorization for an tion.categoryCodeSet this field to one of the MCC values in this table.Supported Merchant Category Codes (MCCs) for Each Business ApplicationIdentifier (BAI)BAIMCCs with MastercardMCCs with VisaAA48294829, 6012PP48294829, formation.amountDetails.totalAmountEither orderInformation.amountDetails.totalAmount ororderInformation.lineItems[].unitPrice must be included in the request.Maximum amount per customer account in one day: 10,000 USD.Maximum amount per customer account in seven days: 25,000 USD.Maximum amount per customer account in thirty days: 50,000 USD.Payouts Services 10
orderInformation.billTo.address1Required except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are reaRequired when the billing country is the U.S. or Canada except when your account isconfigured for relaxed requirements for address data and expiration date. Important:It is your responsibility to determine whether a field is required for the transactionthat you are requesting.orderInformation.billTo.countryRequired except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are requesting.orderInformation.billTo.emailRequired except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are ed except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are d except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are d except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are red when the billing country is the U.S. or Canada except when your account isconfigured for relaxed requirements for address data and expiration date. Important:It is your responsibility to determine whether a field is required for the transactionthat you are Required except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are ayouts Services 11
Required except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are gInformation.authorizationOptions.aftIndicatorSet this field to quired when this value is not included in your account.Related informationAPI Field Reference for the REST APIOptional Fields for Performing an AFTYou can include these optional fields in an authorization request for an FeeThis field is supported only for cross-border transactions. A cross-border transactionis a transaction for which the payment card is issued in one country and accepted by amerchant in another mountThis field is supported only for cross-border transactions. A cross-border transactionis a transaction for which the payment card is issued in one country and accepted by amerchant in another country.paymentInformation.card.typeSet this field to 001 for Visa or 002 for catorSet this field to internet.senderInformation.firstNameIf the sender is a business or government entity, use the senderInformation.namefield instead.senderInformation.lastNameIf the sender is a business or government entity, use the senderInformation.namefield instead.senderInformation.namePayouts Services 12
If the sender is an individual, use the senderInformation.firstName andsenderInformation.lastName fields instead.Related informationAPI Field Reference for the REST APIPerforming an AFTTo perform an AFT, request a credit card authorization and include the AFT request fields in theauthorization request.Do not include any of these services in the request: Full authorization reversal Credit Risk update Services for other payment methodsFollow these steps to authorize a payment:1. Send the service request to:https://api.cybersource.com/pts/v2/payments2. Include the required fields in the request.3. Include optional fields in the request as needed.4. Check the response message to make sure that the request was successful. A 200-level HTTPresponse code indicates success. For information about response codes, see TransactionResponse Codes.Payouts Services 13
Example: AFT Request Using the REST APIRequest: Authorization Service for an AFTThis example is for an account that is configured for relaxed requirements for address data andexpiration date.{"clientReferenceInformation": {"code": "123456789"},"merchantInformation": {"categoryCode": "4829"},"orderInformation": {"amountDetails": {"totalAmount": "10.00","currency": "USD"}},"processingInformation": {"businessApplicationId": "AA","authorizationOptions": {"aftIndicator": "true"}},"paymentInformation": {"card": {"number": "4111111111111111",}}}Payouts Services 14
Response: Authorization Service for an AFT{"clientReferenceInformation": {"code": "123456789"},"id": "6227448498206943503001","orderInformation": {"amountDetails": {"totalAmount": "10.00","currency": "USD"}},"processorInformation": {"approvalCode": "888888","responseCode": "100"},"reconciliationId": "737824012PCK87SH","status": "ACCEPTED","submitTimeUtc": "2021-06-03T182730Z"}Payouts Services 15
Original Credit Transactions (OCTs)An OCT deposits funds into a recipient’s account.This section provides the following information: Required Fields for Performing an OCT (on page 16) Performing an OCT (on page 18)Required Fields for Performing an OCTThese fields are required in a request for an tion.merchantDescriptor.contactRequired when the merchant descriptor field is meRequired when the merchant descriptor contact field is derInformation.amountDetails.totalAmountCannot exceed 50,000 USD.paymentInformation.card.expirationMonthNot required when you are using a client token.paymentInformation.card.expirationYearNot required when you are using a customer token.paymentInformation.card.numberNot required when you are using a customer ot required when your account includes this nformation.administrativeAreaRequired when the sender country is the U.S. or Canada.senderInformation.firstNameFirst name of sender when the sender is an individual. Required for original credittransactions (OCTs) that use the Payouts services and supported only for Mastercardcard transactions.Payouts Services 16
If the sender is a business or government entity, use the senderInformation.namefield instead.senderInformation.lastNameLast name of sender when the sender is an individual. Required for original credittransactions (OCTs) that use the Payouts services and supported only for Mastercardcard transactions.If the sender is a business or government entity, use the senderInformation.namefield instead.senderInformation.nameIf the sender is an individual, use the senderInformation.firstName andsenderInformation.lastName fields instead.Related informationAPI field Reference for the REST APIToken Management Service (on page 30)Optional Fields for Performing an OCTYou can include these optional fields in a request for an OCT:paymentInformation.card.typeSet this field to 001 for Visa or 002 for rocessingInformation.commerceIndicatorSet this field to enceNumberPayouts Services 17
Related informationAPI Field Reference for the REST APIPerforming an OCTDo not include any other services in the request.Follow these steps to perform an OCT:1. Send the service request to:https://api.cybersource.com/pts/v2/payouts2. Include the required fields in the request.3. Include optional fields in the request as needed.4. Check the response message to make sure that the request was successful. A 200-level HTTPresponse code indicates success. For information about response codes, see TransactionResponse Codes.Payouts Services 18
Optional FeaturesThis section provides information about these optional features: Aggregator Support for Payouts (on page 19) Authorization Features for AFTs (on page 29) BIN Lookup (on page 30) Optional Features for AFTs (on page 30) Relaxed Requirements for Address Data and Expiration Date (on page 30) Token Management Service (on page 30)Aggregator Support for PayoutsThis section provides the following information: Introduction to Aggregator Support (on page 19) AFTs with Aggregator Support (on page 21) OCTs with Aggregator Support (on page 25)Introduction to Aggregator SupportThis section provides the following information: Supported Services and Card Types for Aggregator Support with Payouts (on page 19) Overview of Aggregator Support (on page 20) Aggregator Terminology (on page 20)Supported Services and Card Types for Aggregator Support with PayoutsServices:Payouts Optional Features 19
AFT OCTCard types: Mastercard VisaOverview of Aggregator SupportThis feature enables a third-party agent to act as a payment aggregator and process payment cardtransactions for sub-merchants. Independent sales organizations (ISOs) and member serviceproviders (MSPs) are agents that can also leverage these aggregator features.Contact customer support to have your account configured for this feature.Aggregator TerminologyaggregatorAlso known as payment aggregator. It is an organization that aggregates submerchants under a single account and settles funds directly to the sub-merchants. Anaggregator is usually an ISO or MSP.independent sales organization (ISO)Organization that does one or more of the following: Works with acquirers to sponsor merchant accounts and usually assumes therisks associated with the merchants’ processing. Procures new merchant relationships based on contracts with acquirers. Connects with a gateway to process online payment card transactions for smallbusinesses, usually in exchange for a fee or percentage of sales.member service provider (MSP)Same as an ISO, although an MSP has no financial responsibility to the merchant.payment facilitatorPayment aggregator.service providerThird-party or outsource provider of payment processing services. A service providertypically provides a single service with no role in settling funds to a merchant.sub-merchantPayouts Optional Features 20
Merchant whose transactions are submitted by a payment aggregator.third-party agentUmbrella term for independent sales organizations, member service providers,payment aggregators, and payment facilitators.AFTs with Aggregator SupportThis section provides the following information: Required Fields for Performing an AFT with Aggregator Support (on page 21) Optional Fields for Performing an AFT with Aggregator Support (on page 23) Performing an AFT with Aggregator Support (on page 25)Required Fields for Performing an AFT with Aggregator SupportTo perform an AFT with aggregator support, you must include the fields that are required for an AFTand the fields that are required for aggregator support for an AFT. Required Fields for Aggregator Support for an AFT (on page 21) Required Fields for Performing an AFT (on page 10)Required Fields for Aggregator Support for an AFTThere are no required fields in a request for an AFT with aggregator support.Required Fields for Performing an AFTThese fields are required in a request for an authorization for an tion.categoryCodeSet this field to one of the MCC values in this table.Supported Merchant Category Codes (MCCs) for Each Business ApplicationIdentifier (BAI)BAIMCCs with MastercardMCCs with VisaAA48294829, 6012Payouts Optional Features 21
Supported Merchant Category Codes (MCCs) for Each Business ApplicationIdentifier (BAI) (continued)BAIMCCs with MastercardMCCs with VisaPP48294829, formation.amountDetails.totalAmountEither orderInformation.amountDetails.totalAmount ororderInformation.lineItems[].unitPrice must be included in the request.Maximum amount per customer account in one day: 10,000 USD.Maximum amount per customer account in seven days: 25,000 USD.Maximum amount per customer account in thirty days: 50,000 USD.orderInformation.billTo.address1Required except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are reaRequired when the billing country is the U.S. or Canada except when your account isconfigured for relaxed requirements for address data and expiration date. Important:It is your responsibility to determine whether a field is required for the transactionthat you are requesting.orderInformation.billTo.countryRequired except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are requesting.orderInformation.billTo.emailRequired except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are ed except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are d except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the transaction that you are requesting.Payouts Optional Features 22
orderInformation.billTo.localityRequired except when your account is configured for relaxed requirements for addressdata and expiration date. Important: It is your responsibility to determine whether afield is required for the tra
Chase Paymentech Solutions Updated BIN digits from six to eight. Updated the requirements for these API fields. The fields are now required for . Supported Merchant Category Codes (MCCs) for Each Business Application Identifier (BAI) BAI MCCs with Mastercard MCCs with Visa AA 4829 4829, 6012 PP 4829 4829, 6012
