WIXLIB

Durango Merchant ServicesCustomer Vault APIV1.1Integration ResourcesDocumentationApril 2008 – Updated Sept 2011Durango-Direct.com866-415-2636

ContentsOverview . 3Customer Vault . 3Methodology . 4Process Flow. 4Communication . 5Customer Vault (customer vault)Types . 6add customer Request . 7update customer Request . 8delete customer Request . 9Testing Information . 10Transaction testing credentials . 10Transaction POST URL . 10Test Data . 10Examples . 11Updates (September 2011) . 112Customer Vault APICopyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 2

OverviewCustomer VaultSecurity ConcernsThe Customer Vault was designed specifically for businesses of any size to address concerns abouthandling customer payment information. Visa and MasterCard have instituted the Payment CardIndustry (PCI) Data Security Standard to protect cardholder data–wherever it resides–ensuring thatmembers, merchants, and service providers maintain the highest information security standard.These associations have also deemed that merchants will be held liable for any breach of cardholderdata. This has become a major concern for merchants who handle credit card or electronic checkpayments. The Customer Vault is designed for these merchants who desire to avoid the tremendouscosts and resources involved in becoming PCI compliant under these circumstances.Customer Vault SolutionThe Customer Vault allows merchants to transmit their payment information through a Secure SocketsLayer (SSL) connection for storage in our Level 1 PCI certified data facility. Once the customer record hasbeen securely transmitted to the Customer Vault, the merchant can then initiate transactions remotelywithout having to access cardholder information directly. This process is accomplished without themerchant storing the customer’s payment information in their local database or payment application.Furthermore, using our 3 Step Redirect Method in conjunction with the Customer Vault allowsmerchants to process transactions without transmitting any payment information through their webapplication. This unique approach provides best of class application flexibility without any PCIcompliancy concerns. The 3 Step Redirect API (Advanced Programmers Interface) is available by requestof the project manager.The Customer Vault Process Flow is described below on page 4.Customer Vault APICopyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 3

MethodologyProcess FlowAn initial Customer Record creation using the Customer Vault1. The Cardholder securely submits payment details to the merchant’s website / application.2. The merchant’s website securely connects to the Customer Vault and creates customer recordof “1234”, which contains all customer data including payment details.3. The Payment Gateway responds to the merchant as to whether the customer record wascreated successfully or not.30 days later, the merchant wishes to charge the customer again using customer record “1234”4. The merchant’s website / application connects to the Customer Vault and remotely loadscustomer record “1234” to initiate a 50.00 charge.5. The Payment Gateway processes the transaction and responds to the merchant with thetransaction response from the processor(s).Customer Vault APICopyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 4

Value PropositionMerchants who utilize the Customer Vault can process transactions and maintain an up‐to‐datecustomer database without storing any customer payment details. All sensitive customer data wastransmitted through encrypted channels and authorizations, captures, refunds and settlements weremanaged remotely without storing any cardholder data locally. This gives the merchant unparalleledapplication flexibility while shifting its liability of PCI compliancy.The Customer Vault can store both credit card and electronic check payment details. Access to theCustomer Vault is granted through a secure online interface. The interface specification is described byan API (Advanced Programmers Interface) Integration Manual which is sent by request to the projectmanager. The Customer Vault and Payment Gateway interface has been Level 1 PCI compliant since2004.Customer Vault APICopyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 5

CommunicationThe communication protocol used to send messages to the Payment Gateway is through the HTTPprotocol over an SSL connection. (HTTPS)Transaction details should be delivered to the Payment Gateway using the POST method and querystring name/value pairs delimited by ampersandsFor example: variable1 value1&variable2 value2&variable3 value3Transaction responses are returned in the body of the HTTP response in a query string name/valueformat delimited by ampersands.Customer Vault (customer vault)Typesadd customer If you pass add customer as argument to the customer vault variable,(customer vault add customer) the payment gateway will create a securecustomer record.update customer If you pass update customer as argument to the customer vault variable,(customer vault update customer) the payment gateway allows anupdate/over-ride to any information on the customer vault record; except forthe customer vault id.delete customer If you pass delete customer as argument to the customer vault variable,(customer vault delete customer) the customer vault id is the only requiredfield to delete a customer record.Customer Vault APICopyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 6

add customer Requestadd customer variablesRequiredFormatDescriptioncustomer vaultcustomer vault idRequiredOptionaladd customerusernamepasswordcurrencyorderidorder descriptionmerchant defined field dds a secure customer vault recordSpecifies a Customer Vault ID (If not set,the Payment Gateway will randomlygenerate a Customer Vault ID)Username assigned to merchant accountPassword assigned to merchant accountSet transaction currencyOrder idOrder Description(merchant defined field 1,merchant defined field 2, etc.)Cardholder’s purchase order numberTotal tax amountSet whether cardholder is tax exemptTotal shipping amountSet payment type to ACH or credit cardCredit card numberCredit card expiration (ie. 0711 7/2011)The name on the customer’s ACHAccount.The customer’s bank account numberThe customer’s bank routing numberThe customer’s ACH account typeThe customer’s ACH account entityACH Standard Entry Class codesCardholder’s first nameCardholder’s last nameCard billing addressCard billing cityCard billing state/provinceCard billing postal codeCard billing country codeBilling phone numberBilling email addressCardholder’s companyCard billing address – line 2Billing fax numberShipping first nameShipping last nameShipping companyponumbertaxtax exemptshippingmethodccnumberccexpaccount nameLevel IILevel IILevel IILevel ntroutingaccount typeaccount holder typesec codefirst namelast dress2faxshipping firstnameshipping lastnameshipping companyRequired(ACH)**Required(ACH)**Optional (ACH)**Optional (ACH)**Optional onalCustomer Vault savingspersonal/businessPPD/WEB/TEL/CCDCopyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 7

shipping address1shipping address2shipping cityshipping stateshipping zipshipping countryshipping phoneshipping faxshipping nalOptionalOptionalOptionalShipping addressShipping address – line 2Shipping cityShipping state/provinceShipping postal codeShipping country codeShipping phone numberShipping faxShipping email address*If you do not pass a customer vault id, our system will randomly generate one. If you include bothcustomer id and customer vault id, they must match.**You can only pass Credit Card or Electronic Check transaction variables.update customer Requestupdate customer variablescustomer vaultcustomer vault idusernamepasswordcurrencyorderidorder descriptionmerchant defined field RequiredOptionalOptionalOptionalOptionalupdate customerAdds a secure customer vault recordSpecifies a Customer Vault IDUsername assigned to merchant accountPassword assigned to merchant accountSet transaction currencyOrder idOrder Description(merchant defined field 1,merchant defined field 2, etc.)Cardholder’s purchase order numberTotal tax amountSet whether cardholder is tax exemptTotal shipping amountSet payment type to ACH or credit cardCredit card numberCredit card expiration (ie. 0711 7/2011)The name on the customer’s ACHAccount.The customer’s bank account numberThe customer’s bank routing numberThe customer’s ACH account typeThe customer’s ACH account entityACH Standard Entry Class codesCardholder’s first nameponumbertaxtax exemptshippingmethodccnumberccexpaccount nameLevel IILevel IILevel IILevel ntroutingaccount typeaccount holder typesec codefirst nameRequired(ACH)**Required(ACH)**Optional (ACH)**Optional (ACH)**Optional (ACH)**RecommendedCustomer Vault APITable savingspersonal/businessPPD/WEB/TEL/CCDCopyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 8

last dress2faxshipping firstnameshipping lastnameshipping companyshipping address1shipping address2shipping cityshipping stateshipping zipshipping countryshipping phoneshipping faxshipping ionalOptionalCardholder’s last nameCard billing addressCard billing cityCard billing state/provinceCard billing postal codeCard billing country codeBilling phone numberBilling email addressCardholder’s companyCard billing address – line 2Billing fax numberShipping first nameShipping last nameShipping companyShipping addressShipping address – line 2Shipping cityShipping state/provinceShipping postal codeShipping country codeShipping phone numberShipping faxShipping email addressdelete customer Requestdelete customer variablesRequiredFormatDescriptioncustomer vaultcustomer vault delete customerAdds a secure customer vault recordSpecifies a Customer Vault IDUsername assigned to merchant accountPassword assigned to merchant accountCustomer Vault APICopyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 9

Testing InformationTransaction testing credentialsTransactions can be tested using one of two methods. First, transactions can be submitted to anymerchant account that is in test mode. Keep in mind that if an account is in test mode, all valid creditcards will be approved but no charges will actually be processed.The Payment Gateway demo account can also be used for testing at any time. Please use the followingusername and password for testing with this account:durangotest1234usernamepasswordTransaction POST URLTransaction details should be POST’ed to the following URL:POST phpTest DataTransactions can be submitted using the following information:VisaMasterCardDiscoverCardAmerican ExpressCredit Card Expirationaccount (ACH)routing (ACH)Customer Vault 134111111111111110/10123123123123123123Copyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 10

ExamplesData posted to the Payment Gateway by MerchantAdd a Customer to the Customer Vault: username durango&password test1234&firstname Joe&lastname Smith&address1 1234MainSt.&city Chicago&state IL&country US&ccnumber 4111111111111111&ccexp 1010&customer vault add customer&customer vault id 00001Update a Customer’s credit card number and expiration date: username durango&password test1234&ccnumber 5431111111111111&ccexp 1012&customer vault update customer&customer vault id 00001Process a ‘sale’ transaction using a Customer Vault record: username durango&password test1234&amount 10.00&billing method recurring&customervault id 00001Customer Vault APICopyright Durango Merchant Services, LLC 2001-2012 All Rights Reserved.Page 11