Batch Processing

Interface specification

This document describes the Saferpay Batch Processing, a service allowing the processing of credit card and German electronic direct debit (ELV) payments via a batch file.

Relevant parameters are highlighted in monospace in this guide.

Prerequisites

The following conditions must be fulfilled to use the batch processing:

  • A corresponding license and with that an existing Saferpay account with login and password

  • At least one active Saferpay terminal via which payments can be processed. The corresponding TERMINALID respectively the ACCOUNTID must be available.

  • The format of the data set and the name of the input file must correspond to the format described in this guide

Security and PCI DSS

Although the Saferpay system meets the PCI DSS (Payment Card Industry Data Security Standard) requirements and is inspected regularly to verify compliance, you are encouraged to apply the following rules when using Saferpay Batch Processing.

When using Saferpay Batch Processing, credit card data is entered in the input file and uploaded from your system to Saferpay. You should ensure that you comply with the security requirements of your card-accepting bank (acquirer) concerning the handling of credit card data.

We recommend you use the Saferpay Secure Card Data Service in combination with Saferpay Batch Processing in order to significantly reduce the expense for the PCI DSS review of the merchant system. This service allows you to process transmit and store the credit card data directly in the secure Saferpay computer centre and no longer on the merchant system. For more information, please contact the Saferpay technical support team or customer service department.

Processing of the card verification number (also called CVC2, CVV2, CID or 4DBC) is optional. Please note, that according to PCI DSS regulation, the card verification number is part of the confidential card data that may only be stored temporarily.

Due to PCI DSS regulation the processing of magnetic stripe data is no longer possible via Batch Processing.

If you have any questions regarding PCI DSS, please contact your acquirer or a qualified security provider (see https://www.pcisecuritystandards.org).

Other information

Please note the following points:

  • Uploaded files are processed within one day (24 hours) for the card companies.

  • The Saferpay Batch Processing is designed for not time critical payments and not for online authorizations in real time or seconds.

  • For time critical authorizations we recommend the use of the Saferpay Client API.

  • In order to ensure a smooth processing we recommend to process not more than 500 transactions per file.

  • Since acquires reject non-authorized transactions all transactions are authorized in a first step before being transmitted for further processing.

  • Please note that the Batch Processing will also trigger the Batch Close for all transactions, once the batch is finished.

Supported payment means

The Saferpay Batch Processing currently allows the processing of transactions for the following payment means:

  • Visa/VPay

  • Mastercard/Maestro

  • American Express

  • Diners Club/Discover

  • JCB

  • direct debit (ELV - only for German bank accounts)

The following abbreviations for format information are used in this document:

Conventions

Format details

File names

The name of the file to be processed starts with the Saferpay Customer ID followed by a dash and the unique file identifier and ends with the file extension ".IN".

Syntax: CustomerID-FileID.IN

Example: 423456-subscriptions2021.IN

Customer ID

The Saferpay Customer ID currently consists of 4 to 7 digits. This could change in the future.

File identifier (FileID)

The File identifier has to be unique and is defined as follows:

  • length: variable 1 to 40 characters

  • permitted characters: 0-9, A-Z, a-z, - (dash), _ (underscore)

  • no distinction is made between uppercase and lowercase

Examples (FileID in italics):

  • 12001-1.IN

  • 12001-002.IN

  • 12001-abcd5523.IN

  • 12001-CA4DD53A-C1BB-4378-A7EB-4AB7AA6729D9.IN

Input file format

The information required for uploading is saved in a text file. The following rules are to be respected in this context:

  • Parameters are separated by a comma (ASCII 0x44)

  • each line must terminate with a line separator CR or CRLF Incorrectly formatted lines are rejected with the error code ICCTERR in the output file. It is the responsibility of the sender to correct the format and resubmit the file.

File transfer

The files are transferred between the sender and the Saferpay system via a secure SSL connection (https) from the Saferpay Backoffice. An email address can be stored to get a message when the file processing is finished.

Input file

Parameters and descriptions

If not marked as optional all parameters are mandatory.

Parameter details

TERMINALID

The Saferpay TERMINALID represents a Saferpay terminal. You will find the Saferpay TERMINALID in the Saferpay Backoffice under "Administration > Accounts".

A Saferpay ACCOUNTID consists of the customer ID, dash (-) and TERMINALID; e.g. 99867-94913159, where 99867 is the customer ID and 94913159 the TERMINALID.

ORDERID

The order ID serves to identify payments in order to enable the merchant to assign the transactions to the correct orders at a later time. The ORDERID is forwarded to the card processor (merchant bank) and is generally listed in the merchants settlement note.

Only numbers (ASCII 0x30...0x39), uppercase letters (0x41...0x5A), lowercase letters (0x61...0x7A) and “-“ and “_” (0x2D and 0x5F) are accepted. Correct processing cannot be guaranteed if other characters are transmitted.

The maximum number of digits varies from processor to processor. In most cases 12 digits has proven to be a good value.

PAN

This field is used for card payment and contains the manually entered card number. The card expiry date is to be transmitted with the fields EXPMONTH and EXPYEAR.

If a card alias (CARDREFID) is to be processed, the text “CARDREFID:” (complete with colon) must precede the alias.

DOCREDIT

Specifies whether the customer is to be debited (= 0 for booking) or credited (= 1 for refund). Refunds are only possible for credit card transactions.

TIMEDATE

This field contains the time of booking in the format YYYYMMDDhhmmss (14 digits), where

Alternatively the format YYYYMMDDhhmm with 12 digits is also valid and can be used. Internally the Batch Processing then sets the seconds as ss = 00.

CVC

According to the rules of the credit card organizations, the card security number (CVC, CVV2, CID, 4DBC) is to be kept strictly confidential. You are advised to always respect this concerning security requirements. For more information please contact your acquirer.

RECURRING

With these fields transactions can be tagged with value “R” as recurring payments. The consecutive payment additionally references to the transaction identifier (ID) of the initial payment by using parameter REFID. The fields PAN, EXPMONTH, EXPYEAR and CVC are not required. Submitting a PAN, IBAN, ACCOUNT NUMBER, or ALIAS will result in a validation error. The card data from the referenced transaction is used for the transaction. The referenced transaction must exist and be flagged as 'recurring initial'. The recurring authorization will then be flagged PSD2 compliant as CoF recurring (with TransactionStamp / SettlementDate of the originating transaction).

With the Saferpay release of March 2022, Recurring ('R') is only supported in conjunction with a REFID. Without REFID, a 'normal' authorization will be performed instead, which will not be marked as recurring.

MANDATEID

This field contains the SEPA mandate reference of a German direct debit (ELV) payment.

IBAN

This field contains the International Bank Account Number for direct debit payments using a German bank account.

Examples

ICCT100,94913159,TEST1,9451123100000004,12,15,M,1000,EUR,,0,1,20120202165533
ICCT100,94913159,TEST2,9451123100000004,12,15,M,550,EUR,,0,1,20120202165534,442
ICCT100,94913159,TEST3,9451123100000004,12,15,M,105.00,EUR,,0,1,201202021655
ICCT100,94913159,TEST4,4000000000000002,12,2015,M,1050,EUR,,1,1,201202021656
ICCT100,94913159,TEST5,5232000000000017,12,2015,M,1120,EUR,,0,1,201202021500,,1,AAABCEkCYQABA314UQJhAAAAAAA=,DmZAXgVCNWAOAQN3AwAFWgN9CQM=
ICCT100,94913159,TEST6,375811111111115,12,10,M,1000,EUR,,0,1,201202021656
ICCT100,94913159,TEST7,CARDREFID:1234567890,02,15,M,670,EUR,,0,1,201202021658
ICCT100,94913159,TEST8,,,M,1009,EUR,,0,1,201202021659,,,,,,MyMandateID,DE77970000010123456789

Explanations

Line 1: Authorization and booking. Line 2: Authorization, booking, card data with card security number. Line 3: Incorrect, the amount must be entered without a decimal point. Line 4: Credit (refund to cardholder). Line 5: MasterCard SecureCode payment with ECI=1, CAVV and XID. Line 6: Incorrect, card already expired. Line 7: Booking, card reference number (CARDREFID) is used. Line 8: Booking, payment by direct debit.

Identifying duplicate entries

The Batch Processing checks the transactions for duplicate entries. If an input transaction has the same values for TERMINALID, ORDERID, PAN, EXPMONTH, EXPYEAR, AMOUNT, CURRENCY, DOCREDIT and TIMEDATE as an already processed transaction, it is identified as a duplicate and returned with the following error text: "Double Transaction - Transaction in LineNumber x has already been processed."

To ensure that transactions are distinct at least within one field, TIMEDATE may optionally be stated down to the second (14 digits, the year always has four digits). If no seconds are stated, File Import sets the seconds to 00. TIMEDATE is only used internally by the batch import. It is recommended to assure the distinctness of transactions via the use of a unique timestamp for each transaction.

Output file

For each file uploaded the sender receives an output file with the same file name as the input file but suffixed with the file ID ".OUT".

Every data record is checked for format correctness. If the format check succeeds the record is processed and the .out file entry will contain RECORDTYPE "ICCT101". If the check fails the corresponding entry will contain RECORDTYPE "ICCTERR".

Processed record set

For each processed record set of the input file (ICCT100) the output file contains a corresponding response record set (ICCT101) with result and transaction identifier.

Incorrect entry in the output file

If a data record in the input file fails the format verification check, the output file contains an ICCTERR message in the corresponding line of the output file.

Examples

ICCTERR,1445001,test11,201102021612,1,RecordType,Double Transaction - Transaction in LineNumber 1 has already processed
ICCTERR,1445001,test12,201102021612,13,TimeDate,DateTime length is wrong: 0
ICCTERR,14450001,test13,201102021612,8,Amount,Amount is not numeric 105.00
ICCTERR,14450001,test14,201102021612,2,TerminalID,User has no access for TerminalId:1445001
ICCTERR,14450001,test15,201102021612,5,ExpMonth,ExpMonth is out of range
ICCTERR,14450001,test16,201102021612,6,ExpYear,Card is expired:1204
ICCTERR,14450001,test17,201102021612,4,CardNumber,7004 - No CardNumber found for this CardRefId.
ICCTERR,14450001,test18,201102021612,13,TimeDate,DateTime length is wrong: 13

List of RESULT values

Sample output file

ICCT101,94913159,TEST1,0,6bf9e707a9e64938b7e4612b2bcb,074869,201102030852
ICCT101,94913159,TEST2,0,9bd5f26175a14cd1bd839dc81fa3,862777,201102030852
ICCTERR,94913159,TEST3,201102030852,8,Amount,Amount is not numeric: 105.00
ICCT101,94913159,TEST4,0,682dab8de6614ae4bb15d83e94bc,,201102030852
ICCT101,94913159,TEST5,0,12d693de415f425a919ba4aea4f3,124865,201102030852
ICCTERR,94913159,TEST6,201102030852,6,ExpYear,Card is expired: 1204
ICCT101,94913159,TEST7,0,96c0fe28e09d40b3b98248a4ac54,395000,201102030852
ICCT101,94913159,TEST8,67,74301cbe-87ca-4e3c-aeb0-3223c9f69210,,201102030852

Explanation

Line 1: Authorization and booking, successfully processed and stored. Line 2: Authorization and booking, successfully processed and stored. Line 3: Transaction rejected by Batch Processing, with error code. Line 4: Refund (credit), successfully processed. Line 5: Transaction with reference number, successfully processed. Line 6: Transaction rejected by Batch Processing, with error code. Line 7: Authorization and booking with use of CARDREFID, successful. Line 8: Request rejected, reply code 67 (no contract available).

Output file if Batch Processing is processed automatically

If Batch Processing is processed automatically via upload or download an additional result line appears at the end of the output file. In case of successful processing the result line looks like this: ResultCode: 200 OK

If the access is not granted because of an invalid user name the message ResultCode = 401 Unauthorized is returned:

Automation

File Import can be automated via the Saferpay website. Uploading and downloading are SSL encrypted with https.

For the automated use of the Saferpay Batch Processing a login and password are required.

According to the PCI DSS security regulations the upload and download files must be transmitted by POST. The GET method is not permitted.

Upload

The file to be uploaded must be sent to the following Saferpay URL:

https://www.saferpay.com/bo/fileimport/scriptupload

The login data is transferred within hidden fields using the parameters spUsername, spPassword and UAFState and CustomerID.

Download

Output files can be downloaded from the following Saferpay URL:

https://www.saferpay.com/bo/fileimport/scriptdownload

The login data is transferred within hidden fields using the parameters spUsername, spPassword and UAFState and CustomerID. The filename is transmitted with the parameter Sequence.

Code examples

HTML form

<html>
	<head>
		<title>Upload Example for Saferpay File Import</title>
	</head>
	<body>
		<h2>Upload Example for Saferpay File Import</h2>
		<form enctype="multipart/form-data" action="https://www.saferpay.com/bo/FileImport/ScriptUpload" method="POST">
			<input type="hidden" name="spUsername" value="xxxxxxxxx" />
			<input type="hidden" name="spPassword" value="xxxxxxxxx" />
			<input type="hidden" name="UAFState" value="login" />
			<input type="hidden" name="CustomerID" value="xxxxxxxxx" />
			<p>
				Select file to upload:
				<br/>
				<input type="file" size="50" />
			</p>
			<input type="submit" value="File Import" />
		</form>
	</body>
</html>

Visual Basic Script

'Upload of file
File = "xxxxxx" : Username = "xxxxxx" : Password = "xxxxxx" : CustomerID = "xxxxxx" : UAFState = "login"

'read file data
Set fs = WScript.CreateObject("Scripting.FileSystemObject")
Set rd = fs.OpenTextFile(File) : Content = ""
do while rd.AtEndOfStream <> true : Content = Content & rd.ReadLine & vbCrLf : loop
rd.Close

'URL to Server
URL = "https://www.saferpay.com/bo/FileImport/ScriptUpload"

'needed for file upload
Boundary = "-----------------------------xaHbfgeHJ65Jk7"
ScriptBoundary = "--" & Boundary
Set http = WScript.CreateObject("Microsoft.XMLHTTP")
http.open "POST", URL, false
http.setRequestHeader "Content-Type", "multipart/form-data; boundary=" & Boundary

'send file content within boundary
PostFieldsBody = ScriptBoundary & vbCrLf _
	& "Content-Disposition: form-data; name=""spUsername""" & vbCrLf _
	& vbCrLf _
	& Username & vbCrLf _
	& ScriptBoundary & vbCrLf _
	& "Content-Disposition: form-data; name=""spPassword""" & vbCrLf _
	& vbCrLf _
	& Password & vbCrLf _
	& ScriptBoundary & vbCrLf _
	& "Content-Disposition: form-data; name=""CustomerId""" & vbCrLf _
	& vbCrLf _
	& CustomerID & vbCrLf _
	& ScriptBoundary & vbCrLf _
	& "Content-Disposition: form-data; name=""UAFState""" & vbCrLf  _
	& vbCrLf _
	& UAFState & vbCrLf _
	& ScriptBoundary

PostFileBody = vbCrLf _
	& "Content-Disposition: form-data; name=""f1""; filename=""" & File & """" & vbCrLf _
	& "Content-Type: text/plain" & vbCrLf 
	& vbCrLf _
	& Content & ScriptBoundary & "--" & vbCrLf

http.send PostFieldsBody & PostFileBody

'wait until http received all data
do while http.readyState <> 4 : DoEvents : loop

'clean objects
Set rd = nothing
Set fs = nothing
Set http = nothing

Last updated