Batch Processing
Interface specification
This document describes the Saferpay Batch Processing, a service allowing the processing of credit card and German electronic direct debit (ELV) payments via a batch file.
Relevant parameters are highlighted in monospace
in this guide.
Prerequisites
The following conditions must be fulfilled to use the batch processing:
A corresponding license and with that an existing Saferpay account with login and password
At least one active Saferpay terminal via which payments can be processed. The corresponding
TERMINALID
respectively theACCOUNTID
must be available.The format of the data set and the name of the input file must correspond to the format described in this guide
Security and PCI DSS
Although the Saferpay system meets the PCI DSS (Payment Card Industry Data Security Standard) requirements and is inspected regularly to verify compliance, you are encouraged to apply the following rules when using Saferpay Batch Processing.
When using Saferpay Batch Processing, credit card data is entered in the input file and uploaded from your system to Saferpay. You should ensure that you comply with the security requirements of your card-accepting bank (acquirer) concerning the handling of credit card data.
We recommend you use the Saferpay Secure Card Data Service in combination with Saferpay Batch Processing in order to significantly reduce the expense for the PCI DSS review of the merchant system. This service allows you to process transmit and store the credit card data directly in the secure Saferpay computer centre and no longer on the merchant system. For more information, please contact the Saferpay technical support team or customer service department.
Processing of the card verification number (also called CVC2, CVV2, CID or 4DBC) is optional. Please note, that according to PCI DSS regulation, the card verification number is part of the confidential card data that may only be stored temporarily.
Due to PCI DSS regulation the processing of magnetic stripe data is no longer possible via Batch Processing.
If you have any questions regarding PCI DSS, please contact your acquirer or a qualified security provider (see https://www.pcisecuritystandards.org).
Other information
Please note the following points:
Uploaded files are processed within one day (24 hours) for the card companies.
The Saferpay Batch Processing is designed for not time critical payments and not for online authorizations in real time or seconds.
For time critical authorizations we recommend the use of the Saferpay Client API.
In order to ensure a smooth processing we recommend to process not more than 500 transactions per file.
Since acquires reject non-authorized transactions all transactions are authorized in a first step before being transmitted for further processing.
Please note that the Batch Processing will also trigger the Batch Close for all transactions, once the batch is finished.
Supported payment means
The Saferpay Batch Processing currently allows the processing of transactions for the following payment means:
Visa/VPay
Mastercard/Maestro
American Express
Diners Club/Discover
JCB
direct debit (ELV - only for German bank accounts)
The following abbreviations for format information are used in this document:
Conventions
Format details
File names
The name of the file to be processed starts with the Saferpay Customer ID followed by a dash and the unique file identifier and ends with the file extension ".IN
".
Syntax: CustomerID-FileID.IN
Example:
423456-subscriptions2021.IN
Customer ID
The Saferpay Customer ID currently consists of 4 to 7 digits. This could change in the future.
File identifier (FileID)
The File identifier has to be unique and is defined as follows:
length: variable 1 to 40 characters
permitted characters: 0-9, A-Z, a-z, - (dash), _ (underscore)
no distinction is made between uppercase and lowercase
Examples (FileID in italics):
12001-1.IN
12001-002.IN
12001-abcd5523.IN
12001-CA4DD53A-C1BB-4378-A7EB-4AB7AA6729D9.IN
Input file format
The information required for uploading is saved in a text file. The following rules are to be respected in this context:
Parameters are separated by a comma (ASCII 0x44)
each line must terminate with a line separator CR or CRLF Incorrectly formatted lines are rejected with the error code ICCTERR in the output file. It is the responsibility of the sender to correct the format and resubmit the file.
File transfer
The files are transferred between the sender and the Saferpay system via a secure SSL connection (https) from the Saferpay Backoffice. An email address can be stored to get a message when the file processing is finished.
Input file
Parameters and descriptions
If not marked as optional all parameters are mandatory.
Parameter details
TERMINALID
The Saferpay TERMINALID represents a Saferpay terminal. You will find the Saferpay TERMINALID in the Saferpay Backoffice under "Administration > Accounts".
A Saferpay ACCOUNTID consists of the customer ID, dash (-) and TERMINALID; e.g. 99867-94913159, where 99867 is the customer ID and 94913159 the TERMINALID.
ORDERID
The order ID serves to identify payments in order to enable the merchant to assign the transactions to the correct orders at a later time. The ORDERID is forwarded to the card processor (merchant bank) and is generally listed in the merchants settlement note.
Only numbers (ASCII 0x30...0x39), uppercase letters (0x41...0x5A), lowercase letters (0x61...0x7A) and “-“ and “_” (0x2D and 0x5F) are accepted. Correct processing cannot be guaranteed if other characters are transmitted.
The maximum number of digits varies from processor to processor. In most cases 12 digits has proven to be a good value.
PAN
This field is used for card payment and contains the manually entered card number. The card expiry date is to be transmitted with the fields EXPMONTH and EXPYEAR.
If a card alias (CARDREFID) is to be processed, the text “CARDREFID:” (complete with colon) must precede the alias.
DOCREDIT
Specifies whether the customer is to be debited (= 0 for booking) or credited (= 1 for refund). Refunds are only possible for credit card transactions.
TIMEDATE
This field contains the time of booking in the format YYYYMMDDhhmmss (14 digits), where
Alternatively the format YYYYMMDDhhmm with 12 digits is also valid and can be used. Internally the Batch Processing then sets the seconds as ss = 00.
CVC
According to the rules of the credit card organizations, the card security number (CVC, CVV2, CID, 4DBC) is to be kept strictly confidential. You are advised to always respect this concerning security requirements. For more information please contact your acquirer.
RECURRING
With these fields transactions can be tagged with value “R” as recurring payments. The consecutive payment additionally references to the transaction identifier (ID) of the initial payment by using parameter REFID. The fields PAN, EXPMONTH, EXPYEAR and CVC are not required. Submitting a PAN, IBAN, ACCOUNT NUMBER, or ALIAS will result in a validation error. The card data from the referenced transaction is used for the transaction. The referenced transaction must exist and be flagged as 'recurring initial'. The recurring authorization will then be flagged PSD2 compliant as CoF recurring (with TransactionStamp / SettlementDate of the originating transaction).
With the Saferpay release of March 2022, Recurring ('R') is only supported in conjunction with a REFID. Without REFID, a 'normal' authorization will be performed instead, which will not be marked as recurring.
MANDATEID
This field contains the SEPA mandate reference of a German direct debit (ELV) payment.
IBAN
This field contains the International Bank Account Number for direct debit payments using a German bank account.
Examples
Explanations
Line 1: Authorization and booking. Line 2: Authorization, booking, card data with card security number. Line 3: Incorrect, the amount must be entered without a decimal point. Line 4: Credit (refund to cardholder). Line 5: MasterCard SecureCode payment with ECI=1, CAVV and XID. Line 6: Incorrect, card already expired. Line 7: Booking, card reference number (CARDREFID) is used. Line 8: Booking, payment by direct debit.
Identifying duplicate entries
The Batch Processing checks the transactions for duplicate entries. If an input transaction has the same values for TERMINALID, ORDERID, PAN, EXPMONTH, EXPYEAR, AMOUNT, CURRENCY, DOCREDIT and TIMEDATE as an already processed transaction, it is identified as a duplicate and returned with the following error text: "Double Transaction - Transaction in LineNumber x has already been processed."
To ensure that transactions are distinct at least within one field, TIMEDATE may optionally be stated down to the second (14 digits, the year always has four digits). If no seconds are stated, File Import sets the seconds to 00. TIMEDATE is only used internally by the batch import. It is recommended to assure the distinctness of transactions via the use of a unique timestamp for each transaction.
Output file
For each file uploaded the sender receives an output file with the same file name as the input file but suffixed with the file ID ".OUT".
Every data record is checked for format correctness. If the format check succeeds the record is processed and the .out file entry will contain RECORDTYPE "ICCT101". If the check fails the corresponding entry will contain RECORDTYPE "ICCTERR".
Processed record set
For each processed record set of the input file (ICCT100) the output file contains a corresponding response record set (ICCT101) with result and transaction identifier.
Incorrect entry in the output file
If a data record in the input file fails the format verification check, the output file contains an ICCTERR message in the corresponding line of the output file.
Examples
List of RESULT values
Sample output file
Explanation
Line 1: Authorization and booking, successfully processed and stored. Line 2: Authorization and booking, successfully processed and stored. Line 3: Transaction rejected by Batch Processing, with error code. Line 4: Refund (credit), successfully processed. Line 5: Transaction with reference number, successfully processed. Line 6: Transaction rejected by Batch Processing, with error code. Line 7: Authorization and booking with use of CARDREFID, successful. Line 8: Request rejected, reply code 67 (no contract available).
Output file if Batch Processing is processed automatically
If Batch Processing is processed automatically via upload or download an additional result line appears at the end of the output file. In case of successful processing the result line looks like this: ResultCode: 200 OK
If the access is not granted because of an invalid user name the message ResultCode = 401 Unauthorized
is returned:
Automation
File Import can be automated via the Saferpay website. Uploading and downloading are SSL encrypted with https.
For the automated use of the Saferpay Batch Processing a login and password are required.
According to the PCI DSS security regulations the upload and download files must be transmitted by POST. The GET method is not permitted.
Upload
The file to be uploaded must be sent to the following Saferpay URL:
The login data is transferred within hidden fields using the parameters spUsername, spPassword and UAFState and CustomerID.
Download
Output files can be downloaded from the following Saferpay URL:
The login data is transferred within hidden fields using the parameters spUsername, spPassword and UAFState and CustomerID. The filename is transmitted with the parameter Sequence.
Code examples
HTML form
Visual Basic Script
Last updated