Payments & Fraud

How It Works

Dashboard

This documentation site is retired and will soon be removed. Current information can be found at the new documentation portal here! Please update your bookmarks.

Radial Payments & Fraud Documentation

Card Not Present Authorization Request

The following samples are for credit not present (raw PAN) credit card authorization requests.

Sample URI

/v1.0/stores/store123/payments/creditcard/auth/VC.xml

Sample Request Body

The request is a 3D secure CreditCardAuthRequest message which uses a raw credit card PAN with required elements.

<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0"
                       requestId="1234567890ABCD">
  <PaymentContext>
    <OrderId>OrderId0</OrderId>
    <PaymentAccountUniqueId isToken="false">4387751111111111</PaymentAccountUniqueId>
  </PaymentContext>
  <ExpirationDate>2030-03</ExpirationDate>
  <CardSecurityCode>737</CardSecurityCode>
  <Amount currencyCode="USD">50.00</Amount>
  <BillingFirstName>John</BillingFirstName>
  <BillingLastName>Smith</BillingLastName>
  <BillingPhoneNo>6101234567</BillingPhoneNo>
  <BillingAddress>
    <Line1>No1, Infinite Loop Cupertino</Line1>
    <City>California</City>
    <MainDivisionCode>CA</MainDivisionCode>
    <CountryCode>US</CountryCode>
    <PostalCode>95014</PostalCode>
  </BillingAddress>
  <CustomerEmail>customer@sample.com</CustomerEmail>
  <CustomerIPAddress>208.247.73.130</CustomerIPAddress>
  <ShipToFirstName>John</ShipToFirstName>
  <ShipToLastName>Smith</ShipToLastName>
  <ShippingAddress>
    <Line1>No1, Infinite Loop Cupertino</Line1>
    <City>California</City>
    <MainDivisionCode>CA</MainDivisionCode>
    <CountryCode>US</CountryCode>
    <PostalCode>95014</PostalCode>
  </ShippingAddress>
    <!-- only set below to true if you got an auth + CVV/AVS error and are looking to
         get a clean CVV/AVS before taking the order -->
  <isRequestToCorrectCVVOrAVSError>false</isRequestToCorrectCVVOrAVSError>
  <SchemaVersion>1.2</SchemaVersion>
  <PaymentId>b33j9ynrb400</PaymentId>
  <AuthenticationResult>fingerprint</AuthenticationResult>
</CreditCardAuthRequest>

The request is a CreditCardAuthRequest message which uses a raw credit card PAN with optional elements.

<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0"
                       requestId="1234567890ABCD">
  <PaymentContext>
    <OrderId>OrderId0</OrderId>
    <PaymentAccountUniqueId isToken="false">4387751111111111</PaymentAccountUniqueId>
  </PaymentContext>
  <ExpirationDate>2030-03</ExpirationDate>
  <CardSecurityCode>737</CardSecurityCode>
  <Amount currencyCode="USD">50.00</Amount>
  <BillingFirstName>John</BillingFirstName>
  <BillingLastName>Smith</BillingLastName>
  <BillingPhoneNo>6101234567</BillingPhoneNo>
  <BillingAddress>
    <Line1>No1, Infinite Loop Cupertino</Line1>
    <Line2>Building 123</Line2>
    <Line3>4th Floor</Line3>
    <Line4>Apt 12</Line4>
    <City>California</City>
    <MainDivision>CA</MainDivision>
    <MainDivisionCode>CA</MainDivisionCode>
    <CountryCode>US</CountryCode>
    <PostalCode>95014</PostalCode>
  </BillingAddress>
  <CustomerEmail>customer@sample.com</CustomerEmail>
  <CustomerId>customer@sample.com</CustomerId>
  <CustomerIPAddress>208.247.73.130</CustomerIPAddress>
  <ShipToFirstName>John</ShipToFirstName>
  <ShipToLastName>Smith</ShipToLastName>
  <ShipToPhoneNo>6101234567</ShipToPhoneNo>
  <ShippingAddress>
    <Line1>No1, Infinite Loop Cupertino</Line1>
    <Line2>Building 123</Line2>
    <Line3>4th Floor</Line3>
    <Line4>Apt 12</Line4>
    <City>California</City>
    <MainDivision>CA</MainDivision>
    <MainDivisionCode>CA</MainDivisionCode>
    <CountryCode>US</CountryCode>
    <PostalCode>95014</PostalCode>
  </ShippingAddress>
    <!-- Optional Merchant details that can be sent in the request to reflect in the customer's
            bank statement. To enable this feature for your store, please contact Radial's Payment
            Support group as it needs internal and external configurations to be done.-->
  <MerchantDetails>
    <Description>Sample Online store</Description>
    <Address>
        <Line1>1 Foo Bar Street</Line1>
        <Line2>Line 2</Line2>
        <Line3>Line 3</Line3>
        <Line4>Line 4</Line4>
        <BuildingName>Building 2</BuildingName>
        <PoBox>43068</PoBox>
        <City>Reynoldsburg</City>
        <MainDivision>OHIO</MainDivision>
        <MainDivisionCode>OH</MainDivisionCode>
        <CountryName>United States</CountryName>
        <CountryCode>US</CountryCode>
        <PostalCode>43068</PostalCode>
    </Address>
    <PhoneNumber>8667565005</PhoneNumber>
    <Url>https://samplestore.com/customerservice</Url>
    <EmailAddress>help@samplestore.com</EmailAddress>
  </MerchantDetails>
    <!-- only set below to true if you got an auth + CVV/AVS error and are looking to
         get a clean CVV/AVS before taking the order -->
  <isRequestToCorrectCVVOrAVSError>false</isRequestToCorrectCVVOrAVSError>
    <!-- section below is to capture Verified By Visa/Mastercard SecureCode data -->
  <SecureVerificationData>
  <AuthenticationAvailable>Y</AuthenticationAvailable>
  <AuthenticationStatus>A</AuthenticationStatus>
  <CavvUcaf>gsdsXXggggg</CavvUcaf>
  <TransactionId>AAAxxx6667dsfsdfd</TransactionId>
  <ECI>05</ECI>
  <PayerAuthenticationResponse>eJydVNtu4jAQ/RVE37oCJ+HSggZLKbQSqrpLuSy8mmSSWAsOjR2g+/
    U7DhAi1IfdnYdkfDznzLHjGOZJhjiaYZBnyOENtRYx1mQ4qIt1ELpeq13nMPGnqG/BPWZapoq7TafpAbsMSSMLE
    qEMBxF8PI2/804RwM5D2GI2HvFeNYCdQGBX9iS3mSZXRxnSTPEMhUHuOa7rdD2n5j70272+R/QCh52l+Ns0J/5j
    u2ubViGgRWaogk+adICVI8DjLlVIFbSOMgd2dbATijtF3BdhM9ImFOYrDkZuq64eratWF1iBgzbC5Jr7wM4ZBGK
    /58mvxSx6eniXs9l66Ps/li/fPvzVs08xIHO2BDCQ3HHJFL0Llr+J00yaZMtbp5orAMxaYcW34jCTsaJmGdaO24
    3Sg3pizK7P2OFwaB5azTSLmUeLYE6PUUGoZXxXP7EwHKso/SfaUKhUyUBs5G9h6BC8oUnSsFZ6+0pmPrVKLps+D
    xsk1QjctmpYxGm5HdJkX4tWVvY3XW7NZlo0dCJc2+BGiMMUI7QnAmuL6XhQvyu2UvXyaCmj9dqPwsXoJTq8TpbE
    HskYtfkfC5f2VYWL3k+xybGcu4xKX2fTpy9U2YlL4S3wip+nylXH6Y2EEVRTScvpK7H4A4s7wJ6n6t3wB1RLYIQ
    =</PayerAuthenticationResponse>
  </SecureVerificationData>
  <Recurrence>Initial</Recurrence>
  <RecurrenceId>1234567890123456</RecurrenceId>
  <SchemaVersion>1.2</SchemaVersion>
  <DeviceInformation>
     <DeviceFingerprint>e6b9acc2-d6db-4c61-8fdf-96fa55488853_1574205236741</DeviceFingerprint>
  </DeviceInformation>
</CreditCardAuthRequest>

The request is a CreditCardAuthRequest message which uses a raw credit card PAN with required elements. The optional elements omitted from the above payload are SecureVerificationData, DeviceInformation and MerchantDetails

<?xml version="1.0" encoding="UTF-8"?>
<CreditCardAuthRequest xmlns="http://api.gsicommerce.com/schema/checkout/1.0"
                       requestId="1234567890ABCD">
  <PaymentContext>
    <OrderId>OrderId0</OrderId>
    <PaymentAccountUniqueId isToken="false">4387751111111111</PaymentAccountUniqueId>
  </PaymentContext>
  <ExpirationDate>2030-03</ExpirationDate>
  <CardSecurityCode>737</CardSecurityCode>
  <Amount currencyCode="USD">50.00</Amount>
  <BillingFirstName>John</BillingFirstName>
  <BillingLastName>Smith</BillingLastName>
  <BillingPhoneNo>6101234567</BillingPhoneNo>
  <BillingAddress>
    <Line1>No1, Infinite Loop Cupertino</Line1>
    <City>California</City>
    <MainDivisionCode>CA</MainDivisionCode>
    <CountryCode>US</CountryCode>
    <PostalCode>95014</PostalCode>
  </BillingAddress>
  <CustomerEmail>customer@sample.com</CustomerEmail>
  <CustomerIPAddress>208.247.73.130</CustomerIPAddress>
  <ShipToFirstName>John</ShipToFirstName>
  <ShipToLastName>Smith</ShipToLastName>
  <ShippingAddress>
    <Line1>No1, Infinite Loop Cupertino</Line1>
    <City>California</City>
    <MainDivisionCode>CA</MainDivisionCode>
    <CountryCode>US</CountryCode>
    <PostalCode>95014</PostalCode>
  </ShippingAddress>
    <!-- only set below to true if you got an auth + CVV/AVS error and are looking to
         get a clean CVV/AVS before taking the order -->
  <isRequestToCorrectCVVOrAVSError>false</isRequestToCorrectCVVOrAVSError>
  <SchemaVersion>1.2</SchemaVersion>
</CreditCardAuthRequest>

Request Elements

Element	Required	Description	Type	Restriction
PaymentContext	Yes	Unique identifier of the payment transaction for the order	ComplexType
PaymentContext/ OrderId	Yes	Unique identifier of the order. The client must ensure uniqueness of OrderIds across different orders that the client initiates with this service.	String	Max 20 characters
PaymentContext/ PaymentAccountUniqueId	Yes - Either PaymentAccountUniqueId or EncryptedPayment AccountUniqueId must be present.	Either a raw PAN (payment account number such as a credit card number) or a token representing a PAN	String	Max 22 characters
PaymentContext/ PaymentAccountUniqueId @isToken	Yes (when PaymentAccountUniqueId is present)	Attribute that indicates whether the payment account number is tokenized	String	true or false
PaymentContext/ EncryptedPaymentAccount UniqueId	Yes - Either PaymentAccountUniqueId or EncryptedPayment AccountUniqueId must be present.	Client-encrypted PAN. Used for clients who use client-side encryption to encrypt credit card numbers in the JavaScript that runs in their browser. For a webstore that is not PCI compliant, this ensures that the webstore never sees raw PANs.	String	Max 1000 characters
ExpirationDate	Yes	Expiration date of the credit card	String	yyyy-MM (year followed by month)
CardSecurityCode	No	CVV2 code on the back of the credit card	String	3 or 4 digits
EncryptedCardSecurityCode	No	Client side encrypted CVV2 code on the back of the credit card	String	1000 digits
Amount	Yes	Currency amount being authorized on the credit card	Decimal	Positive decimal, up to two decimal places (for example, 4.75)
Amount/ @currencyCode	Yes	Type of currency used for the order	String	3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/ wiki/ISO_4217.
BillingFirstName	Yes	First name of the person on the billing address of the credit card	String	Max 64 characters
BillingLastName	Yes	Last name of the person on the billing address of the credit card	String	Max 64 characters
BillingPhoneNo	Yes	Phone number of the person on the billing address of the credit card	String	Max 15 characters
BillingAddress	Yes (for AVS verification)	Billing address of the credit card	ComplexType
BillingAddress/ Line1	Yes	Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation.	String	1 to 70 characters.
BillingAddress/ Line2	No		String	1 to 70 characters.
BillingAddress/ Line3	No		String	1 to 70 characters.
BillingAddress/ Line4	No		String	1 to 70 characters.
BillingAddress/ BuildingName	No	Building name if any	String
BillingAddress/ PoBox	No	Post Office Box. Do not pass the string "PO Box" as part of the request. For example, 765	String
BillingAddress/ City	Yes	Name of the city.	String	Max 40 characters
BillingAddress/ MainDivision	No	Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2.	String	Max 30 characters
BillingAddress/ CountryCode	Yes	Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.	String	2 characters
BillingAddress/ PostalCode	Depends on country. Yes for US and Canada	String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, US ZIP code).	String	Max 30 characters
CustomerEmail	Yes	Email address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors.	String	Max 70 characters
CustomerId	No	A unique identifier for a customer such as a username or email address.	String	Min 1 character Max 128 characters
CustomerIPAddress	Yes	IP address of the customer who is making the purchase. Used for realtime fraud checking by our API and payment processors.	IPv4Address	Valid dotted quad IPv4 Address
ShipToFirstName	Yes	First name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors.	String	64 characters.
ShipToLastName	Yes	Last name of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors.	String	Max 64 characters.
ShipToPhoneNo	No	Phone number of the person on the first/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors.	String	Max 15 characters.
ShippingAddress	Yes	First/primary shipping address of the order. Used for realtime fraud checking by our API and payment processors. For orders that do not have a shipping address, pass the billing address as the shipping address.	ComplexType
ShippingAddress/ Line1	Yes	Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation.	String	1 to 70 characters.
ShippingAddress/ Line2	No		String	1 to 70 characters.
ShippingAddress/ Line3	No		String	1 to 70 characters.
ShippingAddress/ Line4	No		String	1 to 70 characters.
ShippingAddress/ BuildingName	No	Building name, if any.	String
ShippingAddress/ PoBox	No	Post Office Box. Do not pass the string "PO Box" as part of the request. For example, 765	String
ShippingAddress/ City	Yes	Name of the city.	String	Max 40 characters
ShippingAddress/ MainDivision	No	Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2.	String	Max 30 characters
ShippingAddress/ CountryCode	Yes	Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.	String	2 characters
ShippingAddress/ PostalCode	Varies based on country. Yes for US/Canada	String of letters and/or numbers that specifies the delivery area more closely than the city alone (for example, U.S. ZIP code).	String	Max 30 characters
MerchantDetails	No	Optional Merchant details that can be sent in the request to reflect in the customer's bank statement. To enable this feature for your store, please contact Radial's Payment Support group as it needs internal and external configurations to be done.	ComplexType
MerchantDetails/ Description	Yes	Merchants to send the description that is to be displayed on the shoppers bank statement. The length may be trimmed according to the supporting processor's requirements.	AlphaNumeric	Min 1 char Max 130 characters
MerchantDetails/ Address	Yes	Merchant Address Information	ComplexType
MerchantDetails/ Address/ Line1	Yes	Line# components of the shipping street address and, if necessary, suite and building identifiers for the physical address. Line1 is required. Other Line# components are optional.	String	Min 1 char Max 130 characters
MerchantDetails/ Address/ Line2	No		String	Min 1 char Max 130 characters
MerchantDetails/ Address/ Line3	No		String	Min 1 char Max 130 characters
MerchantDetails/ Address/ Line4	No		String	Min 1 char Max 130 characters
MerchantDetails/ Address/ BuildingName	No		String	Min 1 char Max 130 characters
MerchantDetails/ Address/ PoBox	No		String	Min 1 char Max 20 characters
MerchantDetails/ Address/ City	Yes	Name of the city	String	Min 1 char Max 95 characters
MerchantDetails/ Address/ MainDivision	No	This is the full displayable State/Province name	String	Min 1 char Max 55 characters
MerchantDetails/ Address/ MainDivisionCode	No	Typically a two- or three-digit postal abbreviation for the state or province. Mainly used in Canada and the US. This does not necessarily conform to the ISO 3166-2 code.	String	Min 1 char Max 5 characters
MerchantDetails/ Address/ CountryName	No	Country Name	String	Min 1 char
MerchantDetails/ Address/ CountryCode	Yes	Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.	String	2 characters
MerchantDetails/ Address/ PostalCode	No	A value that specifies the delivery area more closely than the city alone (for example, U.S. ZIP code)	String	Min 3 characters Max 15 characters
MerchantDetails/ PhoneNumber	Yes	Phone number excluding the country code. No special characters are allowed	Numeric	Min 6 characters Max 16 characters
MerchantDetails/ Url	Yes	Merchant's website Url	String	Min 1 char Max 255 characters
MerchantDetails/ EmailAddress	Yes	Merchant's Email Address	String	Min 6 characters Max 130 characters <text>@<text>.<text>
POSMethod	No	An identifier for the type of Point Of Sale method used. This is used to mark transaction as being of a specific method. (ie: ApplePay, Virtual Wallet, Samsung Pay, Bitcoin). Values: Virtual Wallet - Indicates the credit card from a virtual wallet is previously validated with CVV not requested (for fraud check use) Afterpay - Indicates that the request is an Afterpay authorization AmexCheckout - Indicates that the request originated from an Amex Checkout ApplePay - Indicates that the request is an ApplePay authorization GooglePay - Indicates that the request is an Google Pay authorization VisaCheckout - Indicates that the request originated from a Visa Checkout	Enum	Can be any of these values: Affirm Afterpay AmexCheckout ApplePay GooglePay Hosted Klarna Mobile VirtualWallet VisaCheckout
isRequestToCorrect CVVOrAVSError	Yes	Setting that indicates this is an authorization re-submission to correct an AVS or CVV error. Even when an AVS or CVV error occurs, the credit card processor authorizes a credit card and reserves the authorized amount from the available credit limit on the credit card. Customers must fix AVS and CVV errors. We do not want to double-authorize the amount already authorized on the customer's card. If this element is set true, the Payment Service decrements the authorized amount for purposes of the AVS/CVV check (for example, in the US authorizes for $0.01).	Boolean	true or false
SecureVerificationData	No	3D Secure and Verified by Visa verification data. 3D Secure is an XML-based protocol that provides additional security for online credit and debit card transactions.	ComplexType	true or false
SecurityVerificationData/ Version	No (required as part of SecureVerificationData)	If omitted, implicit version 1.0.0, all other version must be explicitly included. Value should be in the format MAJOR.MINOR.PATCH, for example, 2.1.0	String	5 characters, 3 part dotted version notation.
SecurityVerificationData/ AuthenticationAvailable	Yes (required as part of SecureVerificationData)	Code used for Verified by Visa eCommerce transactions only. For all other transactions, enter spaces. Verify enrollment response from the VERes message, returned to the POE from the Access Control Server (ACS) as a result of a Verify Enrollment Request. Y - Card eligible for authentication processing. N - Authentication attempted. Card eligible for attempts liability, but attempts proof is not available from issuer. U - Unable to process, or card not eligible for attempts liability.	String	1 character
SecurityVerificationData/ AuthenticationStatus	Yes (required as part of SecureVerificationData)	Transactions status code used for Verified by Visa and MasterCard SecureCode transactions only. For all other transactions, enter spaces only. The code is returned in the PARes message from the ACS server in the Transaction Status field. Y - Authentication approved. A - Authentication attempted. U - Unable to authenticate due to technical problems or excluded card type. N - Authentication failed.	String	1 character
SecurityVerificationData/ CavvUcaf	Yes (required as part of SecureVerificationData)	Data used for Verified by Visa and MasterCard SecureCode eCommerce transactions only. Data is returned in the authentication request. For Visa, this field contains the CAVV value in upacked, displayable format (0-9, A-F). For MasterCard, this field contains the UCAF data in upacked, displayable, base-64 format (A-Z, a-z, 0-9, +, /, -). Left justified, space-filled right.	String	Max 64 characters
SecurityVerificationData/ TransactionId	Yes (required as part of SecureVerificationData)	ID used for Verified by Visa eCommerce transactions only. Contains XID data returned from the authentication request in upacked, displayable format (0-9, A-F). Left justified, space-filled right.	String	Max 64 characters
SecurityVerificationData/ DirectoryServerTransactionId	No	Directory server transaction ID. Required for master card 3DS 2.0 authentication.	String	UUID in the format specified by RFC 4122
SecurityVerificationData/ ECI	Optional (Visa transactions only)	ECI value received from Visa	String	1 character
SecurityVerificationData/ PayerAuthenticationResponse	Yes (required as part of SecureVerificationData)	Result of the cardholder authentication performed by the card issuer Access Control Server(ACS)	String	Max 10000 characters
Recurrence	No	To indicate the sequence of a payment in recurring payments. Values: Initial - The first instance in the recurrence Subsequent - A subsequent instance in the recurrence Once - Recurring once only, useful for reattempt	Enum	Initial Subsequent Once
RecurrenceId	No Note : This field is mandatory for recurring subscription transactions.	A unique identifier for recurring payments.	String	Min 16 characters Max 64 characters
SchemaVersion	Yes	Although marked as optional in the the schema, this element needs to be passed at all times with a value of 1.2 in order to receive elements like 'ResponseCode' and 'TenderType' in the Response message.	String	pattern = "([0-9]+\.)*[0-9]+". Value Example: 1.1, 1.2
DeviceInformation	No	This object contains the details used by the device for authorization.	ComplexType
DeviceInformation/DeviceFingerprint	No	Radial Device Fingerprint (RDF) is a Javascript application that captures information about a customer's device. This device information is used to create a virtual profile, which can then be compared against subsequent orders to help mitigate fraud. Radial Device Fingerprint is used to identify new customers and customers returning to a site using the same devices. Along with other Radial proprietary software solutions, Radial Device Fingerprint helps detect good and fraudulent orders. See: https://docs.radial.com/ptf/Content/Topics/risk/device-fingerprint.htm	String	Min 36 characters Max 64 characters Only Alphanumeric(a to z, A to Z & 0 to 9) and special characters(hyphen[-] & underscore[_]) is allowed.
requestId	Yes	RequestId is used to uniquely identify a request, including as part of idempotent duplicate request processing. The value must be unique. It is recommended to use a variant 4 UUID for the request id. The same request id should only be reused if a read timeout occurs when attempting to receive a response from the payment service, or the payment service responds with a fault response. In all other cases a new request id must be sent for retried requests, including responses such as Fail, Timeout or PaymentProcessorTimeout.	String	Up to 40 Characters.

Return to top

What are you waiting for?