Private Label Credit Card Authorization

Overview

A private label credit card (PLCC) is a credit card that is branded for a specific retailer. A PLCC is not processed on normal credit card processing networks. A PLCC usually offers a reward associated with the retailer. Processing PLCC transactions is similar to processing normal credit card transactions, except for the initial request message. Authorization cancels and settlements are the same for PLCCs and normal credit cards.

URI Summary

Action URI Template URI Example Non-URI Request Response
POST /v[M.m]/stores/[StoreId]/
payments/plcc/auth/
[TenderCode].[format]
/v1.0/store/store123/
payments/plcc/auth/GE.xml
XML 200 + XML response

Request Example

The request is a PLCCAuthRequest message.

<PLCCAuthRequest requestId="54321" xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
   <PaymentContext>
      <OrderId>12345</OrderId>
      <PaymentAccountUniqueId isToken="false">6034591400000001</PaymentAccountUniqueId>
   </PaymentContext>
   <Amount currencyCode="USD">100.00</Amount>
   <BillingFirstName>FName</BillingFirstName>
   <BillingLastName>LName</BillingLastName>
   <BillingAddress>
      <Line1>935 First Ave</Line1>
      <City>King of Prussia</City>
      <MainDivision>PA</MainDivision>
      <CountryCode>US</CountryCode>
      <PostalCode>19406</PostalCode>
   </BillingAddress>
   <isRequestToCorrectCVVOrAVSError>false</isRequestToCorrectCVVOrAVSError>
</PLCCAuthRequest>

Request Elements

Element Required Description Type Restriction
PaymentContext Yes Unique identifier of the payment transaction for the order ComplexType
PaymentContext/
OrderId
Yes Unique identifier of the order. The client must ensure uniqueness of OrderIds across all transactions that the client initiates with this service. String Max 20 characters
PaymentContext/
PaymentAccountUniqueId
Yes - Either PaymentAccount UniqueId or EncryptedPayment AccountUniqueId must be present. Either a raw PAN (payment account number such as a credit card number) or a token representing a PAN String Max 22 characters
PaymentContext/
PaymentAccountUniqueId
@isToken
Yes (when PaymentAccount UniqueId is present) Attribute that indicates whether the payment account number is tokenized String true or false
PaymentContext/
EncryptedPayment
AccountUniqueId
Yes - Either PaymentAccount UniqueId or EncryptedPayment AccountUniqueId must be present. Client encrypted PAN. Used for clients who use client side encryption to encrypt credit card numbers in the JavaScript that runs in their browser. For a webstores that is not PCI compliant, this ensures that the webstore never sees raw PANs. String Max 1000 characters
ExpirationDate No Expiration date of the private label credit card. Some PLCCs do not have expiration dates printed on the card. String yyyy-MM (year followed by month)
CardSecurityCode No- Either CardSecurityCode or EncryptedCard SecurityCode may be present. CVV2 code on the back of the private label credit card. Some PLCCs do not have this code. String 3-4 digits
EncryptedCardSecurityCode No - Either CardSecurityCode or EncryptedCard SecurityCode may be present. Encrypted CVV2 code on the back of the private label credit card. Some PLCCs do not have this code. String 1000 digits
Amount Yes Currency amount being authorized on the private label credit card String

Positive decimal, up to two decimal places (for example, 4.75)

Amount/
@currencyCode
Yes Type of currency used for the order String 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/
wiki/ISO_4217.
BillingFirstName Yes First name of the person on the billing address of the private label credit card String Max 64 characters
BillingLastName Yes Last name of the person on the billing address of the private label credit card String Max 64 characters
BillingAddress Yes (for AVS verification) Billing address of the private label credit card ComplexType
BillingAddress/
Line1
Yes

Line# components of the street address and, if necessary, suite and building identifiers for the physical address. Line1 is required.

Line2, Line3, and Line4 are optional. Include them only if the data exists. A blank AddressLine element will fail validation.

String

1 to 70 characters.

BillingAddress/
Line2
No

String

1 to 70 characters.

BillingAddress/
Line3
No

String

1 to 70 characters.

BillingAddress/
Line4
No

String

1 to 70 characters.

BillingAddress/
City
Yes Name of the city String Max 40 characters
BillingAddress/
MainDivision
Yes Two- or three-digit postal abbreviation for the state or province. The ISO 3166-2 code is recommended, but not required. See http://en.wikipedia.org/wiki/ISO_3166-2. String Max 30 characters
BillingAddress/
CountryCode
Yes

Two digit ISO 3166 alpha 2 code country code. See: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.

String 2 characters
BillingAddress/
PostalCode
Depends on country. Yes for US and Canada String of letters and/or numbers that specifies the delivery area more closely than the city component alone (for example, US ZIP code) String 30 characters
StorePlanCode No Store plan code typically used for discounts, special offers, and promotions String
isRequestToCorrectCVVOrAVSError Yes

Setting that indicates this is an authorization re-submission to correct an AVS or CVV error

Even when an AVS or CVV error occurs, the credit card processor authorizes a credit card and reserves the authorized amount from the available credit limit on the credit card. Customers must fix AVS and CVV errors. We do not want to double-authorize the amount already authorized on the customer's card. If this element is set true, the Payment Service decrements the authorized amount for purposes of the AVS/CVV check (for example, in the US authorizes for $0.01).

Boolean true or false
useAlternateMerchantId No Setting that indicates an alternate merchant ID must be used to authorize and settle the payment. For example, Japanese regulations require that an alternate merchant ID be used to purchase gift cards. Boolean true or false

Response Example

The response is a PLCCAuthReply message.

<PLCCAuthReply xmlns="http://api.gsicommerce.com/schema/checkout/1.0">
   <PaymentContext>
      <OrderId>12345</OrderId>
      <PaymentAccountUniqueId isToken="true">6034590x1xY30001</PaymentAccountUniqueId>
   </PaymentContext>
   <ResponseCode>APPROVED</ResponseCode>
   <BankAuthorizationCode>1234</BankAuthorizationCode>
   <CVV2ResponseCode></CVV2ResponseCode>
   <AVSResponseCode>Y</AVSResponseCode>
   <AVSResponseCodeDesc>Street Match, 5 digit ZIP Match</AVSResponseCodeDesc>
   <AuthorizationResponseCode>AP01</AuthorizationResponseCode>
   <AmountAuthorized currencyCode="USD">100.00</AmountAuthorized>
</PLCCAuthReply>

Response Elements

Element Required Description Type Restriction
PaymentContext Yes

Unique identifier of the payment transaction for the order

ComplexType  
PaymentContext/
OrderId
Yes Unique identifier of the order. The client must ensure uniqueness of OrderIds across all transactions that the client initiates with this service. String Max 20 characters
PaymentContext/
PaymentAccountUniqueId
Yes

Token (scrambled version) of the PAN (payment account number such as a credit card number). When passing the PAN for the PaymentAuthCancelRequest and the PaymentSettlementRequest messages, always use the returned token, not the original PAN.

String Max 22 characters
PaymentContext/
PaymentAccountUniqueId/
@isToken
Yes Attribute that indicates whether the PAN is tokenized. In the PLCCAuthReply message, this attribute is always set to true. String true
ResponseCode Yes

Response code of the credit card authorization. Includes approved, timeout, and several decline codes. Only orders with an approved or timeout response code are submitted to the Order Service.

See Authorization Response Codes for a list of codes.

String Max 1000 characters
BankAuthorizationCode Yes

Authorization code returned by the payment processor upon a successful credit card authorization

Any order taken by the Order Service and paid by credit card MUST have this authorization code.

String Max 1000 characters
CVV2ResponseCode Yes

Payment processor response code for the CVV2 (card verification value) check.

For most credit cards, you get an approval on the AuthorizationResponseCode even if the CVV2ResponseCode returns a CVV2 failure. You CANNOT accept an order if the CVV2ResponseCode returns a CVV2 failure code.

See CVV2 Response Codes for a list of codes.

String Max 3 characters
AVSResponseCode Yes

Payment processor response for the Address Verification System (AVS) check.

For most credit cards, you get an approval on the AuthorizationResponseCode even if the AVSResponseCode returns an AVS failure code. It is typically considered a significant fraud risk to accept an order if the AVSResponseCode returns an AVS failure code.

See AVS Response Codes for a list of codes.

String Max 3 characters
AVSResponseCodeDesc No Description of the AVS response code String
AuthorizationResponseCode Yes

Response code of the credit card authorization. Includes approved, timeout, and several decline codes. Only orders with an approved or timeout response code are submitted to the Order Service.

String Max 1000 characters
AmountAuthorized Yes Currency amount authorized on the private label credit card String

Positive decimal, up to two decimal places (for example, 4.75)

AmountAuthorized/
@currencyCode
Yes Type of currency used for the order String 3-character ISO 4217 code (for example, USD, CAD, EUR). See http://en.wikipedia.org/wiki/ISO_4217.