Once Moneris (Canada) e-Select Plus Payment Gateway is enabled in your eCommerce system:
- Confirm with your development lead member that set up is complete so we can begin testing.
- We always start with testing in the sandbox environment.
- It is important to confirm whether you are using the sandbox testing environment, or live.
- If sandbox, no real money will exchange hands, but the system will respond as though the transaction were real.
- Once testing in the sandbox is complete let both your iTMG lead developer and Moneris know that you are ready to go live.
How Do I Test My Solution?
You can easily place test transactions while you setup your store by changing the Mode setting of the payment gateway to "Test Mode (Sandbox)". Doing so will force the gateway to use the testing environment instead of the production one.
A testing environment is available for you to connect to while you are setting up your store. The test environment is provided by Moneris and eCommerce has absolutely no control over it. The test environment is generally available 7x24, however since it is a test environment, 100% availability can't be guaranteed. Also, please be aware that other merchants are using the test environment so you may see transactions and user IDs that you did not create. As a courtesy to others that are testing we ask that when you are processing Refunds, changing passwords and/or trying other functions that you use only the transactions/users that you created.
When using the APIs in the test environment you will need to use test store_id ("Store ID") and api_token ("API Token"). These are different than your production IDs. The IDs that you can use in the test environment are in the table below.
| Test IDs | |||
|---|---|---|---|
| store_id | api_token | Username | Password |
| store1 | yesguy | DemoUser | password |
| store2 | yesguy | DemoUser | password |
| store3 | yesguy | DemoUser | password |
| store5* | yesguy | DemoUser | password |
| moneris** | hurgle | DemoUser | password |
* store5 is for testing eFraud is strongly recommended (AVS [supported] & CVD [supported and enforced])
** moneris is for testing VBV/MCSC (supported)
When testing you may use the following test card numbers with any future expiry date.
| Test Card Numbers | |
|---|---|
| Card Plan | Card Number |
| MasterCard | 5454545454545454 |
| Visa | 4242424242424242 |
| Amex | 373599005095005 |
| Diners | 36462462742008 |
| Test Card Numbers for Card Verification | |
|---|---|
| Card Plan | Card Number |
| Visa | 4761739012345678 |
| Visa | 4761739012345686 |
| Visa | 4761739012345694 |
| Visa | 4761739012345603 |
| Visa | 4761739012345611 |
| Visa | 4761739012345629 |
| Visa | 4761739012345637 |
| Visa | 4761739012345645 |
* Please note that some of the numbers above may not work because they will fail additional credit card number security checks imposed
To access the Merchant Resource Centre in the test environment go to https://esqa.moneris.com/mpg. And use the logins provided in the previous table.
The test environment has been designed to replicate the Moneris production environment as closely as possible. One major difference is that Moneris is unable to send test transactions onto the production authorization network and thus Issuer responses are simulated. Additionally, the requirement to emulate approval, decline and error situations dictates that certain transaction variables are used to initiate various response and error situations.
The test environment will approve and decline transactions based on the penny value of the amount field. For example, a transaction made for the amount of $399.00 or $1.00 will approve since the .00 penny value is set to approve in the test environment. Likewise, a transaction made for the amount of $5.35 or $13.35 will get declined since the .35 penny value is set to decline in the test environment. Transactions in the test environment should not exceed $1000.00. This limit does not exist in the production environment. For a list of all current test environment responses for various penny values, please see the Test Environment Penny Response table as well as the Test Environment eFraud Response table, available for download at http://www.eselectplus.ca/en/downloadable-content.
How Do I Activate My Solution?
Once you have received your activation letter/fax from Moneris, go to https://www3.moneris.com/connect/en/activate/index.php as instructed in the letter/fax. You will need to input your store ID and merchant ID then click on ‘Activate’. In this process you will need to create an administrator account that you will use to log into the Merchant Resource Centre to access and administer your eSELECTplus store. You will need to use the Store ID and API Token inside eCommerce to send transactions to the production payment server.
Transaction Types
Two transaction types are available for Moneris:
- Authorize & Capture - Known in Moneris as "Purchase" or "Sale." This transaction verifies funds on the customer’s card, removes the funds and readies them for deposit into the merchant’s account
- Authorize - Known in Moneris as "PreAuth," "Authorisation," and "Preauthorisation." This transaction verifies and locks funds on the customer’s credit card. The funds are locked for a specified amount of time, based on the card issuer. To retrieve the funds from a PreAuth so that they may be settled in the merchant’s account a Capture must be performed. A PreAuth may only be Captured once (that is the amount of total captured funds may not exceed the entire preauthorized amount; you can elect to fully capture a $10 preauth by issuing a $6 capture followed by a $4 capture). If you use this transaction type, you'll be able to capture funds at a later date directly from the eCommerce admin by editing the order, specifying the capture amount and clicking the "Capture" button.
Verified by Visa (VBV)/MasterCard SecureCode (MCSC)
Keep in mind that in order to use this feature, VBV must be added to your Moneris account. Please call the Moneris eSELECTplus Service Centre at 1 866 319 7450 to have your profile updated.
This feature is enabled in eCommerce by enabling the "Use VbV/MCSC" checkbox in the Moneris settings section.
Verified by Visa (VbV) is a program initiated by Visa. Before approving a transaction eSELECTplus and the Bank that issues the Visa credit cards will attempt to authenticate the cardholder through the use of a password, similar to a debit PIN. When an authentication is attempted the merchant is protected from chargebacks.
MasterCard SecureCode (MCSC) is a new feature offered by MasterCard. Merchants who have enrolled in this program with Moneris and eSELECTplus will be able to offer their customers added protection against unauthorized credit card use, as well as protect themselves from fraud-related chargebacks. Cardholders that have applied for SecureCode with their issuing bank will be able to use this password similar to a debit PIN number for online transactions with participating online merchants.
If you elect to use this feature, consult the section below to learn the different transaction flows your customer may encounter.
- Customer submits order > request is sent to Moneris to verify if the card is enrolled > Moneris sends back an error indicating there's a problem with the service or the credentials you specified in the eCommerce admin > customer is sent to the order error page displaying the error sent back from Moneris
- Customer submits order > request is sent to Moneris to verify if the card is enrolled > Moneris returns a valid VERes response message "N" > the purchase or preauth is sent as a crypt type 6 – attempted authentication > regular checkout flow resumes (customer is sent to order complete or order error page based on whether the funds could be secured from his card)
- Customer submits order > request is sent to Moneris to verify if the card is enrolled > Moneris returns a valid VERes response message "U" > the purchase or preauth is sent as a crypt type 7; however, the merchant would be liable for chargebacks (“U” is returned for non-participating cards, such as corporate cards) > regular checkout flow resumes (customer is sent to order complete or order error page based on whether the funds could be secured from his card)
- Customer submits order > request is sent to Moneris to verify if the card is enrolled > Moneris returns a valid VERes response message "Y" > a call to the API is made to create the VBV form > the customer authenticates himself with his bank > Moneris sends back an error to eCommerce indicating there's a problem with the service or the credentials you specified in the eCommerce admin > customer is sent to the order error page displaying the error sent back from Moneris
- Customer submits order > request is sent to Moneris to verify if the card is enrolled > Moneris returns a valid VERes response message "Y" > a call to the API is made to create the VBV form > the customer authenticates himself with his bank > Moneris sends back a valid PARes response message "A" - Attempted to verify PIN and will receive a CAVV > the cavv_purchase or cavv_preAuth is sent as a crypt type 6 > regular checkout flow resumes (customer is sent to order complete or order error page based on whether the funds could be secured from his card)
- Customer submits order > request is sent to Moneris to verify if the card is enrolled > Moneris returns a valid VERes response message "Y" > a call to the API is made to create the VBV form > the customer authenticates himself with his bank > Moneris sends back a valid PARes response message "Y" - Fully authenticated and will receive a CAVV > the cavv_purchase or cavv_preAuth is sent as a crypt type 5 > regular checkout flow resumes (customer is sent to order complete or order error page based on whether the funds could be secured from his card)
- Customer submits order > request is sent to Moneris to verify if the card is enrolled > Moneris returns a valid VERes response message "Y" > a call to the API is made to create the VBV form > the customer authenticates himself with his bank > Moneris sends back a valid PARes response message "N" - Failed to authenticate, no CAVV will be returned > customer is sent to the order error page displaying the error sent back from Moneris
How Do I Test VBV?
Keep in mind that to test VBV transactions you have to use the moneris Store ID in the table above.
When testing you may use the following test card numbers with any future expiry date.
| Test Card Numbers | ||
|---|---|---|
| Card Number | VERes | PARes |
| 4012001037141112 | Y | Y |
| 4012001038488884 | U | N/A |
| 4012001038443335 | N | N/A |
| 4242424242424242 | Y | A |
| 4012001037461114 | Y | N |
Response Definitions
| Crypt Type | Visa Definition | MasterCard Definition |
|---|---|---|
| 5 |
- Fully authenticated
- There is a liability shift and the merchant is protected from chargebacks
|
- Fully authenticated
- There is a liability shift and the merchant is protected from chargebacks.
|
| 6 |
- VbV has been attempted
- There is a liability shift and the Merchant is protected from chargebacks
|
- MCSC has been attempted
- No liability shift
- Merchant is not protected from chargebacks
|
| 7 |
- Non-VbV transaction
- Merchant is no longer protected from chargebacks
|
- Non-MCSC transaction
- No liability shift
- Merchant is not protected from chargebacks
|
| VERes Response | Response Definition |
|---|---|
| N | The card/issuer is not enrolled. This should be sent as a normal Purchase/PreAuth transaction with a crypt type of 6. |
| U | The card type is not participating in VbV or MCSC: this could be corporate or other card plans that Visa or MasterCard excludes. Can proceed with a regular transaction with a crypt type of 7 or cancel the transaction. |
| Y | The card is enrolled. Proceed to create the VbV/MCSC inline window for cardholder authentication. Proceed to PARes for crypt type. |
| PARes Response | Response Definition |
|---|---|
| A | Attempted to verify PIN and will receive a CAVV. This should now be sent as a cavv_purchase/cavv_preAuth which will return a crypt type of 6. |
| Y | Fully authenticated and will receive a CAVV. This should now be sent as a cavv_purchase/cavv_preAuth which will return a crypt type of 5. |
| N | Failed to authenticate, no CAVV will be returned. Transaction should be cancelled; the merchant may proceed with a crypt type of 7 though strongly discouraged (eCommerce will cancel the transaction). |
