The active settings

Mode

The mode can be named anything, but the "gateway" parameter must be set to "protx". To make it the default payment gateway for all credit card transactions in a specific catalog, you can set in "catalog.cfg":

    Variable  MV_PAYMENT_MODE  protx
    

or in variable.txt:

    MV_PAYMENT_MODE protx (tab separated)
    

if you want this to cooperate with other payment systems, eg PaypalExpress or GoogleCheckout, then see the documentation that comes with that system - it should be fully explained there (essentially, you don't run the charge route from profiles.order but from log_transaction).

id

Your Protx vendor ID, supplied by Protx when you sign up. Various ways to state this:

in variable.txt:

    MV_PAYMENT_ID   YourProtxID Payment
    

or in catalog.cfg either of:

    Route protx id YourProtxID
    Variable MV_PAYMENT_ID      YourProtxID
    

txtype

The transaction type is one of: PAYMENT, AUTHENTICATE or DEFERRED for an initial purchase through the catalogue, and then can be one of: REFUND, RELEASE, REPEAT for payment operations through the virtual terminal.

The transaction type is taken firstly from a dynamic variable in the page, meant primarily for use with the 'virtual payment terminal', viz: 'transtype' in a select box though this could usefully be taken from a possible entry in the products database if you have different products to be sold on different terms; then falling back to a 'Route txtype AUTHENTICATE' entry in catalog.cfg; then falling back to a global variable in variable.txt, eg 'MV_PAYMENT_TXTYPE AUTHENTICATE Payment'; and finally defaulting to 'PAYMENT' hard-coded into the module. This variable is returned to the module and logged using the value returned from Protx, rather than a value from the page which possibly may not exist.

available

If 'yes', then the module will check that the gateway is responding before sending the transaction. If it fails to respond within 9 seconds, then the module will go 'off line' and log the transaction as though this module had not been called. It will also log the txtype as 'OFFLINE' so that you know you have to put the transaction through manually later (you will need to capture the card number to do this). The point of this is that your customer has the transaction done and dusted, rather than being told to 'try again later' and leaving for ever. If not explicitly 'yes', defaults to 'no'. NB: if you set this to 'yes', then add into the etc/report that is sent to you: Txtype = [calc]($Session->{payment_result} || {})->{TxType};[/calc]. Note that you need to have a recent version of wget which supports '--connect-timeout' to run this check. Note also that, as this transaction has not been logged anywhere on the Protx server, you cannot use their terminal to process it. You must use the PTIPM which includes a function for this purpose; ie, it updates the existing order number with the new payment information returned from Protx. Note further that if you have Protx set up to require the CV2 value, then the PTIPM will disable CV2 checking at run-time by default for such a transaction (logging the CV2 value breaks Visa/MC rules and so it can't be legally available for this process).

logzero

If 'yes', then the module will log a transaction even if the amount sent is zero (which the gateway would normally reject). The point of this is to allow a zero amount in the middle of a subscription billing series for audit purposes. If not explicitly 'yes', defaults to 'no'. Note: this is only useful if you are using an invoicing system or the Payment Terminal, both of which by-pass the normal IC processes. IC will allow an item to be processed at zero total price but simply bypasses the gateway when doing so.

logempty

If 'yes, then if the response from Protx is read as empty (ie, zero bytes) the result is forced to 'success' and the transaction logged as though the customer has paid. There are two markers set to warn of this:

$Session->{payment_result}{TxType} will be NULL,

$Session->{payment_result}{StatusDetail} will be: 'UNKNOWN status - check with Protx before dispatching goods'

and you should include these into the report emailed to you.

card_type

Protx requires that the card type be sent. Valid types are: VISA, MC, AMEX, DELTA, SOLO, UKE, JCB, DINERS (UKE is Visa Electron issued in the UK). MAESTRO is no longer accepted without 3DSecure. This may optionally be determined by the module using regexes, or you may use a select box on the page. If there is an error in the regex match in this module due to a change in card ranges or some other fault, then Protx will refuse the transaction and return an error message to the page. Using a select box on the page automatically overrides use of the internal option. In the interests of robust reliability it is *strongly* recommended that you use a select box.

You may display a select box on the checkout page like so:

    <select name="mv_credit_card_type">
    [loop
        option=mv_credit_card_type
        acclist=1
        list=|
            VISA=Visa,
            MC=MasterCard,
            SOLO=Solo,
            DELTA=Delta,
            AMEX=Amex,
            UKE=Electron,
            JCB=JCB,
            DINERS=Diners
        |
    ]
        <option value="[loop-code]">[loop-param label]</option>
    [/loop]
    </select>
    

currency

Protx requires that a currency code be sent, using the 3 letter ISO standard, eg, GBP, EUR, USD. The value is taken firstly from either a page setting or a possible value in the products database, viz 'iso_currency_code'; then falling back to the locale setting - for this you need to add to locale.txt:

    code    en_UK   en_EUR  en_US
    iso_currency_code   GBP EUR USD
    

It then falls back to a 'Route protx currency EUR' type entry in catalog.cfg; then falls back to a global variable (eg MV_PAYMENT_CURRENCY EUR Payment); and finally defaults to GBP hard-coded into the module. This variable is returned to the module and logged using the value returned from Protx, rather than a value from the page which possibly may not exist.

cvv2

This is sent to Protx as mv_credit_card_cvv2. Put this on the checkout page:

    CVV2: <input type=text name=mv_credit_card_cvv2 value='' size=6>
    

but note that under PCI rules you must not log this value anywhere.

issue_number

This is used for some debit cards, and taken from an input box on the checkout page:

    Card issue number: <input type=text name=mv_credit_card_issue_number value='' size=6>
    

StartDate

This is used for some debit cards, and is taken from select boxes on the checkout page in a similar style to those for the card expiry date. The labels to be used are: 'mv_credit_card_start_month', 'mv_credit_card_start_year'. Eg:

    <select name="mv_credit_card_start_year">
    [loop option=start_date_year lr=1 list=`
        my $year = $Tag->time( '', { format => '%Y' }, '%Y' );
        my $out = '';
        for ($year - 7 .. $year) {
                /\d\d(\d\d)/;
                $last_two = $1;
                $out .= "$last_two\t$_\n";
        }
        return $out;
    `]
        <option value="[loop-code]">[loop-pos 1]</option>
    [/loop]
    </select>
    

Log directory

To choose the directory used for logging both the Protx latency log and the double payment safeguard record, set in catalog.cfg:

    Route protx logdir "path/to/log/dir"
    

It must be relative to the catalog root directory if you have NoAbsolute set for this catalog in interchange.cfg.

If logdir is not set, it defaults to the system /tmp.

A somewhat dangerous option allows the payment page to specify the logdir in a form variable, like this:

    <input type="hidden" name="logdir" value='your_choice_here'>
    

This allows an individual user to have his own logs in a shared hosting environment. However, it also allows a creative end-user to create arbitrary empty files or update timestamps of existing files.

Because of the potential for abuse, this option is not allowed unless you set a special route variable indicating you want it:

    Route protx logdir_from_user_allowed 1
    

Protx API v2.22 extra functions

ApplyAVSCV2 set to:

    0 = If AVS/CV2 enabled then check them. If rules apply, use rules. (default)
    1 = Force AVS/CV2 checks even if not enabled for the account. If rules apply, use rules.
    2 = Force NO AVS/CV2 checks even if enabled on account.
    3 = Force AVS/CV2 checks even if not enabled for the account but DON'T apply any rules.
    You may pass this value from the page as 'applyavscv2' to override the payment route setting.
    

CustomerName: optional, may be different to the cardholder name

ContactFax: optional

GiftAidPayment: set to - 0 = This transaction is not a Gift Aid charitable donation(default) 1 = This payment is a Gift Aid charitable donation and the customer has AGREED to donate the tax. You may pass this value from the page as 'giftaidpayment'

ClientIPAddress: will show in Protx reports, and they will attempt to Geo-locate the IP.

Encrypted email with card info

If you want to add the extra fields (issue no, start date) to the PGP message emailed back to you, then set the following in catalog.cfg:

    Variable<tab>MV_CREDIT_CARD_INFO_TEMPLATE Card type: {MV_CREDIT_CARD_TYPE}; Card no: {MV_CREDIT_CARD_NUMBER}; Expiry: {MV_CREDIT_CARD_EXP_MONTH}/{MV_CREDIT_CARD_EXP_YEAR}; Issue no: {MV_CREDIT_CARD_ISSUE_NUMBER}; StartDate: {MV_CREDIT_CARD_START_MONTH}/{MV_CREDIT_CARD_START_YEAR}
    

testing

The Protx test site is ukvpstest.protx.com, and their live site is ukvps.protx.com. Enable one of these in MV_PAYMENT_HOST in variable.txt (*without* any leading https://) or as 'Route protx host ukvpstest.protx.com' in catalog.cfg.

methods

NB: Protx have removed PREAUTH from their protocol and replaced it with AUTHENTICATE/AUTHORISE.

An AUTHENTICATE will validate the card and store the card details on Protx's system for up to 90 days. Against this you may AUTHORISE for any amount up to 115% of the original value.

A DEFERRED will place a shadow ('block') on the funds for seven days (or so, depending on the acquiring bank). Against a DEFERRED you may do a RELEASE to settle the transaction.

A PAYMENT will take the funds immediately. Against a PAYMENT, you may do a REFUND or REPEAT.

A RELEASE is performed to settle a DEFERRED. Payment of the originally specified amount is guaranteed if the RELEASE is performed within the seven days for which the card-holder's funds are 'blocked'.

A REFUND may be performed against a PAYMENT, RELEASE, AUTHORISE or REPEAT. It may be for a partial amount or the entire amount, and may be repeated with several partial REFUNDs so long as the total does not exceed the original amount.

A DIRECTREFUND sends funds from your registered bank account to the nominated credit card. This does not need to refer to any previous transaction codes, and is useful if you need to make a refund but the customer's card has changed or the original purchase was not made by card.

Virtual Payment Terminal