The following content assumes you have obtained the necessary PCI certification to process and submit sensitive cardholder data in the request to our Webservices API.
Read this article to learn more.
Payouts are similar to standard refunds, except they can be performed independently of other transactions. The benefits of performing payouts include:
- The refund amount can be greater than the original payment, if required.
- The refund can be processed before the original payment has been settled into your bank account.
Payouts are also known as Credit Fund Transfers (CFT) or Original Credit Transfers (OCT).
Payouts processed with Visa Direct are processed online, with the customer’s account typically being credited within 30 minutes. Click here to learn more.
Please contact your account manager to check if you are eligible to enable Visa Direct on your account.
Requirements
You will need to have a CFT Merchant Number associated with your Trust Payments account. If you are unsure if your merchant number supports this, we recommend contacting your bank for clarification. Additionally, please ensure you are following any guidelines outlined by your bank before proceeding.
For merchants with MCC 7995, Mastercard mandates that all payout requests processed with Mastercard-branded cards must include billing first name and last name fields, as described in our specification below.
Payout request
Using parent transaction
- Payouts are performed by processing a REFUND request.
- Like a standard REFUND request, the requesttypedescriptions needs to be “REFUND”.
- The accounttypedescription submitted needs to be “CFT”.
- In this example, the parenttransactionreference is included, which references the original AUTH. This will inherit the payment, billing and customer details from the parent, so your system does not need to submit them again.
The following is an example of such a request:
Ensure the submitted accounttypedescription is “CFT”, otherwise a regular REFUND will be processed instead of a payout.
#!/usr/bin/python
import securetrading
stconfig = securetrading.Config()
stconfig.username = "webservices@example.com"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)
payout= {
"requesttypedescriptions": ["REFUND"],
"sitereference": "test_site12345",
"accounttypedescription": "CFT",
"parenttransactionreference": "1-2-345678",
"billingfirstname": "Joe",
"billinglastname": "Bloggs"
}
strequest = securetrading.Request()
strequest.update(payout)
stresponse = st.process(strequest) #stresponse contains the transaction response
<?php
if (!($autoload = realpath(__DIR__ . '/../../../autoload.php')) && !($autoload = realpath(__DIR__ . '/../vendor/autoload.php'))) {
throw new Exception('Composer autoloader file could not be found.');
}
require_once($autoload);
$configData = array(
'username' => 'webservices@example.com',
'password' => 'Password1^',
);
$requestData = array(
'requesttypedescriptions' => array('REFUND'),
'sitereference' => 'test_site12345',
'accounttypedescription' => 'CFT',
'parenttransactionreference' => '1-2-345678',
'billingfirstname' => 'Joe',
'billinglastname' => 'Bloggs'
);
$api = \Securetrading\api($configData);
$response = $api->process($requestData);
var_dump($response->toArray());
?>
curl --user webservices@example.com:Password1^ <DOMAIN>/json/ -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{
"alias": "webservices@example.com",
"version": "1.00",
"request": [{
"requesttypedescriptions": ["REFUND"],
"sitereference": "test_site12345",
"accounttypedescription": "CFT",
"parenttransactionreference": "1-2-345678",
"billingfirstname": "Joe",
"billinglastname": "Bloggs"
}]
}'
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"requesttypedescriptions":["REFUND"],
"sitereference":"test_site12345",
"accounttypedescription":"CFT",
"parenttransactionreference":"1-2-345678",
"billingfirstname":"Joe",
"billinglastname":"Bloggs"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="REFUND">
<operation>
<sitereference>test_site12345</sitereference>
<accounttypedescription>CFT</accounttypedescription>
<parenttransactionreference>1-2-345678</parenttransactionreference>
</operation>
<billing>
<name>
<first>Joe</first>
<last>Bloggs</last>
</name>
</billing>
</request>
</requestblock>
Replace <DOMAIN> with a supported domain. Click here for a full list.
Without parent
As an alternative to the above, you can also submit a payout request without reference to a parent transaction. In this scenario, you will instead need to submit the customer’s payment details in the payout request. Please see the following example:
#!/usr/bin/python
import securetrading
stconfig = securetrading.Config()
stconfig.username = "webservices@example.com"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)
payout= {
"requesttypedescriptions": ["REFUND"],
"sitereference": "test_site12345",
"accounttypedescription": "CFT",
"baseamount": "1050",
"currencyiso3a": "GBP",
"pan": "4111111111111111",
"expirydate": "12/2020",
"securitycode": "123",
"billingfirstname": "Joe",
"billinglastname": "Bloggs"
}
strequest = securetrading.Request()
strequest.update(payout)
stresponse = st.process(strequest) #stresponse contains the transaction response
<?php
if (!($autoload = realpath(__DIR__ . '/../../../autoload.php')) && !($autoload = realpath(__DIR__ . '/../vendor/autoload.php'))) {
throw new Exception('Composer autoloader file could not be found.');
}
require_once($autoload);
$configData = array(
'username' => 'webservices@example.com',
'password' => 'Password1^',
);
$requestData = array(
'requesttypedescriptions' => array('REFUND'),
'sitereference' => 'test_site12345',
'accounttypedescription' => 'CFT',
'baseamount' => '1050',
'currencyiso3a' => 'GBP',
'pan' => '4111111111111111',
'expirydate' => '12/2020',
'securitycode' => '123',
'billingfirstname' => 'Joe',
'billinglastname' => 'Bloggs'
);
$api = \Securetrading\api($configData);
$response = $api->process($requestData);
var_dump($response->toArray());
?>
curl --user webservices@example.com:Password1^ <DOMAIN>/json/ -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{
"alias": "webservices@example.com",
"version": "1.00",
"request": [{
"requesttypedescriptions": ["REFUND"],
"sitereference": "test_site12345",
"accounttypedescription": "CFT",
"baseamount": "1050",
"currencyiso3a": "GBP",
"pan": "4111111111111111",
"expirydate": "12/2020",
"securitycode": "123",
"billingfirstname": "Joe",
"billinglastname": "Bloggs"
}]
}'
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"requesttypedescriptions":["REFUND"],
"sitereference":"test_site12345",
"accounttypedescription":"CFT",
"baseamount":"1050",
"currencyiso3a":"GBP",
"pan":"4111111111111111",
"expirydate":"12/2020",
"securitycode":"123",
"billingfirstname":"Joe",
"billinglastname":"Bloggs"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="REFUND">
<billing>
<payment>
<expirydate>12/2020</expirydate>
<pan>4111111111111111</pan>
<securitycode>123</securitycode>
</payment>
<amount currencycode="GBP">1050</amount>
<name>
<first>Joe</first>
<last>Bloggs</last>
</name>
</billing>
<operation>
<sitereference>test_site12345</sitereference>
<accounttypedescription>CFT</accounttypedescription>
</operation>
</request>
</requestblock>
Replace <DOMAIN> with a supported domain. Click here for a full list.
Field specification
When reading the following specification, please ensure that you reference the relevant code examples for your chosen language.
Field | Format | Description | |
![]() |
accounttypedescription XPath: /operation/accounttypedescription |
Alpha (20) | Must be “CFT”. |
![]() |
baseamount XPath: /billing/amount |
Numeric (13) |
The refund amount in base units, with no commas or decimal points. e.g. £10.99 would be submitted as “1099” but ¥246 would be submitted as “246”. (Max length of amount may vary depending on your acquiring bank – Contact your bank for further info) Required if not passing through a parenttransactionreference (if a parent has been provided, the amount can instead be inherited). |
![]() |
billingcounty XPath: /billing/county |
Alphanumeric including symbols (127) |
The county entered for the customer’s billing address. For US addresses, the state would be entered in this field. Valid formats:
Required when Visa Direct is enabled on your account, for payments processed with Visa-branded cards issued in Canada. |
![]() |
billingdob XPath: /billing/dob |
Date YYYY-MM-DD |
The account holder's date of birth. Required for payments associated with cryptocurrency, processed with MCC 6051. Failure to submit may result in returning of 60044 "Recipient screening failed" error. |
![]() |
billingfirstname XPath: /billing/name/first |
Alphanumeric including symbols (127) |
The customer’s billing first name. Conditions where this field is required:
|
![]() |
billinglastname XPath: /billing/name/last |
Alphanumeric including symbols (127) |
The customer’s billing last name. Conditions where this field is required:
|
![]() |
billingstreet XPath: /billing/street |
Alphanumeric including symbols (127) |
The street entered for the customer’s billing address. Required when Visa Direct is enabled on your account, for payments processed with Visa-branded cards issued in Canada. |
![]() |
billingtown XPath: /billing/town |
Alphanumeric including symbols (127) |
The town entered for the customer’s billing address. Required when Visa Direct is enabled on your account, for payments processed with Visa-branded cards issued in Canada. |
![]() |
currencyiso3a XPath: /billing/amount/@currencycode |
Alpha (3) |
The currency that the transaction will be processed in. Click here for a full list of available currencies. Required if not passing through a parenttransactionreference (if a parent has been provided, the currency is inherited). |
![]() |
expirydate XPath: /billing/payment/expirydate |
Date MM/YYYY |
If you would like to process a refund with an updated expiry date, the new value is submitted in this field. Required if not passing through a parenttransactionreference. |
![]() |
orderreference XPath: /merchant/orderreference |
Alphanumeric including symbols (25)
Recommended length 25 characters or less (exact length dependent on acquiring bank). Failure to adhere to this requirement may result in the text being truncated in the transaction. |
Your unique order reference that can be stored on Trust Payments’s system. If this is not submitted, it is inherited from the parent AUTH request, provided a parenttransactionreference has been included. |
![]() |
pan XPath: /billing/payment/pan |
Numeric (12-19) |
This is the long number printed on the front of the customer’s card. We return a masked version of this PAN in the response, in the field maskedpan. e.g. “411111######1111” Required if not passing through a parenttransactionreference. |
![]() |
parenttransactionreference XPath: /operation/parenttransactionreference |
Alphanumeric & hyphens (25) |
You can submit the transaction reference of the AUTH request that you would like to refund. You can omit this field and submit the pan, expirydate and securitycode instead. |
![]() |
requesttypedescriptions XPath: /@type |
Alphanumeric & hyphens (25) |
The request type required is “REFUND”. |
![]() |
securitycode XPath: /security/securitycode |
Numeric (3-4) |
This is the three digit security code printed on the back of the card. (For AMEX cards, this is a 4 digit code found on the front of the card) We strongly recommend submitting this value for the processing of security code checks. Additionally, some banks may decline the payment if the security code is not present. |
![]() |
sitereference XPath: /operation/sitereference |
Alphanumeric & underscore (50) |
A unique reference that identifies your account. You receive this when you first sign up with us. |
Payout response
The response returned has the same structure as a standard REFUND, except for the following considerations:
- accounttypedescription returned is “CFT”.
- For Payouts using Visa Direct, settlestatus returned is "100", otherwise the settlestatus returned is "0".
{
u 'requestreference': u 'Agv3epv31',
u 'version': u '1.00',
u 'responses': [{
u 'transactionstartedtimestamp': u '2016-12-07 15:44:33',
u 'parenttransactionreference': u '1-2-345678',
u 'livestatus': u '0',
u 'issuer': u 'SecureTrading Test Issuer1',
u 'dccenabled': u '0',
u 'settleduedate': u '2016-12-07',
u 'errorcode': u '0',
u 'orderreference': u 'My_Order_123',
u 'tid': u '27880001',
u 'merchantnumber': u '00000000',
u 'merchantcountryiso2a': u 'GB',
u 'transactionreference': u '1-2-345679',
u 'merchantname': u 'Test Merchant',
u 'paymenttypedescription': u 'VISA',
u 'baseamount': u '1050',
u 'accounttypedescription': u 'CFT',
u 'acquirerresponsecode': u '00',
u 'requesttypedescription': u 'REFUND',
u 'securityresponsesecuritycode': u '0',
u 'currencyiso3a': u 'GBP',
u 'authcode': u 'TEST REFUND ACCEPTED',
u 'errormessage': u 'Ok',
u 'operatorname': u 'webservices@example.com',
u 'securityresponsepostcode': u '0',
u 'maskedpan': u '411111######1111',
u 'securityresponseaddress': u '0',
u 'issuercountryiso2a': u 'US',
u 'settlestatus': u '0'
}]
}
array(3) {
["requestreference"] => string(9) "A19beknpr"
["version"] => string(4) "1.00"
["responses"] => array(1) {
[0] => array(28) {
["transactionstartedtimestamp"] => string(19) "2016-12-09 10:21:13"
["parenttransactionreference"] => string(10) "1-2-345678"
["livestatus"] => string(1) "0"
["issuer"] => string(26) "SecureTrading Test Issuer1"
["dccenabled"] => string(1) "0"
["settleduedate"] => string(10) "2016-12-09"
["errorcode"] => string(1) "0"
["orderreference"] => string(12) "My_Order_123"
["tid"] => string(8) "27880001"
["merchantnumber"] => string(8) "00000000"
["securityresponsepostcode"] => string(1) "0"
["transactionreference"] => string(10) "1-2-345679"
["merchantname"] => string(13) "Test Merchant"
["paymenttypedescription"] => string(4) "VISA"
["baseamount"] => string(4) "1050"
["accounttypedescription"] => string(3) "CFT"
["acquirerresponsecode"] => string(2) "00"
["requesttypedescription"] => string(6) "REFUND"
["securityresponsesecuritycode"] => string(1) "0"
["currencyiso3a"] => string(3) "GBP"
["authcode"] => string(20) "TEST REFUND ACCEPTED"
["errormessage"] => string(2) "Ok"
["operatorname"] => string(23) "webservices@example.com"
["merchantcountryiso2a"] => string(2) "GB"
["maskedpan"] => string(16) "411111######1111"
["securityresponseaddress"] => string(1) "0"
["issuercountryiso2a"] => string(2) "US"
["settlestatus"] => string(1) "0"
}
}
}
{
"requestreference":"W23-qc7t4h8a",
"version":"1.00",
"response":[{
"transactionstartedtimestamp":"2016-12-07 15:50:37",
"parenttransactionreference":"1-2-345678",
"livestatus":"0",
"issuer":"SecureTrading Test Issuer1",
"dccenabled":"0",
"settleduedate":"2016-12-07",
"errorcode":"0",
"baseamount":"1050",
"tid":"27880001",
"merchantnumber":"00000000",
"merchantcountryiso2a":"GB",
"transactionreference":"1-2-345679",
"merchantname":"Test Merchant",
"paymenttypedescription":"VISA",
"orderreference":"My_Order_123",
"accounttypedescription":"CFT",
"acquirerresponsecode":"00",
"requesttypedescription":"REFUND",
"securityresponsesecuritycode":"0",
"currencyiso3a":"GBP",
"authcode":"TEST REFUND ACCEPTED",
"errormessage":"Ok",
"operatorname":"webservices@example.com",
"securityresponsepostcode":"0",
"maskedpan":"411111######1111",
"securityresponseaddress":"0",
"issuercountryiso2a":"US",
"settlestatus":"0"
}],
"secrand":"0V2j6j0kl2R1UU"
}
<responseblock version="3.67">
<requestreference>X1u3u92dg</requestreference>
<response type="REFUND">
<merchant>
<tid>27880001</tid>
<merchantnumber>00000000</merchantnumber>
<merchantcountryiso2a>GB</merchantcountryiso2a>
<merchantname>Test Merchant</merchantname>
<orderreference>My_Order_123</orderreference>
<operatorname>webservices@example.com</operatorname>
</merchant>
<transactionreference>1-2-345679</transactionreference>
<billing>
<amount currencycode="GBP">1050</amount>
<payment type="VISA">
<pan>411111######1111</pan>
<issuercountry>US</issuercountry>
<issuer>SecureTrading Test Issuer1</issuer>
</payment>
<dcc enabled="0"/>
</billing>
<timestamp>2019-12-17 11:16:05</timestamp>
<error>
<message>Ok</message>
<code>0</code>
</error>
<acquirerresponsecode>00</acquirerresponsecode>
<live>0</live>
<authcode>TEST REFUND ACCEPTED</authcode>
<operation>
<parenttransactionreference>1-2-345678</parenttransactionreference>
<accounttypedescription>CFT</accounttypedescription>
</operation>
<settlement>
<settleduedate>2019-12-17</settleduedate>
<settlestatus>0</settlestatus>
</settlement>
<security>
<address>0</address>
<postcode>0</postcode>
<securitycode>0</securitycode>
</security>
</response>
<secrand>V1utOQ5A</secrand>
</responseblock>