In order to reduce fraud, Visa have mandated that domestic financial services providers (Merchant Category Code / MCC 6012) based in Visa Europe Region are required to send additional fields in requests to Trust Payments that denote the recipient of funds.
Your Merchant Category Code (MCC) is a four-digit number assigned to you by your acquirer. It is used to classify the business by the type of products or services it provides. If you are unsure of the value of your merchant category code, please contact our Support Team.
For UK-based merchants with MCC 6012, failure to submit these fields may prevent the transaction from being processed successfully, with a “60025” errorcode being returned in the response.
Inheritance
Once you have processed an AUTH or ACCOUNTCHECK containing these required fields, they can be inherited in future requests, and passed onto the acquiring bank automatically, if required.
You will need to update your POST to Payment Pages to include the following fields:
You can also upload your own HTML to customise the hosted Payment Pages to prompt for the fields required for MCC 6012. To get started with customising the Payment Pages with HTML, click here.
| Field name |
Required during payment session (Either included in POST by merchant or entered by customer on Payment Pages) |
Required in POST | Description |
| customeraccountnumber | Yes | Yes |
If account number type is “ACCOUNT”, the account number of the primary recipient. If account number type is “CARD”, the card number of the primary recipient. When the customeraccountnumber value submitted in the POST is a card number, this will be masked (e.g. “559139######0504”) when displayed in Portal and returned in URL notification(s) (if enabled). |
| customeraccountnumbertype | Yes | Yes |
Either “CARD” or “ACCOUNT”. When the customeraccountnumber value submitted in the POST is a card number, the customeraccountnumbertype value displayed in Portal and returned in URL notification(s) (if enabled) will be: "CARD". |
| customercountryiso2a | No | No | The customer's country in iso2a format. Although this isn't required, we recommend including the country in the POST as this allows us to correctly validate the customerpostcode. |
| customerdob | Yes | Yes |
The date of birth of the primary recipient. Format: YYYY-MM-DD. |
| customerlastname | Yes | No |
The last name of the primary recipient. |
| customerpostcode | Yes | No |
The postcode of the primary recipient This must be a valid UK postcode. |
The following is an example of a POST to Payment Pages that includes the fields mandated by Visa and Mastercard for merchants with category code 6012:
<html>
<body>
<form method="POST" action="<DOMAIN>/process/payments/details">
<input type="hidden" name="sitereference" value="test_site12345">
<input type="hidden" name="stprofile" value="default">
<input type="hidden" name="stdefaultprofile" value="st_paymentcardonly">
<input type="hidden" name="currencyiso3a" value="GBP">
<input type="hidden" name="mainamount" value="100.00">
<input type="hidden" name="billingfirstname" value="Jay">
<input type="hidden" name="billinglastname" value="Doe">
<input type="hidden" name="billingemail " value="customer@email.com">
<input type="hidden" name="billingpremise" value="No 789">
<input type="hidden" name="billingstreet" value="Test Street">
<input type="hidden" name="billingtown" value="Bangor">
<input type="hidden" name="billingcounty" value="Gwynedd">
<input type="hidden" name="billingpostcode" value="TR45 6ST">
<input type="hidden" name="billingcountryiso2a " value="GB">
<input type="hidden" name="customeraccountnumber" value="{{Recipient card or account number}}">
<input type="hidden" name="customeraccountnumbertype" value="{{Recipient account type}}">
<input type="hidden" name="customercountryiso2a" value="GB">
<input type="hidden" name="customerdob" value="1990-01-01">
<input type="hidden" name="customerlastname" value="Bloggs">
<input type="hidden" name="customerpostcode" value="TR45 6ST">
<input type="hidden" name="version" value="2">
<input type="submit" value="Pay">
</form>
</body>
</html>Replace <DOMAIN> with a supported domain. Click here for a full list.
You will need to update the payload submitted within your JWT to include the following fields (only applies to AUTH and ACCOUNTCHECK request types):
| Field | Format | Description | |
| customeraccountnumber | Numeric (20) |
If account number type is “ACCOUNT”, the account number of the primary recipient.
If account number type is “CARD”, the card number of the primary recipient. When the customeraccountnumber value submitted in the request is a card number, this will be masked (e.g. “559139######0504”) in the response, when displayed in Portal and returned in URL notification(s) (if enabled). Required if MCC is 6012. |
|
|
|
customeraccountnumbertype | Alpha (7) |
Either “CARD” or “ACCOUNT”. When the customeraccountnumber value submitted in the request is a card number, the customeraccountnumbertype value in the response, when displayed in Portal and returned in URL notification(s) (if enabled) will be: "CARD". Required if MCC is 6012. |
|
|
customerdob | Date YYYY-MM-DD |
The date of birth of the primary recipient. Required if MCC is 6012. |
|
|
customerlastname | Alphanumeric including symbols (127) |
The last name of the primary recipient. Required if MCC is 6012. |
|
|
customerpostcode | Alphanumeric (25) |
The postcode of the primary recipient
This must be a valid UK postcode. Required if MCC is 6012. |
|
|
customercountryiso2a | Alpha (2) |
The customer's country in iso2a format. Although this isn't required, we recommend including the country in the JWT as this allows us to correctly validate the customerpostcode. |
The following payload example includes the fields mandated by Visa and Mastercard for merchants with category code 6012:
{
"payload":{
"accounttypedescription":"ECOM",
"baseamount":"1050",
"currencyiso3a":"GBP",
"customeraccountnumber":"{{Recipient card or account number}}",
"customeraccountnumbertype":"{{Recipient account type}}",
"customercountryiso2a":"GB",
"customerdob":"1990-01-01",
"customerlastname":"Bloggs",
"customerpostcode":"TR45 6ST",
"requesttypedescriptions":["THREEDQUERY","AUTH"],
"sitereference":"test_site12345"
},
"iat":1559033849,
"iss":"jwt.user"
}
You will need to update the payload submitted within your JWT to include the following fields (only applies to AUTH and ACCOUNTCHECK request types):
| Field | Format | Description | |
| customeraccountnumber | Numeric (20) |
If account number type is “ACCOUNT”, the account number of the primary recipient.
If account number type is “CARD”, the card number of the primary recipient. When the customeraccountnumber value submitted in the request is a card number, this will be masked (e.g. “559139######0504”) in the response, when displayed in Portal and returned in URL notification(s) (if enabled). Required if MCC is 6012. |
|
|
|
customeraccountnumbertype | Alpha (7) |
Either “CARD” or “ACCOUNT”. When the customeraccountnumber value submitted in the request is a card number, the customeraccountnumbertype value in the response, when displayed in Portal and returned in URL notification(s) (if enabled) will be: "CARD". Required if MCC is 6012. |
|
|
customerdob | Date YYYY-MM-DD |
The date of birth of the primary recipient. Required if MCC is 6012. |
|
|
customerlastname | Alphanumeric including symbols (127) |
The last name of the primary recipient. Required if MCC is 6012. |
|
|
customerpostcode | Alphanumeric (25) |
The postcode of the primary recipient
This must be a valid UK postcode. Required if MCC is 6012. |
|
|
customercountryiso2a | Alpha (2) |
The customer's country in iso2a format. Although this isn't required, we recommend including the country in the JWT as this allows us to correctly validate the customerpostcode. |
The following payload example includes the fields mandated by Visa and Mastercard for merchants with category code 6012:
{
"payload":{
"accounttypedescription":"ECOM",
"baseamount":"1050",
"currencyiso3a":"GBP",
"customeraccountnumber":"{{Recipient card or account number}}",
"customeraccountnumbertype":"{{Recipient account type}}",
"customercountryiso2a":"GB",
"customerdob":"1990-01-01",
"customerlastname":"Bloggs",
"customerpostcode":"TR45 6ST",
"requesttypedescriptions":["THREEDQUERY","AUTH"],
"sitereference":"test_site12345",
"termurl":"https://payments.securetrading.net/process/payments/mobilesdklistener"
},
"iat":1559033849,
"iss":"jwt.user"
}
You will need to update AUTH and ACCOUNTCHECK requests to include the following fields:
| Field | Format | Description | |
| customeraccountnumber XPath: /customer/accountnumber |
Numeric (20) |
If account number type is “ACCOUNT”, the account number of the primary recipient.
If account number type is “CARD”, the card number of the primary recipient. When the customeraccountnumber value submitted in the request is a card number, this will be masked (e.g. “559139######0504”) in the response, when displayed in Portal and returned in URL notification(s) (if enabled). Required if MCC is 6012. |
|
|
|
customeraccountnumbertype XPath: /customer/accountnumber/@type |
Alpha (7) |
Either “CARD” or “ACCOUNT”. When the customeraccountnumber value submitted in the request is a card number, the customeraccountnumbertype value in the response, when displayed in Portal and returned in URL notification(s) (if enabled) will be: "CARD". Required if MCC is 6012. |
|
|
customerdob XPath: /customer/dob |
Date YYYY-MM-DD |
The date of birth of the primary recipient. Required if MCC is 6012. |
|
|
customerlastname XPath: /customer/name/last |
Alphanumeric including symbols (127) |
The last name of the primary recipient. Required if MCC is 6012. |
|
|
customerpostcode XPath: /customer/postcode |
Alphanumeric (25) |
The postcode of the primary recipient
This must be a valid UK postcode. Required if MCC is 6012. |
|
|
customercountryiso2a XPath: /customer/country |
Alpha (2) |
The customer's country in iso2a format. Although this isn't required, we recommend including the country in the request as this allows us to correctly validate the customerpostcode. |
The following AUTH request example includes the fields mandated by Visa and Mastercard for merchants with category code 6012:
#!/usr/bin/python
import securetrading
stconfig = securetrading.Config()
stconfig.username = "webservices@example.com"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)
auth = {
"accounttypedescription": "MOTO",
"baseamount": "1050",
"currencyiso3a": "GBP",
"customeraccountnumber": "{{Recipient card or account number}}",
"customeraccountnumbertype": "{{Recipient account type}}",
"customercountryiso2a": "GB",
"customerdob": "1990-01-01",
"customerlastname": "Bloggs",
"customerpostcode": "TR45 6ST",
"expirydate": "12/2030",
"pan": "4111111111111111",
"requesttypedescriptions": ["AUTH"],
"securitycode": "123",
"sitereference": "test_site12345"
}
strequest = securetrading.Request()
strequest.update(auth)
stresponse = st.process(strequest) #stresponse contains the transaction response
<?php
if (!($autoload = realpath(__DIR__ . '/../../../autoload.php')) && !($autoload = realpath(__DIR__ . '/../vendor/autoload.php'))) {
throw new Exception('Composer autoloader file could not be found.');
}
require_once($autoload);
$configData = array(
'username' => 'webservices@example.com',
'password' => 'Password1^',
);
$requestData = array(
'accounttypedescription' => 'MOTO',
'baseamount' => '1050',
'currencyiso3a' => 'GBP',
'customeraccountnumber' => '{{Recipient card or account number}}',
'customeraccountnumbertype' => '{{Recipient account type}}',
'customercountryiso2a' => 'GB',
'customerdob' => '1990-01-01',
'customerlastname' => 'Bloggs',
'customerpostcode' => 'TR45 6ST',
'expirydate' => '12/2030',
'pan' => '4111111111111111',
'requesttypedescriptions' => array('AUTH'),
'securitycode' => '123',
'sitereference' => 'test_site12345'
);
$api = \Securetrading\api($configData);
$response = $api->process($requestData);
var_dump($response->toArray());
?>
curl --user webservices@example.com:Password1^ <DOMAIN>/json/ -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{
"alias":"webservices@example.com",
"version": "1.00",
"request": [{
"accounttypedescription": "MOTO",
"baseamount": "1050",
"currencyiso3a": "GBP",
"customeraccountnumber": "{{Recipient card or account number}}",
"customeraccountnumbertype": "{{Recipient account type}}",
"customercountryiso2a": "GB",
"customerdob": "1990-01-01",
"customerlastname": "Bloggs",
"customerpostcode": "TR45 6ST",
"expirydate": "12/2030",
"pan": "4111111111111111",
"requesttypedescriptions": ["AUTH"],
"securitycode": "123",
"sitereference": "test_site12345"
}]
}'
{
"alias":"webservices@example.com",
"version":"1.00",
"request":[{
"accounttypedescription":"MOTO",
"baseamount":"1050",
"currencyiso3a":"GBP",
"customeraccountnumber":"{{Recipient card or account number}}",
"customeraccountnumbertype":"{{Recipient account type}}",
"customercountryiso2a":"GB",
"customerdob":"1990-01-01",
"customerlastname":"Bloggs",
"customerpostcode":"TR45 6ST",
"expirydate":"12/2030",
"pan":"4111111111111111",
"requesttypedescriptions":["AUTH"],
"securitycode":"123",
"sitereference":"test_site12345"
}]
}
<requestblock version="3.67">
<alias>webservices@example.com</alias>
<request type="AUTH">
<billing>
<amount currencycode="GBP">1050</amount>
<payment>
<expirydate>12/2030</expirydate>
<pan>4111111111111111</pan>
<securitycode>123</securitycode>
</payment>
</billing>
<customer>
<accountnumber type="{{Recipient account type}}">{{Recipient card or account number}}</accountnumber>
<country>GB</country>
<dob>1990-01-01</dob>
<name>
<last>Bloggs</last>
</name>
<postcode>TR45 6ST</postcode>
</customer>
<operation>
<accounttypedescription>MOTO</accounttypedescription>
<sitereference>test_site12345</sitereference>
</operation>
</request>
</requestblock>
Replace <DOMAIN> with a supported domain. Click here for a full list.
