Transaction Responses
Last updated: Sept 18th, 8:17pm
Quick links for this section:
- Credit Card Transaction Responses
- Address Verification Service Responses from PayPal
- BALAMT Response and Stored Value Cards
- Transaction ID - PNREF
- RESULT Values and RESPMSG Text
- Processor-Specific Response Parameters
When a transaction finishes, the Payflow server returns a response string made up of name-value pairs.
The following is an example response string:
1RESULT=0&PNREF=EFHP0D426A53&RESPMSG=APPROVED&AUTHCODE=25TEST&AVSADDR=Y&AVSZIP=N&CVV2MATCH=Y
Credit card transaction responses
The table below describes values that can be returned in response strings.
| Field | Description |
|---|---|
PNREF |
|
PPREF |
PayPal transaction ID of the payment; returned by the PayPal processor. Character length and limitations: 17-character string |
RESULT |
The outcome of the attempted transaction. RESULT=0 means the transaction was approved.Note: For account verification transactions, RESULT=0 with RESPMSG=Verified means a zero dollar authorization has been successfully performed.RESPMSG string when RESULT=0. For more information about corrective actions, see API error codes. Any other value for RESULT indicates a decline or error. Character length and limitations: variable length, numeric |
CVV2MATCH |
Result of the card security code (CVV2) check. The issuing bank may decline the transaction if there is a mismatch. In other cases, the transaction may be approved despite a mismatch. Y= Match N= No Match X= One of the following: (Not processed, Service not supported, Unavailable, No response, or Invalid data was p passed).Character length and limitations: 1 alpha character ( Y, N, X, or no response) |
RESPMSG |
The response message returned with the transaction result. Exact wording varies. Sometimes a colon appears after the initial RESPMSG followed by more detailed information. Note: For account verification transactions, RESULT=0 with RESPMSG=Verified means a zero dollar authorization has been successfully performed. For partial authorizations, RESPMSG=Partial Approval when RESULT=0.RESPMSG string when RESULT=0. For more information on corrective actions, see API error codes. Character length and limitations: variable, alphanumeric characters |
AUTHCODE |
Returned for sale, authorization, and voice authorization credit card transactions. AUTHCODE is the approval code obtained over the telephone from the processing network. AUTHCODE is required when you submit a force (F) transaction. Character length and limitations: 6 alphanumeric characters |
AVSADDR |
Address verification service address response returned if you are using address verification service. Address verification service address responses are for advice only. This process does not affect the outcome of the authorization. Character length and limitations: 1 alpha character ( Y, N, X, or no response) |
AVSZIP |
Address verification service address response returned if you are using address verification service. Address verification service address responses are for advice only. This process does not affect the outcome of the authorization. Character length and limitations: 1 alpha character ( Y, N, X, or no response) |
IAVS |
International address verification service address responses may be returned if you are using Address verification service. IAVS responses are for advice only. This value does not affect the outcome of the transaction. Indicates whether address verification service response is international (Y), US (N), or cannot be determined (X). Client version 3.06 or later is required.<br/ >Character length and limitations: 1 alpha character (Y, N, X, or no response) |
PROCAVS |
The raw address verification service response returned by the processor. This field is not normalized and is returned when VERBOSITY is set to HIGH.Character length and limitations: 1 character |
PROCCVV2 |
The raw CVV2 response returned by the processor. This field is not normalized and is returned when VERBOSITY is set to HIGH. Character length and limitations: 1 character |
HOSTCODE |
The raw response code returned by the processor. This field is not normalized and is returned when VERBOSITY is set to HIGH. Use RESPTEXT to obtain the response message from the processor. For PayPal processor response code information, refer to the API error codes. For all other processors, please contact your merchant bank or processor directly. Character length and limitations: 6 characters |
RESPTEXT |
The raw text returned by the processor which corresponds to the returned HOSTCODE. This field is not normalized and is returned when VERBOSITY is set to HIGH. Character length and limitations: 32 characters |
PROCCARDSECURE |
The raw Buyer Authentication response returned by the processor. This field is not normalized and is returned when VERBOSITY is set to HIGH.Character length and limitations: 1 character |
ADDLMSGS |
Additional error message that indicates the use of a features that has been disabled. Character length and limitations: Up to 1048 characters. Typically 50 characters. |
PAYMENTTYPE |
(PayPal only.) Returns instant if the payment is instant or echeck if the payment is delayed (DP) on the PayPal processor. Character length and limitations: 7-character string |
CORRELATIONID |
(PayPal only.) Value used for tracking this Direct Payment transaction. Character length and limitations: 13 alphanumeric characters |
AMEXID |
Unique transaction ID returned when VERBOSITY=HIGH for tracking American Express CAPN transactions on non-PayPal processors.Note: Used by merchants who authorize transactions through the Gateway but settle through a third-party solution. |
AMEXPOSDATA |
Value returned for American Express CAPN transactions when VERBOSITY=HIGH on non-PayPal processors. Note: Used only by merchants who authorize through the Gateway but settle through a third-party solution. |
CCTRANSID |
Unique transaction ID returned from some processors for all credit card transactions. Note: This field is only used by merchants who authorize transactions through the Gateway but settle through a third-party solution. |
CCTRANS_POSDATA |
Value returned from some processors for all credit card transactions. Note: This field is only by merchants who authorize through the Gateway but settle through a third-party solution. |
AMT |
This field returns the transaction amount, or if performing a partial authorization, the amount approved for the partial authorization. |
ORIGAMT |
Partial authorizations: Original amount submitted for authorization. |
CARDTYPE |
The credit card type. Returned as an inquiry response when you send a VERBOSITY request parameter value of HIGH. Is one of the following values for currently used cards: - 0 = Visa - 1 = Mastercard- 2 = Discover - 3 = American Express - 4 = Diner's Club- 5 = JCB- 9 = Maestro (Switch) |
EMAILMATCH |
Verifies whether the BILLTOEMAIL value sent is what is on file with the processor. (American Express processor only)Character length and limitations: 1 alpha character ( Y, N, X, or no response) |
PHONEMATCH |
Verifies whether the BILLTOPHONENUM value sent is what is on file with the processor. (American Express processor only)Character length and limitations: 1 alpha character ( Y, N, X, or no response) |
EXTRSPMSG |
Additional processor-related messages. |
TRANSTIME |
Time of the transaction. The following is an example response in the format returned: TRANSTIME=2010-08-11 22:53:18 Character length and limitations: See example |
DUPLICATE |
Is returned with one of the following values: - DUPLICATE=2 —
ORDERID has already been submitted in a previous request with the same ORDERID. - DUPLICATE=1 —
The request ID has already been submitted for a previous request. - DUPLICATE=-1 —
The Gateway database is not available. PayPal cannot determine whether this is a duplicate order or request.
|
DATE_TO_SETTLE |
The date a transaction will settle. This parameter is returned in the response for inquiry transactions only (TRXTYPE=I). |
PAYMENTADVICECODE |
A processor response code typically returned on declined recurring transactions. Its purpose is to provide merchants with information and specific instructions on how to handle the decline. It is the merchant's responsibility to follow the instructions provided to avoid chargebacks. For details on the meanings of these codes, see: PAYMENTADVICECODE. A value of 03 or 21 indicates it is the merchant's responsibility to stop this recurring transaction. These two codes indicate that either the account was closed, fraud was involved, or the card holder has asked the bank to stop this payment for another reason. Even if a re-attempted transaction is successful, it will likely result in a chargeback. |
TRANSSTATE |
State of the transaction sent in an Inquiry response or with errors associated with Fraud Protection Service (FPS) transactions. The values are: - 0 = Account Verification (no settlement involved)- 1 = General error state - 3 = Authorization approved - 4 = Partial capture - 6 = Settlement pending (transaction is scheduled to be settled) - 7 = Settlement in progress (transaction involved in a currently ongoing settlement) - 8 = Settled successfully- 9 = Authorization captured (once an authorization type transaction is captured, its TRANSSSTATE becomes 9) - 10 = Capture failed (an error occurred while trying to capture an authorization because the transaction was already captured) - 11 = Failed to settle (transactions fail settlement usually because of problems with the merchant's processor or because the card type is not set up with the merchant's processor) - 12 = Unsettled transaction because of incorrect account information - 14 = For various reasons, the batch containing this transaction failed settlement - 15 = Settlement incomplete due to a chargeback - 16 = Merchant ACH settlement failed; (need to manually collect it) - 106 = Unknown Status Transaction - Transactions not settled - 206 = Transactions on hold pending customer intervention Any TRANSSTATE over 1000; example 1003, is a void transaction. Example, an authorization has a TRANSSTATE of 3 prior to be captured. But if the authorization is voided, the TRANSSTATE will become 1003. In the case of Fraud Protection Service (FPS) filters, the following error codes and TRANSSTATE values are returned in the response: - For error code 125 —
declined by FPS filters, TRANSSTATE=1 or remains unchanged from its original value - For error code 126 —
flagged for review by FPS filters, TRANSSTATE=1 If the merchant accepts the transaction flagged by the FPS filter, the value of TRANSSTATE will change depending on the original transaction type: TRANSSTATE=3 for an approved Authorization (TRXTYPE=A) TRANSSTATE=6 for an approved Sale (TRXTYPE=S), Delayed Capture (TRXTYPE=D), Refund (TRXTYPE=C) or Force (TRXTYPE=F) TRANSSTATE=0 for an approved Void (TRXTYPE=V) - For error code 128 —
the merchant declines the transaction flagged by the FPS filter, TRANSSTATE=1 or remains unchanged from its original value. Character length and limitations: 10 integer characters |
Address verification service responses from PayPal
The following table compares the detailed response the PayPal processor returns for address verification to the normalized response value (Y, N, or X) that AVSADDR and AVSZIP return. To obtain the PayPal processor value, set the VERBOSITY parameter to HIGH. The processor value is returned in the PROCAVS response parameter.
| PayPal processor AVS code | Meaning | AVSADDR | AVSZIP |
|---|---|---|---|
| A | Address | Y | N |
| B | International "A" | Y | N |
| C | International "N" | N | N |
| D | International "X" | Y | Y |
| E | Not allowed for MOTO (Internet/Phone) transactions | X | X |
| F | UK-specific "X" | Y | Y |
| G | Global Unavailable | X | X |
| I | International Unavailable | X | X |
| N | No | N | N |
| P | Postal (International "Z") | N | Y |
| R | Retry | X | X |
| S | Service not Supported | X | X |
| U | Unavailable | X | X |
| W | Whole Zip | N | Y |
| X | Exact Match | Y | Y |
| Y | Yes | Y | Y |
| Z | Zip | N | Y |
| All other | X | X |
The following is an example Authorization request string that sets VERBOSITY to HIGH. Payflow returns the PROCAVS value in the response.
1TRXTYPE=A&BILLTOSTREET=123 Main St&BILLTOZIP=00382&TENDER=C&PARTNER=PayPal2&USER=SuperMerchant&PWD=SuperUserPassword&AMT=1.00&ACCT=41111111111111113&EXPDATE=1215&INVNUM=PONUM1&VERBOSITY=HIGH
The PROCAVS value is returned in the response.
1RESULT=0&PNREF=VFHA0FF94691&RESPMSG=Approved&AUTHCODE=245PNI&AVSADDR=Y&AVSZIP=Y2&HOSTCODE=A&PROCAVS=Y&VISACARDLEVEL=12&TRANSTIME=2011-01-12 13:54:35&AMT=1.003&ACCT=1111&EXPDATE=1215&CARDTYPE=0&IAVS=N
Normalized card security code results
The CVV2MATCH parameter returns Y, N, or X.
The following table shows the detailed results that the PayPal processor returns for card security codes. To obtain the PayPal processor value, set the VERBOSITY parameter to HIGH. The processor value is returned in the PROCCVV2 response parameter.
| PayPal Processor CVV2 Code | PayPal Processor Code Description | Payflow CVV2MATCH |
|---|---|---|
| M | Match | Y |
| N | No Match | N |
| P | Not Processed | X |
| S | Service Not Supported | X |
| U | Unavailable | X |
| X | No Response | X |
| All other | X |
BALAMT response and stored value cards
Transactions meeting American Express reporting and statement requirements may return BALAMT when the transaction involves a stored value card. Stored value cards typically are offered as gift cards, allowing the customer to spend any amount up to the balance remaining on the card. A card must be active and not compromised for BALAMT to return the card balance. If the card is used to purchase merchandise exceeding the card balance, American Express declines the transaction and returns the card balance in BALAMT.
Note: Not all processors support BALAMT when a transaction involves a stored value card.
American Express stored value card example
The following authorization request is for a purchase of 123.00.
1TRXTYPE=A&TENDER=C&PWD=x1y2z3&PARTNER=PayPal&VENDOR=SuperMerchant2&USER=SuperMerchant&ACCT=5555555555554444&EXPDATE=1215&AMT=123.003&BILLTOSTREET=5199 MAPLE&BILLTOZIP=94588
Because the response returns a BALAMT of 99.00, the authorization is declined.
1RESULT=12&PNREF=VXYZ01234567&RESPMSG=DECLINED&BALANCE=99.00&AVSADDR=Y&AVSZIP=N
PNREF
The PNREF is a unique transaction identification number issued by PayPal that identifies the transaction for billing, reporting, and transaction data purposes. The PNREF is returned in a transaction response indicating that your transaction was received by PayPal. The PNREF value also appears in the Transaction ID column in PayPal Manager reports.
Storing the PNREF in your records is helpful, especially if you plan to perform the following Payflow transaction types:
- The
PNREFvalue is passed as theORIGIDvalue (original transaction ID) in delayed capture transactions (TRXTYPE=D), credits (TRXTYPE=C), inquiries (TRXTYPE=I), and voids (TRXTYPE=V). - The
PNREFvalue is passed as theORIGIDvalue (original transaction ID) value in reference transactions for authorizations (TRXTYPE=A) and sales (TRXTYPE=S).
The PNREF value is a 12-character string of printable characters. Printable characters also include symbols other than letters and numbers, such as, the question mark (?). However, a PNREF value typically contains letters and numbers only, for example:
VADE0B248932ACRAF23DB3C4
Note: The format of (or the types of values returned in) the PNREF parameter is subject to change without notification; Payflow will only notify merchants if the length of this parameter changes.
RESULT values and RESPMSG text
The RESULT parameter is the first response parameter returned in the response string. The value of RESULT indicates the overall status of the transaction attempt:
- A value of
0(zero) indicates that no errors occurred and the transaction was approved.Note: For account verification transactions,
RESULT=0withRESPMSG=Verifiedmeans that a zero dollar authorization is successful. - A value less than
0indicates that a communication error occurred. In this case, no transaction is attempted. - A value greater than
0indicates a decline or error (except in the case ofRESULT 104. See the following table).
The response message (RESPMSG) provides a brief description for decline or error results.
To obtain the raw response code and message returned by the processor set VERBOSITY to HIGH in your request and capture the response values of the HOSTCODE and RESPTEXT parameters.
For PayPal Processor Only: When interpreting RESULT values for the PayPal processor, note the following:
- When
RESULT=0, warning information may be returned that is useful to the request application. See the API error codes for detailed information on corrective actions. - When
RESULT=104, log in to the PayPal website to determine whether the transaction actually went through. If the transaction does not appear in the History section, retry it.
| RESULT | RESPMSG and Explanation |
|---|---|
| 0 | Approved
Note: PayPal processor: Warning information may be returned that may be useful to the request application. See the API error codes on the PayPal developer website for information on corrective actions. |
| 1 | User authentication failed. Error is caused by one or more of the following: - Login information is incorrect. Verify that USER, VENDOR, PARTNER, and PASSWORD have been entered correctly. VENDOR is your merchant ID and USER is the same as VENDOR unless you created a Payflow Pro user. All fields are case sensitive.Other reason why you'd recieve this error are: - Invalid Processor information entered. Contact merchant bank to verify. - " Allowed IP Address " security feature implemented. The transaction is coming from an unknown IP address. See PayPal Manager online help for details on how to update the allowed IP addresses. - You are using a test (not active) account to submit a transaction to the live PayPal servers. Change the host address from the test server URL to the live server URL |
| 2 | Invalid tender type. Your merchant bank account does not support the following credit card type that was submitted. |
| 3 | Invalid transaction type. Transaction type is not appropriate for this transaction. For example, you cannot credit an authorization-only transaction |
| 4 | Invalid amount. Error is caused by one or more of the following: -Wrong format for the currency in use; example for USD, use the format: "#####.##" Do not include currency symbols or commas. -Your merchant account has a limit on the amount that can be charged and the amount exceeds that. |
| 5 | Invalid merchant information. Processor does not recognize your merchant account information. Contact your bank account acquirer to resolve this problem. |
| 6 | Invalid or unsupported currency code |
| 7 | Field format error. Invalid information entered. See RESPMSG. |
| 8 | Not a transaction server |
| 9 | Too many parameters or invalid stream |
| 10 | Too many line items |
| 11 | Client time-out waiting for response |
| 12 | Declined. The transaction was declined by the card-issuing bank or by PayPal Risk. Some of the reasons why you might receive a decline are: - Possible incorrect AVS (street-zip) or CSC (CVV2) information. - Card does not have enough funds on it. - Card no longer valid; account closed, reported lost or stolen. - Flagged by Risk for various reasons. Remember, since refunds (credits) are now online it is possible that a refund will fail with a RESULT=12 for the same reasons above. If all the items above do not pertain, then the customer should call their card issuing bank to resolve. |
| 13 | Referral. This is a referral transaction that requires approval via voice authorization by contacting your merchant bank and submitting a voice (TRXTYPE=F) transaction.Some of the reasons you might receive a referral are: - Possible that the card-issuing bank wants to validate the card holder; i.e. fraud prevention. - Possible the card was reported lost or stolen and card-issuing bank wants the card obtained. Regardless, you would either need to decline the card or call your merchant bank for approval. |
| 19 | Original transaction ID not found. The transaction ID you entered for this transaction is not valid. See the value in RESPMSG for more information. |
| 20 | Cannot find the customer reference number |
| 22 | Invalid ABA number |
| 23 | Invalid account number. Check credit card number and bank account number, and make sure the ACCT value contains no spaces, non-numeric characters, or dashes. |
| 24 | Invalid expiration date. Check card expiration date and re-submit. |
| 25 | Invalid Host Mapping. Error is caused by one or more of the following:
|
| 26 | Invalid vendor account. Login information is incorrect. Verify that USER, VENDOR, PARTNER, and PASSWORD have been entered correctly. VENDOR is your merchant ID and USER is the same as VENDOR unless you created a Payflow Pro user. All fields are case sensitive. |
| 27 | Insufficient partner permissions |
| 28 | Insufficient user permissions |
| 29 | Invalid XML document. This could be caused by an unrecognized XML tag or a bad XML format that cannot be parsed by the system. |
| 30 | Duplicate transaction |
| 31 | Error in adding the recurring profile Profile creation in the pilot (test) environment is limited to 100 active profiles. You will receive this error and a RESPMSG of "Error in adding the recurring profile. Maximum number of active profiles in pilot environment reached." when you exceed the limit. |
| 32 | Error in modifying the recurring profile |
| 33 | Error in canceling the recurring profile |
| 34 | Error in forcing the recurring profile |
| 35 | Error in reactivating the recurring profile |
| 36 | OLTP Transaction failed |
| 37 | Invalid recurring profile ID |
| 38 | Recurring profile deactivated This could be due to declined credit card or a returned ACH payment. |
| 50 | Insufficient funds available in account |
| 51 | Exceeds per transaction limit |
| 52 | Permission issue. Attempting to perform a transaction type, such as Sale or Authorization, via API call on a Payflow Link account. Payflow Link accounts must use the hosted checkout page for sale or authorizations. An API call can be used for all other transaction types. |
| 99 | General error. See the value in RESPMSG for more information. |
| 100 | Transaction type not supported by host. |
| 101 | Time-out value too small. PayPal Australia: Invalid transaction returned from host (can be treated as an invalid transaction or a decline) |
| 102 | Processor not available. The financial host was unable to communicate with the external processor. These transactions do not make it out of the Payflow network and will not settle or appear on processor reports. |
| 103 | Error reading response from host. The financial host could not interpret the response from the processor. This error can result in an uncaptured authorization if the transaction is an authorization or a sale, except on the following processors: - PayPal Australia: Time-out reversal logic should reverse the transaction. According to PayPal Australia, this is a best effort and is not guaranteed. - PayPal: The transaction might settle. There is no time-out reversal process on PayPal. |
| 104 | Timeout waiting for processor response. Try your transaction again. The Payflow gateway sent the transaction to the processor, but the processor did not respond in the allotted time. This error can result in an uncaptured authorization if the transaction is an authorization or a sale, except on the following processors: - PayPal Australia: Time-out reversal logic should reverse the transaction. According to PayPal Australia, this is a best effort and is not guaranteed. - PayPal: The transaction might settle. There is no time-out reversal process on PayPal. |
| 105 | Credit error. Make sure you have not already credited this transaction, or that this transaction ID is for a creditable transaction. (For example, you cannot credit an authorization.) |
| 106 | Host not available. The Payflow transaction server was unable to communicate with the financial host. This error is an internal failure, and the transaction will not make it to the processor. |
| 107 | Duplicate suppression time-out. |
| 108 | Void Transaction Error. See RESPMSG for more information and ,ake sure the transaction ID entered has not already been voided. If not, then look at the Transaction Detail screen for this transaction to see if it has settled. (The Batch field is set to a number greater than zero if the transaction has been settled). If the transaction has already settled, your only recourse is a reversal (credit a payment or submit a payment for a credit) |
| 109 | Time-out waiting for host response. The Payflow transaction server times out waiting for the transaction to complete either internally or externally. This error can result in duplicate authorizations or uncaptured authorizations on all platforms, or settled sales on PayPal Australia, PayPal and Braintree. It is suggested that a client time-out X-VPS-CLIENT-TIMEOUT value be at least 60 or more seconds. |
| 110 | Referenced auth (against order) Error |
| 111 | Capture error. The attempt to capture failed. This may be that the transaction is not an authorization, the attempt to capture an authorization transaction has already been completed, or the amount of the capture is above the allowable limit of the authorization transaction. |
| 112 | Failed AVS check. Address and zip code do not match. An authorization may still exist on the card holder's account. |
| 113 | Merchant sale total will exceed the daily sales cap with current transaction. ACH transactions only. Merchants that process ACH have a limit to the amount of ACH transactions they can process per consumer batch. Example: if the account is setup to only process $30K per consumer batch, and this transaction puts them over the $30K limit, this error is produced. Consumer batches are sent Sunday through Thursday night at 7:00 PM Pacific, but transactions processed after 7:00 PM Pacific on Thursday night and until 7:00 PM Pacific Sunday night are all combined in one consumer batch. |
| 114 | Card Security Code (CSC) Mismatch. An authorization may still exist on the card holder's account. |
| 115 | System busy, try again later. Due to either internal or external circumstances the transaction failed to complete and needs to be retried. |
| 116 | Failed to lock terminal number. Please try again later. For Moneris Solutions, another transaction or settlement is in process. Rerun the transaction later. However, if you continue to see future 116 errors, please contact Moneris and request to have additional ECR's (Terminal IDs) added to your account and then contact support and request to have them added to your account. |
| 117 | Failed merchant rule check. One or more of the following three failures occurred: -An attempt was made to submit a transaction that failed to meet the security settings specified on the PayPal Manager Security Settings page. -AVS validation failed. The AVS return value should appear in the RESPMSG.-CSC validation failed. The CSC return value should appear in the RESPMSG. |
| 118 | Invalid keywords found in string fields |
| 120 | Attempt to reference a failed transaction |
| 121 | Not enabled for feature |
| 122 | Merchant sale total will exceed the credit cap with current transaction. ACH transactions only. |
| 125 | Fraud Protection Services Filter — Declined by filters |
| 126 | Fraud Protection Services Filter
—
Flagged for review by filters
Note: RESULT value 126 indicates that a transaction triggered a fraud filter. This is not an error, but a notice that the transaction is in a review status. The transaction has been authorized but requires you to review and to manually accept the transaction before it will be allowed to settle.RESULT value 126 is intended to give you an idea of the kind of transaction that is considered suspicious to enable you to evaluate whether you can benefit from using the Fraud Protection Services. To eliminate RESULT 126, turn the filters off.
|
| 127 | Fraud Protection Services Filter — Not processed by filters Transactions will need to be re-run through the Fraud Protection Service |
| 128 | Fraud Protection Services Filter — Declined by merchant after being flagged for review by filters |
| 132 | Card has not been submitted for update |
| 133 | Data mismatch in HTTP retry request |
| 150 | Issuing bank timed out. PayPal Australia reported a timeout between their system and the bank. This error will be reversed by time-out reversal. According to PayPal Australia, this is a best effort and is not guaranteed. |
| 151 | Issuing bank unavailable. The acquirer or card issuer is not available so the transaction cannot be processed. Customer will need to provide a different credit card or try at a later time. |
| 160 | Secure Token already been used. Indicates that the secure token has expired due to either a successful transaction or the token has been used three times while trying to successfully process a transaction. You must generate a new secure token. |
| 161 | Transaction using secure token is already in progress. This could occur if a customer hits the submit button two or more times before the transaction completed. |
| 162 | Secure Token Expired. The time limit of 20 minutes has expired and the token can no longer be used. |
| 170 | Fraudulent activity detected. Carding or fraudulent activity, such as excessive card use, was found on the account and the account or credit card maybe be temporarily suspended until the issue is resolved. The RESPMSG will contain more information describing the type of activity. Note: For some instances of a RESULT 170 ; such as carding, an email will be sent to the administrators on the account informing them of the possible fraudulent activity and the action taken; such as account being blocked from future transactions.Whitelisted merchants: If PayPal Risk flags a transaction as possibly fraudulent Payflow will ignore the reason and allow the transaction to process and will return a new response parameter called 'SUCCESSWITHWARNING' with the reason why PayPal Risk declined it. Example:RESULT=0&RESPMSG=Approved&SUCCESSWITHWARNING=170:Fraudulent activity detected. Excessive use of card.PayPal merchants: As PayPal is your acquiring bank it is possible that PayPal will reject a transaction based on it's risk criteria and a 170 error could still be generated regardless of if the account is whitelisted or not. |
| 200 | Reauth error |
| 201 | Order error |
| 1000 | Generic host error. This is a generic message returned by your credit card processor. The RESPMSG will contain more information describing the error. |
| 1001 | Buyer Authentication Service unavailable |
| 1002 | Buyer Authentication Service — Transaction timeout |
| 1003 | Buyer Authentication Service — Invalid client version |
| 1004 | Buyer Authentication Service — Invalid timeout value |
| 1011 | Buyer Authentication Service unavailable |
| 1012 | Buyer Authentication Service unavailable |
| 1013 | Buyer Authentication Service unavailable |
| 1014 | Buyer Authentication Service — Merchant is not enrolled for Buyer Authentication Service (3-D Secure) |
| 1016 | Buyer Authentication Service — 3-D Secure error response received. Instead of receiving a PARes response to a Validate Authentication transaction, an error response was received. |
| 1017 | Buyer Authentication Service — 3-D Secure error response is invalid. An error response is received and the response is not well formed for a Validate Authentication transaction. |
| 1021 | Buyer Authentication Service — Invalid card type |
| 1022 | Buyer Authentication Service — Invalid or missing currency code |
| 1023 | Buyer Authentication Service — merchant status for 3D secure is invalid |
| 1041 | Buyer Authentication Service — Validate Authentication failed: missing or invalid PARES |
| 1042 | Buyer Authentication Service — Validate Authentication failed: PARES format is invalid |
| 1043 | Buyer Authentication Service — Validate Authentication failed: Cannot find successful Verify Enrollment |
| 1044 | Buyer Authentication Service — Validate Authentication failed: Signature validation failed for PARES |
| 1045 | Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid amount in PARES |
| 1046 | Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid acquirer in PARES |
| 1047 | Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid Merchant ID in PARES |
| 1048 | Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid card number in PARES |
| 1049 | Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid currency code in PARES |
| 1050 | Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid XID in PARES |
| 1051 | Buyer Authentication Service — Validate Authentication failed: Mismatched or invalid order date in PARES |
| 1052 | Buyer Authentication Service — Validate Authentication failed: This PARES was already validated for a previous Validate Authentication transaction |
RESULT values for communications errors
A RESULT value less than zero indicates that a communication error occurred. In this case, no transaction is attempted.
A value of -1 or -2 usually indicates a configuration error caused by an incorrect URL or by configuration issues with your firewall. For information on firewall configuration, see Prepare the Payflow Gateway Client Application. A value of -1 or -2 can also be possible if the Gateway servers are unavailable, or you specified an incorrect server or socket pair. A value of -1 can also result when there are internet connectivity errors. Contact Customer Service regarding any other errors.
Details of the response message may vary slightly from the message shown in the table, depending on your SDK integration.
| RESULT | Description |
|---|---|
| - 1 | Failed to connect to host |
| - 2 | Failed to resolve host name |
| - 5 | Failed to initialize SSL context |
| - 6 | Parameter list format error: & in name |
| - 7 | Parameter list format error: invalid [ ] name length clause |
| - 8 | SSL failed to connect to host |
| - 9 | SSL read failed |
| - 10 | SSL write failed |
| - 11 | Proxy authorization failed |
| - 12 | Timeout waiting for response |
| - 13 | Select failure |
| - 14 | Too many connections |
| - 15 | Failed to set socket options |
| - 20 | Proxy read failed |
| - 21 | Proxy write failed |
| - 22 | Failed to initialize SSL certificate |
| - 23 | Host address not specified |
| - 24 | Invalid transaction type |
| - 25 | Failed to create a socket |
| - 26 | Failed to initialize socket layer |
| - 27 | Parameter list format error: invalid [ ] name length clause |
| - 28 | Parameter list format error: name |
| - 29 | Failed to initialize SSL connection |
| - 30 | Invalid timeout value |
| - 31 | The certificate chain did not validate, no local certificate found |
| - 32 | The certificate chain did not validate, common name did not match URL |
| - 40 | Unexpected Request ID found in request |
| - 41 | Required Request ID not found in request |
| - 99 | Out of memory |
| - 100 | Parameter list cannot be empty |
| - 103 | Context initialization failed |
| - 104 | Unexpected transaction state |
| - 105 | Invalid name value pair request |
| - 106 | Invalid response format |
| - 107 | This XMLPay version is not supported |
| - 108 | The server certificate chain did not validate |
| - 109 | Unable to do logging |
| - 111 | The following error occurred while initializing from message file: < Details of the error message > |
| - 113 | Unable to round and truncate the currency value simultaneously |
Processor-specific response parameters
Some of the response parameters returned in a Payflow transaction are processor-specific and are returned only to merchants who use a certain processing platform. For a list of processing platforms supported by Payflow, see Processing Platforms Supporting Card-Present Transactions.
See the following response parameters specific to a particular processing platform:
- FISERV North response parameters
- Litle response parameters
- PayPal Australia response parameters
- TSYS response parameters
FISERV North response parameters
Merchants who use FISERV North receive the following response parameters:
| Parameter | Description |
|---|---|
PAYMENTADVICECODE |
Also known as Merchant Advice Code(Mastercard) and Recurring Payment Cancellation (Visa); this is used by card issuing banks to clearly communicate to merchants the reason for declining a Mastercard and Visa recurring payment transaction, and the actions merchants can take to continue to serve their recurring payment customers; to receive this response, VERBOSITY must be HIGH and the Recurring flag, RECURRING, must be set.Character length and limitations: 12 alphanumeric characters. |
ASSOCIATIONRESPCODE |
The Association Response Code returns the raw error code by the card associations. The first character is the card type and last three are the error code returned. Character length and limitations: 4 alphanumeric characters. The card types are A for American Express, D for Discover, V for Visa, M for Mastercard, O for Other |
Litle response parameters
Merchants who use the Litle processing platform might see the following transaction response parameters.
| Parameter | Description |
|---|---|
TYPE |
Defines the type of account used in the transaction in terms of card association, card company, PayPal Credit, PayPal, or eCheck. |
AFFLUENT |
Has two possible values: - MASS AFFLUENT Returned for certain Visa and Mastercard cards indicating high income customers (
>
100K annual income). - AFFLUENT Returned for certain Visa and Mastercard cards indicating high income customers with high spending patterns (
>
100K annual income and
>
40K in card usage).
|
Litle automatic account updater
The Litle Automatic Account Updater feature identifies outdated payment card information, "repairs" it, and substitutes new card information before submitting the transaction to the network. To use this feature, you must sign up directly with Litle.
After signing-up for this feature, Payflow merchants will receive a few extra transaction response parameters only for transactions in which the customer's account information has been updated.
If the customer's card number and/or expiration date are currently different from the information passed in the Payflow transaction request, merchants will receive some or all of the following transaction response parameters.
| Parameter | Description |
|---|---|
CCUPDATED=Y |
This response parameter is returned if either or both the account number and expiration date have changed. |
ACCT |
If the card number has changed, the last 4-digits of the new card number will also be returned in the ACCT response parameter. Should you require the full credit card number you will need to contact Litle to obtain the complete card number. |
EXPDATE |
If the card expiration date has changed, the updated expiration date will also be returned in the EXPDATE response parameter. |
As a result, merchants utilizing this feature should check for the presence of the CCUPDATED=Y response parameter, and if it is returned should also check for the presence of the ACCT and EXPDATE response parameters to determine what information has been updated.
If you would like to test your integration for this feature, see Testing the Litle Automatic Account Updater Feature.
PayPal Australia response parameters
Merchant who use PayPal Australia receive the following response parameters:
| Parameter | Description |
|---|---|
RRN |
Retrieve reference transaction. Character length and limitations: 12 alphanumeric characters. |
STAN |
Systems trace audit number. Character length and limitations: 6 numeric characters. |
TSYS response parameters
Merchants who use the TSYS processing platform for authorization transactions must pass VERBOSITY=HIGH in the request to obtain these response parameters:
| Parameter | Description |
|---|---|
ACI |
Authorization Characteristics Indicator (ACI). This indicator provides information on the conditions or characteristics of the authorization code. Character length and limitations: 1 alphanumeric character. |
VALIDATIONCODE |
Contains a Transaction Identifier associated with the transaction being settled. Character length and limitations: 4 alphanumeric characters. |