Visa Account Updater (VAU) and MasterCard Automatic Billing Updater (ABU) are mechanisms for updating cardholder account information electronically among participating card issuers, payment processors, and merchants who accept account‐on‐file transactions.
Through the account updater process supported by Moneris, participating merchants may request updated card numbers for cards replaced for reasons such as:
- The card was reported as being lost, stolen, or damaged
- The card was replaced during the usual three year replacement cycle
- Portfolio flips where an issuer switches brands or entire product lines are reissued
- SFTP Batch File
- The merchant stores card data in their system
- The merchant sends the batch file for processing to the Moneris Gateway and returns the next day for a response file containing updated card information
- Auto Managed by the Moneris Gateway
- For merchants using Vault and/or Recurring Payments
- No integration needed
- Moneris Gateway automatically sends all card data within the existing Vault/Recurring Payments profile to VAU/ABU to retrieve any updated Information
- Moneris Gateway automatically updates the existing Vault/Recurring Billing profile on behalf of the merchant
- Increased number of authorization approvals by minimizing payment disruptions due to account changes
- Simplified account‐on‐file transactions with always up‐to‐date cardholder credit card information
- Higher sales and lower customer turnover due to accurate customer database information
- Helps to reduce operating costs as employees can focus on other business activities rather than contacting customers for up‐to‐date credit card information
- Helps to increase customer satisfaction with no customer contact required
Application Program Interface (API)
Moneris Gateway Application Program Interface (API) option provides you with control over the entire shopping process as it integrates easily into your web store. Moneris transaction APIs are available in a variety of different web programming languages and enable you to process transactions directly from your website
Moneris Gateway offers a set of simplified North American Application Program Interfaces (APIs) for integrating the merchant’s solution with the most secure payment capabilities available, including:
- Credit, Debit, and EMV
- End‐to‐End Encryption
- Hosted Tokenization
- Vault and Customer Database
- Level 2/3 Data
- Embedded/Hosted Web Solutions
Moneris is the only North American processor with the authorization to self certify EMV solutions on behalf of the Card Associations.
- Moneris Gateway supports a wide variety of web centric development languages (e.g., .NET, Java, PHP, etc.) via intuitive APIs
- The Moneris Developer Portal provides developers with the documentation and API packages necessary to integrate with the Moneris Gateway
- APIs support a number of fraud‐reduction features which return an instantaneous response identifying potential fraud risks
- Transactions are processed directly from the merchant’s website or payment solution, receiving real‐time responses which can be used by the merchant to make decisions around transaction acceptance, shipment, and inventory management
- Merchants can take full control of their customers’ online experience with their website or payment solution, customizing it for their business needs and processes
- Flexible integration options allow merchants to incorporate only those functions they wish to automate
- Leverage any available features within the merchant’s application that maximize the functionality of their customers’ experience
- The transaction is processed directly from the merchant’s website or application which provides a seamless checkout experience
- Layered fraud protection provides a secure environment for merchants and their customers to transact safely with peace of mind
Batch File Upload
Moneris’ batch upload process has been designed to support merchant that require an easily accessible upload facility to process large groups of transactions that do not have real-time response requirements. These transactions may or may not have originated as eCommerce transactions that were previously processed as pre-authorizations via the Moneris Payment Gateway. Upon receiving the files, Moneris will process the input file and create an output file for the merchant. The input file is a series of transactions (Purchase, PreAuth, Completion, Purchase Correction, Refund). The output file is a series of receipts, indicating the outcome of each transaction as seen in the Response DTD section below.
These batch files are based on the XML format (i.e. DTD) provided to the merchant. If the files do not conform to the DTD then transactions will be rejected. Conforming files will be processed in a quick and efficient manner. These processed files can be retrieved for up to 24 hours after delivery. It is therefore recommended that merchants deposit and pick up their files immediately after processing is complete.
The delivery/retrieval of the files must be done via secure FTP (secure file transfer protocol). This mechanism guarantees a safe and encrypted information exchange from merchant to Moneris and back to merchant. Secure FTP is widely accepted and uses the SSL (Secure Sockets Layer protocol) to send and receive data.
The merchant that signs up to use this facility will receive from Moneris a “User Id and Password”. In addition they will be given a location (hostname /IP address) to connect to and a directory. In this directory they will use the secure FTP to deposit/retrieve the appropriate files. The filename is predetermined by Moneris. In this same directory the user will find a file that contains the processed information. This information is a compendium of receipts for all the requested transactions. As with the inbound file, the outbound file is a conforming XML file. This will allow the merchant to parse the information in a meaningful manner
If you process a large amount of transactions on a daily, weekly or monthly basis that do not require a real-time authorization response, then the Batch Processing module will meet your business needs. Processing batch transactions through Moneris Gateway is a seamless and secure process, as batch files can be created in any spreadsheet or database program and saved in a CSV format, or sent via XML. All batch files are transferred to Moneris’ secure servers for processing using an industry standard Secure File Transfer Protocol (SFTP).
Batch processing is ideal for merchants in the following businesses:
- Publishing – newspapers, magazines, book clubs
- Communications – Internet service providers
- Charities – one-time or regular contributions
- Parking – lots and garages
- Insurance – personal, auto, travel
- Utilities – cable, hydro, gas, oil
- Government – tax collection, educational institutions.
- Save time. Reduce manual input by automating your billing process.
- Enhance security. Transfer your files to Moneris for processing over a 128-bit encrypted connection using SFTP.
- Reduce errors. Since all batched transactions are sent in a single file, there is no risk of a transaction dropping or you having to reinitiate your batch.
- Flexible processing. Create and send your batch files when it’s right for you by simply logging onto the Virtual Terminal.
By definition, a batch file may be used to forward large groups of transactions for processing. Merchants may forward multiple transaction types, for multiple card plans in a single batch for processing, provided that the merchant is registered for the card plans included in the file.
The CSV Batch File option refers to the ability to upload batch files where the fields are presented in a comma delimited format.
Moneris Gateway has a variety of fraud management tools that complement one another and can assist in providing enhanced protection for merchants and their customers.
- Real-Time Cardholder Authentication: Verified by Visa (“VbV”) and MasterCard SecureCode are online cardholder authentication services that verify the authenticity of an online shopper to their issuer, in real time, through the use of a unique personal code.
- Card Verification Value (CVV): CVV is a 3‐4 digit code located on all current credit cards for additional verification that the cardholder is in possession of their card.
- Address Verification Service (AVS): Allows e‐Commerce merchants to check a cardholder’s billing address with the card issuer in order to reduce online credit card fraud and help ensure that lost or stolen cards are not being used for fraudulent activity.
- Transaction Risk Management Tool (TRMT) (Canada only): Provides advanced fraud mitigation technology to help identify and prevent a potentially fraudulent transaction, all in real‐time:
- Device Fingerprinting uses non‐personally identifiable information to identify the PC or device being used to send the transaction
- IP address information from which the transaction is originating
- Payment demographics (e.g., country of Issuer)
- Velocity checking (e.g., repeat purchases from the same device, card, email, or IP address)
- Geo-location examination to identify suspicious use from locations that do not match card issued or shipping address
- Helps to reduce fraud and chargebacks by identifying potentially fraudulent transactions in real time
- When fraud tools are used to fully authenticate a transaction, there is a liability shift from the merchant to the issuer for fraudulent transactions
- Merchants save time and money spent on resolving cardholder disputes by helping to reducing exposure to potential fraud and unwarranted chargebacks
- Helps to increase customer confidence by offering a secure shopping environment that gives customers the confidence they need to shop online
Hosted Pay Page
Moneris Gateway Secure Payment Page option is hosted by Moneris and seamlessly re-directs your customer to a secure payment page that allows them to pay for goods. There is no need to purchase an SSL certificate, and all cardholder information is captured and protected by Moneris.
- The merchant’s website redirects cardholders to a secure Moneris Hosted Pay Page
- Merchants have the option to embed the payment form within an iFrame on their checkout page
- Both standard and mobile layout options are available
- No need to purchase an SSL certificate
- Decreased PCI/PA‐DSS requirements
- Secure details (i.e., Account Number, AVS, and CVD) are collected and submitted by Moneris
- Quick HTML Form POST integration into the merchant’s website results in reduced development time
- No development work required to support Verified by Visa (VbV), MasterCard SecureCode (MCSC) and Transactional Risk Management Tool (TRMT) fraud protection features.
Hosted Vault is a solution for online eCommerce merchants that do not wish to handle credit card numbers directly on their websites but want to store cardholder data in exchange for a token.
- Register a customer profile for future use and transaction processing
- Search and Update profile
- Only credit card/ACH info is registered in the Vault in exchange for a token
- Helps to reduce risk by storing sensitive data on Moneris’ secure PCI‐certified servers
- Removes sensitive data from the merchant’s system. With no card storage the merchant will have less PCI certification efforts
- Merchants may process a transaction at any time without the cardholder or their payment details being present
Hosted Tokenization (HT) is a solution for online e‐Commerce merchants that do not wish to handle credit card numbers directly on their websites but want to have the ability to fully customize their checkout page appearance.
- Moneris Gateway will display text boxes on the merchant's behalf on their checkout page
- No payment data is collected on the merchant's website
- A temporary token is used by Merchant to process transaction rather than the credit card number.This token can be made permanent through an API request and stored in the Moneris Gateway Vault.
- Mobile compatible
- Reduces PCI/PA‐DSS assessment scope of custom integrations
- Merchants have the ability to fully customize the checkout experience
Merchant Resource Center (MRC)
The Merchant Resource Center (MRC) or Virtual Terminal module allows your business or organization to accept credit cards over the phone, by fax or through the mail and obtain authorizations quickly and securely in real time over the Internet. The Virtual Terminal module is easily accessible using most current web browsers and all transactions are processed securely. This solution is ideal for businesses that operate in call centre or order desk environments.
Download MRC Guides
- Acts as an out‐of‐the‐box card processing terminal accessible across multiple locations
- Includes a back‐office reporting tool that supports ad hoc queries of transaction history regardless of where the transaction originated (e.g., online, mobile, etc.) in both onscreen and downloadable formats
- User Access management and Account Administration
- Fully PCI/PA‐DSS certified
- Supports different card acceptance scenarios (e.g., Mail Order/Telephone Order (MOTO), EMV Card‐Present Acceptance, Recurring Payment Scheduling, Book & Ship Processing, etc.)
- Can be enabled to support card present transactions by connecting a certified card reader or EMV capable PIN pad
- Designed, built, hosted, and supported by Moneris
- Reduce errors and lost sales. Transactions are authorized in real time, while your customer is on the phone.
- Improve cash flow. Receive payment from your customers faster and have access to your funds within two business days.
- Increase sales efficiencies. Multiple users can sign on and process transactions on different computers at the same time.
- Track employee usage easily. Management can assign access to employees based on their role, then track usage to ensure accountability.
- Reduce fraud. Integrated eFraud tools such as Address Verification Service (AVS), and Card Validation Value (CVV) help identify potential fraudulent transactions before an order is fulfilled
Distinguishes between the Moneris QA environment available for testing vs the live production environment which will connect to the live processing host.
Merchant Resource Centre URL
Indicates the URL to access the login screen for the Merchant Resource Centre.
If using a personal QA account, please ensure this is your Developer Portal email address. If you have not yet requested a personal test store, you may do so here.
You can also use one of the existing stores with the following username
Provided by Moneris once you activate your production merchant account. If you have not yet activated your merchant account, please click here. This will be a unique username you define.
Indicates the username of the person logging into the MRC. All activities done within the MRC will be tracked under this username so we recommend ensuring each employee is provided with their own access to the portal. Please do not share user accounts as this may pose security risks.
If using a personal QA account, please ensure this is the Store ID that has been assigned to you within the Developer Portal. If you have not yet requested a personal test store, you may do so here.
You can also use one of the existing stores with the following store ID
Provided by Moneris in your activation letter. If you have not yet received your merchant account details, please speak to your account manager or contact our Customer Service team at 1-866-319-7450.
Indicates the unique store ID for your merchant account. This store ID is considered your merchant identifier for all transactions processed on this account whether they were done within the Merchant Resource Centre Virtual Terminal, online via API, via a batch file upload process, etc. This is a secure identifier, so please save on file but keep the store ID safe.
If using a personal QA account, the password for the MRC is the same as your password for the Developer Portal. If you have not yet requested a personal test store, you may do so here. Please note though that if you update your password via the MRC in future, it will no longer be the same as your Developer Portal password.
You can also use one of the existing stores with the following password
Provided by Moneris once you activate your production merchant account. If you have not yet activated your merchant account, please click here. This will be a unique password you define.
Indicates the password for the Merchant Resource Centre login. Please do not share user accounts as this may pose security risks.
Recurring Payment - Recurring Billing
Do you bill your customers automatically for routine products or services on a monthly or weekly basis? If you are a membership-based or subscription service organization, or even a charitable organization, then the Recurring Payment module is the right solution for you. The Recurring Payment module allows you to take control of the customer billing process by giving you the flexibility to set up automated, recurring payments for fixed amounts on your customer’s credit card. With this module you can set up and manage payments, schedule payment frequency and duration, suspend payments as required and generate credit card expiration reports in advance of upcoming billing. Moneris also stores and protects all of the credit card information, so you don’t have to worry about keeping it on file.
- Automatically charge a fixed amount to a customer’s credit card at defined intervals
- Merchants can view card expiration dates two months before the card expires
- Reduce administration time. Access transaction reports with the click of a button and eliminate the process of manually diarizing cheque payments.
- Improve cash flow. Get paid faster – once a credit card is authorized, the funds are channelled to your bank account and you can access them within two business days.
- Reduce errors. Automated payment on credit cards reduces all of the errors that occur with the acceptance of cheques, such as encoding problems and wrong amounts or dates.
- Reduce collection expenses. Time spent collecting missed payments can be very costly, especially with NSF cheques.
- Increase customer satisfaction. When customers pay for routine bill payments using their credit card, they often benefit by collecting additional loyalty points.
- Reduce security risk. Store customers’ credit card information on our secure servers and limit the risk of cardholder account compromise.
Moneris Gateway’s Vault allows you to securely register and store your customer's credit card account information on Moneris' secure servers. This reduces your investment in technology and PCI compliance efforts, while minimizing security risks.
If you require the ability to bill your customers for routine products or services whenever a payment is due, then the Moneris Gateway’s Vault is the right solution for your business.
- Register a customer profile for future use and transaction processing
- Search and update customer records at any time
- Create new transactions (e.g., Purchase, Refund, etc.) and set up Recurring transactions from the customer’s profile in Vault
- Check for expired accounts
- Improve cash flow. Get paid faster as once an electronic payment is authorized, the funds are transferred directly to your bank account.
- Increase customer satisfaction. Your customers won’t have to re-enter their account information when they return to make a repeat purchase.
- Enhanced security. Reduce technology, infrastructure, data storage costs and security risks by storing customer’s account information on Moneris’ secure servers.
Verified by Visa (VbV)
Verified by Visa (VbV) is a program initiated by Visa. Before approving a transaction Moneris Gateway and the Bank that issues the Visa credit cards will attempt to authenticate the cardholder through the use of a password, similar to a debit PIN. When an authentication is attempted the merchant is protected from chargebacks.
MasterCard SecureCode (MCSC)
MasterCard SecureCode (MCSC) is a new feature offered by MasterCard. Merchants who have enrolled in this program with Moneris and Moneris Gateway will be able to offer their customers added protection against unauthorized credit card use, as well as protect themselves from fraud-related chargebacks. Cardholders that have applied for SecureCode with their issuing bank will be able to use this password similar to a debit PIN number for online transactions with participating online merchants.
Tokenization is the process of replacing sensitive card data with a unique identifier that represents the payment data. The card is enrolled and exchanged for a token – This token replaces the card number in the merchant’s system for future transactions while the actual payment data is stored on Moneris’ secure servers. When the merchant initiates a transaction using a token, Moneris completes the card match and processes the transaction.
- Non‐mathematical algorithm used to determine token (The registered credit card number is assigned a static token)
- A different alphanumeric token is provided for each new registration
- Enrolment can take place online or at the point–of‐sale (POS)
- Reporting is available to clearly identify tokenized transactions vs non‐tokenized transactions
- Development and customization maintained in‐house at Moneris
- Global Tokenization gives merchants the ability to store and share tokens amongst multiple merchant locations*
*Locations must be same legal entity as merchant, i.e., all corporate locations; not franchise locations.
- Eliminates the need to store the cardholder data once registered
- Increased security: The card number cannot be derived from the token and the token is only usable by the registering merchant
- In the online world, merchants can use a modified Hosted Pay Page to collect the data and therefore remove the need to see the card data
Level 2 and Level 3 Enhanced Data processing provides additional detail along with the financial transaction to support business-to-business (B2B) payment processing. The primary values to implementing Level 2/3 Enhanced Data are:
- Providing the corporate entity with varying levels of reconciliation data related to the business transaction
- Potentially allowing the financial transaction to qualify for specific B2B interchange categories
Financial transaction data is divided into 3 levels:
- Level 1: Basic transactional information needed for an approval (eg. PAN, expiry, amount, etc.)
- This is required for all financial transaction processing
- Level 2: Additional data provided to corporate card holders for accounting and reconciliation purposes
- This includes tax amount, customer identifier, and an invoice number for transaction reference between the cardholder and the merchant
- Level 3: Full line item detail of the purchase transaction to be reported back to the corporate entity through their issuing bank
- This includes amount itemization, further tax detail, product information, and other data relevant to the goods or services purchased
When using Moneris Gateway’s Level 2/3 API, it is recommended to first determine if the credit card being passed is a corporate card by pre-authorizing the transaction. Should the issuer’s response identify a corporate card then the Level 2/3 data can be applied during capture.
This section contains information for using the Moneris Gateway’s API for sending credit card transactions. In particular it describes the format for sending transactions and the corresponding responses you will receive. This section is to be used by merchants that require the ability to pass Level 2/3 data for Visa, Mastercard and American Express.