PPS ORIAN API
The ORIAN Transaction
To integrate with the ORIAN Delegated Authorisation or Transaction Notification capability the integrator must be prepared to receive the ORIAN Transaction resource (data object). The ORIAN Transaction provides a standardised representation of transactions processed on a variety of underlying payment schemes . In order to integrate transactions through the ORIAN API it is necessary to understand certain ORIAN and more general transaction processing concepts.
Transaction Processing
Overview
A transaction, as published through the ORIAN API, may represent one of the following activities:
- A movement of funds between two parties. Examples of such financial transactions include purchases or refunds from stores, bank payments and other back-office activities.
- A request by one party to perform some non-financial activity. Typical non-financial transactions are balance enquires or card block activities. Note that where a fee is charged for a non-financial transaction it may also represent a movement of funds between the two parties.
Payment Schemes
A scheme represents a channel or entity capable of initiating transactions. Examples of schemes include Mastercard, Faster Payments and PPS Web Authorisation amongst many others. Contact PPS to determine the specific schemes applicable to a programme.
The supported lifecycle of a transaction is defined by the payment scheme which may specify:
- A single transaction event or a separate authorisation and clearing phase
- The ability to cancel (reverse) previous transaction activity
- Restrictions on the ability of the processor to approve or decline transactions
- Additional features or capabilities of the payment network
Authorisation
Authorisation is the processes of arriving at a decision to allow or decline a request for payment. Such decisions may be made on a wide variety of criteria bit will typically ask questions such as:
- Does the account balance have sufficient funds or remaining credit to cover the transaction?
- Does a purchase exceed any limits defined to guard against fraud (e.g. a daily ATM spend limit)?
- Has the card reached its expiry date?
Depending on the payment scheme an authorisation decision may indicate the completion of the transaction (a financial movement of funds) or simply a temporary reservation of funds where a separate clearing phase is mandated.
Clearing
Payment schemes that mandate a separate clearing phase will typically submit clearing or settlement instructions relating to previously approved authorisations. Such instructions may be received in real-time (usually soon after the related authorisation) or submitted in batches at an agreed interval. In general, such instructions, are considered to represent the final state of a transaction and cannot be declined. Clearing instruction may typically confirm the original authorisation details but may also change financial amounts and include additional data.
While clearing instructions cannot typically be declined, payment schemes may provide further mechanisms by which unapproved transactions values can be reclaimed. For example, if a clearing record exceeds the amount of the original authorisation and the account is unable to cover the additional cost, Mastercard would allow losses to be reclaimed through its Chargeback process.
Many payment schemes with separate authorisation and clearing phases mandate, in some circumstances, the acceptance of clearing records that have not been previously authorised. Such transactions, termed 'offline', would typically require a dispute mechanism where the funds cannot be covered by the account.
ORIAN Key Fields
ORIAN supplies a large number of properties to describe a transaction although not all properties will be relevant for all payment schemes and transaction types. See the API documentation for full details of available fields.
The following key fields are mandated or typically present and are required to understand the ORIAN Transaction and its lifeycle.
Id and Version
Every transaction has a unique identifier assigned by PPS that will be received for all versions of the Transaction. Two events received with the same Transaction Id should be assumed to represent the same Transaction.
The Version indicates the revision of the Transaction resource. For example, an Authorised transaction published to the ORIAN endpoint might have a Version of 1. Later when the same Transaction is cleared it may be published to the ORIAN endpoint with a version of 2.
It is important to consider the Version before taking action on any Transaction published to the endpoint. While PPS will make best effort to always deliver notifications in the order they occurred there exists the possibility that events could arrive out of sequence. In the case that a Transaction event is received with a Version lower than a Version already received for the same Transaction Id implementers should discard the event.
Note that PPS also reserve the right to re-submit the latest Version of a Transactions in order to respond to potential failure situations. The ORIAN endpoint is free to discard or re-apply the Transaction event if it has already been applied.
Scheme Id
While the ORIAN Transaction abstracts many details of the underlying payment scheme the Scheme Id provides a unique identifier for each payment scheme. Contact PPS for the list of possible Scheme Ids for a programme.
Transaction Lifecycle Status
ORIAN provides a standardised representation of a Transaction across payment schemes. In order to implement the ORIAN API to accommodate a wide variety of such schemes it is important to understand the ORIAN Transaction lifecycle.
The Transaction Lifecycle Status is submitted with all Transaction events and indicates the current phase of transaction processing for all payment schemes and transaction types. As such, and depending on subscribed features, an endpoint may see the same Transaction at different stages in its lifecycle.
The allowed lifecycle statuses are:
| State | Description |
|---|---|
| Authorisation Requested | The payment scheme has requested authorisation but the authorisation decision has not yet been made. This status will only be seen when Delegated Authorisation is configured and is the only status under which the result can be overridden in the response |
| Authorised | An authorisation request has been approved but not yet completed. This status will be seen only where the payment scheme has a separate clearing phase. |
| Complete | A final state after which the transaction will no longer be changed. Depending on the 'Result' the transaction may represent a declined or approved transaction. |
| Cancelled | A transaction has been cancelled by the payment scheme. Typically this implies a received reversal and is supported by most payment schemes. A 'Cancelled' transaction can have no financial impact. This is a final state. |
| Expired | A transaction authorisation (previously in the 'Authorised' state) has not been completed within a configured time window. Any previous reservation on the balance is removed. This is a final state. |
| Manually Expired | A transaction authorisation was manually expired. Typically manual expiry will be performed to preempt an automatic expiry or where an expiry rule has not been setup. This is a final state. |
The ORIAN Transaction Lifeycle state model
Transaction Result
The Transaction Result indicates the authorisation decision taken by PPS or by the External Authorisation Endpoint. The Transaction Result may have one of the following values:
| State | Description |
|---|---|
| Approved | The authorisation request was approved. |
| Decline | The authorisation request was declined. A declined authorisation can have no financial impact. The reason for the decline will be given in the Result Detail field |
| Partially Approved | The authorisation request was approved for less than the requested amount. This behaviour is supported by certain payment schemes. |
| Approved with Exception | The authorisation request was approved despite validation failures. This is supported by some payment schemes where it is not possible to decline for some reasons. The exception will be given in the Result Detail field |
Note that the Transaction Result must be considered with the Transaction Lifecycle Status to understand the true status of a Transaction. For example a Transaction with a Transaction Result of 'Approved' (the authorisation decision) may have a Transaction Lifecycle Status of 'Cancelled' or 'Expired'. In such a case any funds reserved or debited by the Transaction because of the approval should be reversed.
Payee and Payer
The Payee and Payer define the parties involved in the transaction.
In a financial Transaction the Payee is always the party in receipt of funds represented by the Transaction. Where the Payee is a PPS account we would expect the balance to be credited by the amount of the transaction. For a non-financial Transaction the Payee is the party requesting the non-financial activity.
In a financial Transaction the Payer is always the party providing the funds represented by the Transaction. Where the Payer is a PPS account we would expect the balance to be debited by the amount of the transaction. For a non-financial Transaction the Payer is the party performing the non-financial activity.
Supported Payee and Payer types are:
| Type | Description |
|---|---|
| Acceptor | A Merchant store or other payment acceptor |
| Account | A PPS Account |
| Card | A PPS Card. Account details will also be provided for all card transactions. |
| Bank Account | The details of a PPS or external bank account. |
See the API documentation for full details of the specific properties provided for each Payee/Payer type.
Transaction Amounts
An ORIAN Transaction defines the following financial amounts:
| Amount | Description |
|---|---|
| Requested | The amount requested by the originating party. Note that this is the Payee for a debit transaction and Payer for a credit |
| Cardholder | The amount in the currency of the cardholder account balance. Where necessary PPS will have performed currency conversion between the Requested and Cardholder amount |
| Cardholder Final | The actual amount to be debited from the Payer and credited to the Payee. This amount may be the same as the Cardholder amount or may include additional fees or charges applied by PPS |
Where a payment scheme supports a separate authorisation and clearing phase the Transaction may include two sets of currency amounts under the Authorisation and Clearing properties. Note that when present the Clearing amounts should always take precedence as the true value of the Transaction.
3DS Secure Auth Results
| txn_secure_auth_result | Description | Liability Shift | AAV LI | SLI | Exemption Flag |
|---|---|---|---|---|---|
| FULLY_AUTHENTICATED_FRICTIONLESS | Transaction was sent to 3DS and merchant did not request an exemption. ACS chose not to challenge the cardholder, based on risk profile. | Issuer | kA | 212 | - |
| FULLY_AUTHENTICATED_CHALLENGE | Transaction was sent to 3DS and the cardholder was challenged. Cardholder successfully completed SCA. | Issuer | kB | 212 | - |
| FULLY_AUTHENTICATED | Authenticated via 3DS V1 (now deprecated) | Issuer | j | 212 | - |
| AUTHENTICATION_ATTEMPT | Transaction could not be authenticated by ACS. Mastercard Smart Authentication Stand-In was applied, and considered the transaction not low risk. | Issuer | kE | 211 | - |
| AUTHENTICATION_ATTEMPT_STAND_IN | Transaction could not be authenticated by either ACS or Mastercard Smart Authentication. | Issuer | kF | 211 | - |
| FULLY_AUTHENTICATED_STAND_IN | Transaction could not be authenticated by ACS. Mastercard Smart Authentication Stand-In was applied, and considered the transaction low risk. | Issuer | kC | 211 | - |
| EXEMPT_LOW_VALUE_MERCHANT | Merchant/Acquirer chose not to undergo 3DS, and instead requested a Low Value Payment exemption. | Merchant | - | 210 | 04 |
| EXEMPT_LOW_VALUE_AUTHENTICATED | Merchant/Acquirer went through 3DS, but requested a LVP exemption, so cardholder was not challenged. | Merchant | kN | 216 | 04 |
| RECURRING_TRANSACTION_AUTHENTICATED_FRICTIONLESS | Subsequent recurring transaction went through 3DS, but was frictionless as the original recurring transaction had been authenticated. | Issuer | kO | 217 | - |
| RECURRING_TRANSACTION_AUTHENTICATED_CHALLENGE | Subsequent recurring transaction went through 3DS, but was challenged. | Issuer | kP | 217 | - |
| EXEMPT_RECURRING_TRANSACTION_MERCHANT | Merchant chose not to undergo 3DS for a recurring transaction, and requested an exemption in the txn authorisation. | Merchant | - | 210 | 01 or 03 |
| EXEMPT_SECURE_CORP_PAYMENT_AUTHENTICATED | Merchant went through 3DS but requested an exemption due to the transaction being a secure corporate payment. | Merchant | kN | 216 | 06 |
| EXEMPT_RISK_ANALYSIS_MERCHANT | Merchant did not go through 3DS, and requested an exemption due to the transaction being low risk. | Merchant | - | 210 | 02 |
| EXEMPT_RISK_ANALYSIS_AUTHENTICATED | Merchant went through 3DS but requested an exemption due to the transaction being low risk. | Merchant | kN | 216 | 02 |
| AUTHENTICATION_OUTAGE | Transaction could not be authenticated due to an outage. Attempts donβt apply. Merchant proceeded to transaction anyway. | Merchant | - | 210 | 07 |
| INSIGHTS_AUTHENTICATED | Merchant received Smart Authentication insights, and used the risk score to decide not to undergo 3DS. | Merchant | kX, kY, kZ | 214 | - |
| AUTHENTICATED_ACQUIRER_SCA_EXEMPTION | Merchant went through 3DS and requested an exemption for any other reason not covered above. | Merchant | kN, kU, kV, kW | 216 | - |