0% found this document useful (0 votes)

9 views

Merchant_Administration_User_Guide

The Mastercard Gateway Merchant Administration User Guide provides comprehensive instructions for merchants on managing electronic orders, including features for transaction processing, risk management, and payment configurations. It includes detailed chapters on administration operations, order and transaction details, settlement processes, and payer authentication methods. The guide is intended for merchants and operations personnel, requiring knowledge of web applications and commercial practices.

Uploaded by

ligojit600

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

9 views

Merchant_Administration_User_Guide

Uploaded by

ligojit600

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 139

Mastercard Gateway

Merchant Administration
User Guide
4 October 2024

MGMA
Contents

Contents

Summary of changes, 4 October 2024.................................................................................. 8

Chapter 1: Merchant Administration demo.........................................................................9

Chapter 2: Merchant Administration introduction....................................................... 10

Intended audience................................................................................................................................. 11
Getting support..................................................................................................................................... 11
Before you begin ................................................................................................................................... 12
Types of merchant profiles...................................................................................................................12
Getting started......................................................................................................................................12
Feature access in Merchant Administration................................................................................12
Process transactions in test mode and real time....................................................................... 13
Log in to Merchant Administration............................................................................................... 13
Login fields description.............................................................................................................. 13
Log out of Merchant Administrator..............................................................................................14
Password management .................................................................................................................14
Options to reset a forgotten password.................................................................................. 14
Request a temporary password......................................................................................... 15
Merchant Administration menu..........................................................................................................16
Merchant Administration homepage ...........................................................................................16

Chapter 3: Administration operations.................................................................................. 18

Merchant configuration settings.........................................................................................................20
View configuration details..............................................................................................................20
Configuration Details...................................................................................................................... 21
Merchant Administration operator operations................................................................................ 21
Manage an operator........................................................................................................................22
Operators in Merchant Administration........................................................................................ 22
Create a Merchant Administration operator.............................................................................. 22
Merchant Administration operator details..................................................................................23
Edit an operator............................................................................................................................... 27
Unlock an operator account........................................................................................................... 29
Unlock a Merchant Administrator account..................................................................................29
Password management....................................................................................................................... 29
Password configuration compliance.............................................................................................30
Change an operator password...................................................................................................... 30
Change your own operator password.......................................................................................... 31
Manage Banamex payment plans......................................................................................................31

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 2
Contents

Manage the payment plans............................................................................................................31

Add a payment plan.........................................................................................................................32
Configure an installment...........................................................................................................33
Configure a deferral................................................................................................................... 34
Using a Payment Plan......................................................................................................................34
Enable or disable a payment plan............................................................................................35
Validations..............................................................................................................................35
Conditions to filter a payment plan........................................................................................ 36
Change a payment Plan..................................................................................................................36
Select an acquirer link......................................................................................................................36
Download the mobile software development kit and documentation........................................ 36
Integration settings configuration......................................................................................................37
Integration Authentication.............................................................................................................37
View an integration authentication..............................................................................................38
Enable a password authentication............................................................................................... 38
SSL certificate authentication.......................................................................................................39
Excessive refunds privilege..............................................................................................................39
Configure hosted checkout.............................................................................................................39
Generate a reporting API password...................................................................................................39
Wallet configuration..............................................................................................................................40
Email notifications.................................................................................................................................40
Risk assessment and transaction releases........................................................................................40
Add device payments............................................................................................................................41
Configure surcharge rules.................................................................................................................... 41
Configure PayPal................................................................................................................................... 41
Merchant hosts...................................................................................................................................... 42
Configure an allowed merchant host........................................................................................... 42
Secure Remote Commerce.................................................................................................................. 42
Click to Pay........................................................................................................................................43
Activation and Deactivation ....................................................................................................43
Enroll Another Card Brand........................................................................................................43
Unenrollment from Click to Pay............................................................................................... 44

Chapter 4: Order and transactions details........................................................................ 45

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 3
Contents

Order rejection rules..............................................................................................................50

Authorization expiry................................................................................................................... 50
Automatic authorization reversals policy..........................................................................50
Authorization update.................................................................................................................50
Authorization update policy................................................................................................ 51
Partial Captures..........................................................................................................................51
Capture a partial capture....................................................................................................51
Order totals................................................................................................................................. 52
Bypass the authorization update for an excessive capture...........................................52
Order subtotals......................................................................................................................................52
Update the surcharge amount............................................................................................................52
Purchase transaction............................................................................................................................53
Capture only........................................................................................................................................... 53
Refund only............................................................................................................................................. 53
Verify only................................................................................................................................................54
Create an order Using a Token............................................................................................................ 54
Search an order or transaction........................................................................................................... 54
Using the Search for Orders and Transactions........................................................................... 55
Using the Search Fields...................................................................................................................56
Export a search result...........................................................................................................................60
View an order or transaction...............................................................................................................62
Order and Transaction Details.......................................................................................................63
Action menu fields............................................................................................................................63
Add card numbers from the suspect or trusted Cards list.............................................................64
Remove the suspect and trusted cards............................................................................................. 65
Search criteria for risk assessment.................................................................................................... 65
Order and transaction fields for risk assessment............................................................................67
Rules for risk service providers.............................................................................................................67
Search criteria for funding status.......................................................................................................68
Search for the tokens............................................................................................................................69
Update or delete token guideline...................................................................................................69

Chapter 5: Settlement of orders..............................................................................................70

Before you begin.................................................................................................................................... 71
View unsettled transactions................................................................................................................72
Unsettled Transactions Summary.................................................................................................72
Transactions by currency.................................................................................................................72
Batch Closure Receipt..................................................................................................................... 73
Search for settlements.........................................................................................................................73
Settlement List.................................................................................................................................74
Settlement Details...........................................................................................................................75

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 4
Contents

Chapter 6: Payer authentication through 3-Domain Secure................................. 76

3DS authentication results..................................................................................................................77
3DS benefits...........................................................................................................................................77
3DS authentication versions................................................................................................................78
EMV 3DS............................................................................................................................................78
Before you begin.................................................................................................................................... 78
3DS payer experience........................................................................................................................... 79
How the EMV 3DS checkout flow works......................................................................................79
Order and transaction search..............................................................................................................80
Search an order status of an authenticated payer....................................................................80
Search the transaction details of an authenticated payer.......................................................80
Authentication search result examples........................................................................................ 81
Download the search results..........................................................................................................81
View payer authentication details......................................................................................................83
Payer authentication details..........................................................................................................83
Payment Authentications search details...........................................................................................83
Search Payment Authentication field details............................................................................. 84
Payment Authentications search parameters............................................................................ 84
Payment Authentications list page details..................................................................................85
Specific payment authentication details................................................................................86
Response details....................................................................................................................88
Extended response fields .................................................................................................... 89
Download the payment authentication data............................................................................. 89

Chapter 7: Batch management................................................................................................90

Upload a batch.......................................................................................................................................91
Batch status list.....................................................................................................................................92
Download the batch response.............................................................................................................93

Chapter 8: Gateway reports.......................................................................................................95

Search gateway reports.......................................................................................................................96
Gateway Report Search.......................................................................................................................97
Gateway report details.........................................................................................................................98

Chapter 9: Transaction filtering................................................................................................99

Before you begin..................................................................................................................................101
Supported transaction types for transaction filtering.................................................................102
Transaction filtering flow...................................................................................................................102
Pre-transaction checks................................................................................................................. 102

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 5
Contents

Post-transaction checks............................................................................................................... 103

Assessment result .........................................................................................................................103
Transaction filtering terms................................................................................................................104
Types of transaction filtering rules...................................................................................................105
Trusted Cards................................................................................................................................. 106
Add a Trusted Card ................................................................................................................. 106
Edit a Trusted Card..................................................................................................................107
Delete a Trusted Card..............................................................................................................108
Suspect Cards................................................................................................................................ 108
Add a Suspect Card................................................................................................................. 109
Edit a Suspect Card.................................................................................................................110
Delete a Suspect Card.............................................................................................................110
IP Address Range Rules.................................................................................................................111
Add the IP Address Range Rule .............................................................................................111
Delete a Blocked IP Address Range.......................................................................................112
IP country rules ..............................................................................................................................113
Add an IP Country Rule ...........................................................................................................113
Edit an IP Country Rule............................................................................................................115
Delete an IP Country Rule.......................................................................................................115
Card BIN Rules................................................................................................................................116
Before you begin.......................................................................................................................116
Add a Card BIN Rule.................................................................................................................116
Delete a Card BIN Rule............................................................................................................118
3D-Secure Rules.............................................................................................................................118
Add a 3-D Secure Rule.............................................................................................................119
3-D Secure Transaction Filtering Rules.................................................................................119
Address Verification Service (AVS) Rules........................................................................................120
Add an AVS Rule.............................................................................................................................120
Edit an AVS Rule.............................................................................................................................121
Delete an AVS Rule........................................................................................................................121
Override AVS Rules........................................................................................................................ 121
Card Security Code Rules...................................................................................................................122
Supported merchant privilege for CSC rules............................................................................ 122
Add a CSC Rule.............................................................................................................................. 122
Edit a CSC Rule.............................................................................................................................. 123
Delete a CSC Rule..........................................................................................................................123
Risk Assessments for Review.............................................................................................................123

Chapter 10: Risk management............................................................................................... 124

Before you begin..................................................................................................................................125
Internal risk...........................................................................................................................................126
3-D secure rules..............................................................................................................................126

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 6
Contents

EMV 3-D Secure authentications................................................................................................126

EMV 3-D Secure rule recommendations.............................................................................. 126
Risk determination by ACS..................................................................................................... 126
Add the 3DS rules.....................................................................................................................127
Risk rules evaluation........................................................................................................... 127
Edit the 3DS Rules................................................................................................................... 128
Delete the 3DS Rules...............................................................................................................128
Using a risk service Provider...............................................................................................................128
How the gateway processes an order........................................................................................128
3DS check.................................................................................................................................. 129
Pretransaction check............................................................................................................... 129
Post-transaction check............................................................................................................129
Risk assessment result.............................................................................................................129
Risk management questionnaire details................................................................................... 129
Complete the risk management questionnaire.................................................................. 130
Risk service provider's tenant configuration........................................................................130
Completing the risk rule configuration............................................................................130
Merchant operator's privilege definition..............................................................................130
Using both transaction filtering and a risk service provider........................................................ 131
Risk assessments for review..............................................................................................................133
View an order's risk details................................................................................................................133

Chapter 11: Mercado Pago payment method...............................................................135

How gateway configures access tokens..........................................................................................136
Configure an access token.................................................................................................................136
Edit an access token........................................................................................................................... 136
Delete an access token.......................................................................................................................137

Notices.................................................................................................................................................... 138

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 7
Summary of changes, 4 October 2024

Summary of changes, 4 October 2024

This is a summary of changes that have occurred since the previous publication of the manual.
The current version is 24.9.0.

Description of change Section

Added UnionPay 3-D Secure field. Payment Authentications search parameters
Payment Authentications list page details
Specific payment authentication details

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 8
Merchant Administration demo

Chapter 1 Merchant Administration demo

The Merchant Administration (MA) demo tutorials describe the application features and help the
Merchant Service Operators (MSOs) and operations personnel using MA to understand the usage of
this application.
Merchant Administration Tutorial

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 9
Merchant Administration introduction

Chapter 2 Merchant Administration introduction

Merchant Administration enables you to monitor and manage your electronic orders through a series of
easy-to-use screens.

Intended audience.................................................................................................................................................11
Getting support.....................................................................................................................................................11
Before you begin ...................................................................................................................................................12
Types of merchant profiles..................................................................................................................................12
Getting started..................................................................................................................................................... 12
Feature access in Merchant Administration...............................................................................................12
Process transactions in test mode and real time.......................................................................................13
Log in to Merchant Administration.............................................................................................................. 13
Login fields description............................................................................................................................. 13
Log out of Merchant Administrator.............................................................................................................14
Password management ................................................................................................................................ 14
Options to reset a forgotten password................................................................................................. 14
Request a temporary password.........................................................................................................15
Merchant Administration menu......................................................................................................................... 16
Merchant Administration homepage ..........................................................................................................16

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 10
Merchant Administration introduction
Intended audience

Merchant Admin is an online self-service portal allowing merchants to easily view and manage their
transactions. The tool offers a web-based application that enables users to search and view payment
details, download csv reports, check 3DSecure results, set up risk controls, process transactions
manually, and manage refunds.
It can be securely accessed at any time and from anywhere with password strength requirements and
password meter applied to all its users.

Intended audience
This guide is intended for merchants and operations personnel using Merchant Administration,
and requires knowledge of the following:
• Web applications.
• Commercial practices.
• Merchant operational procedures of card processors.
• Transaction system operations.

Getting support
If you need support with Merchant Administration, contact CTS (Gateway Support Team) on
[email protected].

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 11
Merchant Administration introduction
Before you begin

Before you begin

The following information is required to log in to Merchant Administration:
• Your Merchant ID.
• Your Operator ID and the corresponding password.
• Internet access.
• JavaScript and cookies enabled in your browser.
• Current or previous major version of web browsers such as Firefox, Microsoft Edge, or Google
Chrome. Other browsers might also work, but they are not supported. The gateway might
reject payments from very old, insecure, or rarely used browsers.

Types of merchant profiles

The Mastercard Gateway registration process creates two types of merchant profiles for you.

Test merchant Let's you perform test transactions against an emulator of the transaction
profile processing system. The test merchant profile always has TEST prefixed to the
production Merchant ID.
Using the test profile is an ideal way to become familiar with Merchant
Administration as it allows you to create orders, test transactions and use
other areas of the system without affecting your production system.

Production Let's you perform transactions directly against the live transaction
merchant processing system when you are satisfied with your test transactions. Be
profile aware that funds will be transferred from payer accounts.

Getting started
Authorized Operators can log in from the Login screen and use the various features of Merchant
Administration.
Authorized merchant personnel must be set up as operators before they can log in and use
various features of Merchant Administration. For more information, see Merchant
Administration operator operations.

Feature access in Merchant Administration

The menu options displayed in Merchant Administration depend on your user privileges. For
more information about user privileges, see general privileges table in Merchant Administration
operator details.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 12
Merchant Administration introduction
Process transactions in test mode and real time

Process transactions in test mode and real time

Your merchant profile is configured to enable you to first process transactions in the Test mode.
Once the testing is complete, you can enable the Production mode so that you can process
transactions in real time.
To log in to Merchant Administration for the first time after your merchant profile is created and
approved, use the default account username as Administrator.

Log in to Merchant Administration

You can log in to Merchant Administration using the login credentials provided to you.

About this task

Follow these steps to log in to Merchant Administration.

Procedure
1. Go to Merchant Administrator login page.
2. Enter your Merchant ID.
3. Enter your Operator ID.
4. Enter your Password.
5. Select the Forgot Password link if the password requires a reset.
The system prompts you to change your password if the last password was changed before
90 days. Change any compromised password as soon as you can.
6. Select Log In.

Login fields description

The description of fields in the Merchant Administration login screen.

Field Description
Merchant ID Unique alphanumeric identifier of a merchant
provided with each merchant account or profile.
Operator ID The operator ID.
Password The password must have the following attributes:
• It must be at least eight characters long.
• It must contain at least one alphabetical
character.
• It must contain at least one numeric character.
• Is case sensitive.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 13
Merchant Administration introduction
Log out of Merchant Administrator

Log out of Merchant Administrator

You can log out of Merchant Administration at any stage. If you do not log out, you are logged
out automatically after 15 minutes of inactivity.

About this task

Follow these steps to log out of Merchant Administrator:

Procedure
1. Go to Merchant Administrator homepage.
2. Select the Logout link on the upper right corner of the screen.

Password management
The MSO provides the administrator password, while the Merchant Administration
Administrator provides the operator password.
If you forget your password, reset it using the Forgot Password Link from the Login screen. For
more information, see Options to reset a forgotten password.

Password change at login

During the log in process, you may be prompted to change your password. This could be because
you have logged in for the first time as an Administrator or your password has expired.
Passwords expire if left unchanged for more than 90 days.

NOTE: The administrator cannot process transactions. If you wish to process transactions, sign in with
an Operator ID. For more information, see Create a New Operator.

Options to reset a forgotten password

The Forgot Password link on the login page takes you to the password reset page where you can
request a temporary password to log in to Merchant Administration.

NOTE: The Forgot Password link displays only if your MSO supports the password reset functionality.

If you have made five or more unsuccessful log-in attempts using an incorrect password, reset
your password. You have two options to reset your password:
• Reset using the Forgot Password link.
• Contact the Administrator for a password reset, if one or more of these statements are true:
– An email address is not available against your operator profile.
– You have access to the privilege Enable Advanced Merchant Administration Features.
– You have access to the Perform Operator Administration privilege.
– You are the primary operator, also known as Administrator for the merchant profile.
– The operator with administrative privileges enables the Lock Operator Account privilege
on your profile.
– Your authentication was successful with the right password, but the account got locked.
The system recommends you contact the Administrator to unlock your account.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 14
Merchant Administration introduction
Request a temporary password

NOTE: For more information about how an administrator can change the operator password, see
Change an operator password.

Request a temporary password

You can request a temporary password sent to your registered email address. When you log in
using the temporary password, the system prompts you to change the password and log in
again using the new password.

About this task

Follow these steps to request a password.

Procedure
1. Go to the Login page.
Figure 1: Login page

2. Select Forgot Password.

3. Enter the Merchant ID
4. Enter the Operator ID and then, select Request Password.
The Password Reset Requested page displays notifying you that the temporary password is
sent to you in an email.
5. Select Continue.
The system accepts the notification.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 15
Merchant Administration introduction
Merchant Administration menu

Merchant Administration menu

The following menu options are available in Merchant Administration.

Field Description
Home Access dashboard, shortcuts for order creation,
order and transaction search, and risk actions if
enabled for Risk Management.
Search Access orders, financial transactions, payment
authentications, and token details.
Orders Create an initial order manually or perform address
verification.
Batches Operation to upload batches.
Settlement Search Search for presettlement summary or settlements.
Reports Select and view reports.
Risk Management Access Risk Management solution of the gateway
if enabled for internal risk.
Admin Setup operators, change password, download
software, configure integration settings. Enable
reporting API integration access and so on.
Logout Log out and return to the login page.

The features provided by your payment gateway and the operator privileges assigned to you
determine the administration options available to you. For more information about privileges,
see the general privileges table in Merchant Administrator operator details.

Merchant Administration homepage

The homepage of Merchant Administration displays the following items:

Your dashboard
The dashboard provides a summary view of your transaction activity that enables you to view
key performance data at a glance.

Terms and Conditions, if any

The Terms and Conditions are set by your MSO, so the homepage first displays the online user
acceptance agreement. Accept or Reject the agreement after reading. If you reject the
agreement, you are logged out of the system.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 16
Merchant Administration introduction
Merchant Administration homepage

News item for the day, if any

The merchant news items are set by your MSO, so the homepage displays the News, also known
as n items, as an expandable hyperlink. The n represents the number of news items. To view the
full news article, select the news headline. The content of the news item displays after the
headline.

Shortcuts
The shortcuts bar provides quick access to common tasks that you might need to perform on a
day-to-day basis. Select a shortcut to go to a relevant page to proceed or cancel a task. The
currently available links to common tasks are:
• Create a new order: Takes you to the Order Entry page.
• View orders created today: Takes you to the Order and Transaction Search page where all
orders with start and end date set to Today are displayed in the search results.
• View transactions processed today: Takes you to the Order and Transaction Search page
where all transactions with start and end date set to Today are displayed in the search
results.
• Risk assessments for review (n):
– This link displays only if the merchant operator has the May Perform Risk Assessment
Review privilege.
– The number of orders pending review and created within the last 60 days are represented
by n.
– Select this link to go to the Order and Transaction Search page where all orders with a
pending risk review, created within the last 60 days displays in the search results.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 17
Administration operations

Chapter 3 Administration operations

This chapter describes configuring and managing a merchant's settings.

Merchant configuration settings........................................................................................................................20

View configuration details............................................................................................................................. 20
Configuration Details......................................................................................................................................21
Merchant Administration operator operations................................................................................................21
Manage an operator....................................................................................................................................... 22
Operators in Merchant Administration....................................................................................................... 22
Create a Merchant Administration operator..............................................................................................22
Merchant Administration operator details................................................................................................. 23
Edit an operator...............................................................................................................................................27
Unlock an operator account...........................................................................................................................29
Unlock a Merchant Administrator account.................................................................................................29
Password management.......................................................................................................................................29
Password configuration compliance............................................................................................................ 30
Change an operator password......................................................................................................................30
Change your own operator password..........................................................................................................31
Manage Banamex payment plans..................................................................................................................... 31
Manage the payment plans...........................................................................................................................31
Add a payment plan........................................................................................................................................32
Configure an installment..........................................................................................................................33
Configure a deferral...................................................................................................................................34
Using a Payment Plan.....................................................................................................................................34
Enable or disable a payment plan...........................................................................................................35
Validations............................................................................................................................................. 35
Conditions to filter a payment plan........................................................................................................36
Change a payment Plan.................................................................................................................................36
Select an acquirer link.....................................................................................................................................36
Download the mobile software development kit and documentation........................................................36
Integration settings configuration.....................................................................................................................37
Integration Authentication............................................................................................................................ 37
View an integration authentication............................................................................................................. 38
Enable a password authentication...............................................................................................................38
SSL certificate authentication......................................................................................................................39
Excessive refunds privilege.............................................................................................................................39
Configure hosted checkout............................................................................................................................39

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 18
Administration operations

Generate a reporting API password.................................................................................................................. 39

Wallet configuration.............................................................................................................................................40
Email notifications................................................................................................................................................40
Risk assessment and transaction releases.......................................................................................................40
Add device payments........................................................................................................................................... 41
Configure surcharge rules....................................................................................................................................41
Configure PayPal...................................................................................................................................................41
Merchant hosts......................................................................................................................................................42
Configure an allowed merchant host...........................................................................................................42
Secure Remote Commerce..................................................................................................................................42
Click to Pay....................................................................................................................................................... 43
Activation and Deactivation ................................................................................................................... 43
Enroll Another Card Brand....................................................................................................................... 43
Unenrollment from Click to Pay...............................................................................................................44

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 19
Administration operations
Merchant configuration settings

The admin function enables merchants to easily manage their system operators, securely change
integration settings, and set up various profile and access preferences. One of the admin functions,
the Operator list, enables authorized users to set up and manage different system operators as well
as their passwords, specific user rights, and privileges. The Emails section enables merchants to
configure preferred gateway notification settings and control all notifications sent directly to their
customers.

Merchant configuration settings

The Admin option allows you to:
• Modify your merchant configuration settings.
• Create, modify, and delete operator details.
• Change your password.
• Download software.

View configuration details

This topic describes the steps to configure details.

About this task

Follow the steps to view the configuration details.

NOTE: The links provided in this guide are for a test environment. To access a production environment,
you must follow the appropriate steps. The Merchant Admin Portal may be accessed as an
administrator or user.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 20
Administration operations
Configuration Details

Procedure
1. Go to Admin, and then select Configuration Details.
The Admin - Configuration Details page is displayed.
2. In the Admin - Configuration Details, you can view Merchant and Internationalization
sections.

Configuration Details
The Configuration Details page allows you to view details of merchant configuration.
The following table describes the configuration details.

Field Description
Merchant Name The registered business, trading, or organization
names of merchants.
Merchant ID The merchant's unique alphanumeric identifier.
There are unique merchant IDs for merchant
accounts and profiles.

NOTE: You cannot change the Merchant Name and Merchant ID. Contact your MSO to change these
fields.

The Internationalization section on the Configuration Details screen contains the following
information:

Field Description
Locale The default locale for merchant administration
unless overridden by the operator locale.
Time Zone The default time zone for merchant administration
unless overridden by the operator time zone.

NOTE: You cannot change Locale and Time Zone. Contact your MSO to change these fields.

Merchant Administration operator operations

Merchant Administration allows you to create, modify, enable, and delete an operator's details.
You must enable the user privilege Perform Operator Administration to perform these
functions. Enable this privilege on the Operator Details page from the Admin menu.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 21
Administration operations
Manage an operator

Manage an operator
You can create and edit a Merchant Administration Operator.

About this task

Follow the steps to manage an operator.

Procedure
1. Go to Admin, and then select Operators.
The Admin - Operator List page is displayed.
2. You can choose to create an operator, edit an operator, change an existing operator's
password, or delete an operator.
Figure 2: Admin - Operator List page

This page displays a list of all existing Merchant Administration operators.

Operators in Merchant Administration

There are two types of operators in Merchant Administration:

Web-based These operators perform administration functions using the Merchant

Operators Administration web interface.
Primary A primary operator (Administrator) is created when your merchant profile
Operator is created. This operator has privileges to create, modify, and delete other
operators. This operator can also be modified and viewed, but not deleted.

Create a Merchant Administration operator

This topic describes the steps to create a merchant administration operator.

About this task

Follow these steps to create a merchant administration operator.

Procedure
1. Go to Admin, and then select Operators.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 22
Administration operations
Merchant Administration operator details

The Admin – Operator List page is displayed.

2. Select Create a New Merchant Administration Operator.
The Merchant Administration Operator details page is displayed. It contains sections for
recording details, security, and transaction privileges for new operators.
3. Enter the operator, security, transaction, batch, merchant maintenance, and general
privileges details as required.
4. Select Submit.
The admin operator list redisplays the new operator.

Merchant Administration operator details

The following table describes the operator details.
Mandatory fields on the screen are indicated by a red asterisk.

Field Description
Merchant Merchant's unique alphanumeric identifier. There is
a unique merchant ID for each merchant account
or profile.
Operator ID Unique identifier of the merchant operator.
Operator Name Name of the operator.
Description Extra description of the user. For example, job title,
department, and level of privileges allocated.
Password Password must be at least eight characters long
and contain at least one alphabetical, one special,
and one numeric character. The password is case-
sensitive. For more information about the
password requirements, see Password
configuration compliance.
Confirm Password Reenter the password to confirm
Email Address Operator's email address. If your MSO supports
the password reset functionality, then you receive a
temporary password on this email address when
the operator uses the forgot password link from
the login screen to request a password reset.
Locale Default language displayed in Merchant
Administration unless overridden by the operator.
Time Zone Operator's time zone.

The following table describes the security details.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 23
Administration operations
Merchant Administration operator details

Field Description
Lock Operator Account Enables an operator with administration privileges
to lock out an operator. The locked-out operator
cannot log in to Merchant Administration until an
operator with administration privileges clears the
check box to re-enable the operator
The system locks an operator account with more
than 90 days of inactivity.

NOTE: If the MSO supports the password reset

functionality, then selecting this check box
prevents the operator from using the Forgot
Password link on the login screen to request a
password reset.

Must Change Password at Next Login If you select this check box, the operator needs to
change the password on the next login.
Password Reset Required Indicates to reset the password. This field is set to
Yes after five failed login attempts or else set to
No.
You may request a password reset using the
Forgot Password link on the Merchant
Administration login screen or contact the
administrator for a password reset. For more
information about how to reset an operator's
password, see Changing an Operators Password.

View Unmasked Account Identifiers Enables the operator to view unmasked account
identifiers such as, card number, gift card number
when viewing order, and transaction details.

The following table describes the transactions details.

Field Description
Perform Verification Only Enables the operator to create a verify only
transaction to verify the status of a credit card
before performing a transaction.
Perform Authorizations Enables the operator to create an authorization
transaction using the Create Order option. An
authorization transaction reserves fund on the
payer's credit card.
Perform Captures Enables the operator to capture previously
authorized funds.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 24
Administration operations
Merchant Administration operator details

Field Description
Perform Purchases Enables the operator to create a purchase
transaction using the Create Order option. A
purchase is a single transaction to authorize and
capture a payment.
Perform Update Authorizations Enables the operator to update an existing valid
authorization for the authorization period (and or)
increment the authorization amount.
Perform Voids Enables the operator to reverse a previous
transaction. You can perform voids if the
transaction is in an unreconciled batch.
Perform Stand Alone Captures Enables the operator to perform captures for
orders authorized manually, or in an external
system.
Perform Bulk Captures Enables the operator to perform a capture against
a set of selected orders.
Perform Refunds Enables the operator to give refunds. A refund is
the transfer of funds from a merchant to a card
holder.
Perform Standalone Refunds Enables to perform a refund without first creating
a capture or purchase.
Perform Excessive Refunds Enables the operator to perform a refund for
amounts greater than the authorized amount.
Excessive Refund Limit The maximum limit allowed for an excessive refund
more than the authorized amount. Set a refund
limit for each currency configured for the
merchant.
Perform Gaming Winnings Enables the operator to submit transactions that
disburse gaming winnings to the payer's account.

The following table describes the batch details.

Field Description
May Upload Batch Files Enables the operator to upload batch files to the
payment gateway via Merchant Administration.
The upload option is available through the Batches
tab on the main menu.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 25
Administration operations
Merchant Administration operator details

Field Description
May Download Batch Response Files Enables the operator to download the batch
response file from the payment gateway. The
download option is available through the Batches
tab on the main menu.

NOTE: Only merchants with the batch privilege can enable Batch operator privileges.

The following table describes the merchant maintenance details.

Field Description
Modify the merchant configuration Enables the operator to edit the merchant's
configuration details.
Perform Operator administration Enables the operator to create, edit, and delete
other operator's detail. If MSO supports the
password reset functionality, then enabling this
privilege prevents the operator from using the
Forgot Password link on the Login screen to
request a password reset.

The following table describes the general privileges details.

Field Description
Perform Settlements Operator can perform settlements.
View Report Pages Operator can view Gateway Reports.
Download Order Search Results Enables the operator to download order search
results in the CSV format.
Download Transaction and Payment Enables the operator to download transaction and
Authentication Search Results search results of payment authentication in the
CSV format.
Allow Merchant Administration Documentation Enables the operator to download documentation
Download from the Merchant Administration portal.
View Settlement Pages Enables the merchant to view the batch
settlement details.
Initiate Manual Batch Closure Enables the merchant to trigger settlement for a
batch.
May Configure Risk Rules Enables the operator to configure a risk service
provider using the Risk Management module.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 26
Administration operations
Edit an operator

Field Description
May Configure Transaction Filtering Enables the operator to configure transaction
filtering rules for a merchant.
May Perform Risk Assessment Review Enables the operator to decide on whether to
accept or reject an order based on the assessment
results from the risk service provider and or
transaction filtering.
May Bypass Risk Management Enables the operator to process orders without
performing the risk assessment on orders. If you
configure both transaction filters and the risk
service provider, this privilege bypasses both at the
merchant level.
May Configure Integration Settings Enables the operator to configure integration
settings for a merchant. The integration methods
include API or Hosted Batch, which allow the
merchant application to connect to the payment
gateway.
May Configure Reporting API Integration Settings Enables the operator to generate passwords used
to integrate with the reporting API and download
transaction reports.
May Configure Email and Webhook Notifications Enables the operator to configure merchant and
customer notifications for payment events such as,
successful payments, successful refunds, and so on.
May Maintain Tokens Enables the operator to delete tokens associated
with the merchant's token repository.
May View Dashboard Enables the operator to view the dashboard on the
home page. The dashboard provides a graphical
indication of the merchant's authorization,
capture, pay, refund, and disbursed transactions
for the selected period.
Configure Surcharge Rules Enables you to configure surcharge rules if you
want the gateway to calculate surcharge for
transactions. Go to Admin > Configure Surcharge
Rules and select the Learn More… link for
information on how to configure surcharge rules.

Edit an operator
This section provides steps to edit an operator.

About this task

Follow these steps to edit an operator.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 27
Administration operations
Edit an operator

Procedure
1. Go to Admin from the main menu and select Operators.
The Operator list is displayed after you select Operators.
2. The Edit an Operator section lists all existing operators. Edit an Operator list page displays
the edit an operator section.
Figure 3: Edit an Operator section

a. To edit a particular operator, select Edit. The Admin - Operator Details page is
displayed.
b. To delete a particular operator, select Delete. A message prompts you to confirm the
deletion. Select OK or Cancel as appropriate.
c. To change an operator's password, click the Change Password link. The Admin - Change
Operator Password page is displayed.
3. The Change Password link does not display for the logged in user. Use Admin > Change
Password to change the password of the currently logged in operator.
Figure 4: Admin > Change Password

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 28
Administration operations
Unlock an operator account

Unlock an operator account

This section provides steps to reactivate a merchant administration operator who is locked-out.

About this task

If a merchant administration operator with administration privileges enables privilege for an
operator profile, then the operator gets locked out of Merchant Administration.
The account also gets locked due to five unsuccessful login attempts, or if your account has been
inactive for more than 90 days.
You must have the May Perform Operator Administration user privilege to reinstate a merchant
administration operator who is locked-out.
To reactivate a merchant administration operator who is locked-out, log in as an active operator
with the appropriate privileges:

Procedure
1. Go to Admin from the main menu and select Operators.
The Admin – Operator List page is displayed.
2. Identify the operator to edit and select Edit.
The admin operator details display with the existing values and settings in the fields.
3. Clear the Lock Operator Account check box.
4. Select Submit to commit the changes.
The account unlocks to the selected operators.

Unlock a Merchant Administrator account

The administrator account gets locked if the administrator operator for Merchant
Administration is inactive for more than 90 days.
In this scenario, the administrator is unable to login Merchant Administration application.
Contact your MSO to reinstate a locked-out administrator operator.

Password management
This section briefs about the password management that includes:
• Password requirements.
• Password options.
• Changing a password.
• Change an operator's password.
• Unlock an operator's login.
• Change your password from time to time.
Before you do this, see Before you begin in respective sections.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 29
Administration operations
Password configuration compliance

Before you begin

To change an operator's password, you must have May Perform Operator Administration
operator privilege. For more information about this privilege, see Operator Details.

Password configuration compliance

The password must comply with the following requirements:
• Use at least eight characters.
• Use a mix of characters from at least three of the following categories:
– Numbers (0-9)
– Uppercase letters (A-Z)
– Lowercase letters (a-z)
– Special characters (! @#$%^&*)
– Alphabetic characters that are not uppercase or lowercase, for example, ひらがな
• Do not use the merchant ID or operator ID as password.
• Do not use one of the previous five passwords.
• Avoid using a password in the email format.
• Avoid using character sequences, for example, AAA, 123, 321, abc, and bca.
The password meter indicates if your password is weak, fair, good, or strong.
If a password does not comply with the password requirements, the password meter prompts
you with the respective error message applicable for a weak, fair, good, or strong password.

Change password option

When you create or modify an operator's record, you can select an option of whether the
operator's password expires on the next login. Further, the operator prompts to change the
password at the next login attempt.
Operators can change a password at any time, but they cannot reuse that password for the
next five password changes. They can also reset their password if they forget the existing
password. For more information about password resetting, see Options to reset a forgotten
password.

Change an operator password

This topic describes the steps to change an operator password.

Before you begin

To change an operator's password, you must have the Perform Operator Administration user
privilege.

About this task

Follow these steps to change an operator password.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 30
Administration operations
Change your own operator password

Procedure
1. Go to Admin from the main menu, and then select Operators.
The Admin – Operator List page is displayed.
2. Identify the operator in the Edit an Operator section and select Change Password link.
The Admin - Change Operator Password page is displayed.
3. Enter the new password and reenter the new password in the Confirm New Password field.
4. Select Submit.

Change your own operator password

This section provides steps to change your own operator password. As a merchant operator
with administrator privileges, you cannot change your own password for 24 hours, once reset.

About this task

Follow these steps to change your password.

Procedure
1. Go to Admin from the main menu and select Change Password.
The Admin - Change Own Operator Password page is displayed.
2. Enter the old password, the new password, and reenter the new password in the Confirm
New Password field.
3. Select Submit.

Manage Banamex payment plans

The section describes managing the Banamex payment plans applicable to transactions using
Mexican Peso currency.

Manage the payment plans

This topic describes the steps to manage payment plans.

About this task

Follow these steps to manage payment plans.

Procedure
1. Go to Admin from the main menu.
2. Select Manage Payment Plans from the submenu.
The Manage Payment Plans page is displayed.

NOTE: If you have multiple acquirer links, the Acquirer Link Selection page displays the multiple
links.
3. Add payment plans as required in the Add Payment Plan.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 31
Administration operations
Add a payment plan

4. Manage your payment plans as required in the Payment Plans.

NOTE: Only merchant operators with administrator privileges can view and manage payment
plans.

Add a payment plan

This section describes fields to add a payment plan.

Field Description
Plan Name The plan name that you select as an identifier for
the payment plan. The plan name must be unique
per payment plan type for the merchant.

NOTE: The plan name cannot exceed 20

characters.

Plan Type The MSO operator enables the payment plan types
on your merchant profile. The drop-down list
displays only enabled payment plans for
configuration.
The payment plan options include:
• Pay in installments, interest-free: Pay in
installments for a specified number of months
without any interest payments to the payer.
• Pay in installments, with interest: Pay in
installments for a specified number of months
with interest payments to the payer.
• Pay in installments after a deferral period,
interest-free: Pay in installments for a specified
number of months without any interest
payments to the payer after a deferral period
specified in months.
• Pay in installments after a deferral period, with
interest: Pay in installments for a specified
number of months with interest payments to
the payer after a deferral period specified in
months.
• Pay in full after a deferral period: Pay the full
amount of the purchase after various deferral
months. The customer receives delivery of the
goods at the time of purchase and before
making any payment.

Start Date The start date for the payment plan. It must be
less than or equal to the current date for the
payment plan to be valid.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 32
Administration operations
Configure an installment

Field Description
End Date The end date for the payment plan. It must be
greater than or equal to the current date for the
payment plan to be valid.
Minimum Order Amount The minimum order amount for the payment plan
in the supported currency. When you create an
order, the configured payment plans appear only if
the total order amount is greater than or equal to
this minimum order amount. If you do not enter a
value for this field, the amount defaults to zero.
You can enter minimum order amounts only for
currencies supported on the selected plan type.
Plan Terms (Payer Options) The number of monthly installments and or
deferrals for the payment plan. The number of
applicable installments and deferrals vary from
plan to plan.

Configure Payment Plan Terms

Configure Payment Plan Terms before you add a payment plan. Payment Plan terms are
optional and include:
• Installments: The number of monthly installments payable by the payer for the order, if
applicable to the payment plan.
• Deferrals: The number of months for which payment defers, if applicable to the payment
plan.

Configure an installment
This topic describes the steps to configure an installment.

About this task

Follow these steps to configure an installment.

Procedure
1. Review and select an installment term from the pre-defined set of default installment terms
listed under No of Installments, paid monthly.
2. Add a new installment term.
a. Enter the number of installments for the term in the installments text box.
The term is less than 99 months.
b. Select Add Installment.
The new installment term displays in the No of Installments, paid monthly list box.
3. Select Remove to delete any installment term. Use the <Ctrl> key to select multiple
installment terms.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 33
Administration operations
Configure a deferral

Configure a deferral
This topic describes the steps to configure a deferral.

About this task

Follow these steps to configure a deferral.

Procedure
1. Review and select a deferral term from the pre-defined set of default deferral terms listed
under Deferral Months.
2. If you wish to add a new deferral term, type the number of deferral months (less than 99
months) in the text box for deferral months and select Add Deferral.
The new deferral term displays in the Deferral Months list box.
3. Select Remove to delete any deferral terms. Use the <Ctrl> key to select multiple deferral
terms.
After configuring the payment plan terms, click Add to add the payment plan to the
Payment Plans list. Select Cancel to reset the Add Payment Plan section.

Using a Payment Plan

This section describes fields to use a payment plan.

Field Description
Plan ID The system-generated unique identifier for the
payment plan. The Plan ID is unique across all
payment plan types configured for the merchant.
Payment Plan A concatenation of Payment Plan Name and
Payment Plan Type (<Plan Name> - <Plan Type> as
you enter in the Add Payment Plan section. For
example, Banamex - Pay without Interest.
# Of Installments A list of installment terms for the payment plan,
specifying the number of monthly installments
payable by the payer.
# Of Deferrals A list of deferral terms for the payment plan,
specifying the number of months for which the
payment can defer. The field displays the deferrals
that are not applicable to the plan type.
Start Date The start date for the payment plan, which must
less than or equal to the current date for the
payment plan to be valid. If a value is not specified,
the start date is valid now.
End Date The end date for the payment plan, which must be
greater than or equal to the current date for the
payment plan to be valid. If a value is not specified,
the end date is valid now and always.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 34
Administration operations
Enable or disable a payment plan

Field Description
Minimum Amounts The minimum order amount for the payment plan
in the supported currencies. If a value is not
specified, the amount defaults to zero and hence
the validation is bypassed.

NOTE: Banamex Payment Plans are applicable

only to transactions using Mexican Peso currency.

Status The status of the payment plan. Valid values are:

• Enabled: Indicates the payment plan is enabled.
If the plan is valid, enabled payment plans are
available for selection when creating an order.
For more information, see How to Enable or
Disable Payment Plans.
• Disabled: Indicates the payment plan is
disabled. Disabled payment plans are not
available for selection when creating an order.

Action Provides two actions:

• Enable or Disable allows you to either enable or
disable the payment plan. You can view the
grayed out Disabled payment plans in the
Payment Plans list.
• Edit allows you to edit the payment plan and
apply changes, if any. Select Save to save the
changes or Cancel to exit the edit mode. For
more information, see How to Edit a Payment
Plan.

NOTE: You cannot edit the Plan ID field.

Enable or disable a payment plan

A payment plan is enabled using the following options, listed in the order of precedence:
• The plan type is enabled by the MSO.
• The payment plan is enabled using Enable.
The precedence implies that a payment plan may be enabled using Enable only if the plan type
for the payment plan is enabled by your MSO in Merchant Manager.
Validations
If a payment plan is currently enabled, then the Start and End dates are validated for the
following conditions:
• The start date must be less than or equal to the current date.
• The end date must be greater than or equal to the current date.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 35
Administration operations
Conditions to filter a payment plan

Conditions to filter a payment plan

Valid payment plans for an order may be filtered if one or more of the following conditions
apply:
• The total order amount is less than the minimum order amount defined for the plan in the
corresponding currency.
• The currency for the order is not supported by your MSO.

NOTE: Currently, only Mexican Peso currency is supported on Banamex Payment Plans.
• The card type for the order is not supported by your MSO.

Change a payment Plan

You can only change an enabled payment plan, which means:
• The MSO must enable the payment plan type in Merchant Manager.
• Use Enable to enable the payment plan.
• An invalid payment plan (invalid start and or end date) is available for editing unlike a
payment plan disabled using Disable.
• If an MSO disables a payment plan type, edit and enables are also inactive for that payment
plan type.

Select an acquirer link

If you have configured multiple acquirer links for the same acquirer, the Acquirer Selection page
is displayed.

About this task

Follow these steps to make the appropriate acquirer link selection.

Procedure
1. The page displays the card types and currencies configured for the acquirer link. Select
Show next to the acquirer link against which you wish to configure payment plans.
2. The name of the acquirer link displayed in the Add Payment Plan section label indicates the
acquirer link selected for the configuration.
For more information on configuring and managing a payment plan, see Add a payment plan
and Using a Payment Plan sections.

Download the mobile software development kit and documentation

The merchant can download the mobile software development kit and documentation through
these steps.

Before you begin

To download the software and documentation,
• You must have maDocumentationDownload privilege.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 36
Administration operations
Integration settings configuration

• You must have either of the following 3DS1 or 3DS2 privileges enabled.
– 3DS2 privileges - Mastercard SecureCode™ 2.0, Verified by Visa™2.0, American Express
SafeKey™2.0, JCB J/Secure™2.0, Discover ProtectBuy™2.0, Carte Bancaire™2.0, and ITMX
LSS EMV 3DS.
– 3DS1 privileges - Mastercard SecureCode™, Verified by Visa™, American Express
SafeKey™, JCB J/Secure™, Discover ProtectBuy™, and ITMX.
• The file is uploaded in the repository.
• Ensure that your MSO is enabled to download the SDK and integration guide files.

About this task

Follow the steps to download the mobile software development kit and documentation.

Procedure
1. Go to Admin from the main menu, and then select Software Download.
The Admin - Software and Documentation Downloads screen is displayed.
This section contains the following files for a specific merchant.
– Merchant Administration User Guide
– Mobile SDKs and Mobile SDK Integration Guide

NOTE: The Mobile SDK section displays only if it has at least one file entry and an MSO user has
the 3DS privilege.
2. Select the appropriate link and follow the prompts to download the required file.

Integration settings configuration

You can integrate to the gateway using web services API or batch integration models. The
integration settings for these models can be configured from this section.
The Integration Settings submenu option displays only if your merchant profile is enabled for
API, Batch, or both.

NOTE: To modify integration settings, the operator must have 'May Configure Integration Settings'
privilege.

Integration Authentication
Configure a password or set up SSL certificates to authenticate yourself on the payment
gateway.
This helps to establish a secure channel between your integration and the payment gateway.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 37
Administration operations
View an integration authentication

View an integration authentication

This topic describes the steps to view an integration authentication.

About this task

Follow these steps to view integration authentication.

Procedure
1. Go to Admin, and then select Integration Settings.
The Admin - Integration Settings page is displayed.
2. View the admin integration set up for the authentication modes. Your merchant profile
enables these authentication modes. The MSO configures which authentication mode is
selected on the merchant profile, either password or SSL. The Integration Settings page
displays the authentication modes that were enabled on your merchant profile.

Enable a password authentication

If your merchant profile is enabled for Password Authentication, the Integration Authentication
section displays password 1 and password 2 labels with the value as Not Enabled.

About this task

NOTE: The password cannot be shared between test and production merchant profiles.

Follow these steps to enable a password authentication.

Procedure
1. Go to Admin, and then select Integration Settings.
The Admin - Integration Settings page is displayed.
2. Select Edit.
The Admin - Integration Authentication Passwords page is displayed.
3. Select Generate New to generate a new password.
The system-generated password is a 16 byte randomly generated encoded value as a hex
string. Secure this password as user passwords and other sensitive data.
4. You can generate and enable a second password if you require a new password.
5. After generation, select Enable Integration access via password check box to use the
generated password to secure your transactions. Generate and enable at least one
password but you may have two passwords configured.

NOTE: Use only one password for configuration in your merchant application. The second
password is for rolling purpose. Use the second password when the first one expires.
6. Select Submit to save the settings.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 38
Administration operations
SSL certificate authentication

SSL certificate authentication

If your merchant profile is enabled for SSL authentication, procure the test and production
certificates from a reputable certificate authority and provide them to your MSO for
configuration.

Excessive refunds privilege

If your merchant profile is enabled with the excessive refund privilege, you can configure a
maximum excess amount for a currency to perform excessive refunds for an order in that
currency.
Excessive refunds allow the total refunded amount for an order to exceed the total captured
amount for the order by a maximum excess amount that you configure.
For example, if the total captured amount is $100 USD for an order and you have set the
maximum excess amount as $20 USD then, you can refund up to $120 USD.
If you do not set a maximum excess amount for a currency, the system rejects the excessive
refunds for orders in this currency.

Configure hosted checkout

Hosted checkout enables you to configure the payer authentication functionality if you are using
the WS API to initiate the Hosted Checkout interaction.

About this task

Follow these steps to configure the Hosted Checkout integration.

Procedure
1. Go to Admin > Integration Settings > Hosted Checkout.
2. Select the payer authentication from the Payer Authentication drop-down list. Select a
value from:
– Authentication API: Hosted Checkout uses the Authentication API functionality to
perform payer authentication. If your merchant profile configures for EMV 3DS for the
respective scheme, Hosted Checkout attempts to authenticate the payer using EMV
3DS.
3. Select Submit to save the settings.

NOTE: Before you configure the payer authentication, click the available link to learn more.

Generate a reporting API password

Generate a password to authenticate your API requests.
For more information about how to generate the password and use the Reporting API, see the
API online integration documentation.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 39
Administration operations
Wallet configuration

Wallet configuration
Depending on your privileges, configure your wallet account on the wallet provider using the
wallet configuration screen.
The configuration supports the following wallet providers:
• Visa Checkout
• Amex Express Checkout
• MasterPass

NOTE: Hover the mouse over a field or section to view the tool-tip help and section help respectively.

Email notifications
This feature allows you to configure merchant and customer email notifications for events, such
as successful payments, successful refunds, and so on.
You can also set up merchant API notifications addressed to your system. The system sends
those notifications after creating a transaction and updating the transaction in the gateway.
The payment events are not applicable to customer emails. Types of payment events are:
• Successful payments notification is best suited if you are a low-volume merchant wishing to
receive an email when you have made a sale.
• Successful refunds: Once the system successfully processes a refund transaction, a
notification is sent for both Refund and Standalone Refund transactions.
• Payments requiring risk review: The risk service has identified a payment as potentially
fraudulent. You receive a notification to review the payment and decide whether to proceed
with processing the payment or not.
• Supported payment events: Successful payments notification is best suited if you are a low-
volume merchant wishing to receive an email when you have made a sale. This event is
generated for the transactions such as, Authorizations, Purchase, and Standalone Captures.

NOTE: Select May Configure Notifications privilege in your operator's profile to configure
notifications.

Risk assessment and transaction releases

If there is a transaction subject to risk, the gateway completes the risk assessment and
transaction releases for payment processing. Further, the system sends a payment notification.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 40
Administration operations
Add device payments

Add device payments

The Device Payments page allows you to configure the gateway for use with Apple Pay.

About this task

Follow the steps to configure device payments.

Procedure
1. Go to Admin > Device Payments.
2. Select Add New Certificate and follow the steps to procure a signed certificate from Apple
and to upload it to the gateway.
3. View the successfully uploaded certificates at the bottom of the page with the certificate
identifier, Submitted Date, and expiration date.
You can also delete an uploaded certificate.

Configure surcharge rules

The gateway can calculate surcharge for a transaction based on the surcharge rules you
configure.

About this task

Follow the steps to configure surcharge rules.

Procedure
1. Go to Admin > Surcharge Rules
2. Select the Learn More… link for information on configuring surcharge rules.
3. Provide a pre-calculated surcharge amount for a transaction if required, when you create an
order using the Order Entry UI.

NOTE: Support for the surcharge on only card payment is available. Surcharge on payments using
digital wallets for example, Masterpass or browser payments for example, PayPal is not
applicable.

Configure PayPal
The payment service provider configures the PayPal acquirer link on the merchant profile.

About this task

Follow these steps to allow the payment gateway to grant permissions to use PayPal.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 41
Administration operations
Merchant hosts

Procedure
1. Go to Admin > PayPal Configuration.
2. Select Grant Permissions in PayPal link to redirect to the PayPal site to grant the required
permission.
For more information about how to configure your PayPal business account to use the
gateway, see API Online Integration Guidelines.

Merchant hosts
This section allows you to configure a list of allowed merchant hosts such as, domains or IP
addresses that you can use in Webhook notifications.
The gateway compares the entry in your list of allowed hosts with the Gateways blocked hosts
and provides the status. Only VALID hosts can be used for Webhook notifications. The MSO can
view the list of allowed and blocked hosts.

NOTE: You must have the Modify Merchant Configuration operator privilege to configure the allowed
merchant hosts.

Configure an allowed merchant host

You can configure one or more merchant hosts.

About this task

Follow these steps to configure a merchant host.

Procedure
1. Enter the hosts that you wish to configure in the Hosts text box.
Enter a comma-separated list of one or more domains, and IP addresses. For example,
test.com, *.test.com, https://test.com. Do not use domains formatted as WWW.*.test.com.
2. View the result of allowed and blocked hosts in the Status column.

Secure Remote Commerce

Secure Remote Commerce (SRC) is a framework developed by EMVCo in partnership with
multiple card schemes to deliver a standard e-commerce payment flow for consumers and
merchants.
For merchants who want to accept online payments, SRC provides a standard for securing
transactions across schemes, merchants, acquirers, and issuers.
It consolidates online checkout benefits under a single common acceptance mark, providing
more security through scheme tokenization. SRC allows quick, easy, and secure guest checkout
payments behind a single button and through a standard checkout flow.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 42
Administration operations
Click to Pay

NOTE: The framework supports Mastercard, Visa, and American Express card schemes.

Click to Pay

About this task

Enroll in Click to Pay by submitting your Click to Pay account details. The enrolled schemes will
be activated by default.

NOTE: Administration privileges are also required to enable SRC after the onboarding process has
successfully completed. If you do not have the correct operator privileges the SRC configuration
screens will not be visible. Contact your payment service provider if you do not have the required
privileges.

Upload account details to enroll in Click to Pay

Procedure
1. Go to Admin > SRC Configuration.
2. Scroll down to the Account Details section, enter the required information for all mandatory
fields.
3. Select the desired schemes to enroll in Click to Pay.
4. Click Enroll to initiate the enrollment process.

NOTE: Schemes that have been selected to be enrolled will automatically be activated and
Enrollment account details can't be modified.

Activation and Deactivation

Once the desired schemes are enrolled, the SRC Configuration screen will display the enrollment
status and activation toggle status per scheme. Also. your Digital Payment Application (DPA) ID
will be automatically generated by the payment gateway upon successful enrollment and is
displayed. By default, the enrolled schemes will be activated after successful enrollment. The
activation/deactivation functionality provides you with the ability to select what schemes are
currently active with Click to Pay. Any schemes that are Deactivated will not be able available
for Click to Pay initiated transactions.

Enroll Another Card Brand

After merchant enrollment to Click to Pay, you will have the ability to enroll schemes that were
not previously enrolled.

About this task

Follow the steps to enroll in SRC.

Procedure
1. Go to Admin > SRC Configuration.
2. Click Enroll Another Card Brand for desired scheme.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 43
Administration operations
Unenrollment from Click to Pay

3. Select Enroll to initiate the enrollment process.

Unenrollment from Click to Pay

After merchant enrollment to Click to Pay, you will have the ability to unenroll from Click to Pay.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 44
Order and transactions details

Chapter 4 Order and transactions details

Merchant Administration portal allows the merchant to create, process, save, and view orders and
transactions.

Order details..........................................................................................................................................................47
Transaction details................................................................................................................................................47
Create an order.....................................................................................................................................................48
Order creation policy.......................................................................................................................................48
Types of an order.............................................................................................................................................48
Authorization transaction..............................................................................................................................48
Set an order certainty level...................................................................................................................... 49
Values of the order certainty field.....................................................................................................49
Order rejection rules.............................................................................................................................50
Authorization expiry.................................................................................................................................. 50
Automatic authorization reversals policy.........................................................................................50
Authorization update................................................................................................................................50
Authorization update policy................................................................................................................51
Partial Captures.........................................................................................................................................51
Capture a partial capture................................................................................................................... 51
Order totals.................................................................................................................................................52
Bypass the authorization update for an excessive capture.......................................................... 52
Order subtotals..................................................................................................................................................... 52
Update the surcharge amount........................................................................................................................... 52
Purchase transaction........................................................................................................................................... 53
Capture only...........................................................................................................................................................53
Refund only.............................................................................................................................................................53
Verify only...............................................................................................................................................................54
Create an order Using a Token............................................................................................................................54
Search an order or transaction...........................................................................................................................54
Using the Search for Orders and Transactions.......................................................................................... 55
Using the Search Fields.................................................................................................................................. 56
Export a search result.......................................................................................................................................... 60
View an order or transaction.............................................................................................................................. 62
Order and Transaction Details...................................................................................................................... 63
Action menu fields...........................................................................................................................................63
Add card numbers from the suspect or trusted Cards list............................................................................ 64
Remove the suspect and trusted cards.............................................................................................................65

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 45
Order and transactions details

Search criteria for risk assessment....................................................................................................................65

Order and transaction fields for risk assessment........................................................................................... 67
Rules for risk service providers............................................................................................................................67
Search criteria for funding status......................................................................................................................68
Search for the tokens...........................................................................................................................................69
Update or delete token guideline..................................................................................................................69

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 46
Order and transactions details
Order details

Merchants can search for any transaction data through the Omnibox window by typing in the
relevant information, which could be the customer’s name, partial card number, payment reference
number, or even the purchase amount.

Order details
In its most simple form of an order, the payer provides their card details to you, through mail
order or telephone including Interactive Voice Response (IVR) systems to make immediate or
later payment for goods or services.
An order may also include a range of other actions, depending on your privileges and the
acquirer you have permission to use. For example, payment arrangements.
A successfully created order becomes available for further processing. For example, a refund or
a void. You can retrieve an existing order using order or transaction search.

Transaction details
Transactions represent the flow of information between the payer, you, and the acquirer when
purchasing goods and services.
They include transactions for purchasing goods immediately, authorizing and billing goods on
order, and performing refunds when necessary. An order can contain one or more transactions.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 47
Order and transactions details
Create an order

Create an order
Follow this step to create an order.

Procedure
Select Orders on the menu bar to view the types of orders you have the permission to create.

Order creation policy

To create an order, the operator must have the associated privilege, for example, the
Authorizations privilege to create an Authorization transaction.
For more information, see Merchant Administration Operator Details.

Types of an order
This section describes different types of an order.
The following types of orders are available to choose from when creating an order:
• Create Order (Authorization or purchase)
• Capture Only
• Refund Only
• Verify Only

NOTE: If the operator has privileges to perform both authorizations and purchases, they can select a
transaction type. Otherwise, the Transaction Type pane does not display.

Authorization transaction
The Authorization transaction verifies payer card details of a merchant, checks that your payer
has sufficient funds available against their line of credit, and attempts to reserve the requested
funds.
The authorized amount reduces the credit limit of a payer. According to the card scheme and
the card issuing rules of a payer, the authorization reserves the funds for a period of 5 to 8 days.
The authorization does not debit funds from a payer account of a merchant but reserves:
• The total order amount.
• Ready for the Capture operation to debit the card.
• Transfer the funds to your account.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 48
Order and transactions details
Set an order certainty level

Set an order certainty level

You can indicate a certainty level on the authorization amount that will be captured using the
Order Certainty field. This value overrides the default order certainty value configured on your
merchant profile.

Before you begin

You must have the Change Order Certainty privilege enabled on your merchant profile to
override the default order certainty configured on your merchant profile.

About this task

Follow this step to set an order certainty level.

Procedure
1. Go to Order > Create Order.
2. Set an order for the Order Certainty field.
Figure 5: Create Order page

For more information about the values of the order certainty field, see Values of the order
certainty field.
Values of the order certainty field
The merchant can set an order certainty field value from the following values.

FINAL The full authorized amount is expected to be captured with one or more captures
within the mandated time, which is typically 7 days. The order will only be

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 49
Order and transactions details
Order rejection rules

cancelled in exceptional circumstances. For example, the payer cancelled their

purchase. Providing this value on your order may qualify the transaction for lower
processing fees.
ESTIMATED The amount authorized is an estimate of the amount that will be captured
within the mandated time, which is typically 30-31 days. It is possible that the
amount captured will be less or not be captured at all, or the authorization may
be cancelled. Providing this value on your order may cost you higher processing
rates.
Order rejection rules
This section describes the rules where the gateway rejects an order.
The gateway rejects an order if:
• A merchant does not have the privilege to change the order certainty.
• The value that a merchant provides in this field does not match the default order certainty
value configured on the merchant profile.

Authorization expiry
Authorizations have a validity period after which they expire.
The MSO configures the authorization validity period in the gateway for an acquirer, card type,
and order certainty combination. The gateway measures the authorization validity period in
milliseconds.
When a merchant submits an order, the gateway determines the authorization expiration date
and time based on the configured authorization validity period using the card type, acquirer, and
order certainty combination.
The transaction response returns the authorization expiry. This field contains the date and time
when the authorization expires.
Once the authorization validity period expires, the gateway:
• Rejects any Capture requests against the order.
• Automatically attempts to void the authorization and release funds back to the payer.
The gateway attempts to void or reverse the outstanding authorization amount if:
• The order has already been partially captured.
• The acquirer of a merchant supports voiding authorizations for partial captures.
Automatic authorization reversals policy
The MSO must enable the Automatically Reverse Expired Authorizations privilege for a
merchant profile to allow automatic authorization reversals.

Authorization update
The gateway can update the authorization validity periods, the authorization amount, or both
for valid authorizations if the merchant's acquirer supports authorization update.
The following are the scenarios to update authorization:

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 50
Order and transactions details
Authorization update policy

• If you update the authorization for the same amount as that of the original order, the
gateway extends the authorization period of the existing authorization accordingly. The
gateway returns the updated authorization expiration date and time in the transaction
response.
• If the provided amount is greater than the amount of the existing authorization, the
gateway updates the authorization amount to the new amount. For example, if the existing
authorization amount is USD 100, and you provide USD 120 as the order amount in the
Update Authorization request, then the new authorization amount available for capture is
USD 120.
• If you update an amount less than the amount of the existing authorization, it is only
supported through a Web Services API Update Authorization request.
For more information about the prerequisites for update authorization, see Authorization
update policy.
Authorization update policy
This section describes the authorization update policy.
The gateway can update an existing authorization through the Merchant Administration only if:
• The MSO must have the Update Authorization privilege enabled on their merchant profile to
update authorizations.
• The MSO set the order certainty on the order to ESTIMATED.
• The order amount is less than the amount of the existing authorization.
• The order currency matches the currency on the existing authorization.
• The existing authorization is valid, successful, and fully approved.
• The existing authorization is expired, voided, or partially or fully captured.

Partial Captures
When a merchant captures an order, the merchant can provide a Capture amount lower than
the Authorized amount for the order.
If a merchant does not capture all the authorized amount, the gateway can reverse the
remaining authorized amount that is outstanding beyond the current capture.

NOTE: The acquirer who processed the transaction must have the capacity to reverse authorization
amounts for partially captured authorizations.

NOTE: You must have the Automatically Reverse Outstanding Authorization Amounts privilege
enabled on your merchant profile.

Capture a partial capture

The gateway asks you whether this is the last capture for the particular order if you capture an
order for an amount that is lower than the Authorized amount.

About this task

Follow these steps to capture a partial capture.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 51
Order and transactions details
Order totals

Procedure
1. Select Yes to avoid capturing the remaining authorized amount.
The gateway indicates that this is the last capture for an order and reverses any
outstanding Authorization amount.
2. Select No if there are additional amounts that you want to capture for this order.
The gateway does not reverse any outstanding Authorization amount.

Order totals
After a successful Update Authorization transaction for a card or PayPal, the gateway updates
the order amount and the total authorized amount to the transaction amount of the Update
Authorization transaction.
This applies regardless of whether the acquirer submitted the Update Authorization transaction
to the acquirer, or the gateway automatically approved the Transaction Gateway Response
Code=APPROVED_AUTO.
Bypass the authorization update for an excessive capture
Follow this step to bypass the authorization update for an excessive capture.

Procedure
Select Do not Update Authorization in the Capture dialog box.
The gateway submits an excessive capture to the acquirer and does not update the order totals.

Order subtotals
The merchant can update the following subtotal amounts in an Update Authorization
transaction.
• Item Amount
• Tax Amount
• Shipping and Handling Amount
• Discount Amount (card payments only)

NOTE: The gateway does not validate if the subtotal amounts add up to the transaction amount, that
is, the order amount. However, the MSO must ensure this for the PayPal payments.

Update the surcharge amount

Follow these steps to update the surcharge amount.

Procedure
1. If an MSO has enabled Surcharging, a merchant can update the surcharge amount for an
existing authorization in an Update Authorization transaction.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 52
Order and transactions details
Purchase transaction

If the existing authorization... Then... And...

has the surcharge amount that enter the net amount in the display the breakdown of the
the gateway calculates based New Net Amount field Surcharge and the Total
on your surcharging rules Amount.
has a precalculated surcharge update the amount payable for optionally, specify the included
amount or no surcharge the order in the New Amount surcharge in the Included
amount field Surcharge Amount field.

2. If the merchant has not enabled Surcharging, a Surcharge Amount field displays as a
subtotal amount field alongside other subtotal amounts, that is, item amount, tax amount,
and so on.
a. Enter the revised surcharge amount or the new surcharge amount in the Surcharge
Amount field.

NOTE: For PayPal payments, providing a Surcharge Amount is not supported and Update
Authorization transactions with a value for this field will be rejected.

Purchase transaction
The purchase transaction effectively combines an Authorize and Capture information into one
message.
A single transaction authorizes the payment and transfers funds from the payer's account into
your account.

Capture only
Capture Only captures funds for an order that the merchant has authorized either manually or
through an external system.
The merchant must provide the manually or externally produced Authorization ID to perform the
capture.

Refund only
Refund Only allows the merchant to refund funds from your account back to the payer, without
a previous purchase.
The merchants might perform a Refund only when they want to credit the payer's account
without associating the credit with a previous transaction or receipt.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 53
Order and transactions details
Verify only

Verify only
Verify Only allows the merchant to verify the status of a credit card before performing the
transaction.
Depending on the acquirer, address details or the payer's name may be matched to ensure the
card details are valid.

Create an order Using a Token

If the MSO enables the merchant for gateway tokenization, you can use a gateway token in
place of card details to create an order.
For more information about tokens, see the API online integration documentation.

NOTE: The gateway does not support order creation for ACH and Gift Cards.

Search an order or transaction

Merchants can use the search feature of the Merchant Administration portal to search for
orders or transactions.

About this task

Follow these steps to search an order or transaction.

Procedure
1. Go to Search > Order and Transaction.
The Order and Transaction Search page is displayed.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 54
Order and transactions details
Using the Search for Orders and Transactions

Figure 6: Order and Transaction Search page

2. Select either Orders or Transactions from the drop-down list.

Depending upon your selection, the appropriate orders or transactions filters are displayed.
3. Select More tips to find query tips to simplify your search.

NOTE: The entered or selected dates and times in the order and transaction search are based on
the time zone as determined by your browser.
4. Enter the order or transaction details to refine the search results, and then select Search.

NOTE: When using the searching functionality, you can enter a unique value or custom field. This
means that the search can be used equivalent to a "google search" and you can type in any search
criteria that you prefer, and the result will be returned based on that. The search field can, for
example, return results on most of the API response fields from the API guide. The search will
return the exact as well as close matches, ignoring the case, spelling, and accented characters.

NOTE: The Search Functionality does not support WildCard (*, ?) Searches. Refer to the following
guidelines for more detailed ways to use the search fields and examples thereof.

Using the Search for Orders and Transactions

• When searching for orders the Search page will by default return orders that matches the
search criteria displayed on the page.
• Orders can be preselected in the drop-down menu to the left of the search box.
• To refine the search results, enter the information you have about the order in the search box.
• Use the From and To fields to limit the date range, and modify search options (Order Status,
Payment Method, and so on.).
• When searching for transactions, select Transactions from the drop-down menu to the left
of the search box.
• The page will display search options for transactions (Transaction Source, Transaction Type,
and so on.)

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 55
Order and transactions details
Using the Search Fields

Using the Search Fields

Searching for an order or a transaction by date or a date range

• Use the From and To fields to enter a date manually, or
• Use the date picker to pick a date, or
• Click the quick select link (Today, Yesterday, and so on) to automatically populate these fields.
• If entering the date manually, use simple natural language like "Today" and "3 days ago"(a
mouse over will indicate how the gateway will read the input).
• All orders or transactions that were created on the date or within the date range (inclusive of
From and To dates) will be returned.
• The entered or selected dates are based on the time zone as determined by your browser.
Examples may include - 08/06/2013 (US) or 06/08/2013 (UK) returns all records created on:
– 06 August 2013
– August 6, 2013 3:00 AM
– August 6, 2013 3:15:59 PM
– Today
– 3 days ago

Using one or more terms

• Provide the term or terms separated by a space in the search box.
• If the result list contains too many matches, refine the search by adding more search terms.
• The search returns records matching all the terms.
Examples may include - John Pizzas AUD 10 and Pizzas AUD 100 345678xxxxx4564.

Using an order or a transaction amount

• Provide the amount.
• Use either the currency symbol or the code with the amount.
• The Order search will return all matches for the Order Amount.
• The Transaction search will return matches for both the Order Amount and the Transaction
Amount.
• If required to search for other amounts, for example, Outstanding Authorization Amount or
Refunded Amount on the order, search for a value in a specific field.
Examples may include -
– $145.23
– 145.23 $
– 12,145.23 AUD
– AUD 12,145.23
AUD EUR 100 returns all records with Order or Transaction Amount 100 and Order Currency
AUD or EUR $ returns all records with this Order Currency including, for example, USD and
AUD

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 56
Order and transactions details
Using the Search Fields

Using an account identifier (masked or unmasked)

• Provide an unmasked card number. This search may also return records where any other
identifier, for example, Order ID starts or ends with, or exactly matches these numbers.
• Provide a 6.4 masked card number using "x" as a placeholder for the masked digits. You can
use a single "x" or an "x" for each masked digit.
• If you only know the last four digits of the card number, prefix these with a single "x" to
indicate that you are looking for a masked card number ending in these four digits.
Examples may include -
– 345678901234564
– 345678x4564
– 345678xxxxx4564
– x4564
• Provide a PayPal email address to find all PayPal orders with this account identifier.
Examples may include - [email protected]
• Provide an unmasked International Bank Account Number (IBAN).
• Provide a 0.4 masked International Bank Account Number (IBAN) using an "x" as a
placeholder for any masked characters. You can use a single "x" or an "x" for each masked
character.
Examples may include -
– DE44500105175407324931
– x4931
– xxxxxxxxxxxxxxxxxx4931
• Provide an unmasked ACH account identifier. This identifier is represented in the gateway as
the routing number, followed by a "/" and the bank account number.
• Provide the 0.4 masked ACH account identifier using an "x" as a placeholder for any masked
digits. You can use a single "x" or an "x" for each masked character.
Examples may include -
– 12346789/12345678901234567
– 12346789/x4567
– 12346789/xxxxxxxxxxxxx4567

Using an identifier (Order ID, Merchant Order Reference, Transaction ID, Acquirer
ID, and so on)
• Enter the identifier in the search box.
• Additionally, provide only the first part or the last part of the identifier. The search returns
identifiers that start or end with the search term.
Examples may include - ORDER1 or R1234 returns all records where the fields start or end
with this value, including records with Order ID ORDER1234
• Enclose the identifier in quotes to only return exact matches.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 57
Order and transactions details
Using the Search Fields

Examples may include - ORDER1 or R1234 returns all records where any of the fields starts
or ends with this value, including records with Order ID ORDER1234
• To refine the search results, provide the field label and value separated by a : (colon). If the
field label or value consists of more than one word or contains a colon, enclose it in double
quotes.
Examples may include - "5123456789012346" returns all records where any of the fields has
the value 5123456789012346

Using a name (Account Holder Name, Payer Name, and so on)

• Enter the name in the search box.
• The search will return the exact as well as close matches, ignoring the case, spelling, and
accented characters.
Examples may include - "Jaosn" will match "Jason", smith will match Smith, and Muller will
match Müller, Mueller

Using an exact match "word or phrase"

• Enclose the search term in double quotes.
Examples may include - "John Smith" / "Partially Captured" / [email protected]

Using an order or a transaction amount within a range number..number

• Use two periods between the numbers for a range, or periods before or after the amount to
indicate upper or lower boundaries respectively.
• The range boundaries are inclusive.
Examples may include -
– 20..100
– $20..$100
– $10..100
– 10..100 AUD
..$100 returns records with an Order or Transaction Amount up to and including $100
$10.. returns records with an Order or Transaction Amount above and including $10

Using a value in a specific field "<field label>":" <value>"

• If the result list contains too many matches, refine the search by providing the field.
• Provide the field label and value separated by a : (colon). If the field label or value consists of
more than one word or contains a colon, enclose in double quotes.
• Important to provide the field labels exactly as displayed on the Search page or the Order
and Transaction Details page. You must copy and paste.
• The Search page displays order fields for Order search and transaction fields for Transaction
search.
• The Order and Transaction Details page displays transaction fields in the Transactions pane.
Examples may include -

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 58
Order and transactions details
Using the Search Fields

– "Outstanding Authorized Amount":"USD 20.00"

– "Order Amount":"AUD 111.23"
– "Order ID":ORDER123
– "RRN":123456890123456
– "Payer Name":"John Smith"
"Country":AUS returns records with Country Australia. You must provide the ISO code for the
country, not the country name.
"Order Status":Captured "Payment Method":"Visa" returns records with Order Status
Captured and Payment Method Visa
• If required to find all records where a field value matches more than one value, list all values
but repeat the field name for each value.
Examples may include - "Order Status":Captured "Order Status":"Partially Captured"
returns records with Order Status Captured or Partially Captured
• If required to find records with a specific line item (name, description, amount, and so on), it
is not a requirement to provide the item number.
• The search returns records where any of the items match.
Examples may include - "Name":"Red Dress" returns all records with a line item where the
name matches "Red Dress"
"SKU":WOMAN-REDDRESS-123456 returns all records with a line item where the SKU
matches WOMAN-REDDRESS-123456

Using a value in a specific API field @api. <field name>:"<value>"

• The search allows to search for any field returned in the order or transaction response in the
API.
• Only exact matches will be returned.
• This functionality is useful for advanced users who want to build complex queries for
troubleshooting purposes.
• For the Order search, provide the field name (prefix with @api.) from the RETRIEVE_ORDER
API response and the value separated by a: (colon).
• For the Transaction search, provide the field name (prefix with @api.) from the
RETRIEVE_TRANSACTION API response and the value separated by a: (colon).
• For the API field names and enumeration values, refer to the Retrieve Order (/api/
documentation/apiDocumentation/nvp/version/latest/operation/Transaction%3a
%20%20Retrieve%20Order.html? locale=en_US) and Retrieve Transaction (/api/
documentation/apiDocumentation/nvp/version/latest/operation/Transaction%3a
%20%20Retrieve%20Transaction.html? locale=en_US) operations in the API Online
Reference.
Examples may include -
– @api.response.gatewayCode:APPROVED returns all transactions where the
RETRIEVE_TRANSACTION API response contains the field response.gatewayCode with
enumeration value APPROVED

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 59
Order and transactions details
Export a search result

– @api.response.acquirerCode:00 returns all transactions where the

RETRIEVE_TRANSACTION API response contains the field response.acquirerCode with
value 00
– @api.status:FAILED returns all orders where the RETRIEVE_ORDER API response contains
the field status with enumeration value FAILED
– @api.totalCapturedAmount:100.00 returns all orders where the RETRIEVE_ORDER API
response contains the field totalCapturedAmount with value 100.00
• If required to find all records where a field value matches more than one value simply list all
values but repeat the field name for each value.
Examples may include -
– @api.response.gatewayCode:APPROVED
– @api.response.gatewayCode:PENDING

Export a search result

Merchants can export the order or transaction search result list in CSV format from the Order
and Transaction Search page in portals.

Before you begin

To download orders and transactions in CSV format, the merchant administrator must enable
the operator privileges Download Order Search Results and Download Transaction and
Payment Authentication Search Results respectively.

About this task

Follow these steps to export a search result.

Procedure
Select the Export results to CSV button to download the search results as a CSV file.
Figure 7: Export results to CSV

a. Select the time zone, CSV character encoding format, and the fields to export.
b. Select the + Add Custom Field link to add custom fields to export.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 60
Order and transactions details
Export a search result

Figure 8: Add custom fields

c. Select the added custom field.

This will now appear in the right-hand column under selected fields.
Figure 9: Added custom field selected

You can add any API response field, including itemized fields, to the list of available fields.
You can use any field name from the API Response displayed in the order or transaction
details screen. To add an API field, enter the name of the API field prefixed with api.
For example, api.airline.itinerary.leg[0].carrierCode .
d. Select the Save Selection link to save the selected fields for future use.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 61
Order and transactions details
View an order or transaction

The saved selections display in the Load Saved Selection drop-down list.

View an order or transaction

After performing a search for an order or transaction, the search result list displays on the Order
and Transaction Search page. The merchant can view the details of a particular order or
transaction from the search result list.

About this task

Follow these steps to view an order or transaction.

Procedure
1. From the search result list, select View.
Figure 10: View order

The details of your selected order or transaction display.

2. Select Learn about this page if you need assistance performing activities, such as those
related to the risk assessment of orders.
3. Select actions from the Actions menu to perform actions on orders or transactions.
For more information about the Actions menu fields, see Actions menu fields.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 62
Order and transactions details
Order and Transaction Details

Order and Transaction Details

In "Learn about this page", more detailed information is available for the order status; the order
totals; the status of the risk assessment and actions that can be performed on orders.
Select each of these on the Portal for more detail:
• View the order status.
• View order totals.
• View the status of risk assessment.
• Perform actions on orders.
• Order Status - The status of the order is displayed on the right in the top pane. The order
status for a transaction always reflects the status of the order, not the status of the order at
the point in time the transaction occurred.
Refer to the detailed list reflecting the order statuses and meanings.
• Order Totals - The order total is displayed on the left in the top pane. The order totals include
the Outstanding Authorized Amount, Captured Amount, Refunded Amount, and Total
Chargeback Amount for successful transactions only.
Refer to the detailed list of order totals.
• Order Funding Status - The funding status of the order is displayed in the summary section
underneath the top pane. The funding status reflects the current status of the funding for
the money that you can reasonably expect for this order. It reflects both money into and out
of your bank account (that is, both sales and refunds).
Refer to the detailed list reflecting the order funding status and meanings.
• Risk Status - The status of risk assessment is displayed on the right (below order status) in
the top pane. This status indicates if you need to take any action. The actions appear in the
Actions menu on the far right in the top pane. The Risk Details section lists both transaction
filtering rules and external risk rules that may have been applied to the order.
Refer to the detailed list of transaction filters.
• Perform Action on Orders - The actions that are available to perform on an order appear in
the Actions menu on the far right in the top pane. Note that subsequent actions on the order
depend on the payment method and the stage in the payment cycle.
Refer to the detailed list of actions and meanings available.

Action menu fields

The merchant can perform subsequent actions on the selected transaction after the search is
performed.
This table describes the Actions menu fields.

Field Description
Authorize The merchant can perform this action to create an
Authorization or a Payment transaction.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 63
Order and transactions details
Add card numbers from the suspect or trusted Cards list

Field Description
Capture The merchant can perform this action to request
funds from the payer's account for an authorized
transaction.
Refund The merchant can perform this action to return
funds to the payer's account. If there are multiple
captures, merchants can use the Capture
Transaction ID to refund the amount for a specific
capture.
Update Authorization The merchant can perform this action to either
increase or decrease the Authorized amount for an
order, extend the validity period for an
Authorization, or both.
Void Last Transaction The merchant can perform this action to void the
last transaction on the order, which can be
Authorization, Capture, or other.
Void Authorization The merchant can perform this action to void an
order with successful Authorization that the
gateway has partially captured.
Clone The merchant can perform this action to use
existing details of an order to create a new order.

NOTE: Select Learn about this page if you need assistance with performing actions including actions
associated with risk assessment of orders.

Add card numbers from the suspect or trusted Cards list

The merchant can add card numbers from the suspect or trusted Cards list.

About this task

Follow this step to add card numbers from the Suspect or Trusted Cards list.

Procedure
Add the suspect or trusted cards from the Account Identifier drop-down list on the Order and
Transaction details page.
SAQ-A compliant merchants can add cards directly to the suspect or trusted Cards list using the
Transaction Filtering option on the main menu.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 64
Order and transactions details
Remove the suspect and trusted cards

Figure 11: Add the suspect or trusted card

Remove the suspect and trusted cards

The merchant can remove card numbers from the suspect or trusted Cards list.

About this task

Follow this step to remove the suspect and trusted cards.

Procedure
Remove the suspect or trusted cards from the Account Identifier drop-down list on the Order
and Transaction details page.

Search criteria for risk assessment

If the MSO or the Risk Service Providers have configured the Transaction Filtering rules, the risk
assessment fields display as search criteria in the order search.
This table describes different search criteria for risk assessment.

Description of the valid

Search criteria Description Valid Value value
Risk Assessment Result Specifies the overall Review required Specifies that the Risk
result of the risk Service Provider
assessment for the assesses the order for
order. risk and requires a
review.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 65
Order and transactions details
Search criteria for risk assessment

Description of the valid

Search criteria Description Valid Value value
- - Accepted Specifies that the Risk
Service Provider
assesses and accepts
the order for risk.
- - Rejected Specifies that the Risk
Service Provider
assesses and rejects the
order for risk.
- - Not Assessed Specifies that the Risk
Service Provider does
not assess the order for
risk except for risk
assessment by the
MSO-configured rules
and these rules do not
reject the order.
Review Decision Status The status of the risk Pending Specifies the order that
review for the order requires a risk review.
after the review.
- - Accepted Specifies that the Risk
Service Provider reviews
and accepts the order
for risk.
- - Rejected Specifies that the Risk
Service Provider reviews
and rejects the order for
risk.
- - Not Required Specifies the order does
not require a risk review.
- - Overridden Specifies that the Risk
Service Provider has
rejected the order and
the merchant chooses to
override this decision by
accepting the order.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 66
Order and transactions details
Order and transaction fields for risk assessment

Order and transaction fields for risk assessment

The risk for risk service providers also opens with the Order and Transaction Details page, which
displays the following fields that are applicable to risk service providers only.
Merchants can export rule information specific to the risk service provider in a CSV file using the
Export Results to CSV button.
This table describes different fields that the merchant can use with their values in the search
box to refine their search results. Merchants can use these fields with their values in the search
box to refine your search results. For example, Rule ID: 101.

Search criteria Description

Risk Assessment Total Score Specifies the total of the risk scores for all risk rules
that the risk service provider applies when
assessing the risk of the order.
Review Decision Note Specifies that the risk service provider enters a
note in their system while reviewing the order and
decides to accept or reject the order.
Review Decision User ID Specifies the person who reviewed the order and
decided to accept or reject the order.
Review Decision Time Specifies the date and time when the risk service
provider decided to accept or reject the order.

Rules for risk service providers

Merchants can export rule information specific to the risk service provider in a CSV file using the
Export Results to CSV button.
This table describes the various fields that are applicable to risk service providers.

Field Description
Risk Provider Specifies the name of the risk service provider that
risk assessed the transaction.
Rule ID Specifies the unique identifier for the risk rule
provided by the risk service provider.
Rule Type Specifies information on the entity who defined
the rule, for example, the risk service provider. Note
that this field is not available for search.
Rule Description Specifies description of the risk rule.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 67
Order and transactions details
Search criteria for funding status

Field Description
Rule Outcome Specifies the risk service provider's risk assessment
score for the order based on the risk rule.

Search criteria for funding status

The service provider provides information about the Funding statuses and movement of funds
into the merchant's bank account.
By default, a search includes all funding statuses. The order and transaction details page
includes the funding status, amount, and currency for orders and transactions.
This table describes the various Funding Status values that you can use as search criteria in the
order and transaction search.

Funding Status Description

Funding Not Supported All transactions on the order settle with a payment
provider who does not provide funding information
to the gateway.
Non-Funded No transactions on the order result in a transfer of
money to or from the merchant's account.
Funding in Progress Some transactions on the order that result in the
transfer of money to or from the merchant's
account, but some money transfers have not yet
completed. This is usually a transient state.
Funding Assured The service providers should settle all transactions
that potentially result in the transfer of money to
or from the merchant's account, but they have not
yet settled. In this situation, the service providers
might not be aware of the exact amount of the
transferred funds.
Funded The service provider clears and settles all
transactions that cause a transfer of money to or
from the merchant's account.
Funding Failed All transactions on the order result in a money
transfer to or from the merchant's account, but
the service provider is unable to complete the
transfer due to a problem with the account. This
might be a transient state.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 68
Order and transactions details
Search for the tokens

Funding Status Description

Funding On Hold The service provider has not yet received payment
from the payer for all transactions on the order
that may result in a money transfer to or from the
merchant's account. In the case of an order with a
refund, the service provider was not able to return
funds to the payer. The merchant might need to
contact the payer to unblock this condition.

Search for the tokens

Token search allows the merchants to retrieve details of a token by entering a token ID in the
Token Search box. You can retrieve details for tokens associated with cards, gift cards, or ACH
payment.

About this task

Follow these steps to search for the tokens.

Procedure
1. Search for tokens using:
– Token ID
– Card number
– Expiration date
– Gift card number
– ACH payment details
2. If you have the aggregator privilege, use the Sub Merchant ID field to limit the result list to
tokens for a specific sub-merchant.
This finds all tokens that match the search criteria.

NOTE: Searching for tokens created using external repositories is currently not supported.

Update or delete token guideline

If a merchant administrator has enabled the May Maintain Tokens operator privilege for you,
you can update or delete tokens.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 69
Settlement of orders

Chapter 5 Settlement of orders

The Merchant Administration portal allows merchants to settle their customer's orders automatically or
manually with their acquirer. Settlement functionality allows users, such as merchant operators, to view
the set of orders that are billed to the customer but not yet settled with the acquirer.

Before you begin....................................................................................................................................................71

View unsettled transactions............................................................................................................................... 72
Unsettled Transactions Summary................................................................................................................72
Transactions by currency................................................................................................................................72
Batch Closure Receipt.....................................................................................................................................73
Search for settlements........................................................................................................................................ 73
Settlement List................................................................................................................................................74
Settlement Details..........................................................................................................................................75

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 70
Settlement of orders
Before you begin

Settlement
Settlements are balance operations between the merchant's account and an acquirer's record.
Orders are unsettled transactions that a user can settle based on their privilege.
Based on their merchant profile settings, users can perform settlement in one of the two ways where
one is manual and other is automatic that requires no user intervention:

Automatically The settlement time is configured while creating a merchant profile.

Manually The merchants settle their orders themselves at any time.

The Settlement functionality is divided into two sections:

Settlement This section displays orders in the current settlement that are to be settled.
Settlement History This section allows a user to search and view orders that are already
Selections settled.

NOTE: This functionality does not cover ACH settlements.

Before you begin

You require the following privileges at the merchant and operator levels to perform manual
settlements.

At the merchant level

You must have the following privileges:
• Perform Reconciliations
• View Settlement Pages
• Manual Batch Closure
For more information, see the Merchant Manager User Guide or contact your MSO to get these
privileges enabled.

At the operator level

You must have the following privileges:
• View Settlement Pages
• Initiate Manual Batch Closure
• Perform Settlements
For more information, see the Merchant Administration Operator Details page in this guide.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 71
Settlement of orders
View unsettled transactions

View unsettled transactions

Unsettled transactions can also be called as current orders awaiting settlements.

About this task

Follow these steps to view the unsettled transactions.

Procedure
1. Select Settlement > Pre-settlement Summary.
If you have multiple acquirer links, the Settlement Acquirer Link Selection page is displayed.
The card types and currencies configured for the acquirer link is also displayed.
2. Select the required Acquirer ID from the available options and then select Submit.
The Unsettled Transactions Summary page is displayed.
3. The Settlement page shows the current orders awaiting settlement. It details a settlement
by currency. Each row for a currency provides details for transactions processed by a specific
card type.
4. Select Settle Now to settle a batch of unsettled transactions.
This option is available only if you have the Initiate Manual Batch Closure privilege.
The Batch Closure Receipt page is displayed.

Unsettled Transactions Summary

The Unsettled Transactions Summary page displays lists of transactions by currency. The Settle
Now button allows you to settle all pending orders.
This table describes the fields available on Unsettled Transactions Summary page.

Field Description
Number of Batches Currently Open The number of the batches that are currently open.

Merchant ID The unique alphanumeric identifier assigned for

each merchant account or profile.

Acquirer ID The unique identifier of the card-processor to

which the order is directed for processing.

Transactions by currency
The transactions are grouped into sections by the transaction currency.
This table describes the fields of Transactions by summary page.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 72
Settlement of orders
Batch Closure Receipt

Field Description
Card Types The type of cards in transactions. For example,
Mastercard, Visa, Discover, and so on.
Debits Count The number of debits in the settlement batch.
Total Debits or Debits Amount The total amount of debit in the settlement batch.
Credit Count The number of credits in the settlement batch.
Total Credits The total credit amount in the settlement batch.

Batch Closure Receipt

The Batch Closure Receipt page contains details about the batch that is settled using the Settle
Now button on the Unsettled Transactions Summary page.
This table describes the fields available in the Batch Closure Receipt page.

Field Description
No. of Batch being Closed The number of the batches closed in a transaction.

Merchant ID The unique alphanumeric identifier assigned for

each merchant account or profile.

Acquirer ID The unique identifier of the card-processor to

which the order is directed for processing.
Note: If an acquirer link is configured to have
multiple acquirer relationships, then the acquirer
link is suffixed with the Bank Merchant ID following
a hyphen. For example, ANZ via FDRA — 12345
where "ANZ via FDRA" is the acquirer link and
"12345" is the Bank Merchant ID.

Status The batch status.

Search for settlements

An operator can search for current or completed settlements.

About this task

Follow these steps to view settled transactions.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 73
Settlement of orders
Settlement List

Procedure
1. Go to Settlement > Settlement Search.
The Settlement Search screen is displayed.
2. In Search for Settlements section:
a. Enter the Merchant ID.
b. Enter the date range of orders in From Date and To Date fields. The required format
should be, for example, 11/15/05 3:45 PM or 1/15/05.
If the From Date field is empty, the Merchant Manager portal displays all transactions
up to the current date. The date and time values are based on the operator's time zone
as configured on the Merchant Manager portal.
c. Enter the Batch Number.
The batch value of Mastercard cannot be used for communications with the processor
or the processor's back-end processing network.
d. Select the status of the required settlement in the Settlement Status drop-down list.
Default value is All Settlement Responses.
e. Select the acquirer, to which the settlement is sent, in the Acquirer ID drop-down list.
Default value is All.
3. Select Submit.
The Settlement List screen displays details of the settlements based on the search
parameters.
4. Select the Batch Number link corresponding to a settlement to view its details.
The Settlement Details page displays merchant and acquirer settlement details and its
comparison.

Settlement List
The Settlement List page displays information about settled batches.
This table describes the fields available in the Settlement List page.

Field Description
Acquirer ID The identification value of the card-processor.
Batch Number The identification value of the settled batch.
Settlement Date The date and time when the batch is settled.
Debits Count The number of debits in the settled batch.
Credits Count The number of credits in the settled batch.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 74
Settlement of orders
Settlement Details

Settlement Details
The Settlement Details page consists of two sections:
• Merchant and Acquirer Settlement Details
• Merchant and Acquirer Settlement Details Comparison
The transactions in the Merchant and Acquirer Settlement Details Comparison section are
grouped by currencies.

Merchant and Acquirer Settlement Details

This table describes the fields available in the Merchant and Acquirer Settlement Details
section.

Field Description
Merchant ID The identification value of the merchant.
Acquirer ID The unique identifier of the card-processor to
which the order is directed for processing.
Settlement Batch number The identifier for the batch to which the
transactions belong.
Submission Date The date on which the settlement occurred.
Settlement Response The response received back from the acquirer.
Payment Method The method of funds transfer used for the
transaction. For example, Credit.

Merchant and Acquirer Settlement Details Comparison

This table describes the fields available in the Merchant and Acquirer Settlement Details
Comparison section.

Field Description
Currency The currency used for the transaction.
Debits Count The number of debits in the settlement batch.
Total Debits or Debits Amount The total debit amount in the settlement batch.
Number Credits The number of credits in the settlement batch.
Total Credits The total credit amount in the settlement batch.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 75
Payer authentication through 3-Domain Secure

Chapter 6 Payer authentication through 3-Domain

Secure
The gateway supports payer authentication by using 3-Domain Secure™ (3-D Secure or 3DS).

3DS authentication results................................................................................................................................. 77

3DS benefits..........................................................................................................................................................77
3DS authentication versions...............................................................................................................................78
EMV 3DS...........................................................................................................................................................78
Before you begin....................................................................................................................................................78
3DS payer experience...........................................................................................................................................79
How the EMV 3DS checkout flow works.....................................................................................................79
Order and transaction search.............................................................................................................................80
Search an order status of an authenticated payer...................................................................................80
Search the transaction details of an authenticated payer......................................................................80
Authentication search result examples........................................................................................................81
Download the search results.........................................................................................................................81
View payer authentication details.....................................................................................................................83
Payer authentication details......................................................................................................................... 83
Payment Authentications search details..........................................................................................................83
Search Payment Authentication field details.............................................................................................84
Payment Authentications search parameters........................................................................................... 84
Payment Authentications list page details.................................................................................................85
Specific payment authentication details...............................................................................................86
Response details................................................................................................................................... 88
Extended response fields ....................................................................................................................89
Download the payment authentication data............................................................................................ 89

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 76
Payer authentication through 3-Domain Secure
3DS authentication results

3DS is an authentication protocol that is designed to reduce fraud and provide more security for the
e-commerce transactions. 3DS enables the merchant to authenticate the payer at their card issuer
before submitting the Authorization or Purchase transaction.

3DS authentication results

Merchant Administration enables you to search and view the results of 3DS authentication.
You can view records of every attempt at 3DS authentication by your payers.

3DS benefits
3DS offers the following benefits to the merchant:
• Protection against fraud as the payer is authenticated at their card issuer.
• Shift of liability. Payments where 3DS is performed shifts the liability to the issuer. If a payer
disputes the payment and claims a chargeback, the liability for fraudulent chargebacks shifts
from the merchant to the issuer.
• Enhanced security on payments as the Access Control Server (ACS) of an issuer assesses a
payer for risk.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 77
Payer authentication through 3-Domain Secure
3DS authentication versions

3DS authentication versions

The gateway supports EMV 3DS.

EMV 3DS
EMVCo has designed EMV 3DS, which is a new authentication version, and most of the card
schemes have adopted this version.
This version provides enhanced security during online purchases.
It provides a frictionless checkout experience for payers wherever applicable. For example, an
issuer might bypass the authentication challenge if the payment is at low risk.
The following items are the supported authentication schemes for EMV 3DS:
• Mastercard SecureCode™2.0
• Verified by Visa™2.0
• American Express SafeKey™2.0
• JCB J/Secure™2.0
• Discover ProtectBuy™2.0
Access Control Server (ACS) uses the information from various sources to determine the risk.
ACS can obtain information from a merchant, browser fingerprinting, and previous interactions
with a payer. ACS subjects a payer to a challenge only when the additional verification is
mandatory to authenticate a payer. This authentication version is also known as 3DS2 in the
gateway.
For more information about how to add 3DS authentication to your gateway integration, see
EMV 3-D Secure Authentication in the API online Integration Guidelines.

Before you begin

This section provides information to perform the 3DS authentication.
To perform the 3DS authentication, your merchant profile must be enabled for the 3DS
authentication scheme and the authentication version, EMV 3DS.
• For Mastercard, VISA, and American Express, you can be enabled and configured for EMV
3DS.
If you are enabled and configured for 3DS, the gateway attempts EMV 3DS. If not available,
authentication is not performed.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 78
Payer authentication through 3-Domain Secure
3DS payer experience

3DS payer experience

This section describes the process related to the 3DS payment experience of a payer.
The checkout flow for a payment differs depending on whether the card that the payer has
selected supports EMV 3DS.

How the EMV 3DS checkout flow works

These are the stages of the checkout flow for a successful authentication where you are enabled
for EMV 3DS, a payer is enrolled for EMV 3DS.
1. The payer
a. browses your shop site.
b. selects one or more products.
c. proceeds to check out.
d. selects to pay with a card that supports EMV 3DS.
2. The gateway
a. checks if the card is enrolled for EMV 3DS.
b. proceeds to initiate the authentication.
3. The issuer
a. determines the authentication flow based on the risk associated with the payment.
b. offers either of the following flow.
i. Frictionless Flow: No authentication challenge is presented. The gateway performs
the payment and redirects the payer back to your site.
ii. Challenge Flow: If the issuer wants a payer to respond to a challenge, the gateway
redirects the browser of a payer to the ACS of an issuer, which presents its
authentication UI. The payer must respond to the authentication challenge.
c. returns the browser of a payer to the gateway.
4. The gateway
a. retrieves the authentication result from the ACS of an issuer.
b. processes the payment with the authentication details.
c. redirects the payer back to your site.
5. The merchant
a. displays the order confirmation page to the payer.
If you are enabled and configured for 3DS verification, the gateway attempts EMV 3DS. If not
available, authentication is not performed.

NOTE: If a payer does not authenticate successfully or does not enroll in EMV 3DS, then the gateway
will determine the next steps based on the authentication details from the issuer and the 3-D Secure
Risk Rules. For more information, see 3D-Secure Rules.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 79
Payer authentication through 3-Domain Secure
Order and transaction search

Order and transaction search

The Order and Transaction Search feature in the Merchant Administration portal enables you to
search for payer authentication transactions.
It includes EMV 3DS authentication transactions processed through the Authentication API. For
more information about the Authentication API, see the EMV 3-D Secure Authentication in the
API online Integration Guidelines.

Search an order status of an authenticated payer

If you want to search for authentication orders processed through the legacy 3DS
implementation, use Payment Authentications Search.

About this task

Follow these steps to see an order status of an authenticated payer.

Procedure
1. Go to Search > Orders and Transactions.
2. Select Orders as the search criteria from the drop-down list.
3. Select value from the Order Status drop-down list.
You can select multiple values from the drop-down list.
4. Select Search.

Search the transaction details of an authenticated payer

This section describes the steps to search the transaction details.

About this task

Follow these steps to see transaction details of an authenticated payer.

Procedure
1. Go to Search > Orders and Transactions.
2. Select Transactions as the search criteria from the drop-down list.
3. Enter value in the Transaction Type drop-down list.
4. Select Search.
For more information about the Order and Transaction search page, see More tips.
Merchants can save their preferred search through the Save search link.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 80
Payer authentication through 3-Domain Secure
Authentication search result examples

Authentication search result examples

You can refine the authentication search results through entering different search queries in the
Search box.

Authentication Use the Payer Authentication Status field to search based on the
Status authentication status.
• "Payer Authentication Status":"Authentication Successful"
• "Payer Authentication Status":"Authentication Available"

Authentication Type Use the field “Payer Authentication Type” to search based on the
authentication version – EMV 3DS.
• "Payer Authentication Type":"EMV 3DS"

Authentication If the merchant uses payer authentication across multiple channels, for
Channel example, website and mobile app, then you can use the following API fields to
refine the results.
For order search:
• @api.transaction.authentication.channel:"PAYER_BROWSER"
• @api.transaction.authentication.channel:"PAYER_APP"
For transaction search:
• @api.authentication.channel:"PAYER_BROWSER"
• @api.authentication.channel:"PAYER_APP"

Download the search results

You can download the search results as a CSV file through the Export results to CSV button.

About this task

Follow these steps to download the search results.

Procedure
1. Go to Search > Orders and Transactions.
Based on your search choices, the results display at the bottom of the screen.
2. Select the Export results to CSV button.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 81
Payer authentication through 3-Domain Secure
Download the search results

Figure 12: Export results to CSV

3. (Optional) Select values from the Time Zone and Format drop-down lists.
4. (Optional) Select fields from the Available Fields list.
5. (Optional) Select the + Add Custom Field link to add custom fields.
Figure 13: Add custom fields

a. Select the added custom field.

This will now appear in the right-hand column under selected fields.
b. Add any API response field, including itemized fields, to the list of available fields using
the +Add Custom Field link.
c. To add an API field, enter the name of the API field prefixed with API.
For example, api.authentication.channel is returned in the API response for transaction
search. You can use any field name from the API Response displayed on the Order and
Transaction screen.
6. Save the selected fields for future use.
7. Select the Save Selection link.
8. Enter a name for the selection.
The selected name displays in the Load Saved Selection drop-down list.
9. Select Export.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 82
Payer authentication through 3-Domain Secure
View payer authentication details

View payer authentication details

You can view authentication details for both, individual authentication and authentications that
proceeds with the payment on the Order and Transaction screen.

About this task

Follow these steps to view payer authentication details.

Procedure
1. Go to Search > Orders and Transactions.
2. Select View on the transaction or the order record in the search results.
The result screen is displayed.
3. Select View in the Transactions section.
You can see the individual response fields associated with the authentication transaction.

Payer authentication details

This section describes the information related to payer authentication.
• Authentication Version: EMV 3DS (3DS2)
• Authentication Status: This can be one of the following values:
– Authentication Attempted
– Authentication Available
– Authentication Failed
– Authentication Not Supported
– Authentication Pending
– Authentication Rejected
– Authentication Successful
– Authentication Unavailable
• 3DS ECI: Indicates the security level of the transaction. 3DS ECI is the Electronic Commerce
Indicator (ECI) value that the issuer's ACS processes to indicate the results of the attempt to
authenticate the payer.
The API Response shows the authentication response returned by the gateway to the
Authenticate Payer operation.

Payment Authentications search details

This section describes the payment authentications search details.
To see the 3DS version authentication that is processed through the legacy 3DS
implementation, and authentication details for EMV 3DS authentication processed through the
Authentication API, use the Payment Authentications Search option.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 83
Payer authentication through 3-Domain Secure
Search Payment Authentication field details

Search Payment Authentication field details

This section describes the steps to search the payment authentication field details.

About this task

Follow these steps to search Payment Authentication details.

Procedure
1. Go to Search > Authentications.
2. Use the fields on the Payment Authentications Search page to find the required payment
authentication details.
3. Select Submit to start the search.
The search results display on the Payment Authentication List page.

Payment Authentications search parameters

Following are the search parameters.

Table 1: Payment authentications search parameters field details

Field Description
From/To Specifies the search for orders within a date range.
If you clear the From field, all transactions up to
the current date is displayed. The From and To
dates are based on the time zone of an operator as
configured in Merchant Administration.
Authentication ID Specifies the search for an order with a particular
authentication ID.
Card Number Specifies the search for an order using a specific
card number.
Order Reference Specifies the search for an order created with
specific Order Reference text.
Currency Specifies the search for orders processed by a
particular currency or all currencies.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 84
Payer authentication through 3-Domain Secure
Payment Authentications list page details

Field Description
Authentication Type Specifies the search for a particular type of 3DS
authentication. Select an authentication type from
the drop-down list or leave the default entry to
display all authentication types. Following are the
possible options.
• All Authenticated Transactions
• Mastercard SecureCode
• Verified By Visa
• JCB J/Secure
• American Express SafeKey
• Discover ProtectBuy
• UnionPay 3-D Secure

Authentication Result Specifies the search for transactions with a

particular authentication status. Select an
authentication status from the list or leave the
default entry to display all of them. Following are
the available types of authentication status.
• All Authenticated Transactions
• Authenticated Transactions – Successful
• Authenticated Transactions – Failed
• Authenticated Transactions – Undetermined
• Authenticated Transactions – Not Enrolled

Number of Results to Display on Each Result Page Specifies the number of rows of search results that
you want to see on a single page.
Leave this field blank for the default number of
search results to display.

Payment Authentications list page details

The Payment Authentication List page displays the search results and the following information
for each authentication.

Table 2: Payment authentication list page field details

Field Description
Authentication ID Specifies as a unique identifier for the
authentication attempt. You can see the
authentication details through the ID.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 85
Payer authentication through 3-Domain Secure
Specific payment authentication details

Field Description
Authentication Type Specifies the type of 3DS authentication. Following
are the available authentication types.
• Verified by Visa
• Mastercard SecureCode
• JCB J/Secure
• American Express SafeKey
• Diners ProtectBuy
• UnionPay 3-D Secure

Order Reference Specifies a merchant-supplied identifier for the

order. User uses the order reference to identify
their orders. For example, a booking reference
number.
Amount Specifies the total amount of the order in the
transaction currency. For example, AUD $100.00.
Date Specifies the user-locale date and time at which
the order was created.

Specific payment authentication details

You can see the details of an individual payment authentication through the Authentication ID
that displays as a search result on the Payment Authentication Details page.
Following are the fields for a specific payment authentication.

NOTE: You might not see all the fields listed here. Depending on your configuration, some fields may be
enabled or disabled.

Table 3: Specific payment authentication fields

Field Description
Authentication ID Specifies a unique identifier for the authentication
attempt.
Date Specifies the user-locale date and time at which
the order was created.
Card Number Specifies the card number used in the order
displayed in the card format configured on your
profile.
Amount Specifies the total amount of the order in the
transaction currency. For example, AUD $100.00.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 86
Payer authentication through 3-Domain Secure
Specific payment authentication details

Field Description
Authentication Type Specifies the type of payment authentication.
• Verified by Visa (Visa 3-D Secure)
• Mastercard SecureCode 3-D Secure
• JCB J-Secure
• American Express SafeKey
• Discover ProtectBuy
• UnionPay 3-D Secure

Verification Token Specifies the token generated at the card issuer to

indicate that the payer authentication occurred
and the 3DS data provided is valid. Depending on
the card scheme, following items are the generated
tokens.
• Visa CAVV (Customer Authentication
Verification Value)
• Mastercard UCAF (Universal Payer
Authentication Verification Value)
• American Express AEVV (American Express
Verification Value)

Verification Security Level Specifies the 3-D Secure Electronic Commerce

Indicator (ECI) value that is submitted to the
acquirer.
3-D Secure VERes.enrolled Indicates if the cardholder is enrolled for 3DS at
the time of the transaction. The available values
are:
• Y - Yes
• N - No
• U - Undetermined. For example, the directory
server was unavailable when verifying
enrollment.

3-D Secure XID Specifies a unique transaction identifier that the

gateway generates on behalf of the merchant to
identify the 3DS transaction.
3-D Secure ECI Specifies the 3-D Secure Electronic Commerce
Indicator (ECI), as returned from the issuer in
response to an authentication request.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 87
Payer authentication through 3-Domain Secure
Response details

Field Description
3-D Secure PARes.status Indicates the result of the payer authentication.
The available values are:
• Y – Yes
• N – No
• A – Attempted authentication but failed. For
example, the payer failed to enter the correct
password in three attempts.
• U – Undetermined. The payment authentication
system was unavailable at the time of the
authentication.
For more information about how to interpret the
authentication result based on the 3-D Secure
PARes.status field, see the card scheme
documentation.

Time taken (milliseconds) Specifies the payment authentication-specific

field, which indicates the time taken in milliseconds
for the payment authentication.
Financial Transaction Number Specifies an automatically generated number that
identifies the transaction in a unique way. This
identifier is unique within the merchant.

Response details
You can see or hide the response details through the Show or Hide button.

Field Description
VERes Specifies the details of the Verify Enrollment
Response (VERes), in the XML format. The details
are received in response to the Verify Enrollment
Request (VEReq) message that the Payment
Server sends to the Directory Server. If the card is
enrolled for 3-D Secure, VERes will contain the
address of an Access Control Server (ACS).
PARes Specifies the details of Payer Authentication
Response (PARes) in the XML format. The details
are received in response to the Payer
Authentication Request (PAReq) message that the
Payment Server sends to the Access Control Server
(ACS). PARes contains the verification result.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 88
Payer authentication through 3-Domain Secure
Extended response fields

Extended response fields

This table describes the extended response fields that display only if an error message returns
from the Directory Server (DS) or Access Control Server (ACS).

Field Description
Source Specifies the source of the fields. For example,
ACS, DS, and so on.
Message Type Specifies the type of the message, Invalid Request
Response (IREQ), or Error.
Error Message Version Specifies the version of the message as the ACS or
DS returns.
Error Code Specifies the error code that ACS or DS returns.
Error Detail Specifies the message details that ACS or DS
returns.
Vendor Code Specifies the vendor code for ACS or DS.
Error Description Specifies the description of the error that ACS or
DS returns.

Download the payment authentication data

This section describes the steps to download the payment authentication data.

Before you begin

• Ensure you have the Download Transaction and Payment Authentication Search Results
privilege to download the payment authentication data.

About this task

Follow these steps to download the payment authentication data.

Procedure
1. Go to Search > Authentications.
2. Select the file format from the drop-down list under the Download button.
3. Select the Download button.
If you select the CSV file format from the drop-down list, it contains orders with the
associated payment authentication data that matches the search criteria.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 89
Batch management

Chapter 7 Batch management

The Batches page allows you to upload batches of transactions for processing to the payment gateway.

Upload a batch......................................................................................................................................................91
Batch status list....................................................................................................................................................92
Download the batch response............................................................................................................................93

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 90
Batch management
Upload a batch

In addition to allowing the upload of batches of transactions for processing to the payment gateway,
the user can also:
• View the status of the batch that you uploaded for processing.
• Download the batch response file that contains the result of each of the uploaded operations.

NOTE: You can apply surcharging to transactions uploaded through Batch. For information about
surcharging, see Configure Surcharge Rules.

Upload a batch
This section allows you to upload a batch file containing the transactions for processing.

Before you begin

The Batch Upload section displays only if you have the May Upload Batch Files operator
privilege.
The links provided in this guide are for a test environment. To access a production environment,
you must follow the appropriate steps. The Merchant Admin Portal may be accessed as an
administrator or user.

About this task

Follow these steps to upload a batch:

Procedure
In the Merchant Admin Portal, go to Batches.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 91
Batch management
Batch status list

Figure 14: Batches page

a. Enter the API version that matches the field names in the batch file.
For example, if version X is entered then the operations accepted are those supported in
version X of the API.

NOTE: Entering an invalid value will return an error during batch file validation. Entering an
unsupported value will return errors on all operations in the batch response file.
b. Select the character encoding of the batch file from the Batch File Encoding drop-down list.
The list contains supported encoding types. For example, UTF-8 and Latin1 (ISO-8859-1).
c. Select Browse to upload the batch file that you want to upload for processing.
The batch file name is used as the batch name. This file must comply with the Native
Format (CSV). For information on the Native Format, see the Batch online integration
documentation.
d. Select Upload to upload all the details including the batch file.

Batch status list

This section displays all the batch files that you have uploaded successfully on the payment
gateway for processing.
The order of display is based on the upload completed date with the most current date
displayed first. Only 50 entries are displayed with details in the list.
This table describes the fields of the Batches section.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 92
Batch management
Download the batch response

Field Description
Batch Name The name of the batch file containing operations.

Total Records The total number of operations in the batch.

Upload Completed The time and date when uploading of all records got complete.

Batch Status The current processing status of a batch. The valid values are:

Uploading The batch upload operation is in process.

Uploaded The batch has uploaded Successfully.

Validated The batch is successfully validated.

Ready The batch is ready for processing.

Processing The batch processing has started.

Complete The batch processing is complete.

Processed The total count of records processed.

Errors The total count of records that have timed out or cannot process
due to system errors.

Last Action Time and date of the last action on the batch.

Processing Completed The time and date when the batch processing was completed and
all records were in their final state.

Response File This column displays the Download link to download the batch
response file.

NOTE: The Response File column appears only if you have the
May Download Batch Response Files operator privilege.

Download the batch response

The batch response file contains values for all the fields specified in the uploaded batch file.

Before you begin

The download link is visible only for the batch with batch status as Complete.

About this task

Follow these steps to download batch response:

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 93
Batch management
Download the batch response

Procedure
1. Go to the Batches section to locate the response file that you want to download.
2. Select Download to open or save the file on your local machine.

NOTE: The information provided in the batch response file is based on the fields specified in the
batch upload file. You might find it useful to include API fields such as response.gatewayCode and
error.cause to identify problems in processing operations. For more information about fields that
you can include in the response, see the Batch Online Integration Documentation.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 94
Gateway reports

Chapter 8 Gateway reports

Gateway reports display the details of all your transactions that the payment gateway processes.

Search gateway reports...................................................................................................................................... 96

Gateway Report Search...................................................................................................................................... 97
Gateway report details........................................................................................................................................98

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 95
Gateway reports
Search gateway reports

Within the portal, you can easily generate and download customized reports by specifying required
dates, time interval, and currency.
The transaction details can be searched and listed in the gateway reports by:
• Date
• Merchant profile type, for example, test or production
• Time intervals, for example, daily, weekly, monthly, or yearly, and
• Currency, for example, AUD, USD, and so on.

Search gateway reports

About this task

Follow these steps to search the gateway reports:

Procedure
1. Select Reports > Gateway Reports.
2. Enter the search parameters based on which the gateway generates the report.
3. Select Submit.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 96
Gateway reports
Gateway Report Search

Gateway Report Search

A gateway report is a list that provides the aggregated details of transactions processed by
acquirers for specified period.
This table describes the fields that can be specified as search criteria for a gateway report.

Field Description
From or To Date Search for transactions within a date range. If you
clear the From Date field, all transactions up to the
to date are displayed.
Date Type Search by transaction date or settlement date.
• Transaction Date: Specifies the date and time
that the gateway considers the processing of
the transaction to have occurred. This date is
based on the operator’s time zone.
The gateway reports that you search by the
transaction date do not include transactions
that are flagged for risk review.
• Settlement Date: Specifies the expected date
of funds transfer between an issuer and an
acquirer. This date is based on the acquirer's
time zone.

Time Interval Specify the time granularity that you use to

aggregate transactions:
• Daily
• Weekly
• Monthly
• Yearly

Start Time for Time Interval Specifies the start time for time interval
Reports are generated for 24-hour periods from
the start time of the time interval as defined in this
field. By default, start time is 00:00.
This field is not applicable if you search by
settlement date.

Acquirer Specifies the acquirer whose transactions that you

want to view in the report.
Card Scheme Specifies the card scheme used for the transaction.
For example, Mastercard or Visa.
Currency Specifies the currency used for the transaction. For
example, USD or AUD.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 97
Gateway reports
Gateway report details

Gateway report details

A gateway daily report is grouped into sections by the transaction currency and payment
method.
Each row of the list provides the aggregated transaction details that an acquirer processes
through a specific currency during the selected period.
The time interval that you select on the Gateway Report Search page determines the size of the
period.

NOTE: A merchant may have multiple merchant acquirer relationships with the same acquirer.

This table describes the fields used in gateway daily report.

Field Description
Transaction Date The start date of the period for which transactions
are aggregated.
Acquirer The name of the acquirer who processed the
transactions.
Merchant The merchant's unique alphanumeric identifier.
There is a unique Merchant ID for each merchant
account or profile.
No. Transactions The number of transactions processed by the
acquirer, in a given currency, during the reporting
period.
Total Authorizations The total number of authorizations, exclude any
voids or refunds, in the reported transactions.
Total Captures The total number of captures, exclude any voids or
refunds, in the reported transactions.
Total purchases The total number of purchases, exclude any voids or
refunds, in the reported transactions.
Total Refunds The total number of refunds in the reported
transactions. This amount is specified using the
currency and the currency symbol of refunds.
Total Disbursements The total number of disbursements in the reported
transactions. This amount is specified using the
currency and the currency symbol of
disbursements.

NOTE: The Total Disbursements field is displayed irrespective of the gamingWinningsPayment or the
creditCardBillPayment privileges enabled for you.

©2024 Mastercard. Proprietary. All rights reserved.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 98
Transaction filtering

Chapter 9 Transaction filtering

Transaction filtering allows you to configure rules that enable the gateway to identify transactions to
reject or mark for review.

Before you begin................................................................................................................................................. 101

Supported transaction types for transaction filtering................................................................................ 102
Transaction filtering flow..................................................................................................................................102
Pre-transaction checks.................................................................................................................................102
Post-transaction checks...............................................................................................................................103
Assessment result ........................................................................................................................................103
Transaction filtering terms............................................................................................................................... 104
Types of transaction filtering rules..................................................................................................................105
Trusted Cards.................................................................................................................................................106
Add a Trusted Card .................................................................................................................................106
Edit a Trusted Card................................................................................................................................. 107
Delete a Trusted Card.............................................................................................................................108
Suspect Cards................................................................................................................................................108
Add a Suspect Card................................................................................................................................ 109
Edit a Suspect Card................................................................................................................................ 110
Delete a Suspect Card............................................................................................................................110
IP Address Range Rules................................................................................................................................111
Add the IP Address Range Rule ............................................................................................................ 111
Delete a Blocked IP Address Range...................................................................................................... 112
IP country rules ............................................................................................................................................. 113
Add an IP Country Rule ..........................................................................................................................113
Edit an IP Country Rule...........................................................................................................................115
Delete an IP Country Rule...................................................................................................................... 115
Card BIN Rules...............................................................................................................................................116
Before you begin...................................................................................................................................... 116
Add a Card BIN Rule................................................................................................................................116
Delete a Card BIN Rule........................................................................................................................... 118
3D-Secure Rules............................................................................................................................................ 118
Add a 3-D Secure Rule............................................................................................................................119
3-D Secure Transaction Filtering Rules................................................................................................119
Address Verification Service (AVS) Rules....................................................................................................... 120
Add an AVS Rule............................................................................................................................................120
Edit an AVS Rule............................................................................................................................................121

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 99
Transaction filtering

Delete an AVS Rule....................................................................................................................................... 121

Override AVS Rules....................................................................................................................................... 121
Card Security Code Rules..................................................................................................................................122
Supported merchant privilege for CSC rules........................................................................................... 122
Add a CSC Rule..............................................................................................................................................122
Edit a CSC Rule..............................................................................................................................................123
Delete a CSC Rule.........................................................................................................................................123
Risk Assessments for Review............................................................................................................................123

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 100
Transaction filtering
Before you begin

A set of customized rules can be configured to enable the gateway to identify high or low risk
transactions. That include:
• IP address range rules
• IP country rules
• card BIN rules
• 3D Secure rules
• and CSC rules

The MSOs and merchants can configure the rules. The rules are evaluated based on the principle of
gates or hurdles. Even if a single rule fails, the gateway rejects the transaction and does not allow the
order to proceed.
The Order response and order details screen display the assessment result. You can also search for
orders based on the assessment results, transaction filtering, or the risk service provider.
The gateway only assesses the Authorization, Pay, Verification Only, and Standalone Capture
transactions against the transaction filtering rules. It does not perform assessment on other
transactions such as Standalone Refunds or Voids.
The gateway offers advanced fraud management of transactions through the Risk Management
feature. For more information, see Managing Risk.

Before you begin

To access Transaction Filtering on the main menu and configure the transaction filtering rules,
you must have the May Configure Transaction Filtering operator privilege.
The following privileges are enabled for the transaction filtering.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 101
Transaction filtering
Supported transaction types for transaction filtering

• May Perform Risk Assessment Review enables the merchant operator to review orders
marked for review. See Risk Assessments for Review.
• May Bypass Risk Management enables the merchant operator to process the transaction by
bypassing transaction filtering rules that the merchant configures.
For more information about these privileges, see Merchant Operator General Privileges.

Supported transaction types for transaction filtering

The gateway performs the transaction filtering on the following submitted initial transactions:

Verification only If Perform Verification Only Before Processing Transaction privilege is

enabled, or if the requested transaction is a Verify transaction.
Authorization If the merchant profile is enabled for the Authorization privilege and
Perform Verification Only Before Processing Transaction privilege is not
enabled, or if the authorization follows a Verify transaction and risk was
bypassed on the Verify.
Purchase If the merchant profile is enabled for the Purchase privilege and Perform
Verification Only Before Processing Transaction privilege is not enabled.
Standalone If the merchant profile has the privilege for a Standalone Capture and
Capture Perform Verification Only Before Processing Transaction privilege is not
enabled.

Transaction filtering flow

Transaction filtering is performed on an order in a predefined sequence of checks.
If at any step, the transaction filtering rules evaluate to reject the transaction, then the
transaction filter blocks the order and does not perform the further checks. It reverses the order
where appropriate.
When the transaction filtering rules evaluate to accept or review, the transaction will progress
to the next step of assessment, until all checks have been performed and a final assessment
result of accept or review can be returned.

Pre-transaction checks
Pre-transaction checks refer to assessment before performing the transaction.
No transaction response data from the acquirer AVS and CSC result is available for assessment.
If the assessment result is Reject, voids or reversals are not applicable as the transaction is yet
to perform.
The following table describes the pre-transaction checks.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 102
Transaction filtering
Post-transaction checks

Step Description
3DS check If a 3DS authentication scheme is enabled and
configured, 3DS authentication is performed. If
payer authentication fails, the gateway
automatically rejects the transaction.
MSO pre-transaction check Transaction filtering rules that the MSO configures,
runs before performing the transaction.

Merchant pre-transaction check Transaction filtering rules that the merchant

configures, runs before performing the transaction.

Post-transaction checks
Post-transaction checks refer to assessment after performing the transaction. The transaction
response data from the acquirer AVS and CSC result is available for assessment.
If the recommendation is Reject, and if the transaction assessed is Verification Only, then there
is no requirement of voids or reversals as the acquirer submits the financial transaction.
However, when the system rejects the Authorization, Purchase, or Standalone Capture
transaction after assessment, it system automatically voids or reverses the transaction.

Step Description
Process transaction Gateway processes the transaction.
MSO post-transaction check Transaction filtering rules that the MSO configures,
runs after performing the transaction.
Merchant post-transaction check Transaction filtering rules that a merchant
configures, runs after performing the transaction.

Assessment result

Rule applicability for transactions

If the merchant does not configure or bypasses any rules, then the rules that the MSO
configures always applies to the transactions.
Assessment after the financial transaction (post-transaction assessment) is not applicable to
Referred transactions (Authorization or Purchase transactions that received a Refer to Issuer
acquirer response).
The transaction response returns the following assessment result after evaluating the
transaction filtering rules transaction response.
Review required The order is assessed and requires a review.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 103
Transaction filtering
Transaction filtering terms

Accepted The order is assessed and accepted.

Rejected The order is assessed and rejected.
Not Assessed The order is not assessed except for assessment by the rules that the MSO
configures and these rules did not reject the order.

Transaction filtering terms

Transaction filtering rules

A configurable set of rules to enable the gateway to identify high or low risk transactions. The
rules are based on assessing the results returned by industry standard card verification
processes such as CSC, AVS, 3DS or on white list or blocked list such as Card BIN, IP Country,
and IP range.

MSO rules
A set of rules configured by the MSO for filtering transactions. MSO can configure the rules that
apply to all merchants or configure rules per merchant.

Merchant rules
A set of rules configured by the merchant for filtering transactions.

Risk assessment rules

The overall result after evaluating the rules configured by the MSO and merchant.

Risk service provider

A risk service provider integrates with the gateway to perform risk assessment of transactions
processed through the gateway. Transactions are prescreened using transaction filters before
sending to the risk service provider for risk scoring.

Trusted cards
An accepted list of trusted credit card numbers owned by those cardholders whom the
merchant considers trustworthy to transact with.

System reject
An MSO action to reject the transaction because the rules configured by the MSO evaluated to
Reject.

No action
An action available when defining rules that instructs the gateway to process the transaction.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 104
Transaction filtering
Types of transaction filtering rules

Accept
An action available when defining rules that instructs the gateway to accept the transaction.

Reject
An action available when defining rules that instructs the gateway to reject the transaction.

Review
An action available when defining rules that instructs the gateway to mark the transaction for
review so that the merchant can manually review the transaction either to accept or reject.

Not assessed
The MSO-configured risk rules did not assess the order for risk except for risk assessment and
these rules did not reject the order.

Types of transaction filtering rules

To configure the transaction filtering rules, you must have May Configure Transaction Filtering
operator privilege.
You can configure the rules to filter transactions based on the following:
• Assessing the results returned by industry standard card verification processes
– 3D-Secure authentication rules
– CSC (Card Security Code) rules
– IP Address Range rules
– IP Country rules
– Card BIN rules
Select Transaction Filtering on the main menu and then select the rule you wish to configure.
As a merchant, you can set the action to No Action (accept), Reject, or Review.

NOTE:
Only transaction filtering rules configured for IP Address Range and IP Country applies to browser
payments.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 105
Transaction filtering
Trusted Cards

Trusted Cards
Trusted cards list is a set of credit card numbers owned by cardholders.
Transactions originating from such cards are considered trustworthy. Typically, a cardholder with
a good record of transaction history has a high potential to add to the trusted card list.
Configure trusted card rules ensures that transactions from trusted cards are always accepted.

Add a Trusted Card

Only SAQ-A compliant merchants can add cards directly to the Trusted Cards list. Alternatively,
you may add cards to this list using the Account Identifier drop-down list on the Order and
Transaction details page.

About this task

Follow these steps to add a trusted card.

Procedure
1. Select Transaction Filtering > Trusted Cards from the submenu.
The Transaction Filtering - Trusted Cards configuration page is displayed.
2. In the Add New Card Number pane, enter the following details:
a. In the Card Number box, enter the card number of the cardholder.
b. In the Card Holder Name box, enter the name of the cardholder.
The name cannot exceed 40 characters.
c. In the Reason box, enter the reason to add the card as trusted card.
The reason cannot exceed 40 characters.
3. Select Add.
The Trusted Cards page redisplays with the new entry appearing in the Current Trusted
Cards Numbers list. The card number displays in the 6.4 card masking format irrespective of
the masking format configured on your merchant profile.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 106
Transaction filtering
Edit a Trusted Card

Figure 15: Trusted Cards page

Edit a Trusted Card

You can edit a trusted card from this section.

About this task

Follow these steps to edit a trusted card.

Procedure
1. Select Transaction Filtering > Trusted Cards from the submenu.
The Transaction Filtering - Trusted Cards configuration page is displayed.
2. In the Current Trusted Card Numbers pane, filter the list based on a card number.
a. In the Filter By Card Number box, enter the card number.
Select Clear if you want to clear the filter string. Clearing the filter repopulates the
entire list of card numbers and turns off the filter mode.
– Filter mode Off: This indicates that the filter option is disabled on the Trusted Cards
list.
– Filter mode On: This indicates that the filter option is enabled on the Trusted Cards
list.
b. Select Go.
Only card numbers that match the filter criteria displays in the Current Trusted Card
Numbers list. The card numbers appear in ascending order.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 107
Transaction filtering
Delete a Trusted Card

Figure 16: Current Trusted Card Numbers list

Pagination is triggered if the list exceeds 20 entries.

3. Select Edit next to the card number record.
When you modify the card number, ensure that you enter the complete card number for
validation purposes. Editing Card Holder Name and Reason do not require you to enter the
card number.
4. Select Update to process the changes.
5. Select Cancel to cancel the changes.

Delete a Trusted Card

You can delete a trusted card from this section.

About this task

Follow these steps to delete a trusted card.

Procedure
1. Select Transaction Filtering > Trusted Cards from the submenu.
The Transacting Filtering - Trusted Cards configuration page is displayed.
2. In the Current Trusted Card Numbers pane, filter the trusted cards list based on a card
number.
3. Select one or more card numbers that you want to delete using the check boxes in the
Select column.
You may use Select All or None to select or clear all card numbers.
4. Select Remove Trusted Card Numbers to delete the selected card numbers.

Suspect Cards
Suspect cards list is a set of credit card numbers owned by cardholders. Transactions originating
from such card numbers are considered untrustworthy. Typically, a cardholder with a fraudulent
transaction history has a high potential to add to the suspect card list. Configure suspect card
rules to ensure transactions from suspect cards are always rejected.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 108
Transaction filtering
Add a Suspect Card

Add a Suspect Card

About this task

Follow these steps to add a suspect card.

Procedure
1. Select Transaction Filtering > Suspect Cards from the submenu.
The Transaction Filtering - Suspect Cards configuration page is displayed.
2. In the Add New Card Number pane, enter the following details.
a. In the Card Number box, enter the credit card number of the cardholder.
b. In the Card Holder Name box, enter the name of the cardholder.
The name cannot exceed the 40 characters.
c. In the Reason box, enter the reason to add the card as a suspect card.
The reason cannot exceed the 40 characters.
3. Select Add.
The Suspect Cards page redisplays with the new entry appearing in the Current Suspect
Cards Numbers list. The card number displays in the 6.4 card masking format (irrespective
of the masking format configured on your merchant profile).
Figure 17: Suspect Cards page

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 109
Transaction filtering
Edit a Suspect Card

Edit a Suspect Card

You can edit a suspect card from this section.

About this task

Follow these steps to edit a suspect card.

Procedure
1. Select Transaction Filtering > Suspect Cards from the submenu.
The Transaction Filtering - Suspect Cards configuration page is displayed.
2. In the Current Suspect Card Numbers pane, filter the list based on a card number.
a. In the Filter by Card Number box, enter the card number.
Click Clear if you want to clear the filter string. Clearing the filter repopulates the entire
list of card numbers and turns off the filter mode.
– Filter mode Off: This indicates that the filter option is disabled on the Suspect Cards
list.
– Filter mode On: This indicates that the filter option is enabled on the Suspect Cards
list.
b. Click Go.
Only card numbers that match the filter criteria displays in the Current Suspect Card
Numbers list. The card numbers display in the ascending order.
Figure 18: Current Suspect Card Numbers list

Delete a Suspect Card

You can delete a suspect card from this section.

About this task

Follow these steps to delete a suspect card.

Procedure
1. Select Transaction Filtering > Suspect Cards from the submenu.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 110
Transaction filtering
IP Address Range Rules

The Transacting Filtering - Suspect Cards configuration page is displayed.

2. In the Current Suspect Card Numbers pane, filter the suspect cards list based on a card
number.
For detail information, see Step 1 in Edit a Suspect Card.
3. Select one or more card numbers that you want to delete using the check boxes in the
Select column.
You can use Select All or None to select or clear all card numbers respectively.
4. Select Remove Suspect Card Numbers to delete the selected card numbers.

IP Address Range Rules

IP addresses can help in identifying the origin of the transaction enabling you to track the
location of the cardholder. Configuring IP Address Range rules enable you to block or review
transactions from a specific IP address or IP addresses within a range.

NOTE: A browser rejects the payment if originating from an IP address of a range, which has an action
of Review.

Add the IP Address Range Rule

You can add the IP address range rule from this section.

About this task

Follow these steps to add an IP address range rule.

Procedure
1. Select Transaction Filtering > IP Address Range Rules from the submenu.
The Transaction Filtering - IP Address Range Rules configuration page is displayed.
2. In the Add IP Address Range pane, enter the following details.
The IP address specified in IPv4 format must be between the range 0.0.0.0 and
255.255.255.255.
a. In the IP Address Range Start box, enter the first IP address range to block review.
b. In the IP Address Range End box, enter the last IP address in the range to block or
review.
You can block or review a single IP address or an IP address range. For example, if you
want to block IP Address 192.0.2.255, then enter 192.0.2.255 as the IP Address Range
Start entry. To block an IP address range, for example, 192.0.2.222 to 192.0.2.255, then
enter 192.0.2.222 and 192.0.2.255 as the start and end IP address ranges respectively.
If the specified IP addresses form a large range, the system displays a warning 'The rule
you want to configure will apply to a very large number of IP addresses. Are you sure
you want to add this rule?.'
c. Select OK if you want to continue else select Cancel.
3. Select Add.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 111
Transaction filtering
Delete a Blocked IP Address Range

The IP Address Range Rules page redisplays with the added entry appearing in the
Currently Blocked IP Address Ranges list. You can filter the following list based on an IP
address:
1. In the Filter Ranges by IP Address box, enter the IP address. Select Clear if you want to
clear the filter string. Clearing the filter repopulates the entire list of IP address ranges
and turns off the filter mode.
You can also use the filter option to check if an IP range is currently blocked.
2. Select Go. Only IP ranges that match the filter criteria are displays in the Currently
Blocked IP Address Ranges list. The IP ranges are sorted in ascending order.
If the list of IP address range rules exceeds 20 entries, pagination triggers which allows
you to navigate between multiple pages.
Figure 19: IP Address Range Rules page

Delete a Blocked IP Address Range

You can delete a blocked IP address range from this section.

About this task

Follow these steps to delete the IP address range rule.

Procedure
In the Currently Blocked IP Address Ranges pane, enter the following details.
a. Filter the IP address range rules list based on an IP address. See Step 3 in Add an IP Address
Range Rule.
b. Select one or more IP address range rules that you want to delete in the Select column. You
can Select All or None to select or clear all IP address ranges.
c. Select Delete to delete the selected IP address range rules.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 112
Transaction filtering
IP country rules

A warning message displays, which alerts you about deleting IP ranges that may occur in
multiple IP ranges if overlapping IP ranges have been defined.
d. Select OK if you want to proceed with the deletion of the selected IP ranges.
Select Cancel to cancel the deletion.
Figure 20: Confirmation message

IP country rules
IP Country rules are configured to block or review transactions originating from a predefined list
of countries. You can configure additional rules to block countries identified as using IPs from
unknown countries or IPs of anonymous proxies that mask the true origin of the request.

NOTE: A browser payment is rejected if originating from an IP address of a country that lists in the
review.

You can configure Unknown Country and Anonymous Proxy independently even when a country
is in the reject list. Before saving your configuration, it is mandatory that you accept the
disclaimer regarding an IP Country-mapping solution, displayed at the bottom of the IP Country
Rules configuration page.

Add an IP Country Rule

You can add an IP country rule from this section.

About this task

Follow these steps to add an IP Country Rule.

Procedure
1. Select Transaction Filtering > IP Country Rules from the submenu.
The Transaction Filtering - IP Country Rules configuration page is displayed.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 113
Transaction filtering
Add an IP Country Rule

Figure 21: Transaction Filtering - IP Country Rules page

2. In the Add an IP Country Rule pane, select from the following actions that you want to
perform on the unknown countries and anonymous proxies.
Unknown A country that is not listed on this page or an IP address that does not
Country resolve to a valid country.
Anonymous It refers to an IP address of a known anonymous proxy server. These are
Proxy the addresses that have been identified to mask the true origin of the
request.
No Action This is the default. An unknown country or anonymous proxy with this
status is accepted.
Review An unknown country or anonymous proxy with this status is manually
reviewed and either accepted or rejected.
Reject An unknown country or anonymous proxy with this status is rejected
automatically.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 114
Transaction filtering
Edit an IP Country Rule

NOTE: If the gateway adds country to the Reject list due to the transaction originating from an
Unknown country or Anonymous Proxy, then the No Action radio button remains enabled. You may
choose to allow tractions by selecting it.
3. Assign a country or list of countries to one of the following actions:
No action It lists countries that you want to accept transactions from.
Review It lists the countries that you want to mark for review before proceeding with
the order. Marking countries for review provides merchants with the flexibility
to decide on whether to process or reject a transaction from the specified
country.
Reject It lists the countries that you want to reject transactions from.

NOTE: If a country is added to the Reject list, then the gateway automatically sets the action for
these two options for an unknown country and an anonymous proxy to Reject. If the countries are
only listed for Review, the action for these two options is automatically set to Review. However
you may choose to set it to Reject.
4. Mark a country for review:
a. From the No Action or the Reject list box, select the country.
b. Select Review at the bottom of the box to move the country to the Review list box.
If you want to undo your action, select the country in the Review list box, and then select
No Action or Review at the bottom of the box.
5. To reject a country:
a. Select the country from the No Action or the Review list box.
b. Select Reject at the bottom of the box to move the country to the Reject list box.
If you want to undo your action, select the country in the Reject list box, and then select
No Action or Review at the bottom of the box.
6. Select Save to save the IP country rule.
7. Select Cancel if you want to exit the IP country rules configuration page without saving any
changes.

Edit an IP Country Rule

You can edit an IP country rule from this section.

About this task

You can change the configured actions against the countries anytime and save the changes.

Delete an IP Country Rule

You can delete an IP country rule from this section.

About this task

Follow these steps to delete an IP Country rule:

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 115
Transaction filtering
Card BIN Rules

Procedure
1. From the Review and Reject list boxes, select the countries.
2. Select the No Action at the bottom of the box and save changes.

Card BIN Rules

The card Bank Identification Number (BIN) helps in identifying the location of the card issuer.
Configuring card BIN rules enables you to block or review transactions from a specific BIN or all
BINs within a range.

Before you begin

While adding a card BIN rule, ensure the following:
• The BIN can be either six, seven, or eight numeric characters in length and cannot start with
zero.
• To block a single BIN, enter a BIN value in the BIN Range Start field and keep the BIN Range
End field blank.
• To block a BIN range, both the BIN Range Start and BIN Range End fields must have values,
else only the BIN in the BIN Range Start field gets blocked.
• The BIN Range Start and BIN Range End fields must have the same range length.
• The BIN Range Start field value must be lower than the BIN Range End field value.

Add a Card BIN Rule

You can add a Card BIN rule from this section.

About this task

Follow these steps to add a card BIN rule.

Procedure
1. Select Transaction Filtering > Card BIN Rules from the submenu.
The Transaction Filtering - Card BIN Rules configuration page is displayed.
2. Select Add a BIN Range. The Add a BIN Range window opens.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 116
Transaction filtering
Add a Card BIN Rule

Figure 22: Add a BIN Range window

a. Select Single Bin to add a single bin.

b. Select Bin Range to add a bin range.
3. Enter the following details to add a single BIN.
a. In the BIN Number box, enter the bin number to add.
b. Select the Review or Reject button to review or reject the BIN.
4. Enter the following details to add a BIN range.
a. BIN Range Start: The first BIN in the range to be blocked.
b. BIN Range End: The last BIN in the range to be blocked. You can keep this blank in case
of blocking only one BIN.
5. Select Add A Bin Range.
The card BIN range is added to the card BIN rules.
The Currently Blocked BIN Ranges pane displays a list of all currently configured card BIN
rules in ascending order. If the list of current card BIN rules exceeds 20 entries, pagination
triggers, which allows you to navigate between multiple pages.
Range Types
– Select "Whitelist Range" to define BIN ranges the gateway will allow transactions from,
while blocking transactions outside of the ranges.
– Select "Blocking Ranges" to define BIN ranges the gateway will block transactions from,
while allowing transactions outside of these ranges.

NOTE: Changing your configuration option when you already have an option configured, will clear
your currently configured BIN ranges.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 117
Transaction filtering
Delete a Card BIN Rule

Delete a Card BIN Rule

You can delete a Card BIN rule from this section.

About this task

Follow these steps to delete a Card BIN rule.

Procedure
In the Currently Blocked BIN Ranges pane, enter the following details.
a. Select one or more BIN rules that you want to delete using the check boxes in the Select
column.
You may use Select All or None to select or clear all BIN rules.
b. Select Delete.
A warning message displays, which alerts you about deleting BIN ranges that may occur in
multiple BIN ranges if overlapping BIN ranges are defined. Click Yes if you want to proceed
with the deletion of the selected BIN ranges. Click No to cancel the deletion.

3D-Secure Rules
3-Domain Secure™ (3-D Secure or 3DS) authentication is designed to protect online purchases
against credit card fraud by allowing the merchant to authenticate the payer before submitting
an Authorize or Purchase transaction.

NOTE: The 3-D Secure Transaction Filtering rules do not apply to scheme token transactions.

EMV 3DS
EMV 3DS, is the new version designed by EMVCo and adopted by most card schemes. It is an
intelligent solution that provides enhanced security in online purchases while providing a
frictionless checkout experience to payers where applicable. For example, the issuer may bypass
the authentication challenge if the payment is considered low risk.
The ACS determines the risk using information provided by the merchant, browser
fingerprinting, and/or previous interactions with the payer. The ACS subjects the payer to a
challenge (for example, entering a PIN) only where additional verification is required to
authenticate the payer. This authentication type is also known as 3DS2 in the gateway.
Supported authentication schemes for EMV 3DS include:
• Mastercard SecureCode™2.0
• Verified by Visa™2.0
• American Express SafeKey™2.0
• JCB J/Secure™2.0
• Discover ProtectBuy™2.0
• ITMX LSS EMV 3DS
For information on how to add 3DS authentication to your gateway integration, refer to EMV 3-
D Secure Authentication in the API Online Integration Guidelines.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 118
Transaction filtering
Add a 3-D Secure Rule

3DS rules allow you to configure options to filter transactions based on the 3DS authentication
results. Only transactions with an authentication scheme that has been enabled for the
merchant will be filtered by 3DS rules. Note that the gateway by default rejects transactions
where payer authentication failed.

Add a 3-D Secure Rule

You can add a 3-D Secure rule from this section.

About this task

Follow these steps to add a 3-D Secure Rule

Procedure
1. Select Transaction Filtering > 3-D Secure Rules from the submenu.
The Transaction Filtering - 3-D Secure Rules configuration page is displayed.
2. Select Learn More to learn about 3-D Secure Rules and how to configure them.

3-D Secure Transaction Filtering Rules

3-D Secure transaction filtering rules allow you to filter e-commerce transactions based on the
results of 3-D Secure (3DS) authentication of the payer. Transactions with 3DS data that
match the criteria for the rule you select will be rejected by the gateway.

NOTE: The gateway always rejects transactions where the payer failed to provide valid authentication
credentials when requested by the issuer. 3-D Secure transaction filtering rules will not be applied to
direct marketing transactions (mail order, telephone order, voice response, call centre), card present
transactions or device payments. Verify transactions, subsequent recurring transactions and
installment payments are also excluded from filtering by 3-D Secure transaction filtering rules. If the
payment transaction is in scope for PSD2 SCA and an acquirer exemption has been requested,
Transaction Filtering rules will not be applied.

Transaction Filtering Rule: 3DS Not Attempted will reject transactions where:
• 3DS authentication of the payer was not attempted. This includes cases where a 3DS
interaction was:
– Not initiated, or
– Initiated and the card was enrolled for 3DS. However, authentication of the payer was not
attempted or not completed.
Transaction Filtering Rule: Gateway Recommends Reject will reject transactions where:
• The card scheme recommends not to proceed, or processes the transaction as fully
authenticated, authentication attempted, or an unauthenticated transaction.
• The gateway determines this after evaluating the 3DS authentication results against the
card scheme's recommendation.
Transaction Filtering Rule: No Liability Shift will reject transactions where:
• 3DS authentication of the payer has not resulted in liability shift to the issuer.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 119
Transaction filtering
Address Verification Service (AVS) Rules

Transaction Filtering Rule: Not Fully Authenticated will reject transactions where:
• Full 3DS authentication of the payer was not accomplished.

Address Verification Service (AVS) Rules

The Address Verification Service (AVS) is a security feature used for e-commerce transactions. It
compares the card billing AVS data that the cardholder supplies with the records held in the
database of the card issuer. Once the transaction is successfully processed and authorized, the
card issuer returns a result code (AVS result code) in its authorization response message. The
result code verifies the AVS level of accuracy used to match the AVS data.

Supported merchant privilege for AVS rules

If the merchant privilege Perform Verification Only Before Processing Transaction is enabled,
then a Verification Only transaction is performed to obtain the AVS result code. Verification
Only allows the system to verify cardholder information without performing a financial
transaction. So, enabling this permission allows the gateway to process the AVS rules before
performing a financial transaction. If this permission is disabled, then the AVS rules are
processed after the financial transaction. If the order is rejected, then the system automatically
reverses the transaction.

Add an AVS Rule

You can add an AVS Rule from this section.

About this task

Follow these rules to add an AVS rule.

Procedure
1. Select Transaction Filtering > AVS Rules from the submenu.
The Transaction Filtering - AVS Rules configuration page is displayed.
2. In the Configure AVS Response Codes pane, select an action for each AVS response code.
No Action (default) Accept transactions returning the selected AVS response code.
Review Mark transactions returning the selected AVS response code for
review.
Reject Reject transactions returning the selected AVS response code.
3. Click Save to save the AVS Rule.
4. Click Cancel if you want to exit the AVS Rules page without saving any changes.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 120
Transaction filtering
Edit an AVS Rule

Edit an AVS Rule

You can edit an AVS Rule from this section.

About this task

You can change the configured actions against the AVS response codes anytime and save the
changes.

Delete an AVS Rule

You can delete and AVS rule from this section.

About this task

Follow these steps to delete an AVS rule.

Procedure
1. Select No Action against the CSC response code.
2. Select Save.

Override AVS Rules

To support your business needs, especially in cases when the transaction volume increases than
usual in specific situations, you can use the functionality to override the default AVS response
codes received from the card issuer bank on the Merchant Administration portal. If MSO
configures you for this functionality, you can set the rules to override the AVS response codes at
a transaction level from the Create Order and Verify Only page.

About this task

Follow these steps to set the rules for different AVS response codes.

Procedure
1. From the Create Order page or Verify Only page, select Transaction Filtering.
2. Under the Order Details (from Create Order page) or Payment Details (from Verify Only
page), click Transaction Filtering.
The Transaction Filtering menu expands the displaying drop-down list for different
attributes for which you want to set the AVS response code rules.
3. Select the appropriate drop-down menu (No action, Reject, or Review) to override the AVS
response codes for the attributes as per your requirement.
Merchants can override the AVS Response Code Transaction Filtering rules. The merchant
defines these rules in Merchant Administration for a specific transaction by providing the
Transaction Filtering rule to apply for the transaction on the API request. See Online
Integration Guide for the details of implementation.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 121
Transaction filtering
Card Security Code Rules

Card Security Code Rules

The Card Security Code (CSC), also known as CVV (Visa), CVC2 (Mastercard), CID/4DBC
(Amex), or CVV2, is a security feature that compares the CSC entered by the payer with the
records held by the card issuer.
A CSC response code returns in the transaction response message indicating the extent to
which the CSC matched (or failed to match). You can configure the CSC rules to accept, review,
or reject a transaction based on this CSC response code.

Supported merchant privilege for CSC rules

If the merchant privilege enables the Perform Verification Only Before Processing Transaction,
then a Verification Only transaction performs to obtain the CSC result code. Verification Only
allows the system to verify cardholder information without performing a financial transaction.
So, enabling this permission allows the gateway to process the CSC rules before performing a
financial transaction. If this permission is disabled, then the CSC rules are processed after the
financial transaction. If the order is rejected, then the system automatically reverses the
transaction.

Add a CSC Rule

You can add a CSC Rule from this section.

About this task

Follow these steps to add a CSC Rule.

Procedure
1. Select Transaction Filtering > CSC Rules from the submenu.
The Transaction Filtering - CSC Rules configuration page is displayed.
2. In the Configure CSC Response Codes pane, select an action for each CSC response code.
No Action Accept transactions returning the selected CSC response code.
(default)
Review Mark transactions returning the selected CSC response code for
review.
Reject Reject transactions returning the selected CSC response code. For the
response code (M) CSC Match, the Reject action is disabled.
3. Click Save to save the CSC Rule.
4. Click Cancel if you want to exit the CSC Rules page without saving any changes.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 122
Transaction filtering
Edit a CSC Rule

Edit a CSC Rule

You can edit a CSC Rule from this section.

About this task

You can change the configured actions against the CSC response codes anytime and save the
changes.

Delete a CSC Rule

You can delete a CSC Rule from this section.

About this task

Follow these steps to delete a CSC rule.

Procedure
1. Select No Action against the CSC response code.
2. Select Save.

Risk Assessments for Review

Transaction Filtering pages (Summary and the rule configuration pages) display the Risk
Assessments for Review (n) link at the top of the page if the operator privilege May Perform
Risk Assessment Review is enabled.

About this task

The n represents the number of orders that are pending for review and created within the last
60 days.
Click this link to navigate to the Order and Transaction Search page that displays all the orders
with a pending risk review, created within the last 60 days in the search results.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 123
Risk management

Chapter 10 Risk management

Risk Management is a security feature used to mitigate fraud.

Before you begin................................................................................................................................................. 125

Internal risk.......................................................................................................................................................... 126
3-D secure rules.............................................................................................................................................126
EMV 3-D Secure authentications...............................................................................................................126
EMV 3-D Secure rule recommendations............................................................................................. 126
Risk determination by ACS.................................................................................................................... 126
Add the 3DS rules....................................................................................................................................127
Risk rules evaluation...........................................................................................................................127
Edit the 3DS Rules...................................................................................................................................128
Delete the 3DS Rules.............................................................................................................................. 128
Using a risk service Provider..............................................................................................................................128
How the gateway processes an order.......................................................................................................128
3DS check................................................................................................................................................. 129
Pretransaction check...............................................................................................................................129
Post-transaction check...........................................................................................................................129
Risk assessment result............................................................................................................................129
Risk management questionnaire details...................................................................................................129
Complete the risk management questionnaire..................................................................................130
Risk service provider's tenant configuration.......................................................................................130
Completing the risk rule configuration...........................................................................................130
Merchant operator's privilege definition.............................................................................................130
Using both transaction filtering and a risk service provider........................................................................131
Risk assessments for review............................................................................................................................. 133
View an order's risk details...............................................................................................................................133

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 124
Risk management
Before you begin

A risk service provider integrates with the gateway to perform risk assessment of transactions
processed through the gateway. When an MSO enables transaction filtering, the gateway prescreens
the transaction before sending it to the risk service provider for risk scoring. For more information
about filtering transactions through the gateway, see Transaction Filtering.

One of the features available through the Risk Management section is 3D Secure Control. It allows
users to set up automatic rules accepting or rejecting transactions based on specific circumstances.
It also applies to the new version of the feature EMV 3DS.
Those rules can also be changed as and when needed.

Before you begin

To use the Risk Management feature, an MSO must enable

• the Risk Management privilege for the merchant operator.
• enable and configure a risk service provider.
The following privileges are available for a merchant operator.

May Configure Risk Rules Configures a risk service provider.

May Perform Risk Assessment Reviews orders marked for review.
Review
May Bypass Risk Management Processes the transaction by bypassing risk service
provider rules that the merchant has configured.

For more information about the risk assessment, see Risk Assessments for Review.
For more information about the privileges of a merchant operator, see Merchant Operator
General Privileges.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 125
Risk management
Internal risk

Internal risk
The transaction filtering functionality supersedes the internal risk functionality of the gateway.
A merchant can configure all the existing internal risk rules under transaction filtering with
updates to the 3-Domain (3-D) Secure rules. The Risk Management 3-D Secure rules are
available for configuration until a merchant activates the transaction filtering 3D-Secure rules.

3-D secure rules

3-Domain Secure™ authentication protects online purchases against credit card fraud by
allowing the merchant to authenticate the payer before submitting the Authorize or Purchase
transaction.
The gateway supports EMV 3DS.

EMV 3-D Secure authentications

This section defines EMV 3-D Secure authentications and supported EMV 3-D Secure
authentication schemes.
EMV 3-D Secure, also known as 3DS2 in the gateway, is the new designed version. EMV 3-D
Secure increases online security by providing frictionless checkouts to payers that the ACS
considers to be of low risk.
The 3DS rules allow a merchant to block or review transactions based on the 3DS
authentication states. By default, the gateway rejects the transactions where payer
authentication failed.
The following are supported authentication schemes for EMV 3-D Secure:
• Mastercard SecureCode™2.0
• Verified by Visa™2.0
• American Express SafeKey™2.0
• JCB J/Secure™2.0
• Discover ProtectBuy™2.0

EMV 3-D Secure rule recommendations

The Risk Management 3-D Secure rules are only applicable for 3DS1.
If the MSO has enabled EMV 3DS for a merchant, turn off the Risk Management 3-D Secure
rules and configure the transaction filtering 3D-Secure rules.

Risk determination by ACS

This section describes how the ACS determines risk.
The ACS may determine the risk using the following:
• Information that the merchant provides
• Browser fingerprinting
• Previous interactions with the payer

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 126
Risk management
Add the 3DS rules

The ACS subjects the payer to a challenge, for example, entering a PIN, only where extra
verification is necessary to authenticate the payer who provides increased conversion rates.

Add the 3DS rules

This section describes steps to add the 3DS rules.

About this task

Follow these steps to add the 3DS rules.

Procedure
1. Select Transaction Filtering > 3-D Secure Rules from the submenu.
The 3-D Secure Rules configuration page is displayed.
2. In the Configure Clash Action pane, select the action you want to perform when the risk
rules evaluate to both Always Accept and Always Reject.
By default, the action is Always Reject.
3. Select the action for each 3DS authentication state.
No action (default) Accepts transactions that return the selected 3DS authentication
state.
Review Marks transactions that return the selected 3DS authentication state
for review.
Reject Rejects transactions that return the selected 3DS authentication
state.
4. Select Save to save the 3DS rule that includes the clash rule configuration.
5. Select Cancel if you want to exit the 3DS Rules configuration page without saving any
changes.
Select Learn Moreto learn about 3-D Secure Rules and how to configure them.
Risk rules evaluation
Internal risk evaluates rules based on the action associated with that rule.
The risk service provider determines a risk status. They must evaluate all the rules associated
with a transaction that include the rules that the payment service provider defines.
Occasionally, these rules can clash when they evaluate to both, Always Accept and Always
Reject and fail to determine the final action on the order.
For example, if the gateway lists a card number as a Suspect Card (Always Reject) and the 3DS
rule results in Always Accept for an authentication state, then the system encounters a rule
deadlock. Deadlock requires an operator's intervention to break the deadlock. In such a case, the
action set for the clash rule comes into effect to determine the final action on the order.
The following are the risk status that the risk service provider determines.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 127
Risk management
Edit the 3DS Rules

Always Accept Accepts the transaction by overriding all other actions except Always Reject.
Always Reject Rejects the transaction by overriding all other actions except Always Accept.

Edit the 3DS Rules

This section describes step to edit the 3DS rules.

About this task

Follow these steps to edit the 3DS rules.

Procedure
1. Change the configured actions against the 3DS authentication states anytime.

NOTE: You can enable Always Accept for the authentication state Y-Card Holder Verified only.
2. Save the changes.

Delete the 3DS Rules

This section describes step to delete the 3DS rules.

About this task

Follow these steps to delete the 3DS rules.

Procedure
1. Select No Action against the 3DS authentication state.
2. Save the changes.

Using a risk service Provider

If you configure only the risk provider, transaction filtering rules are dormant, and they do not
contribute to the risk assessment result.
Depending on the configuration of a risk service provider, the gateway performs risk assessment
before or after the first transaction submitted to the risk service provider. For more information
about the supported transaction types, see Supported Transaction Types.

How the gateway processes an order

When a merchant configures a risk service provider, the gateway performs the following
processing steps for an order.
These stages describe how the gateway processes an order.
• 3DS check
• Pre-transaction check
• Post-transaction check
• Risk assessment result

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 128
Risk management
3DS check

3DS check
If an MSO enables and configures the 3DS authentication scheme, the gateway performs the
3DS authentication.
If payer authentication fails, the gateway automatically rejects the transaction.

Pretransaction check
Pretransaction check refers to risk assessment before performing the transaction.
The acquirer's transaction response data, which includes Address Verification Service (AVS) and
Card Security Code (CSC) results, is not available for risk assessment. The transaction is
incomplete if the risk assessment result is reject, no voids or reversals.
If an MSO has configured a risk service provider for a merchant to run before transaction
processing, the gateway sends the transaction directly to the risk service provider for risk
scoring before performing the transaction.

Post-transaction check
Post-transaction checks refer to assessment after performing the transaction.
The transaction response data from the acquirer, which includes AVS and CSC results, is
available for risk assessment. If the recommendation is reject and the risk service provider
assesses the transaction for verification only, then the gateway does not require no voids or
reversals as the system has not submitted the financial transaction yet. However, when the risk
service provider rejects an Authorization, Purchase, or Standalone Capture transaction after
assessment, the system automatically voids or reverses the transaction.
If the MSO operator has configured the risk service provider to run after transaction processing,
the gateway allows the transaction to proceed first, and then sends to the risk service provider
for risk scoring.

Risk assessment result

The risk service provider returns the risk assessment result in the transaction response.
The following list describes the result of risk assessment.

Review required The risk service provider assesses the order for risk and requires a review.
Accepted The risk service provider assesses and accepts the order for risk.
Rejected The risk service provider assesses and rejects the order for risk.
Not Assessed The risk service provider assesses the order for risk except for risk assessment
by the MSO-configured rules and these rules do not reject the order.

Risk management questionnaire details

If the MSO has configured the merchant for risk assessment through the risk service provider,
the merchant must answer a risk scoring questionnaire in the following conditions.
• the merchant is a bronze or silver level merchant, and the merchant is the lead merchant for
a tenant of the risk service provider.
• the MSO has assigned the May Configure Risk Rules privilege.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 129
Risk management
Complete the risk management questionnaire

Complete the risk management questionnaire

If your MSO has configured you for risk assessment by the risk service provider, you must answer
a risk scoring questionnaire if:

About this task

• You are a bronze or silver level merchant, and you are the lead merchant for a risk service
provider tenant.
• You have been assigned the May Configure Risk Rules privilege.
The next time you log in to Merchant Administration, you will be prompted to answer the
questionnaire by the risk service provider configuration Alert message.
Follow these steps to complete the risk management questionnaire.

Procedure
1. Select Tenant Configuration to view the risk service provider Tenant Configuration page.
2. Select OK to answer the questionnaire later.
If the MSO has changed the tenant details at the Merchant Manager level, such as changing
the merchant currency, the merchant may get a prompt to reanswer the questionnaire.

Risk service provider's tenant configuration

A merchant can select an appropriate risk service provider on the Tenant Configuration page.
When defining the risk service provider's tenant in the Merchant Manager portal, the MSO
administrator defines the fields in tenant information. The merchant cannot change the tenant
information in the Merchant Administration portal.
Completing the risk rule configuration
This section describes process to complete the risk rule configuration.
1. An MSO administrator assigns a merchant as a lead merchant to a profile.
2. The gateway redirects the merchant to complete the fields in the Risk Rule Configuration
section.
3. The risk service provider provides the risk rules that differ for each tenant and depend on the
service level, business type, and currency.

Merchant operator's privilege definition

When a merchant has the risk service provider enabled, the gateway assigns certain privileges
to the merchant operators. These privileges provide the correct access rights to merchant
operators when they use a link to sign onto the risk service provider.

NOTE: This mapping applies only to merchants with a Silver or Gold service levels.

This table shows how the role of a risk service provider aligns with the merchant operator
privileges in Merchant Administration.

NOTE: A tick (✓) indicates that the privilege is enabled.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 130
Risk management
Using both transaction filtering and a risk service provider

Merchant Operator
May Configure Risk Risk service provider Link to the risk service Key Capabilities in the
Rules Role provider risk service provider
˟ Merchant Fraud Support View in the External View transaction details.
Risk Provider link
displays in the order and
transaction details
screen.

NOTE: The risk service

provider is available to
all MSO operators for
level one support.

√ MSO Fraud View in External Risk Administer the risk

Administrator Provider link displays in management process.
the order and
transaction details
screen.

Using both transaction filtering and a risk service provider

When you choose to configure both transaction filters and a risk service provider, the
transactions are prescreened using transaction filters before being sent to the risk service
provider for risk scoring.
This allows you to filter out any obvious cases of rejection before incurring the cost of sending
the transaction to the risk service provider.
Risk assessment is performed before or after the first transaction submitted to the risk service
provider. See Supported transaction types for transaction filtering.
The processing steps for an order when both transaction filtering and a risk service provider are
configured is as follows:

NOTE: If at any step, either transaction filtering rules or risk service provider rules evaluate to reject
the transaction, the order is blocked, and further checks will not be performed. The order will be
reversed where appropriate.

NOTE: When transaction filtering rules or the risk service provider rules evaluate to accept or review,
the transaction will progress to the next step of assessment until all checks have been performed and
a final assessment result of accept or review can be returned.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 131
Risk management
Using both transaction filtering and a risk service provider

Step Description
1) 3DS check If a 3DS authentication scheme is enabled and
configured, 3DS authentication is performed. If
payer authentication fails, the gateway
automatically rejects the transaction.
2) MSO pretransaction checks Transaction filtering rules configured by the MSO
are run before performing the transaction
3) Merchant pre-transaction checks Transaction filtering rules configured by the
merchant are run before performing the
transaction.
4) Risk service provider pretransaction checks If the risk service provider is configured to run
before transaction processing, the transaction will
be sent directly to the risk service provider for risk
scoring before the transaction is performed.
Pretransaction checks refer to assessment before performing the transaction. No transaction response
data from the acquirer (AVS and CSC results) will be available for assessment. If the assessment result
is Reject, voids or reversals are not applicable as the transaction has not yet been performed.
5) Process transaction The gateway processes the transaction.
6) MSO post-transaction checks Transaction filtering rules configured by the MSO
are run after performing the transaction.
7) Merchant post-transaction checks Transaction filtering rules configured by the
merchant are run after performing the
transaction.
8) Post-transaction checks If the risk service provider is configured to run after
transaction processing, the transaction will be
performed first and then sent to the risk service
provider for risk scoring.
Post-transaction checks refer to assessment after performing the transaction. The transaction response
data from the acquirer (AVS and CSC results) will be available to be assessed. If the recommendation is
Reject, and if the transaction that was assessed is Verification Only, then no voids or reversals are
required as the financial transaction has never been submitted. However, when an Authorization,
Purchase, or Standalone Capture transaction has been rejected after being assessed, the system will
automatically void or reverse the transaction.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 132
Risk management
Risk assessments for review

Step Description
9) Assessment Result The assessment result from transaction filtering
and the risk service provider is returned in the
transaction response. This may be:
• Review required: The order was assessed and
requires a review.
• Accepted: The order was assessed and
accepted.
• Rejected: The order was assessed and rejected.
• Not Assessed: The order was not assessed
except for assessment by MSO-configured rules
and these rules did not reject the order.

NOTE: If the merchant has not configured any rules or if the merchant rules are bypassed, the rules
configured by the MSO are always applied to the transaction.

NOTE: Assessment after the financial transaction, also known as post-transaction assessment, is not
applicable to Referred transactions (Authorization or Purchase transactions that received a Refer to
Issuer acquirer response).

Risk assessments for review

If the MSO has enabled the operator's privilege, May Perform Risk Assessment Review, the
Risk Management pages include the summary and the rule configuration pages. It displays the
Risk Assessments for Review (n) link at the top of the page.
The "n" represents the number of orders that display all orders with a pending risk review and
created within the last 60 days. The Risk Assessments for Review (n) link redirects a merchant
to the Order and Transaction Search page that displays all orders with a pending risk review and
created within the last 60 days.

View an order's risk details

A merchant can search for orders from the assessment result of transaction filtering or risk
service provider, or both.

About this task

Follow these steps to view an order's risk details.

Procedure
1. Go to Search > Orders and Transactions.
2. Enter the order or transaction details, and then select Search.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 133
Risk management
View an order's risk details

3. Select View to see the details of a particular order or transaction.

The status of a risk assessment is displayed in the Risk Details section.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 134
Mercado Pago payment method

Chapter 11 Mercado Pago payment method

This chapter describes the Mercado Pago overview and the configuration details of the Mercado Pago
payment method.

How gateway configures access tokens.........................................................................................................136

Configure an access token................................................................................................................................ 136
Edit an access token...........................................................................................................................................136
Delete an access token......................................................................................................................................137

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 135
Mercado Pago payment method
How gateway configures access tokens

Mercado Pago is a processor that provides services in the Latin American region and offers support
for a wide range of acquirers and alternative payment methods. Mercado Pago Checkout is one of
the payment options for Mercado Pago.

How gateway configures access tokens

This section provides different stages of configuring access tokens that Mercado Pago defines.
1. The gateway
a. uses the access tokens while submitting payments for processing to Mercado Pago.
b. takes 15 minutes to display any changes that merchant makes to access token.

NOTE: The delay in the updated changes to reflect may impact the Mercado Pago payments
processed during this time.
2. The payment service provider configures the access token on behalf of the merchant.

NOTE: The configured access token row later gets disabled.

Configure an access token

This section provides steps to configure an access token.

About this task

Follow these steps to configure an access token.

Procedure
1. Go to Admin > Mercado Pago Integration Settings.
2. In the Configure Access Tokens section, select Add against your preferable currency.
3. Enter the access token number in the Access Token column, and then select Submit.

Edit an access token

This section provides steps to edit an access token.

About this task

Follow these steps to edit an access token.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 136
Mercado Pago payment method
Delete an access token

Procedure
1. Go to Admin > Mercado Pago Integration Settings.
2. In the Access Tokens section, identify the currency that you want to edit, and then select
Edit.
3. Enter the required access token number, and then select Submit.

Delete an access token

This section provides steps to delete an access token.

About this task

Follow these steps to delete an access token.

Procedure
1. Go to Admin > Mercado Pago Integration Settings.
2. In the Access Tokens section, identify the currency that you want to delete, and then select
the Select check box.
3. Select Delete.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 137
Notices

Notices
Following are policies pertaining to proprietary rights, trademarks, translations, and details
about the availability of additional information online.

Proprietary Rights
The information contained in this document is proprietary and confidential to Mastercard
International Incorporated, one or more of its affiliated entities (collectively “Mastercard”), or
both.
This material may not be duplicated, published, or disclosed, in whole or in part, without the
prior written permission of Mastercard.

Trademarks
Trademark notices and symbols used in this document reflect the registration status of
Mastercard trademarks in the United States. Consult with the Global Customer Service team or
the Mastercard Law Department for the registration status of particular product, program, or
service names outside the United States.
All third-party product and service names are trademarks or registered trademarks of their
respective owners.
EMV® is a registered trademark of EMVCo LLC in the United States and other countries. For
more information, see http://www.emvco.com.

Disclaimer
Mastercard makes no representations or warranties of any kind, express or implied, with respect
to the contents of this document. Without limitation, Mastercard specifically disclaims all
representations and warranties with respect to this document and any intellectual property
rights subsisting therein or any part thereof, including but not limited to any and all implied
warranties of title, non-infringement, or suitability for any purpose (whether or not Mastercard
has been advised, has reason to know, or is otherwise in fact aware of any information) or
achievement of any particular result.

Translation
A translation of any Mastercard manual, bulletin, release, or other Mastercard document into a
language other than English is intended solely as a convenience to Mastercard customers.
Mastercard provides any translated document to its customers “AS IS” and makes no
representations or warranties of any kind with respect to the translated document, including,
but not limited to, its accuracy or reliability. In no event shall Mastercard be liable for any
damages resulting from reliance on any translated document. The English version of any
Mastercard document will take precedence over any translated version in any legal proceeding.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 138
Notices

Information Available Online

Mastercard provides details about the standards used for this document, including times
expressed, language use, and contact information, on the Technical Resource Center (TRC). Go
to the Rules collection of the References section for centralized information.

Mastercard Gateway Merchant Administration User Guide • 4 October 2024 139