Web Services

Secure Trading Web Services is for merchants who want to use their own secure servers, but wish to use Secure Trading’s payment network as part of their own ecommerce application. The Web Services interface allows merchants to submit a request to Secure Trading using a client program, providing a username and password for authentication. Unlike STAPI, no client needs to be installed on your own server to use Web Services.

Using Secure Trading Web Services you can:

  • Automate refunds and authorisation reversals, and control the settlement schedule for each transaction.
  • Have development capability and write applications that can process payments.
  • Integrate a payment solution into back-office or legacy systems.

For more information please contact our support team on 01248 672050.

What is the liability shift for 3-D Secure?

Secure Trading believes the liability shift to be as follows:

Brand Enrolled Status Liability
Visa U Merchant*
Visa N Card Issuer**
Visa Y Y Card Issuer**
Visa Y N Merchant***
Visa Y A Card Issuer**
Visa Y U Merchant
MasterCard U Card Issuer**
MasterCard N Card Issuer**
MasterCard Y Y Card Issuer**
MasterCard Y N Merchant***
MasterCard Y A Card Issuer**
MasterCard Y U Card Issuer**

Y= Yes
A= an attempt on something did not work with the communication
N= No
U= Unknown

* Important note: If the brand is Visa and enrolled or status is returned as a “U” (Unknown), it means that the merchant is not covered by the 3-D Secure scheme. In this case the merchant is still liable for any fraudulent transactions.
** Important note: There are some cases where the liability is not covered by the card issuer; for example some commercial cards under both brands. For more information please contact your acquirer.
*** Important note: In this case it is strongly recommended that the transaction does not proceed. This means the password entered did not match.

This is a high level overview of the liability shift. Please bear in mind we facilitate the process; we do not create or enforce the rules. If you are unsure of any transaction status that you may see, we would recommend that you contact your acquirer.

I am getting a 30000 FieldError for a field I do not want validated (e.g. telephone number or email address).

We recommend allowing your customers to correct any invalid data they enter if you receive this error. This means the transaction will be processed with valid data instead of storing invalid data which isn’t of use to anyone. However, if you do not wish to validate an optional field then it may be omitted in the request to Secure Trading (either by not including the XML tags or leaving the value blank).

I get “401 Authorization Required” when sending a Web Services request. What is the issue?

Either the password or username is wrong in the request, or you may be using a username that has not been setup for use with Web Services (EG: your Site Admin username). Please contact support and we can create a specific username for use with Web Services.

I get “Invalid Site Reference for Alias” when sending a Web Services request. What is the issue?

Please ensure that the “alias” you pass in the XML request is your Web Services username, rather than the Site Reference of your account.