Opayo and MIT transactions

[bartekmis]

Hello everyone,

we have just received an email from Opayo:

 
Visa have started grouping authorisation decline response codes into four categories and have issued guidance on what action merchants should take in the event of a declined transaction.   
 
What does this mean for me?
If you currently complete MIT transactions upon a transaction being declined a response code will be allocated with advice for the merchant, we recommend you review this information before attempting to process the transaction again. Multiple reattempts to take the payment again when not permitted could result in a fine issued by your acquirer.
 
If you are using Form, Server or the Direct integration you can review the response codes via an API call, for further information please visit our dev hub [here.]
 
If you are using PI integration you can view this data via a new field, for further information please visit our dev hub here.  
 
What are the new response codes?
You can view the guidance for each response code below, to avoid a fine from your acquirer please ensure you review this.
 
Decline Category 1 - Issuer Will Never Approve  
These are permanent declines. Reattempts are not permitted, and the response should never change.  
 
Decline Category 2 - Not Approved At This Time 
This is a temporary decline that may change over time, and reattempts are permitted. For example, a card might have insufficient funds at the time of the transaction.  
 
Decline Category 3 - Data Quality Issue.  
These transactions have been declined due to issues with the payment data, this could be an invalid expiry date or incorrect CVV. Reattempts are permitted, but the payment data should be validated first. 
 
Decline Category 4 - Generic Response Codes.  
All other response codes fall into this category. Reattempts are permitted.

If we use a simple card transation on the website using the omnipay-sagepay package - are we safe or should we change anything in our code? Or is it something to change in this repo?

Any thoughts would be much appreciated. Bartek

[judgej]

You should be able to access the decline code from the response using getDeclineCode(). Those codes come from the bank, and their meaning will change from one bank to another. If you know the bank and have their codes, you can look up what the code means.

If I am understanding this category correctly, it looks like Opayo are doing the bank lookup for you, so you don't need all that bank detail locally. This driver doesn't [yet] read the decline code category, so it's not easily available to inspect. However, you should be able to find it in $response->getData() in the meantime.

The Pi API reference describes the additionalDeclineCode, additionalDeclineCodeDescription and additionalDeclineCodeCategory, but from what I can see, the other APIs don't have it documented yet, so may need a little experimentation to see how it works. Even the email is not quite accurate - the decline code categories are strings, 01, 02, 03 and 04. There is nothing to lead us to assume they are numbers or will remain numbers.

[judgej]

So - the new properties in the reponse won't break anything, but do provide additional context - in an ever-growing landscape of payment providers - for acting on when payments are declined. This information is available through the Omnipay framework, but will need a little digging. A couple of new methods can be added to make access easier.