Worldpay offers market-leading online payments and fraud protection to corporate businesses globally, and supports a wide range of processing and settlement currencies.
Zuora is pre-integrated with Worldpay, allowing you to create a Worldpay gateway instance and process credit card and debit card transactions settled in a currency other than the transaction currency.
To set up the Worldpay Payment Method Updater service in Zuora, see Configure Worldpay Payment Method Updater for more information.
Zuora supports the following Worldpay payment gateway versions:
- Worldpay 1.4
- WorldPay (Corporate Gateway)
See Supported Payment Methods for the supported payment methods on both gateways.
Stored Credential Transactions
Worldpay 1.4 includes support for the Stored Credential Transaction framework of the following card brands:
- American Express
- Diners Club
Configure the Gateway in Worldpay
Before creating your Worldpay gateway in Zuora you need to configure the settings in Worldpay. These settings must be configured in both the Worldpay Merchant Interface (for the live production environment) and the Worldpay Merchant Test Interface (for the test environment). Contact your Worldpay representative or refer to the help guides in the Worldpay Support Center if you require assistance.
Disable Capture Delay
It is very important that you disable capture delay in Worldpay, as Zuora issues a separate capture call after the authorization occurs. Log in to the Merchant Interface for the desired environment, and locate the setting Capture delay (days). Set this to -off to disable capture delay.
If capture delay is not turned off then extra charges may be captured by Zuora.
$0 Authorization Support
As is common with payment gateways, Worldpay can check that customer's credit card is valid by issuing an authorization for an amount of money. Worldpay provides you with the option to enable $0 authorization, so that authorizations can be issued without leaving a trace on the customer's card history. To enable this optional feature please contact Worldpay Support.
Whether or not requests for $0 amounts are authorized depends on the specific bank and currency the customer uses. Although many financial institutions accept small authorization amounts (for example, $0.01 or $0), there are a number of banks that do not. These banks will reject cards that may or may not be valid simply due to the size of the authorization amount. This will affect cards entered in the Zuora Payments UI as well as through the API. In these cases, you should increase the default authorization amount.
Worldpay authorization supports Address Verification Service (AVS), and Card Verification Value / Card Verification Code (CVV2, CVC). These provide a mechanism for checking the authenticity of a transaction by comparing information entered by the shopper during the payment process, with details held by the card issuer. You can also configure whether to receive the AVS/CVC result code or message in the authorization response. If enabled, Zuora will record the value returned without interpretation.
Zuora does not perform these checks for you; Worldpay must be configured to do so if required. Contact your Worldpay representative or refer to the help guides in the Worldpay Support Center for more information.
Worldpay offers two fraud screening products; Risk Management Module (RMM) and Risk Guardian (RG). Both of these allow you to configure the mapping from the risk check results to the authorization result. If you choose to use either of these products, you must configure the settings in the Merchant Interface for both live and test environments.
Define Shop Name and Shop URL
Worldpay allows you to set values for ‘Shop name’ and ‘Shop Url’ (which define the name of your business and URL of your website). To do this, visit the Merchant Interface for the live or test environment and set the values in your profile, or contact Worldpay Support to request that they do this on your behalf.
It is not possible to use the Zuora SOAP API field softDescriptor, as Worldpay doesn’t support this through their API.
Discover Card Support
Worldpay supports payments by Discover card, but this is disabled by default. If you would like to issue payments with Discover cards in Zuora, please contact Worldpay Support to enable this feature.
Single Euro Payment Area (SEPA) Direct Debit Payments
By default, the Worldpay SEPA integration supports direct debit payments for these countries: Austria, Belgium, France, Germany, Ireland, Italy, Netherlands and Spain. SEPA trade schemes vary between countries and there is a settlement delay of 1 to 5 business days.
The following fields are required by Worldpay for saving a SEPA payment in Zuora:
- Select SEPA from the Bank Transfer Type drop-down
- Valid Bank Transfer Account Number and Name.
If other fields are required by the gateway, the error message sent by the gateway is displayed.
e-Mandates are online agreements between the shopper/consumer and Worldpay. It is the obligation of the merchant to create your own SEPA Direct Debit e-Mandate and present the e-Mandate to the shopper using this payment method. The following e-mandate fields need to be sent to Worldpay:
- Shopper email address
- Merchant name
- Mandate ID or reference information
- Account holder's name
- Mandate type (one-time, recurring, etc.)
If you want to use SEPA or tokenization for your merchant account, you will need to contact your Worldpay relationship manager.
The payment method used for tokenization is the Credit Card Reference Transactions (CCRef) payment method. Zuora uses the shopper token and not the merchant token. The following are supported by the Credit Card Reference payment method:
- Credit token
- Verify a token - The Token ID and Second Token ID fields in Zuora are required by Worldpay in order to verify a token.
- Capture a payment using a token
- Refund payment
To turn on additional credit card payment methods, contact Zuora Global Support.
Configure the Gateway in Zuora
To set up Worldpay as your gateway, enter your Worldpay credentials by clicking your username at the top right, navigate to Settings > Payments > Setup Payment Gateway. In the Gateway Type drop-down menu, select Worldpay1.4 or Worldpay (Corporate Gateway).
Common Fields for Configuration
There are some common fields you must complete for every gateway configuration. We recommend reviewing Setting Up Payment Gateways for information on these fields:
- Name: Choose a name that identifies this payment gateway. We recommend using a name that helps your users identify the gateway.
- Use Gateway Test Environment: Select this check box if you want Billing to use the payment gateway's test service URL. This allows you to test payment transactions while you are setting up your Billing.
- Cards Accepted: Worldpay accepts the following cards: Visa, MasterCard, American Express, Discover, Diner's and JCB.
- Default Authorization Amount: Enter the minimum default amount used to process a payment. If the verify credit card checkboxes are selected, this amount will be used to validate the payment method by first authorizing the amount and then voiding the authorization when the amount is greater than zero..
- Verify new payment method (optional): When you select either or both of the Verify new payment method and Verify updated payment method check boxes, Zuora Payments (within the Zuora Application and Zuora API) submits key information to the payment gateway to authorize all payment methods for authenticity and fraud prevention. For more information see Verifying the Credit Card Gateway Options.
- Verify updated payment method (optional): See text above.
In addition to the common fields, every gateway has unique requirements and information (such as credentials and certain rules) that you must provide to configure the gateway in Zuora.
Your credentials should be obtained from Worldpay and configured in Zuora.
The Merchant Code is a unique value that identifies a merchant account in the Worldpay system. The code is submitted with every payment transaction sent from Zuora to Worldpay. Worldpay uses the same Merchant code for test and live transactions (but different XML passwords).
It is possible to have more than one merchant code under an administration code, which is a unique code that identifies a Worldpay merchant. The administration code is a reference under which all the merchant codes that a merchant has with the Worldpay payment service are stored, however it is not used in the API calls.
Merchant code switching is not supported. If you would like to process transactions for different types of customer interactions (e.g. e-commerce or moto) or to have multiple settlement currencies, then you need to create separate Worldpay gateway instances for each. Each gateway instance has its own unique Worldpay merchant code.
User Name and Password
The password here is your XML password, used for making calls to the Worldpay API. It is not the password used for logging into the Merchant Interfaces.
For security reasons, the passwords for the live and test environments are different. Log in to the Worldpay Merchant Interface to find the XML password for the live environment, and log in to Worldpay Merchant Test Interface for the test environment.
This field is only available in Worldpay 1.4. The merchant ID is unique per each merchant code assigned to your merchant account by Worldpay.
3D Secure 2.0 Organisational Unit Id
This field is only available in Worldpay 1.4 and is required if you want to enable 3D Secure 2.0. This is the identity associated with your merchant account for 3D Secure 2.0. Contact Worldpay Merchant Support to get this information.
3D Secure 2.0 Issuer
This field is only available in Worldpay 1.4 and is required if you want to enable 3D Secure 2.0. This is the identifier to indicate who is issuing the JWT for 3D Secure 2.0. Contact Worldpay Merchant Support to get this information.
3D Secure 2.0 JWT MAC Key
This field is only available in Worldpay 1.4 and is required if you want to enable 3D Secure 2.0. This is a base64url encoded hash value of the header and payload combined with a JWT MAC Key for 3D Secure 2.0. Contact Worldpay Merchant Support to get this information.
To enable 3D Secure 2.0 for Worldpay gateway integration, see Enable 3D Secure 2.0 for Worldpay gateway integration for more information.
The following fields are specific to the Worldpay 1.4 payment gateway:
- Enable gateway reconciliation (optional): Select this check box if you want to enable Gateway Reconciliation in this gateway instance.
- Admin code (optional): The Admin Code assigned to your merchant account by Worldpay.
- Merchant Acronym (optional): The Merchant Acronym assigned to your merchant account by Worldpay.
See Configuring Worldpay Gateway Reconciliation for more information.
Testing Your Configuration
We recommend testing your Worldpay payment gateway using both its test and production (live) environments. Once you have completed testing in the gateway's test environment, Zuora recommends that you perform a test in your live production environment with a real credit card. If there are any differences in the configuration of your testing and production accounts, testing in production ensures your production merchant account is set up properly and can successfully connect to the production environment.
Accessing Your Gateway's Test Environment
Some payment gateways provide separate credentials for merchants to access their testing environment, some gateways use the same credentials for testing as for the production (live) environment but direct test transactions to a different URL, and other gateways do a little of both. Worldpay uses the same Merchant ID for test and live transactions, but a different XML password for each.
Accessing Test or Live Environment from Zuora
When configuring the Worldpay payment gateway in Zuora, you can indicate whether you would like to use the Worldpay test environment or the Worldpay live environment.
- If you select Use Gateway Test Environment, Zuora will direct payment transactions to your Worldpay test environment.
- If you do not select Use Gateway Test Environment, Zuora will direct payment transactions to your Worldpay live environment.
For additional information visit the Worldpay Support Center. Visit the Worldpay Developer Portal where you will find what you need to quickly start using Worldpay payment gateway and value-added services.
General Testing Information
Zuora maintains the integration with Worldpay on an ongoing basis, thoroughly testing the integration with every new release. The Worldpay integration documentation is helpful if you are integrating Worldpay directly with your website, however, you do not need to perform any integration or certification testing to submit transactions to Worldpay via the Zuora application. The intended audience for the integration guides are technical integrators, however, these documents can be helpful to non-technical integrators who can refer to it for information on testing and troubleshooting gateway errors (as described below).
Performance and Volume Testing
In general, gateway testing environments are intended to give merchants the opportunity to test their gateway and integrations to their gateway, in order to work out any bugs before going to the production environment. Some gateway test environments are shared amongst multiple merchants, and other gateways provide unique testing environments for each merchant. Additionally, gateway test environments (also referred to as certification or sandbox environments) do not have the same high availability or performance capability as production environments. As such, they are not intended for load testing. Merchants performing high volumes of load testing that puts a stress on a shared test environment may receive a warning from the gateway or have their access to the testing environment suspended
Troubleshooting Gateway Errors
For failed payments processed using the Worldpay payment gateway, Zuora Payments will provide the gateway Response Reason Code (for example, 203) and Response Reason text (for example, general decline of the card).
To obtain more information on gateway errors, look up the transaction ID number (called Reference ID in the Zuora payment detail page) in the Worldpay Merchant Interface or Worldpay Merchant Test Interface to see if more information is provided; often you will see more than just the response code and response message in Zuora.
If you require additional information, you can log a case in the Worldpay Support Center. All Worldpay merchants have access to online support, and depending on your support package with Worldpay, you may also have access to phone support. Please work with your Worldpay contacts to understand your options for contacting Worldpay Support. Be sure to have your reason code as well as your Transaction ID (in Zuora Payments this is the Reference ID) for the failed payment. This Transaction ID is an alphanumeric number (for example, CLEF4CGE8AB8).
Make Sure You Are Not Re-Trying an Invalid Card Too Many Times
We recommend that you check the payment in Zuora to see how many times the same payment method has been retried for payment and failed. If there have been several retries, check the error messages from the beginning with the first failure and the more recent failures to determine if the error message is the same. If a merchant tries to process a payment against the same credit card too many times despite receiving errors, this could trigger warnings to the card issuing bank. The card issuing bank may place an alert on the account and not allow any further transactions from the merchant using that payment method. When a mechant has been flagged, the error received on the payment may be not state the reason why, instead it might be a generic decline error. In this case, the merchant (Zuora customer) should work with their merchant acquirer/processor to see if they can identify the problem with the payment method. If the processor does not know, then the merchant and/or the card holder can try calling their card issuing bank to look into the issue.
Additional Gateway Information
If an order ID is passed in a Zuora API call, this ID has to be unique for each payment. If no ID is passed in, Zuora will generate a 32-character random alphanumeric value for Payment Method creation, or use our internal IDs (constructed as tenant ID + payment number) for Payment creation requests, to ensure uniqueness.
Reverting a Payment
It’s recommended to use the void payment option within 15 minutes of the payment request, and only use the refund option after 90 minutes has elapsed. Worldpay doesn’t indicate if an order qualifies for void or refund in the void/refund response, so Zuora marks the void/refund request as processed to indicate the gateway received the request, regardless of whether the request will succeed or fail later on.
Worldpay supports sending order notifications and financial reports by email to the merchant. This feature is implemented and maintained by Worldpay.
Functional Mapping between Zuora and Worldpay
This section describes the functional mapping between the Zuora API and the Worldpay API.
|Zuora API||Worldpay API|
|Payment Method creation by passing in Credit Card information||Submitting an order with a Credit Card, and then issue a ‘cancelOrRefund’ type of order modification on the same order.|
|Payment Creation||Authorize an order with credit card, and issue a ‘capture’ type of order modification.|
|Void the Authorization||Issue a ‘cancelOrRefund’ type of order modification on the payment order.|
|Void the Payment||Issue a ‘cancel’ type of order modification on the payment order.|
|Refund Creation||Issue a ‘refund’ type of order modification on the payment order.|
|Payment Inquiry||Inquiry on the payment order.|
Credit Card Field Mappings
This section describes the object and field mappings between Zuora and Worldpay for Credit Card Payment Method creation and Payment creation.
|Zuora UI||API field passed to Worldpay (XPath)||Source of this infoRmation in Zuora (object.field)||Zuora PaymentMethod API field|
|Gateway setup > Merchant Code||//paymentService/@merchantCode||
|Gateway setup > user name||http basic auth: user||
|Gateway setup page > xml password||http basic auth: password||
|//order/@orderCode||AuthBean.orderId, or 32-digit random string
PaymentBean.orderId, or PaymentBean.paymentNumber
|New Customer Account > Currency||//amount/@currencyCode||CustomerInfo.currency.code||Account.Currency|
|New Customer Account > Currency||//amount/@exponent||CustomerInfo.currency.exponent||Account.Currency|
|Gateway setup > Default Authorization Amount||//amount/@value||AuthBean.amount||?|
|Credit Card Type||<VISA-SSL> <ECMC-SSL> etc. tag||CreditCard.cardType||PaymentMethod.CreditCardType|
|Card Holder Name||//paymentDetails/cardHolderName||CreditCard.cardHolderName||PaymentMethod.CreditCardHolderName|
|Card Security Code||//paymentDetails/cvc||CreditCard.cardSecurityCode||<paymentmethod.cardsecuritycode/>|
|Billing Postal Code||//cardAddress/address/postalCode||CreditCard.cardZip||PaymentMethod.CreditCardPostalCode|
|Zuora UI||Worldpay API (XPath)||Description|
|Reference Id||//(orderStatus|captureReceived)/@orderCode||transactionId, orderId|
|N/A||lastEvent>||For PaymentMethod creation only: successful if lastEvent is AUTHORISED, otherwise fails.|
|N/A||<reply><ok>||Payment request (sale call) is successful if this tag is present in response, otherwise fails.|