Refer a Friend

Cardsave Gateway from Worldpay

Developer Support

Developer Frequently Asked Questions

Explanations of Gateway messages and answers to common questions developers ask about when implementing an integration with the Cardsave gateway.

Merchant Doesn't Exist

The Gateway MerchantID being used is incorrect.

Ensure you are using a Gateway MerchantID and not a username used to login to the Merchant Management System. A Gateway MerchantID will begin with the first 6 characters of the company name, followed by a hyphen (- dash symbol) and 7 numbers. A Gateway MerchantID does not begin with the word "merchant".

Security Warning: Hash Digest Does Not Match

(Hosted Payment Page and Transparent Redirect Only)

There are a number of reasons that can cause this issue. If you are using one of our shopping cart modules or un-edited sample code:

  • Password used is incorrect (see "Changing the Gateway Password").
  • PreShared Key used is incorrect (see "Locating the PreShared Key/Hash Method").
  • Hash Method used is incorrect (see "Locating the PreShared Key/Hash Method").
  • A combination of the above.

If you are using a bespoke system then the issue could be caused by one of the above issues or:

  • The HashDigest being created on the merchant's webshop contains variables/values that are different to those being passed in the form POST to the Hosted Payment Page.

This transaction cannot be processed. It was rejected because the passed transaction date/time has expired.

(Redirect and Transparent Redirect Only)

The gateway checks the TransactionDateTime passed to ensure that the transaction request is current. The gateway allows variance of up to +/- 10 minutes from the current time. E.g. if the current time is 10:10am, times between 10:00am and 10:20am will be accepted.
To avoid this error, you must ensure:

  1. The TransactionDateTime that is passed to the gateway is recorded immediately before passing data to the gateway.
  2. The system clock on your server to set to the correct time.
  3. The system clock is using the correct offset from UTC/GMT.

Passed variable (*Variable Name*) has an invalid value

The variable value specified is invalid and was not accepted by the Gateway. The gateway relies on transaction information passed from the merchant's website be provided in a specified format.

The following are variables commonly sent to the gateway in the incorrect format.

Amount – The transaction amount must be sent to the gateway in the minor currency, omitting any symbols.
e.g. for £10.00, it must be submitted as 1000

CurrencyCode – The currency for the transaction must be specified using the ISO 4217 numeric code.
e.g. for GBP (British Pounds), it must be submitted as 826

CountryCode – The customer's country must be specified using the ISO 3166-1 numeric code.
e.g. for United Kingdom (GBR), it must be submitted as 826

ExpYear – Only the last two digits of the expiry year of the customer's card should be passed to the gateway.
e.g. for 2015, it must be submitted as 15
Note: ExpYear is only applicable when using a Direct or Transparent Redirect integration.

A potentially dangerous Request.Form value was detected from the client.

(Redirect and Transparent Redirect Only)

The value passed contains disallowed characters. The gateway will highlight the disallowed characters below this message.

For reference, following characters should be removed from all strings before being used in a HashDigest and passed to the Gateway.

  • # - Hash symbol.
  • > - Greater than.
  • < - Less than.
  • \ - Backslash.
  • [- Opening square bracket.
  • ] - Closing square bracket.

No Routes Found For [Card Type/Currency]

Your Gateway Merchant Account is not set up to accept payments using this card type and/or Currency.

Please contact ecomm@cardsave.net for further information on how to accept additional card types/currencies.

Required Variable: *Variable Name* is missing

(Redirect and Transparent Redirect Only)

The variable specified was not posted to the Hosted Payment Page / Transparent Payment Page.

If you are using the Hosted Payment Page, the following variables are mandatory and must be passed to the gateway as part of every transaction:

  • HashDigest
  • MerchantID
  • Amount
  • CurrencyCode
  • OrderID
  • TransactionType
  • TransactionDateTime
  • CallbackURL

If you are using the Transparent Redirect Integration, the following variables are mandatory and must be passed to the gateway as part of every transaction:

  • HashDigest
  • MerchantID
  • Amount
  • CurrencyCode
  • OrderID
  • TransactionType
  • TransactionDateTime
  • CallbackURL
  • CardName
  • CardNumber
  • ExpiryDateMonth
  • ExpiryDateYear

This error can also be caused by spelling mistake in the variable name.

Could Not Communicate With Payment Gateway

You need to open Outgoing Port 4430 TCP on your server. You should contact your server hosting company for further information. Should your hosting company wish to lockdown the use of this port to certain IP addresses, please contact our support team for further information.

Transaction Messages

AuthCode: xxxxxxxx
The transaction was successful and has been authorised by the customer's bank.

Card declined
The card has been declined by the customer's bank. A card can be declined for 2 main reasons:

  1. There are not enough funds available on the account.
  2. The customer's bank has blocked the card.

In both of these situations the customer should contact their bank for the exact reason for the decline.

Card declined: AVS policy
The transaction has been declined because the AVS Check has failed based on the criteria specified in the Merchant Management System (MMS) for this gateway account.
The AVS Check compares the customer's billing address with that held by the customer's bank. It is done in two separate checks.

  1. The numbers in the billing address lines 1 and 2.
  2. The numbers in the billing postcode.

You can customise the AVS Policy settings (and the conditions for a Pass or Fail) in the MMS.

Card declined: CV2 policy
The transaction has been declined because the CV2 Check has failed based on the criteria specified in the Merchant Management System (MMS) for this gateway account.
A card CV2 number (also known as CVC2 or CVV2) is the last 3 digits on or beside the signature strip on a credit/debit card.
The CV2 Check compares the CV2 number provided by the customer with that held by the customer's bank.
You can customise the CV2 Policy settings (and the conditions for a Pass or Fail) in the MMS.

Refund Successful
The refund has been processed successfully.

Void Successful
The transaction has been voided successfully.

3D Secure Messages

3D Secure Status: Passed
The customer successfully completed the 3D Secure check on their card.

3D Secure Status: Failed
The customer failed the 3D Secure check for their card.

3D Secure Status: Not Enrolled
The customer's credit/debit card is not enrolled in a 3D Secure scheme.

3D Secure Status: Not Submitted
The card was eligible for 3D Secure, but 3D Secure has been turned off for the gateway account.

3D Secure Status: Attempted
3D Secure was attempted but could not be completed. This may represent an issue with the customer's bank's 3D Secure system.

3D Secure Status: Unknown
This normally occurs if the customer does not complete 3D Secure (See "Issuer Authentication Expired").

Issuer Authentication Expired
This message will appear 2 hours after the transaction was initially carried out if the customer has not completed 3D Secure when prompted. The same message will show if there is an issue with the merchant's website and the PaRES (the response from the Bank's 3D Secure page) is not being returned to the gateway after 3DS has been completed.

3DS invalid veres from ds
There is an issue with your 3D Secure set-up on your gateway account. Please contact ecomm@cardsave.net to resolve the issue.

Merchant Management System (MMS) Login Errors

Account Disabled
Please contact ecomm@cardsave.net to resolve the issue.

Account Locked
If you enter the incorrect password 3 times in quick succession, you will lock your account.

If you are not the "Merchant Super User" contact the "Merchant Super User" to have your account unlocked.

If you are the "Merchant Super User" you will need to contact ecomm@cardsave.net to have your account unlocked.

ERROR 1246, ERROR 1247 or ERROR 1248
Unable to log in due to invalid login details. Confirm your details and try again. For support please email ecomm@cardsave.net
Note: If you enter the incorrect password 3 times in quick succession, you will lock your account.

ERROR 4358
The temporary password you have used has expired. Reset your password again to receive a new temporary password.
Note: Temporary passwords are only valid for 48 hours.

How do I make my account live?

Once a merchant's application has been received and registered with Cardsave, they will receive a number of emails from the Online Department.

The merchant will receive an email asking they confirm their email address. Once confirmed, they will receive two further emails; the first contains login details and a link to the online Merchant Management System.

The second email contains test Gateway details which can be used to integrate the merchant's website with the payment Gateway.

Once an application has been approved, the merchant will then receive Production (live) details via email which can be used to take live payments on the merchant's website. If the merchant's website has previously been setup to use a test gateway account, the test account GatewayID, Password and PreShared Key (where applicable) need to be changed to the new Production (live) details.