Frequently Asked Questions (FAQ)

In order to sell your products and services on the Internet you will need to set up the following as a minimum (see also our three-step guide):

• Web shop – you can either use a standard shop system (Magento, Prestashop, WooCommerce, etc.). Otherwise, you will need to engage a developer to implement the payment module for you (see our developer documentation).
• Payment methods – you need to sign merchant service agreements (also known as acceptance contracts) with financial institutions (i.e. acquirers) to integrate the payment methods that you want to offer to your customers. The acquiring banks are responsible for disbursing the funds they collect. On our website you will find a list of the payment methods we support as well as the contact details of companies who provide merchant service agreements in Switzerland and abroad.
• Payment Service Provider (PSP) – e.g. Datatrans. The PSP takes care of the secure technical processing of transactions and is not directly involved in the cash flow.

If you would like a PSP offer from Datatrans Ltd, please reach out through our contact form.

What is an issuer?
The issuer is the card-issuing bank that offers the credit card to the customer.

What is an acquirer?
An acquirer enables the merchant to support credit cards as a payment method and process the payment reliably.

The acquirer also acts as a merchant bank, controlling the flow of funds between the customer and the merchant.

What is a payment service provider?
A payment service provider (PSP) acts as a technical link between the web shops (merchants) on the one hand and the financial institutions (acquirers) on the other.

The PSP handles the technical aspects of its merchants’ payments, maintaining connections to various payment-method providers and a variety of shop systems.

As a payment service provider, Datatrans is not involved in the actual flow of funds between the customer (cardholder) and the merchant.

• Switzerland: Mastercard, Visa, PostFinance, Invoice, Twint, PayPal
• Germany: Sepa ELV, PayPal, Sofortüberweisung, Mastercard, Visa
• Austria: Mastercard, Visa, PayPal, Sofortüberweisung

Please check whether you are sending the request to the correct service URL. MerchantIds issued for testing purposes (e.g. 11000XXXXX) are only accepted by [endpoint].sandbox.datatrans.com. The production endpoints and service URLs can be found in the back office under UPP Administration.

Typically this arises because of a communication problem of the response URL, respectively the web shop’s post URL. Your shop is unable to process the response received from our system, which means the order remains open in your shop. Consequently the customer does not get a success message and executes the order again. If you require a more detailed analysis of such a case, please contact Datatrans.

3-D Secure is an authentication procedure supported by Datatrans, which ensures that transactions made online are carried out by the legal cardholder. This security standard protects cardholders and merchants against the misuse of credit card data. Each credit card brand markets this standard under its own name, such as Mastercard SecureCode, Verified by Visa or American Express SafeKey.

3-D stands for "3 Domain Server", because three parties are involved in the 3-D Secure process:

• The merchant (web shop)
• The acquirer (the merchant’s financial institution)
• The credit card issuer

During the payment process in the web shop, a window appears either for the cardholder to identify him- or herself by the card issuing bank. The identification is done by entering a password or a mobile TAN (similar to entering a PIN at an ATM). The payment can only be completed upon entry of the correct password, which is known exclusively to the cardholder and the issuing bank.

Below is a description of the various 3-D statuses shown in the Datatrans Web Administration Tool (back office):

• A = Authorized, activation during shopping (prompted to subscribe the card to 3-D Secure program).
• C = Blocked/freezed, authentication not completed (the bank forces the cardholder to participate in the program).
• D = Authorized, normally protected by 3-D, merchant has fulfilled the 3-D obligation.
• N = Rejected, authentication failed.
• U = Rejected, transaction has no 3-D status, merchant is fully liable for the amount.
• Y = Authorized, authentication successful.

If you have any further questions about 3-D Secure, please contact your acquirer or Datatrans support.

It is possible to switch off the 3-D Secure procedure. It should be noted, however, that when 3-D Secure is not used, the merchant operating the web shop is always liable for improperly used credit cards (see also "Liability Shift"). If you still wish to offer payments without the 3-D Secure procedure, please contact your acquirer.

Datatrans can only deactivate 3-D Secure upon receipt of the acquirer’s written confirmation (e-mail is sufficient).

When transactions have been successfully verified by 3-D Secure and authorized by the acquirer/issuer, the liability shift for the payment applies.

This means that liability for losses caused by misuse of credit card data is transferred from the merchant to the card issuing bank. However, it should be noted that this protection does not relieve the merchant from all other duties of care that apply in relation to distance selling.

In rare cases, chargebacks can also take place on 3-D Secure authenticated transactions. In the case of a chargeback, the cardholder disputes the legality of the charge with his card-issuing bank (issuer). The issuer verifies the transaction (receipt request) with the help of your acquirer and subsequently decides whether the transaction was fraudulent or not and whether the liability shift should apply or not.

Please contact your acquirer for the exact conditions of their liability shift process or for any further questions regarding it.

In order to receive the outstanding amount of money, authorized transactions must be settled within the contractually stipulated deadlines. The funds will be transferred upon settlement through the acquirer. Further information regarding settlements can be found here.

Please DO NOT reply to these emails. They are provided for information purposes only. If you no longer wish to receive these messages please contact our support team: support@datatrans.ch

If your transactions should have been settled directly (automatically), please contact the developer of your web shop system to find out why these transactions were subject to another process.

This e-mail informs you of a technical problem in an external system that is beyond the responsibility and control of Datatrans. You do not need to do anything. As soon as the problem has been fixed, you will receive a resolution notification by e-mail.

Please note that these cases involve malfunctions in third-party systems, about which we merely inform you. We can neither influence nor speed up the resolution of the problem. Thank you for your understanding.

Enter the URL admin.datatrans.com in your web browser. In the following form you can log in with your login data.

The following values are required:

• Login: admin_xyz OR 30000xxxxx OR group_xyz
• Username: f.surname (it is possible that firstname.surname or similar was set here)
• Password: xxxxxxxxxx

You will receive your initial login information by email from Datatrans to the administrative e-mail address you provided.

In a first e-mail you will receive your login and username. To set the password, click on the link which we will send you in a separate e-mail.

You can reset your password by clicking on the "Forgotten password?" link at the bottom right of the login fields.

You will be asked to enter your login, your username and the registered e-mail address. After clicking on "OK" you will receive an automated e-mail with a link which allows you to set a new password. After you have successfully set a new password, you will be prompted to log in again.

If you cannot remember the information required to reset your password, please contact us by e-mail at support@datatrans.ch or by phone on +41 (0)44 256 81 91.

If your user account is blocked because you have reached the maximum number of login attempts, you can click the "Password recovery" link and go through the process described above to reset your password.

According to PCI DSS guidelines, user access should be blocked if an account remains unused for 90 days. Please note that the 90-day period specified by the PCI Council is mandatory and therefore cannot be changed.

If your account is blocked due to inactivity, you can click the "Unblock account" link and go through the process described above to reset your password.

Alternatively, please contact Datatrans Support by e-mail (support@datatrans.ch) or by phone (+41 44 256 81 91) to regain access.

The login to the Datatrans Backoffice tool can be done either with the standard login credentials (login / user name / password) or with a multi-factor authentication which provides an additional layer of security for your user profile. The multi-factor authentication can be activated by each user individually and is optional. A detailed description of the multi-factor authentication process can be found in the Backoffice user manual Backoffice user manual.

If activated, in addition to your login credentials (login, user name, password) you will be asked to enter an additional code/token generated by a smartphone app.

We support Google Authenticator (App Store / Google Play Store) and Authy (App Store / Google Play Store).

We provide a comprehensive user guide for the Web Administration Tool.

This is because you either have insufficient permission rights, or you must first select the corresponding MerchantId using the "Change Merchant" function at the top right hand side. Some changes can only be made at MerchantId level.

The "Transactions" menu shows transactions that have occurred in the past 360 days.

Important: Only the 300 most recent entries are shown.

You can filter your transaction list by using the "Search for specific transactions”. The "%" (wildcard) character is used to find all records that contain the preceding and/or following character string. This means that multiple wildcards can be set in one search term.

If a transaction cannot be found, check whether it is older than 360 days. If this is the case, switch to the archive search. Also check whether you are searching for the transaction with the correct MerchantId (see "Change Merchant" function).

You can only issue a credit for a transaction that has the status "Settled/transmitted" and is not older than 360 days.

In the transaction details, a credit can be generated using the "Credit" function.

The Datatrans system allows a transaction to be credited up to 360 days after settlement. Since credits are also subject to validation on acquirer and issuer level, they may however be refused by the acquirer or the issuer within this period. This decision cannot be influenced by Datatrans. In this case, we recommend that you contact your customer and find an alternative way to refund the amount (e.g. bank transfer, voucher shipping, etc.).

A transaction that has been wrongly cancelled or credited cannot be debited again. You should contact your customer and agree an alternative method of payment with him.

Click on the red masked card number in the transaction details and then enter the graphic code in the pop-up window. We recommend writing the card number on a piece of paper and shredding it immediately after use.

Please note that displaying unmasked card numbers is disabled by default due to PCI DSS requirements and is only enabled if there is a legitimate business reason for it. The identification of a credit card number or the conversion of tokenized cards may be such cases.

The use of this option is therefore linked to specific user permissions. Unmasked credit card numbers are always displayed at the user’s own risk. When using this function you have to ensure you comply with the PCI DSS guidelines and are liable for any misuse. Any liability claims against Datatrans Ltd are completely excluded.

Authorizations normally remain open for 30 days.

A transaction with the status "Authorized" can be reauthorized by clicking on the "Reauthorize" function. This extends the expiry period of an authorization as long as the card-issuing bank allows the reauthorization.

The authorization is the reservation of an amount on your customer's credit card. The cardholder's bank will keep this reservation open to allow the merchant a settlement at a later date. This period should be kept as short as possible.

To settle an authorized transaction, click on the corresponding transaction in the "Transactions" menu and then on the "Settle" function.

After a transaction has been settled, it will have the status "Settled" on our databases and the transaction can still be cancelled. On the following day, all settled transactions are transmitted to your acquirer for further processing. The transactions are then showing the status "Settled/transmitted". From this moment on, only credits (offsetting entries) are possible.

A transaction can be rejected by different parties and for different reasons (error codes).

A list of the most important error codes can be found here.

Why was a transaction rejected?
The right of "Error message" in the transaction details a red link appears. Clicking on it, a pop-up window opens with the available details of the reason for rejection.

The most common reason for rejection is error code 50 / 1403. Such transactions were refused by the card issuing bank. For reasons of data protection and/or banking secrecy, Datatrans will not be provided with any further information regarding the reason for refusal. In such cases, we recommend that the cardholder is referred to her or his bank.

What does "Response Code 02" mean?
If the transaction is processed via SIX Payment Services, a transaction may be authorized with "Response Code 02". It means that the transaction is authorized, but the card issuer accepts no liability in the event of misuse of the card and that you as the merchant are fully liable. This occurs if you as a merchant are not protected by 3-D Secure or if the issuer downgrades the transaction to "non-3-D" during 3-D validation. Such transactions are rejected by default*.

What does U-Case mean?
"U-Case" means that the transaction is recognized as unauthorized for 3-D in the authentication process. If you accept such transactions as a merchant, you are fully liable in the event of an improperly used card. Such transactions are rejected by default*.

* A transaction that has been rejected due to such a reason can be reactivated in the transaction details via the "Restore" function and can be manually authorized and billed without 3-D Secure. In this case, the merchant bears the full liability.

If you suspect fraud, contact your acquirer first. They can advise you on possible measures.

To prevent fraud, we provide you with a comprehensive anti-fraud tool in the Web Administration Tool. This can be found in the "UPP Administration / Security" menu. A detailed description of the available options can be found in the user guide, chapter 6.5.

To determine the most appropriate anti-fraud measures for your online shop, we will be happy to advise you by e-mail at support@datatrans.ch or by phone on +41 (0)44 256 81 91.

The Daily Report is a report that lists all of the day’s transactions for a specific merchantId. If desired, this report will be sent to you automatically by e-mail on a daily basis.

If you have not received the Daily Report by e-mail as usual or if you can no longer find the message, you have the possibility to download the same information by using the Datatrans Web Administration Tool.

Use the "Change Merchant" function to select the appropriate merchantId and select "Batch files" from the Reports menu. You can then define the desired date or time span. Select "Daily closing" as file type. As soon as you have found the corresponding file, click on "download" and save it to your usual location.

Further information can be found in chapter 4 of the user guide.