V4.144 10/05/2024


V4.144 10/05/2024

 
The release notes provided in V1 of this document serve as an initial preview of the changes expected in the production release scheduled on May 19th, 2024, on the Hosted Gateway.

Summary

The Gateway release notes will contain information related to the new iVeri software release. The release notes will include the impact of software release to the intended target audience.

The release notes will adopt the format outlined below, as applicable:

  • Compliance - Refers to the adherence of the software to specific industry standards, regulations, or internal policies. This includes ensuring that the software meets legal and regulatory requirements, follows best practices, and aligns with established security and quality
  • Optimisation - The process of refining or improving a software solution to enhance its performance, efficiency, or effectiveness.
  • Feature - Refers to a specific functionality or capability that is added or enhanced in the new version of the software. It represents a distinct and valuable aspect of the software that provides additional benefits or options to the users.


In addition to the mentioned format, the release notes will be divided into the following sections:
Section 1: Compliance, Optimisation and Features applicable to All Customers.
Section 2: Compliance, Optimisation and Features that are Client specific.
Section 3: Compliance, Optimisation and Features that are Internal to iVeri.


iVeri Gateway Release Version 4.144


The release notes contained in this document will be applied on the Gateway and is in effect as of the 19th of May 2024.


Section 1: All Customers


This section will provide release notes relevant to All iVeri Customers, categorized into compliance, optimization, and feature enhancements.

Features


Subject: Enhanced Authentication: Implementation of Merchant Profile-Based Authentication in Enterprise APIs
Product/Platform: Gateway - Admin
Release Description:
Enhanced Authentication Mechanism Overview:
The Authentication Mechanism is applicable to three key components: Admin API, Certificate IDs, and Merchant Profiles within the BackOffice.
Admin API:
This aspect is relevant when utilizing the Admin API to create or update a merchant profile. The "secret" serves as an identifier for the merchant, enhancing security measures. It is imperative for merchants to incorporate the "secret" when constructing authentication data, thereby ensuring secure access. This feature represents a significant security upgrade.

Merchant Profile:
We've introduced support for merchant profile-based authentication in the Backoffice. With this update, merchants can generate a unique "secret" for their profile. They can then include this "secret" as part of the authentication data when posting transactions to the Gateway. By linking the authentication process in the logs, it will be easier to track authentication requests and responses based on the merchant identifier, enhancing usability and tracking capabilities.

 

 
 




User-Based Authentication:
Support for user-based authentication has been incorporated into the Admin API utilized for the creation and management of profiles on the Gateway. This integration introduces a user secret within the user parameters on the Admin website, reinforcing authentication protocols and enhancing overall security measures.

 

 
 



Subject: Stabilizing Authorization Reversal Fixed Amount Values in Batch Processing
Product/Platform: Gateway - Batch
Release Description:
"We have introduced a fixed amount value of 99999999.99 for Authorization Reversal in Batch files. This value serves as a recognition that both the authorization and any related incremental authorization should be reversed for the full amount.


Compliance


Subject: Enhancing Transaction Requests - Introducing Support for Mastercard Payment ID on the iVeri Gateway
Product/Platform: Enterprise API
Release Description:
We’ve extended the use of the Mastercard Payment ID to transaction requests originating from other payment gateways. Registered Mastercard payment gateways now have the ability to set the “PaymentGatewayID” tag in their payment instructions for the iVeri Gateway. 

Subject: ASCII character validation in Batch and Divert Filenames
Product/Platform: Gateway – Core
Release Description:
We have implemented validation for ASCII characters in Batch and Divert filenames to address instances where uploaded files in Divert and Batch contain unsupported characters. This ensures smooth handling of file uploads and prevents issues associated with unsupported characters.

Subject: Enabling OAuth Support on the Admin Website through Configuration
Product/Platform: Gateway – Core
Release Description:
We have added OAuth authentication support to the Admin website to align with PCI DSS requirements. The activation of OAuth authentication will be handled through configuration settings.
The video below illustrates the Oauth registration and login process:

 
 



 

Optimisation


Subject: Upgrade https://miscrosoft.net/ core nuget packages
Product/Platform: Gateway - MerchantAdmin
Release Description:
We have updated the https://microsoft.net/ Core packages used by the Gateway and related dependencies have been updated to the latest versions supported with the goal of aligning with the most current security and compliance requirements. 

Subject: Troubleshooting Receipt Printing for Link - Identifying Backend Permission Configuration Discrepancies
Product/Platform: Gateway - MerchantAdmin
Release Description:
The receipt printing problem stemmed from misconfigured permissions. While administrators might have correctly set up user permissions on the frontend, the root of the issue was traced back to misconfigurations within the application backend.

Subject: Enhancing HSM Functionality for Improved Data Integrity and Analytics
Product/Platform: Gateway - Core
Release Description:
The HSM (Hardware Security Module) oversees critical card data, including data and PIN encryption, as well as key management. The recent modification will enable customers to distinguish between active and inactive devices (not trading) and determine whether devices are still in use. This enhancement facilitates more robust analytics and enhances data integrity assurance.

Subject: Harmonizing Transaction Status Descriptions Across Back Office Systems
Product/Platform: Gateway - BackOffice
Release Description:
Updates have been implemented to standardize transaction status descriptions in BackOffice to align with those in the transaction messages. This ensures a unified and consistent transaction status across all channels.

Subject: Enhanced Gateway Responses - Introducing the AcquirerTrace Field
Product/Platform: Gateway - Core
Release Description:
We have added a Visa/MC AcquirerTrace field to Gateway responses. This addition accommodates cases where merchants are settling transactions using the Authorisation Code.

Subject: Resolving Inconsistencies Between 'Test File' and BatchLoader Validators"
Product/Platform: Gateway - Batch
Release Description:
The test validator in Backoffice Batch has been revised to align with the validator logic used in the Batch loader process. This update aims to establish consistent validation handling across batch files.


Section 2: Client Specific 


This section will present client-specific release notes, organized in compliance, optimization, and feature categories, as applicable. Please note that additional information has been included to identify the client.

Features


Client: CSC
Subject: Support of Visa’s AFT (Account Funding Transactions)
Product/Platform: Gateway - Core
Release Description:
A merchant can be enabled for AFT transactions on the Gateway by setting the parameter "Money Transfer Operator Type" to "AFT" on the iVeri Admin portal, under "Applications" - "Provider Specific" - "Supplementary". The transaction will carry specific data on the financial message to the Acquirer switch allowing to identify the transaction as AFT.

 
 



Client: Nedbank
Subject: Enhanced Functionality - Introducing Refund Support for Ekurhuleni Batch Files
Product/Platform: Gateway - Core
Release Description:
Refunds for Ekurhuleni transactions are now supported. Simply ensure that batch files contain transaction records with a processing account code of "20”.

Client: Nedbank
Subject: Enhanced Batch Stored Procedure - Identifying and Linking Related Authorization and Settlement by TranID/TraceID
Product/Platform: Gateway - Core
Release Description:
We have updated stored procedures in Batch to address AVIS transactions where the Authorization and Settlement lack the Visa TranID/MC TraceID. This linking of Settlement to Authorization using TranID/TraceID applies to Authorizations received via Wizard (AVIS system) through the FDMS channel housed in the Avis Indigo.

Client: CSC
Subject: Enhancing AFT Project Implementation for CSC and Extending Support to Mastercard Funding Transactions in Enterprise Product
Product/Platform: Gateway - Core
Release Description:
We have updated the implementation for CSC within the AFT project and expanded its functionality to support Mastercard Funding Transactions, focusing specifically on the Enterprise product.
Compliance

Client: Retail Assist
Subject: Single Tap support with Retail Assist
Product/Platform: Gateway-Core
Release Description:
In adherence to regulatory requirements, the Retail Assist Provider now incorporates single-tap and PIN capabilities.

Client: Nedbank
Subject: Support of CCPI Mandate
Product/Platform: Gateway-Core
Release Description:
We’ve introduced support for CCPI (Money Send) in the Gateway provider interface, which handles transaction submissions to Nedbank. This enhancement includes the inclusion of sender and receiver details within DE 127.22.

Client: CSC
Subject: Standardizing Mastercard E-commerce Transactions in CSC Settlement Files to Match Visa Criteria
Product/Platform: Gateway-Core
Release Description:
We have updated the settlement file for CSC to ensure that Mastercard e-commerce transactions adhere to the same Terminal Capability and Capture Method requirements as those already applied for VISA transactions.

Client: CSC
Subject: Enhanced PS Record Values in CSC's BA File
Product/Platform: Gateway - Core
Release Description:
The values for Auth_Amount, Auth_Currency, and Response_Code in the PS record within the BA file are now being configured. This adjustment is made in response to CSC's request, following transaction rejections on VISA's side.

Client: CIM Finance
Subject: Introducing Support for Single Tap and PIN on CIM Finance Devices
Product/Platform: Indigo - ARPED
Release Description:
We have implemented changes to support Single Tap and PIN functionality on devices utilized by CIM Finance.


Optimisation


Client: Nedbank
Subject: Enhancement Core Processing - Support of DE 12 and DE 13 on Authorisation Reversals 
Product/Platform: Gateway - Core
Release Description:
To align with the original authorization, the corresponding authorisation reversal message processed to Nedbank has been updated to include DE 12 (LocalTransactionTime) and DE 13 (LocalTransactionDate).

Client: Nedbank
Subject: Vodacom Token format support
Product/Platform: Gateway – Batch process
Release Description:
An enhancement on the Gateway process that deals with Vodacom transactions has been introduced to handle & support Base36 formatted tokens. 

Client: Nedbank
Subject: TR31 ZPK support in Nedbank Providers
Product/Platform: Gateway – Core
Release Description:
In line with the latest security standards, the TR 31 key format for the Zone Pin Key has been implemented for the suite of Nedbank providers used across various markets.

Client: Retail Assist
Subject: Smoother Admin User Creation - Eliminating Leading and Trailing Spaces
Product/Platform: Gateway – Core
Release Description:
To prevent instances where users are created with leading or trailing spaces, we have implemented a change to remove these spaces from the username field. When creating a user in Admin, any leading and trailing spaces in the username will be automatically removed.

Client: CBZ 
Subject: ZIG support on the iVeri Gateway 
Product/Platform: Gateway – Core
Release Description:
As mandated in Zimbabwe, the ZIG currency support has been added on the Gateway.

Client: I&M Bank 
Subject: Resolving Clearing Rejections: Configuring Cardholder Data Presence for Refund Transactions
Product/Platform: Gateway – Core
Release Description:
We have attempted to address the issue of refund transactions being rejected on the clearing side with MasterCard. We are now configuring data element 47, tag 906 (Cardholder presence), to have a value of 5.

Client: I&M Bank 
Subject: Inclusion of 'Country of Origin' in Authorization Message - MasterCard Compliance Requirement
Product/Platform: Gateway – Core
Release Description:
In response to MasterCard's mandate requiring the inclusion of 'Country of Origin' for merchants in certain business categories (MCC), we have implemented a change to ensure the transmission of this value in the authorization message.

Client: CIM Finance 
Subject: Enhanced User Permissions: Enabling Receipt Printing in Link
Product/Platform: Gateway – BackOffice
Release Description:
We have implemented an update that allows users other than the administrator to print receipts in Link. This update resolves instances where Link users did not have the correct permission to print receipts. -

Client: Nedbank
Subject: Modifications to Email Alert Scripts
Product/Platform: Gateway – Core
Release Description:
To resolve issues where email alerts are not being sent to the intended recipients, modifications have been made to the email alert scripts.

Section 3: iVeri Internal


Please note that the release notes below, in addition to Sections 1 & 2, are tailored specifically for iVeri Staff's knowledge and reference.

Features


Subject: Tailored Insights - Personalized Monthly Trade and Fees Analysis for Merchants – PSP
Product/Platform: Gateway-PSP Portal
Release Description: 
A merchant has requested additional data to enrich their analytics and obtain comprehensive insights. They are particularly interested in a consolidated overview of settlement amounts and the corresponding fees.

Client: Flutterwave
Subject: Integration to Flutterwave
Product/Platform: Gateway - Core
Release Description:
Integrating MPGS through Flutterwave for eCommerce to support a Nigerian merchant seeking to process SynXis transactions.

Optimisation


Subject: Implemented Security Enhancement: Encryption of Admin Website and Back Office Data
Product/Platform: Gateway-Admin
Release Description:
This update ensures that data associated with parameters accessible in both the Admin Website and Back Office backend is encrypted. To access this data on the frontend, users are required to utilise a decryption key (encryption seed) for specific parameters. This encryption process is mandatory for any Gateway process or function utilizing encrypted parameter data


Subject: Synced Deletion and Enhanced Encryption: Ensuring Data Consistency Across Gateways
Product/Platform: Gateway-Admin
Release Description:
To maintain consistency, when a record is deleted in one Gateway, the same action will automatically occur in the partnered Gateway. This modification guarantees that encrypted parameters necessitate the key to be in a hash format, distinguishing between encrypted and non-encrypted values.

Subject: Enhanced iVeri Token Management - Leveraging PANToken Enquiry Instruction
Product/Platform: Gateway-Core
Release Description:
If a merchant has previously tokenized a card using the iVeri Gateway, they can now refresh the token by utilizing the PANToken enquiry instruction. This involves providing the TransactionIndex and the dotted card number.

Subject: Symmetric Parameter Encryption - Enhancing Database Security
Product/Platform: Gateway-Core
Release Description:
Symmetric encryption has been implemented for parameters utilized in Backoffice functions and the Administration site. This enhancement aims to bolster the security of parameters stored within the databases.

Subject: Optimizing Refund Support with VTS/MDES Data in the Token Vault
Product/Platform: Gateway-Core
Release Description:
If transaction history is inaccessible for a VTS/MDES refund, merchants can still utilize iVeri's TransactionIndex via the Enterprise API to initiate the refund. The Gateway will then use the TransactionIndex to fetch encrypted token details from the TokenVault and process the refund. However, merchants must be enabled for Initial Credits to facilitate this process.

Subject: Enhancing Transaction Look-Up Functionality in Backoffice and Admin Website
Product/Platform: Gateway-Core
Release Description:
We have made updates to the function utilized for transaction lookups to address instances where the transaction description was used instead of the result status code.

Subject: Automatic Deletion of Dormant Merchant Profiles on iVeri Managed Partner Gateways
Product/Platform: Gateway-Core
Release Description:
Extend the automatic deletion function of merchant profiles to iVeri-managed partner gateways whenever a profile has been dormant for an extended period of time.