This section provides essential supplementary information for working with the PayGate PayHost API. It includes a reference table of common error codes to assist with troubleshooting, as well as an overview of card authentication protocols like MasterCard SecureCode and Verified by Visa. Understanding these mechanisms helps merchants reduce fraud, manage chargeback liability, and ensure secure transaction flows.
Error Codes
Below is a list of common error codes returned by the PayHost API and their descriptions:
| Code | Description |
|---|---|
DATA_CHK | Checksum calculated incorrectly |
DATA_PAY_REQ_ID | Pay request ID missing or invalid |
ND_INV_PGID | Invalid PayGate ID |
ND_INV_PRID | Invalid Pay Request ID |
PGID_NOT_EN | PayGate ID not enabled — no available payment methods or currencies |
TXN_CAN | Transaction has already been cancelled |
TXN_CMP | Transaction has already been completed |
TXN_PRC | Transaction is older than 30 minutes or there was an error processing it |
MasterCard SecureCode & Verified by Visa
What is SecureCode and Verified by Visa?
SecureCode and Verified by Visa are fraud prevention initiatives by MasterCard and Visa, respectively. These protocols add an extra layer of authentication for online transactions made with MasterCard and Visa cards.
- Visa: Verified by Visa (V-by-V)
- MasterCard: MasterCard SecureCode
Benefits for Merchants
- Reduces the risk of fraudulent transactions.
- Shifts liability for certain chargebacks from the merchant to the cardholder or issuing bank.
- Note: Some chargebacks may still remain the merchant’s responsibility depending on the authentication flow.
How It Works
- The cardholder initiates a purchase on the PayGate payment page.
- They are redirected to their issuing bank’s authentication page.
- The cardholder enters their authentication details (e.g., secret PIN).
- The bank validates the credentials and returns a response to PayGate:
- OK → Transaction is forwarded to the acquiring bank for authorization.
- Not OK → Transaction is declined by PayGate.
Not all issuing banks enforce registration for SecureCode or Verified by Visa.
In such cases, the redirect still occurs, but authentication may not be completed. The response will indicate that authentication was attempted, and liability shifts to the issuing bank.
What About Other Cards?
Cards such as American Express (AMEX) and Diners Club are not authenticated via SecureCode or Verified by Visa.
- Transactions made with these cards do not benefit from liability shift.
- The merchant retains full risk for these transactions.