HSBC CPI Card Payment Module

This was developed originally for a client. The original brief was to update the existing module (provided by a member on the PrestaShop forum) to work in version 1.1 of PrestaShop and tie up any loose ends, but ended up being a complete re-write almost entirely from scratch (some of the third-party code in the original was re-used).

There are instructions included in the configuration screen that should cover the main questions regarding usage. The orderHash.php code (obtained from a third party) requires that both the mhash and mcrypt modules are installed on your server; you can verify that these have been installed by using the phpinfo() php function call in a test script. If you're unsure then you should ask your hosting company to assist you. You will also have to have an adequate SSL certificate for your server (for the return pages). From the HSBC documentation:

The CPI currently supports secure POSTs via SSL3.0 and TLS1.0 technologies (SSL2.0 is not supported).

Only a limited set of cipher suites are enabled for the two security protocols, these are outlined below:

TLS1.0

  • RC4 encryption with a 128-bit key and an MD5 MAC
  • TLSRSAWITHRC4128_MD5
  • FIPS 140-1 compliant triple DES encryption and a SHA-1 MAC
  • TLSDHEDSSWITH3DESEDECBC_SHA
  • Triple DES encryption with a 168-bit key and a SHA-1 MAC
  • TLSRSAWITH3DESEDECBCSHA

SSL3.0

  • RC4 encryption with a 128-bit key and an MD5 MAC
  • SSLRSAWITHRC4128_MD5
  • FIPS 140-1 compliant triple DES encryption and a SHA-1 MAC
  • SSLDHEDSSWITH3DESEDECBC_SHA
  • Triple DES encryption with a 168-bit key and a SHA-1 MAC
  • SSLRSAWITH3DESEDECBCSHA

The module only supports the single currency for which your id and hash have been issued. It may be that a future version will allow support for multiple currencies (and by implication multiple user ids and hash keys).

ADDITION (19 May 2009) There have been a lot of questions regrrding the error codes, so here's a handy table!

HSBC Payment module error codes

|Code|Description| |----|-----------| |0| The transaction was approved. | |1| The user cancelled the transaction. | |2| The processor declined the transaction for an unknown reason. | |3| The transaction was declined because of a problem with the card. For example, an invalid card number or expiration date was specified. | |4| The processor did not return a response. | |5| The amount specified in the transaction was either too high or too low for the processor. | |6| The specified currency is not supported by either the processor or the card. | |7| The order is invalid because the order ID is a duplicate. | |8| The transaction was rejected by FraudShield. | |9| The transaction was placed in Review state by FraudShield (see note 1 below). | |10| The transaction failed because of invalid input data. | |11| The transaction failed because the CPI was configured incorrectly. | |12| The transaction failed because the Storefront was configured incorrectly. | |13| The connection timed out. | |14| The transaction failed because the cardholder’s browser refused a cookie. | |15| The customer’s browser does not support 128-bit encryption. | |16| The CPI cannot communicate with the Payment Engine. | {: .table .table-striped}

Version 1.2 (Initial Release January 2009) : HSBC CPI Payment Module v1.2