Direct Post

Using Direct Post allows you to have full control over the look and feel of the form where your customers enter their card details for payment while simultaneously avoiding the need to have sensitive card data within your systems.

You create the payment form and display it within your website or app. When your customer has entered the card details and presses the "continue button", the customer's device sends the payment information directly to First Data.


This comes with many advantages and benefits to you with regard to both the customer experience, and your overall PCI Data Security Standard compliance exposure.

If you choose the Direct Post option and create your own forms, there are additional fields that must be included in your transaction requests. The available options are listed below. It is also important that you check that JavaScript is enabled in your customer’s browser. If necessary, inform your customer that JavaScript needs to be enabled for the payment process.


Required Fields

After your customer has decided on his/her payment method, you present a corresponding HTML-page with a form to enter the payment data as well as hidden parameters containing additional transaction information. In addition to any mandatory fields, your form must contain the following fields (some of which can be hidden) to use the Direct Post option:






If you let the customer select the payment method (e. g. MasterCard, Visa, Direct Debit) in your shop environment or want to define the payment type yourself, transmit the parameter ‘paymentMethod’ along with your Sale or PreAuth transaction.
If you do not submit this parameter, the payment gateway will display a drop-down menu to the customer to choose from the payment methods available for your shop.

> See valid values here

responseFailURL   The URL where you wish to direct customers after a declined or unsuccessful transaction (your Sorry URL) – only needed if not setup in Virtual Terminal / Customization.
responseSuccessURL   The URL where you wish to direct customers after a successful transaction (your Thank You URL) – only needed if not setup in Virtual Terminal / Customization.


For Credit/Debit Card Details






Your customer’s card number (12-24 digits)



Card expiry month (2 digits) (mandatory if credit card)



Card expiry year (4 digits) (mandatory if credit card)



Card code, usually back of the card (3/4 digits) (mandatory if credit card) (optional “if on card”) (not needed for Bancontact)


For SEPA Direct Debit Details






International bank account number (22 digits)



Business identifier code (8/11 digits) (mandatory if foreign IBAN)



Name of bank account owner


You can also transfer billing and shipping information to First Data Gateway.

> See other optional fields that might be useful for your business


Validity Checks

Prior to the authorization request for transactions, the First Data Gateway performs the following validation checks:

  • Expiry date of the cards must be in the future
  • Card security codes must contain 3 or 4 digits
  • Structure of the card number must be correct
  • IBAN for Direct Debit transactions must contain 22 digits
  • BIC for Direct Debit transactions must contain 8 or 11 digits

If the submitted data is invalid, the First Data Gateway would usually send a corresponding data entry page to the customer. However, using the silent post feature, you can transmit an additional parameter along with transaction data: ‘full_bypass=true’. In this case, you get the result of the validity check back in the transaction response and can display your own error page.


Sample Code for the HTML Form

<form method="post" action="">

<!-- Hidden fields to be prefilled by the merchant -->   
   <input type="hidden" name="full_bypass" value="true">
   <input type="hidden" name="txntype" value="sale">
   <input type="hidden" name="paymentMethod" value="V">
   <input type="hidden" name="timezone" value="Europe/Berlin">
   <input type="hidden" name="txndatetime" value="<?php echo getDateTime() ?>">
   <input type="hidden" name="hash_algorithm" value="SHA256">
 <input type="hidden" name="hash" value="<?php echo createHash( "13.00","978" ) ?>">
 <input type="hidden" name="storename" value="10123456789">
 <input type="hidden" name="chargetotal" value="13.00">
 <input type="hidden" name="currency" value="978">
 <input type="hidden" name="language" value="en_US">

<!-- Fields to be entered by the cardholder -->
   <!-- credit card number: e.g. 4111111111111111 -->
   <label for="cardnumber">Card Number:</label>
   <input type="text" name="cardnumber" id="cardnumber">

   <!-- expiration month of the card: e.g. 07 -->   
   <label for="expmonth">Expiration Month:</label>
   <input type="text" name="expmonth" id="expmonth">

   <!-- expiration year of the card: e.g. 2024 -->
   <label for="expyear">Expiration Year:</label>
   <input type="text" name="expyear" id="expyear">

   <!-- card security code (CVV/CVC): e.g. 123 -->
   <label for="cvm">Security Code:</label>
 <input type="text" name="cvm" id="cvm">

   <input type="submit" value="Submit">Pay now</input>