Business::OnlinePayment::InternetSecure - InternetSecure backend for Business::OnlinePayment


  use Business::OnlinePayment;

  my $txn = new Business::OnlinePayment 'InternetSecure',
                                        merchant_id => '0000';

        action          => 'Normal Authorization', # or 'Card Authentication'

        type            => 'Visa',                      # Optional
        card_number     => '4111 1111 1111 1111',
        expiration      => '2004-07',
        cvv2            => '000',                       # Optional

        name            => "Fr\x{e9}d\x{e9}ric Bri\x{e8}re",
        company         => '',
        address         => '123 Street',
        city            => 'Metropolis',
        state           => 'ZZ',
        zip             => 'A1A 1A1',
        country         => 'CA',
        phone           => '(555) 555-1212',
        email           => '',

        amount          => 49.95,
        currency        => 'CAD',
        taxes           => 'GST PST',
        description     => 'Test transaction',

        recurring       => 'amount=9.95 startmonth=+1 frequency=monthly duration=3 email=2',

        cimb_store      => 1, # Tokenization Support

        test_transaction => 1, # or -1 to dest declined


  if ($txn->is_success) {
        print "Card processed successfully: " . $txn->authorization . "\n";
  } else {
        print "Card was rejected: " . $txn->error_message . "\n";


Business::OnlinePayment::InternetSecure is an implementation of Business::OnlinePayment that allows for processing online credit card payments through InternetSecure.

See Business::OnlinePayment for more information about the generic Business::OnlinePayment interface.


Object creation is done via Business::OnlinePayment; see its manpage for details. The merchant_id processor option is required, and corresponds to the merchant ID assigned to you by InternetSecure.


Transaction setup and transmission

content( CONTENT )

Sets up the data prior to a transaction. CONTENT is an associative array (hash), containing some of the following fields:

action (required)

What to do with the transaction. Normal Authorization and Card Authorization are supported at the moment.


Card type, being one of the following:

- Visa
- MasterCard
- American Express
- Discover
- CC

(This is actually ignored for the moment, and can be left blank or undefined.)

card_number (required)

Credit card number. Spaces and dashes are automatically removed.

expiration (required)

Credit card expiration date. Since Business::OnlinePayment does not specify any syntax, this module is rather lax regarding what it will accept. The recommended syntax is YYYY-MM, but forms such as MM/YYYY or MMYY are allowed as well.


Three- or four-digit verification code printed on the card. This can be left blank or undefined, in which case no check will be performed. Whether or not a transaction will be declined in case of a mismatch depends on the merchant account configuration.

This number may be called Card Verification Value (CVV2), Card Validation Code (CVC2) or Card Identification number (CID), depending on the card issuer.


A short description of the transaction. See "Products list syntax" for an alternate syntax that allows a list of products to be specified.

amount (usually required)

Total amount to be billed, excluding taxes if they are to be added separately by InternetSecure.

This field is required if description is a string, but should be left undefined if description contains a list of products instead, as outlined in "Products list syntax".


Currency of all amounts for this order. This can currently be either CAD (default) or USD.


Taxes to be added automatically to amount by InternetSecure. Available taxes are GST, PST and HST.

This argument can either be a single string of taxes concatenated with spaces (such as GST PST), or a reference to an array of taxes (such as [ "GST", "PST" ]).

name / company / address / city / state / zip / country / phone / email

Customer information. country should be a two-letter code taken from ISO 3166-1.


Submit the transaction to InternetSecure.

Post-submission methods


Returns true if the transaction was submitted successfully.


Response code returned by InternetSecure.


Error message if the transaction was unsuccessful; undef otherwise. (You should not rely on this to test whether a transaction was successful; use is_success() instead.)


Receipt number (a string, actually) of this transaction, unique to all InternetSecure transactions.


Sales order number of this transaction. This is a number, unique to each merchant, which is incremented by 1 each time.


Universally Unique Identifier associated to this transaction. This is a 128-bit value returned as a 36-character string such as f81d4fae-7dec-11d0-a765-00a0c91e6bf6. See RFC 4122 for more details on UUIDs.

guid() is provided as an alias to this method.


Authorization code for this transaction.

avs_code() / cvv2_response()

Results of the AVS and CVV2 checks. See the InternetSecure documentation for the list of possible values.


Date and time of the transaction. Format is YYYY/MM/DD hh:mm:ss.


Total amount billed for this order, including taxes.


Returns a reference to a hash that maps taxes, which were listed under the taxes argument to submit(), to the amount that was calculated by InternetSecure.


Cardholder's name. This is currently a mere copy of the name field passed to submit().


Type of the credit card used for the submitted order, being one of the following:

- Visa
- MasterCard
- American Express
- Discover


Products list syntax

Optionally, the description field of content() can contain a reference to an array of products, instead of a simple string. Each element of this array represents a different product, and must be a reference to a hash with the following fields:

amount (required)

Unit price of this product.


Ordered quantity of this product.


Internal code for this product.


Description of this product


Taxes that should be automatically added to this product. If specified, this overrides the taxes field passed to content().

When using a products list, the amount field passed to content() should be left undefined.

Character encoding

When using non-ASCII characters, all data provided to contents() should have been decoded beforehand via the Encode module, unless your data is in ISO-8859-1 and you haven't meddled with the encoding pragma. (Please don't.)

InternetSecure currently does not handle characters outside of ISO-8859-1, so these will be replaced with ? before being transmitted.


None by default.




Frédéric Brière, <>

Slobodan Mišković, <>,


Copyright (C) 2006 by Frédéric Brière

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.4 or, at your option, any later version of Perl 5 you may have available.