Appendix A: Supported Acquirers

The SecureHosting platform can currently process payments through the below acquirers:

Acquirer Type
Barclays Merchant Services Acquiring Bank
Lloyds TSB Cardnet Acquiring Bank
First Data Merchant Solutions Acquiring Bank
HSBC Acquiring Bank
Elavon Acquiring Bank
Streamline (RBS WorldPay) Acquiring Bank
American Express Acquiring Bank
Diners Club Acquiring Bank
Ulster Bank Acquiring Bank
Allied Irish Bank (AIB) Acquiring Bank
Borgun Acquiring Bank
Voice Commerce/CashFlows Acquiring Bank
Valitor Acquiring Bank
PayPal E-Wallet

Appendix B: Transaction Scripts

Below is a list of different scripts within the SecureHosting platform which support card transactions, details of what they are for and which features they support. All scripts are located within the directory

Script Name Purpose 3-D Secure (VbV/SecureCode) Product Data
transactionac1.php Actinic eCom Yes No
transactionad1.php Additional eCom Yes Yes
transactioncb1.php ClickandBuy No Yes
transactionjs1.php eCommerce Yes No
transactionmo1.php MOTO No Yes
transactionpp1.php PayPal No Yes
transactionsb1.php Recurring (CA) Yes Yes
transactionsi1.php eCommerce Yes Yes

Appendix C: Test Card Numbers

Your test account will automatically send transactions to our test server. If you wish to test using a live account, you may do so by re-directing the transaction call to ‘’.

Below is a list of test card numbers to be used against our testing domain. Our testing platform is strictly for testing purposes. You must not send live card details or live tokens to our test service; using a live token within the test environment will result in a successful transaction/refund against the card.

Visa Credit

Test Number Card Number Expiry Date (mm/yy) Security Code (CV2) Address
CK1 4015501150000216 12/yy* 276 Flat 2 40 Lavender Road NN4 5YG
CK2 4715320629000001 12/yy* 865 27 Roseby Avenue M57X 6TH
CK3 4929421234600821 12/yy* 356 63 Rogerham Mansions 47 Ermine Street WD17 8TH

Visa Debit

Test Number Card Number Expiry Date (mm/yy) Security Code (CV2) Address
CK4 4539791001730106 12/yy* 289 Unit 5 120 Uxbridge Road HA6 7HJ
CK5 4909630000000008 12/yy* 891 Mews 8 Denmark 79


Test Number Card Number Expiry Date (mm/yy) Security Code (CV2) Address
CK6 4917480000000008 12/yy* 009 5-6 Ross Avenue B76 8UJ

MasterCard Credit

Test Number Card Number Expiry Date (mm/yy) Security Code (CV2) Address
CK7 5457359988776115 12/yy* 550 147 The Larches Narborough LE10 9RT
CK8 5457359988776222 12/yy* 547 Pear Tree Cottage 68 The Green MK8 2UY
CK9 5457359988776339 12/yy* 209 6-8 Rubbery Close Cloisters Run CV19 9JT
CK10 5457359988776446 12/yy* 365 The Hay Market NG99 1HG

MasterCard Debit

Test Number Card Number Expiry Date (mm/yy) Security Code (CV2) Address
CK11 5573471234567898 12/yy* 159 Merevale Avenue Leicester LE10 2BU

UK Issued Maestro

Test Number Card Number Expiry Date (mm/yy) Security Code (CV2) Address
CK12 6759950000000162 12/yy* 255 12 Merevale AvenueLeicester LE10 2BU


Test Number Card Number Expiry Date (mm/yy) Security Code (CV2) Address
CK13 3540599999991047 12/yy* 209 2 Middle Wallop Merideth-in-the-Wolds LN2 8HG

American Express

Test Number Card Number Expiry Date (mm/yy) Security Code (CV2) Address
CK14 374251027630000 12/yy* 7054 159 Hunts WaySO18 1GW
CK15 374581063270000 12/yy* 3179 70 Peelers WayB4 3AP

Diners Club

Test Number Card Number Expiry Date (mm/yy) Security Code (CV2) Address
CK16 36070500001012 12/yy* N/A N/A
CK17 36259600001002 12/yy* N/A N/A

yy* For expiry date always use December of the current year

In addition to the card details, the transaction amount will also impact on the transaction result

Amount Range From Amount Range To Expected Response
0.01 49.99 Transaction confirmed
50.00 99.99 Card Referred
100.00 No limit Card Declined

Appendix D: Example Redirect Form

Bellow is an example HTML form which will redirect the customer to a payment page:

Appendix E: Example Payment Form

Bellow is an example HTML form to submit the card details from your payment form:

Appendix F: Example Confirmation Page

Below is an example confirmation page:

Appendix G: Example Error Page

Below is an example error page:

Appendix H: Generating Advanced Secuitems Unique Hash

Below is a PHP example to generate the unique hash:

$post\_data = "shreference=".$shreference;
$post\_data .= "&secuitems=".$secuitems;
$post\_data .= "&secuphrase=".$secuphrase;
$post\_data .= "&transactionamount=".$transactionamount;
$ch = curl\_init();
curl\_setopt ($ch, CURLOPT\_URL, "\_secustring.php");
curl\_setopt($ch, CURLOPT\_POST, 1);
curl\_setopt($ch, CURLOPT\_POSTFIELDS, $post\_data);
curl\_setopt($ch, CURLOPT\_HEADER, 0);
curl\_setopt($ch, CURLOPT\_REFERER, "{The referrer value you set in SH}");
curl\_setopt($ch, CURLOPT\_RETURNTRANSFER,1);
curl\_setopt($ch, CURLOPT\_SSL\_VERIFYPEER, 0);
curl\_setopt($ch, CURLOPT\_TIMEOUT, 60);
$secuString = trim(curl\_exec($ch));

Appendix I: API Example

Below is a PHP example to submit your request XML to the SHP API:

$postField = "xmldoc=" . urlencode( requestXML() );
$ch = curl\_init();
    curl\_setopt ($ch, CURLOPT\_URL, "");
    curl\_setopt ($ch, CURLOPT\_POST, 1);
    curl\_setopt ($ch, CURLOPT\_POSTFIELDS, $postField);
    curl\_setopt ($ch, CURLOPT\_HEADER, 0);
    curl\_setopt ($ch, CURLOPT\_RETURNTRANSFER, 1);
    curl\_setopt ($ch, CURLOPT\_SSL\_VERIFYPEER, 0);
    curl\_setopt ($ch, CURLOPT\_TIMEOUT, 60);
    $xmlResponse = trim(curl\_exec ($ch));
    if ($xmlResponse == "") print (date("Y-m-d H:i:s")." XML Doc Empty");
    if (curl\_error($ch)) print (date("Y-m-d H:i:s")." cURL Call Failed - ".curl\_error($ch));
curl\_close ($ch);
print $xmlResponse;

Appendix J: 3-D Secure API

Below is a PHP example to process a transaction with the 3-D Secure API:

if(!isset($_POST['status'])) {

    $post_vars = "xmldoc=".urlencode($xmldoc);
    $post_vars .= "&script_location=".urlencode(‘{Redirect URL}’);

    $ch = curl_init();
    curl_setopt ($ch, CURLOPT_URL, '');
    curl_setopt ($ch, CURLOPT_POST, 1);
    curl_setopt ($ch, CURLOPT_POSTFIELDS, $post_vars);
    curl_setopt ($ch, CURLOPT_HEADER, 0);
    curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
    $xml_text = trim(curl_exec ($ch));

    if ($xml_text == "") print (date("Y-m-d H:i:s").' XML Doc Empty');
    if (curl_error($ch)) print (date("Y-m-d H:i:s").' cURL Call Failed - '.curl_error($ch));
        curl_close ($ch);
else {
    if($_POST['status'] != 'OK') {
        echo 'Your transaction failed.';
        echo $_POST['statustext'];
    else {
        echo 'Your transaction succeeded.';
        echo 'Transaction Number: '.$_POST['reference'];    

Appendix K: Additional Check Results

Appendix K: Additional Check Results

CV2 Check is the card verification performed by the banks on the 3 (Visa/MasterCard) or 4-digit (Amex) code at the back of the card. Your account with us is set to require the CV2 number to be submitted for all new transactions but you may opt out of this requirement, if you are unable to obtain the CV2 number e.g. if you process mail order transactions.

AVS Check is the verification banks perform on the address. Not all banks are able to perform the check and not all addresses can be reliably verified and therefore the result of the AVS check should be accepted on advisory basis with further emphasis given to the 3-D Secure verification (available for ecommerce transactions) and the CV2 check.

AVS CV2 Check Results are provided as advisory only. Transactions are not failed based on the result unless specifically requested.

Response Description
ALL_MATCH All data is correct
SECURITY_CODE_MATCH_ONLY The CV2 check was successful, the address check was not
ADDRESS_MATCH_ONLY The address check was successful, the CV2 check was not
NO_DATA_MATCHES Neither the CV2 or address checks were successful
DATA_NOT_CHECKES The card issuing bank was unable to perform the check

3-D Secure

The 3-D Secure is a 2 step check performed initials by the card scheme (Visa/MasterCard) and then the card issuing bank.

The card scheme will verify whether the customer's card has been enrolled by the issuing bank into the 3-D Secure scheme. If the card has been enrolled, we will be able redirect the customer to their card issuing bank for authentication. The card issuing bank will then send us a response confirming the result of the authentication check.

Below is a table of possible different 3-D Secure responses:

Enrol Auth Description
Y Y Fully authenticated
Y N Card enrolled into the scheme, customer failed to authenticate
Y A The card is enrolled; the card issuing attempted to authenticate the customer but were unable to verify the status
Y U The card is enrolled; the card issuing bank were unable to attempt the authentication
N The card is not enrolled into the scheme, authentication is not possible
U We were unable to verify the enrolment status of the card

Appendix L: PayPal Supported Currencies

Alpha-3 Code Currency Name Country of use
AUD Australian Dollar Australia
CAD Canadian Dollar Canada
CHF Swiss Franc Switzerland
CZK Czech Koruna Czech Republic
DKK Danish Krone Denmark, Faroe Islands, Greenland
EUR Euro Europe (Eurozone)
GBP Pound Sterling United Kingdom
HKD Hong Kong Dollar Hong Kong, Macao
HUF Hungarian Forint Hungary
ILS Israeli New Shekel Israel, Palestinian territories
JPY Japanese Yen Japan
MXN Mexican Peso Mexico
NOK Norwegian Krone Norway
NZD New Zealand Dollar New Zealand, Cook Islands
PHP Philippine Peso Philippines
PLN Polish Zloty Poland
SGD Singapore Dollar Singapore, Brunei
SEK Swedish Krona/Kronor Sweden
THB Thai Baht Thailand
TWD New Taiwan Dollar Taiwan
USD United States Dollar United States of America

ISO 4217 data from

Appendix M: TLS Version

To ensure we meet the PCI requirement by the end of June 2018, Monek has set a deadline of April 18th, 2018, to drop support for TLS versions less than 1.2.

Over the past year or so, you may have received notifications from ourselves and other 3rd parties like PayPal about the impending TLSv1.2 upgrade to be PCI compliant. Monek will be upgrading its services to require TLSv1.2 for all HTTPS connections.

The good news is that the majority of you are already communicating with ourselves via TLSv1.2.

to ensure you can communicate with ourselves you will be to using a current support operating system or application, common versions are listed below


Run cat /etc/*-release to determine your distribution.

  • If you are using Red Hat Enterprise Linux, you will need to upgrade to at least RedHat Enterprise Linux 6.8 or RedHat Enterprise Linux 7.

  • If you are using CentOS, you will need to at least CentOS 6.8, when it is released, or CentOS 7.

If you are using any other system, you will need to upgrade your OpenSSL version


  • If you are using Mac OS X 10.8 (Mountain Lion) or below, you will need to upgrade your OS X version. You can do this from the Mac App Store.


You can determine whether your Java integration is affected from the Java version you are running, and the stripe-java version you are using.

You can find your Java version by running java -version at the command line

If you are running Java

  • version 1.6, you will need to upgrade to at least Java version 1.7
  • version 1.7, you will not need to change anything
  • version 1.8, you will not need to change anything.

Windows Server

The minimum support version of windows is server 2008

Appendix N: Email Confirmations

email confirmations sent to your customer are sent via our mail server. These are sent from the address set in the "order notification email" field within the company details page

note: To ensure these are not flagged as spam, you will need to adjust your spf txt record to include our sent from address

This can be done by including:

example (for  "v=spf1 a: -all"

we advise to test your spf record for your domain here: