FAQ Technical FAQ

Q. How does the payment cycle work?

CityPay processes multi-currency credit and debit card transactions through leading financial institutions without the need for Merchants to invest in their own dedicated costly infrastructure and the added burden of having to install, test and maintain yet another system.  To process credit and debit card transactions online Merchants need  to consider the following:

Key requirements

Merchants wishing to accept credit and debit cards on their website, need to firstly apply for an Internet Merchant account from an Acquiring Bank (list of approved banks with CityPay are listed on our partner page).

Merchants would then need to select a Payment Service Provider (PSP) such as CityPay and integrate their website and shopping cart as required using an appropriate API (See CityPay's API documentation for further details)

Merchants would also need a SSL (Secure Socket Layer) certificate for their webserver unless they use a secure hosted form such as PayLink.  

Authorisation Process

The card details are entered by the Cardholder on either a secure hosted form or Secure server then securely submitted to CityPay over SSL for authorisation. The CityPay Gateway makes a number of checks and if accepted the transaction request is passed through to the Acquiring Bank, who is responsible for connecting through the card scheme infrastructure to the Issuing Bank.

If the transaction is approved, an authorisation number is returned back to the website through the Acquirer and CityPay and the authorisation is now complete. If the transaction is declined a failed message is returned to the website.

CityPay’s system records detailed information on every transaction, which is made available in real time to the Merchant over a secure link across the Internet. The above authorisation process takes between 3-5 seconds.


Every transaction is automatically marked for settlement at 00.00 GMT unless the account is set for pre authorisation only in which case a further complete or cancel instruction is required from the Merchant.  The authorised transactions are sent to the Acquiring Bank for settlement over a private connection.

 Transfer of funds

Finally, the Acquiring Bank settles funds into the Merchant's business account.  The payment process from initial authorisation to settlement takes on average 3 working days.


Q. How to prevent double clicks?

On web pages a double click can be prevented by adding JavaScript on the submit button such asonclick="this.disable=true". This will prevent immediate clicks but is reliant on the browser to perform the operation and for the user to have JavaScript enabled. A better but more advanced approach is be to use threading on the server side that prevents multiple requests from processing beyond the e-commerce site. A session will check the status of the processing as it is being processed and once a response returned, the session is updated with the payment result. Please see the CityPay Paylink pages for an example of this happening.


Q. I am getting T001 errors when I process?

T001 errors are the error code for a duplicate transaction, please see duplicate transactions above and here .


Q. I am getting P007 errors when I process?

This means that your payment request is not from an accepted source. If you are a customer please contact the merchant you are attempting to pay direct. if you are a client of CityPay please provide us with the submitting IP address if using our PayPost API or URL if you are using our Paylink API.


Q. I have not received any orders for sometime now is there any issues?

To check if your servers are able to communicate to CityPays Payment Gateway Application Server by attempting to browse to https://secure.citypay.com/ecom/


Q. I am using CityPay's Batch Processing Facility, is it possible to obtain the results of the Batch Processing automatically?

CityPay doesn't restrict payments from any particular country unless you use CityPay's fraud tools. However your acquiring bank may have restrictions and we would suggest that you contact them directly for information in this regard.


Q. Merchant account is set to live but transactions are still being processed as test?

Please ensure that you are sending in the value "test=false". If no value is sent it will default to a test transaction.


Q. I have received "The file type mime-type was not accepted by the server" error message when trying to send you a file?


The secure exchange only allows files of certain types to be uploaded, currently the accepted file list is:



Mime Type













Adobe PDF



Microsoft Excel




Please ensure that the file type uploaded is covered in this table.


Q. I am  getting T005 error?

When a cardholder completes the authentication process, their Issuing Bank will sign the PARes. When the PARes is received by the MPI, the signature is checked to ensure that it is valid for that Issuer.

If the signature is missing or is not valid, T005  3D Secure Authentication Error - Caused when the PARes fails digital signature validation. Cardholders should try another form of payment -

response will be returned. 

An invalid signature can be a sign of suspicious activity by the cardholder. If it occurs for more than one cardholder with that specific Issuer or ACS, it could indicate that the Issuers ACS is experiencing an issue.

+44 (0)1534 884000