Purpose of the document

This document describes the features of the Sips 2.0 solution.

Sips solution

More than just a payment platform, Sips is a true partner in the development of your online business. Since it was created in 1995, Sips has been continually evolving to expand its offering and meet your responsiveness, simplicity and security requirements.

Our solution offers you a simple or advanced solution according to your use cases.

  • Simple integration:
    • Standard integration of the payment module
    • Choice of the integration mode to adapt to your specific characteristics
    • Help with the integration and daily support
  • A modular solution:
    • Features at the service of your business (recurring/deferred/partial payment, etc.)
    • Autonomous control of features chosen on an à la carte basis

Our platform makes the customer journey smoother in order to optimise the conversion rate.

  • Payment interfaces for all situations:
    • A unified multichannel experience, regardless of the terminal used (mobile, PC, tablet, etc.)
    • Customisation of payment pages
  • Services that suit the customer’s needs:
    • A wide array of means of payment
    • Quick, easy payment with OneClick payment
    • Recurring payments

Our platform enables you to control your activity using efficient, secure tools.

  • Intuitive business management :
    • A single portal for accessing all modules
    • A configurable, adjustable anti-fraud module
    • A user-friendly transaction management module
  • A comprehensive reporting tool:
    • Visual dashboards that highlight your performance indicators
    • Daily reporting for a better overview of your business
    • Banking reconciliation

Overview

This chapter briefly describes the Sips interfaces. The latter provide your customer with a unified experience on all channels and easy management of your business.

A specific chapter describes their uses and features in greater detail.

Merchant portal

To make our solution easier to use, we provide you with a portal that groups together the following applications, which you can access with a single username and password:

  • Home : displays a summary of your data or those of the selected store
  • Transactions : for viewing and executing operations on a store's transactions
  • Users : administration of the users associated with you and your stores
  • Fraud : configuration of anti-fraud tools
  • Customisation : for customising the look of the payment pages on which customers enter their data
  • Dashboard : for managing your business—statistics about transactions, turnover, financial summary, acceptance rate, reasons for refusal, etc.

A multichannel solution

Sips is a flexible solution that can adapt to any sales channel: Internet, MOTO, mobile devices and e-mail.

For each channel, Sips has various interfaces that provide you with homogeneous, unified management of your payments.

Payment interfaces

Sips meets your needs with an array of interfaces that suit your business activity, your organisation and the option that you chose regarding compliance with PCI DSS constraints (see “Security” chapter).

This choice primarily depends on the hosting that you choose for your payment pages:

  • Your customer is redirected to the payment page hosted by Worldline : Sips Paypage with or without iFrame
  • The payment page is hosted by you: Sips Office
  • The payment is made via an application: Sips In-App

Requests can be sent 24 hours a day regardless of the interface used.

Summary

Payment page Sips Paypage Sips iFrame Sips Office Sips In-App
Hosting Worldline iFrame container page: merchant
iFrame content: Worldline
Merchant Merchant
PCI DSS compliance Worldline Worldline Merchant (strong) Merchant (lightweight)
Customisation Worldline CSS iFrame container: merchant
iFrame content: via CSS
Merchant Merchant
Means of payment All CB, Visa, MasterCard, VPay, Maestro, Electron, Amex and Bancontact Most (cf. means of payment documentations) CB, Visa, MasterCard, VPay, Maestro, Electron, Amex and Bancontact
3-D Secure Worldline Worldline Merchant Merchant

Transaction management and reporting

Sips enables you to easily manage all your payments regardless of the channels or means of payment that your customers use.

Sips Office enables you to create payment transactions, but also to perform transaction management operations (refunds, cancellations, etc.).

You can also view and manage your transactions through a dedicated extranet, Sips Office Extranet .

Sips interface Transaction creation Transaction management
Sips Paypage Yes No
Sips In-App Yes No
Sips Office Extranet Yes Yes
Sips Office Yes Yes
Sips Office Batch Yes Yes

To improve and automate tracking, the following logs can be sent to you:

  • Transaction logs
  • Operation logs
  • Banking reconciliation logs (depending on the acquirer)
  • Chargeback logs (depending on the means of payment and the acquirer)

Means of payment

Sips assists you in your development in France and abroad thanks to its connections with acquirers in over 40 countries, and its many domestic, international and alternative means of payment.

Cards

Interbank and credit cards refer to the cards issued by predominantly international networks. This type of means of payment is the most widely used in the world of e-commerce, with a predominance of the international Visa & MasterCard networks, which coexist with domestic networks (CB for France, Bancontact for Belgium, etc.).

The Sips solution is subject to the European MIF regulation. One of its rules, “Brand Selection”, requires that you let a customer who holds a co-branded card choose the brand at the time of payment. A co-branded card supports at least two brands. Most of the cards issued in France are co-branded with CB (CB/VISA, CB/MASTERCARD, CB/MAESTRO, etc.). By way of illustration, the screen below shows an example of a co-branded CB + Visa card with CB as the default brand. The customer can switch brands by clicking on the link at the bottom of the screen.

Sips enables your customers to use the following cards:

  • CB
  • Visa
  • MasterCard
  • Electron
  • Maestro
  • VPay
  • American Express
  • Bancontact

Online credit, private cards and gift cards

To enable your customers to benefit from payment facilities, Sips provides online credit solutions and payment facility offers that are or are not affiliated with cards. These solutions are mostly issued by banking networks. Payment facilities options vary according to the solutions and the private networks that issue them.

Sips notably provides you with the means of payment from the following issuers:

  • BCACUP
  • CACF
  • Cetelem
  • Cofidis
  • Cofinoga (Cetelem)
  • Oney
  • Franfinance
  • Oney

Sips also helps you developer customer loyalty by accepting gift cards or electronic holiday vouchers.

Debit

  • The SEPA Direct Debit (SDD) is a means of payment available as part of the SEPA (Single Euro Payment Area), which aims to unify and simplify all means of payment in Europe. It represents an essential major evolution of payment in Europe. In this context, Worldline has developed "SPS", a comprehensive platform for managing SEPA mandates and direct debits. The platform is connected to Sips and thus provides a complete SDD solution.

  • Incasso is a direct debit means of payment. First of all, you must send a direct debit form to the customer. The latter must then sign their document, send it to you and send it to their bank. Your bank can then proceed with the debit.

Bank transfer

When paying using a bank transfer, the customer is redirected to their online bank so they can pay for their order with this method. The offering and processes for bank transfers differ from country to country. This is why Sips provides you with a wide offering:

  • Netherlands
    • AcceptGiro
    • iDEAL
    • Rembours
  • Germany
    • Sofort
    • Giropay
  • Belgium
    • PayButton KBC / CBC
    • PayButton ING

External wallet

The wallet is a virtual account for storing money or means of payment. Wallets make the payment process smoother.

Sips notably provides you with the following wallets :

  • PayPal ;
  • Paylib (France) ;
  • Masterpass (MasterCard)

Mobile payment

The mobile payment market has evolved significantly in the last few years and offers a very wide range of solutions.

For example, with Sips , you can enable your customers to use:

  • LyfPay (Oney)
  • Bancontact mobile
  • Lydia

Payment terms

Thanks to Sips , you can provide your customers with a wide array of payment terms. Some of them are not applicable to all means of payment.

End-of-day payment

In the case of an end-of-day payment, the authorisation request is made online during the purchase, and all the transactions accepted during the day are captured at the end of the day.

This mode applies to the means of payment that work in “dual message" mode (i.e. one message for the authorisation, and another for the capture). It applies especially if you are sure that the products paid for are available on your site, because the customer's account is debited on the same day.

Deferred payment

With deferred payment, you set a maximum capture time in days. The capture is performed in accordance with the selected capture mode:

  • In the automatic capture mode (or “Cancellation” mode), the transaction is captured when the capture deadline is reached
  • In the “Validation” mode, the transaction is captured at any time, when you choose to do so

Deferred payment enables you to schedule the deadline on which your customer's account will be debited. This deadline can be advanced if need be.

Payment upon shipment of the goods

In the case of payment upon shipment of the goods, the transaction is captured following your validation. You specify the validity period of your transaction in your request. If you do not validate a given transaction before this period ends, this transaction expires. If you forget to validate the transaction in time, you can submit the transaction again using the duplication operation. You can validate all or part of the transaction's amount; however, you cannot validate an amount greater than the initial amount of the transaction.

Payment upon shipment of the goods enables you to debit your customer's account only if you are sure that you can deliver the order.

Payment in instalments

Payment in instalments enables you to create multiple instalments associated with a transaction, in a single payment request.

You can split a transaction into several parts that will be captured at fixed intervals. In this case, a payment transaction with N instalments generates N transactions, each of which has a distinct ID. Each transaction is independent of the others and includes a systematic authorisation request. If it is refused, the transaction is not captured.

In the case of a payment in instalments, the capture mode is forced to “Cancellation”, which means that when the capture deadline is reached, the transaction is automatically captured without your intervention.

You must specify the following elements in your request:

  • amount
  • capture date
  • transaction reference

You can also decide to initiate each of these instalments later using the duplication operation. Thus, after a first payment (or a first test transaction), you can duplicate the initial transaction on each due date and assign an amount to it.

You must be careful when proposing payment in multiple instalments:

  • There is no guarantee that subsequent instalments will be paid, especially when the capture period is longer than the validity period of the authorisation.
  • A blocked card or a card with insufficient credit might cause substantial losses for you.
  • If the first transaction has been authenticated using 3-D Secure, the following instalments cannot benefit from the liability shift.
  • The validity date of the means of payment must be later than the last due date.

Recurring payment

Recurring payment enables you to make automatic payments at regular intervals without the customer's presence. Recurring payment is very useful to manage subscriptions.

You can generate a recurring payment from:

  • a wallet . The means of payment is already saved and can be reused easily
  • an existing transaction . Using the duplication operation, you can make recurring payments without having the card number, or you can propose payment in addition to an order without any extra data entry by the customer. Duplication can be automated with Sips Office or Sips Office Batch
  • the customer's Primary Account Number (PAN) . You can create subscriptions by giving the customer's PAN. (e.g. card number). However, this process requires that you to provide the customer's personal data, thus forcing you to comply with the PCI DSS security standards in force
  • a token . You can use the token generated by Sips during the creation of the transaction to identify the card number used by the customer. This solution makes it possible to comply with the PCI DSS constraints

Immediate payment

In the case of immediate payment, the transaction is stored during the online authorisation. This payment term is used more rarely, and only for the means of payment that support the "single message" mode (i.e. single message for both the authorisation and the payment). This is the case, for example, of “online banking"-type methods that redirect the customer to their banks site.

Batch payment

Batch payment is a deferred exchange of information (in file mode) between you and Sips . It allows you to create transaction and/or operation files and then upload them to a secure Sips FTP Account.

It is therefore different from a number N of information communicated in real time (transaction mode).

Sips Walletpage

The wallet aims to:

  • simplify the online payment journey with OneClick payment
  • make subscription-based payments without PCI DSS constraints

The Sips Walletpage supports multiple channels, merchants and means of payment:

  • Multiple channels: a wallet can be created and used with different types of interfaces, thus adapting to the customer journey
  • Multiple stores: the customers’ IDs and their stored cardholder data can be shared by several stores of the same merchant
  • Multiple means of payment: the wallet supports several of means of payment

The data of the means of payment are directly supplied by the customer and stored by Sips . Therefore, you do not have to convey them, which frees you from PCI DSS constraints.

The table below describes in detail the options available in the wallet for every interface:

Interfaces Create a wallet Delete a wallet Add a means of payment Delete a means of payment View wallet data Pay with a wallet
Sips Paypage Yes No Yes Yes Yes Yes
Sips Walletpage Yes Yes Yes Yes Yes No
Sips Office Yes

(PCI constraint)

Yes Yes

(PCI constraint)

Yes Yes Yes
Sips Office Batch Yes

(PCI constraint)

Yes Yes

(PCI constraint)

Yes Yes Yes
Sips Office Extranet No No Yes Yes Yes No

OneClick

The OneClick option facilitates and speeds up the customer journey during online wallet payments via the Sips Paypage interface.

When they make their first purchase on your site, the customer can opt for this payment facility by checking the relevant box. You must first specify, in the payment request, the ID of a wallet to create.

If the customer decides to use the “card” means of payment of the Visa / MasterCard network, and you are enrolled in the 3-D Secure programme, the cardholder is authenticated when the card is saved.

During future purchases on your site, if you provide the wallet ID, OneClick payment will be proposed to the customer. The default means of payment already stored in the wallet is proposed. The customer can confirm it, choose another means of payment stored in the wallet, or decide to pay with a new means of payment that they can also save. This solution complies with the PCI DSS standards since the means of payment are stored by Sips in a PCI DSS-certified environment.

Note: the means of payment that can be used with OneClick are CB, Visa, MasterCard, VPay, Maestro, Electron, Amex, Oney, PayPal, SDD (SEPA Direct Debit), Paylib and Bancontact.

Walletpage

The saving and management of the wallet by the customer can be dissociated from the payment process.

You can redirect your customer to the Sips Walletpage pages where they can save one or more means of payment online without having to make a purchase. The customer can also access the Sips Walletpage pages to view, modify or delete the means of payment already saved. The Sips Walletpage pages share the same graphic charter as the one defined for the Sips Paypage pages, which makes customisation easier for you.

Subscription

The wallet also makes recurring payments easier. You can use it to make payments without the customer's presence while freeing yourself from PCI DSS constraints. These payments can be made in bulk using the Sips Office Batch connector.

Multicurrency payment

Sips can accept all currencies provided that your acquiring contract accepts them. This contract enables payments to:

  • either be converted into a single currency when your account is credited
  • or be created in the acceptance currency, which is displayed to the customer

Payment in the merchant's currency

During the acceptance, Sips sends the currency code in the authorisation request and the transactions captured by the acquirer. The acceptance process is carried out using the original currency (currency of the holder’s card). When acquiring (capturing) payments, if your payment is made in Euros, the acquirer makes the conversion into Euros. The details of the conversion are provided in the transaction reconciliation logs (depending on the acquirer).

Payment in the original currency

During acceptance and acquiring, the process is carried out in the original currency (currency of the holder's card). No currency conversion is performed. The various amounts (gross, net, and commissions) are specified in the original currency in the transaction reconciliation logs (depending on the acquirer).

Dynamic Currency Conversion (DCC)

Sips provides a DCC service that enables the customer to pay in a currency other than those that you accept, which helps improve the customer journey. The customer knows the initial amount and the invoice amount, including the exchange rate applied by the changer.

Note: To use the DCC function, the acquirer must have signed a contract with the provider of this service.

Risk management

Detect a risk of fraud with the Go-No-Go solution

The Go-No-Go solution makes it easy to limit the risk of fraud. This solution is based on checks that block the transaction if needed.

Sips offers two modes:

  • Go-No-Go -> with the most common checks (18 rules)
  • Go-No-Go + -> extra checks (72 rules)

An extranet accessible from the portal enables you to directly configure the checks that should be performed, in accordance with your business. The checks added or modified from this interface are effective immediately.

Note: the scope and implementation method of the Go-No-Go offering are described in the “Go-No-Go Anti-Fraud Management” document.

Assign scores to your transactions with the Business Score solution

The Business Score offering enables you to calculate a score for each transaction. This overall score is based on the weights that you defined for the checks. A color score is assigned to the transaction based either on this overall score or on the use of decisive rules:

  • Black or White: the decision is made without taking into account the overall score, which is only informational
  • Red, Orange or Green: the decision is made from the overall score of the transaction, which is compared to the orange and green thresholds that were defined

The color code is as follows:

  • White : the transaction is authorised because a decisive rule has given a favorable result
  • Green : the transaction is authorised because of its score
  • Orange : the transaction is authorised because of its score, unless the configuration of the store allows orange scores to be blocked. In this case, the transaction remains blocked until you have checked it (see "Challenge" operation)
  • Red : the transaction is not authorised because of its score
  • Black : the transaction is not authorised because a decisive rule has given an unfavorable result

An interface accessible from the portal enables you to directly configure the checks that should be performed and their weights in accordance with your business. The checks added or modified from this interface are effective immediately.

Note: the scope and implementation method of the Business Score offering are described in the “Business Score Anti-Fraud Management” document.

Benefits of 3-D Secure

If you have subscribed to the 3-D Secure service (referred to as "Verified By Visa", "MasterCard SecureCode" and "American Express Safekey” by Visa, MasterCard and American Express, respectively), the cardholder is also authenticated as part of the transaction. The bank that issued the card and the network (Visa or MasterCard) are involved in this authentication.

The program has several advantages:

  • The customer makes the payment secure by providing their bank with additional data.
  • You are sure that your customer is indeed the cardholder since they have been authenticated by their bank.

Authentication via 3-D Secure is fully integrated into the Sips Paypage interface and requires no additional development for you. With the Sips Office interface, you can have us process both the authentication and authorisation flows, or only one of them (the other one may be handled by another PSP).

For this type of transaction, you can benefit from the payment guarantee under conditions that depend on the banking regulations in force. The liability shift which you benefit from is specified in the GuaranteeIndicator field of the Sips reports. It is not systematic and must not replace the anti-fraud checks that you set up. An excessive rate of chargebacks might jeopardise your acceptance of means of payment.

Moreover, 3-D Secure cannot handle all payment processes. 3-D Secure cannot be used for:

  • deferred payments of more than 6 days
  • payments in multiple instalments or captured in multiple instalments
  • recurring transactions (e.g. created through the duplication function)
  • non-Internet payments (manual entry by the merchant, created by the merchant, etc.)
Note: when you set a capture time greater than 6 days for your transactions, Sips sets this value to 6 days so you can benefit from the liability shift.

Please read the 3-D Secure guide for more information on this service.

Anti-carding system

E-commerce sites can be the targets of carding operations. Carding is used by fraudsters to check the validity of card numbers that were stolen or generated fraudulently by creating mass fake transactions. Sips ’s anti-carding system can detect carding attacks, alert you, and combat these attacks (additional fraud checks, blocking of a card before the capture, etc.). The scope and implementation steps of the anti-carding system are described in the “Anti-carding system” document.

Transaction management

Transaction management consists in creating or modifying a transaction carried out using Sips . The transaction management tools enable you to perform operations on transactions up to 18 months after their creation (period during which the transactions are stored in the database). Sips provides three management interfaces: Sips Office Extranet , Sips Office and Sips Office Batch .

The available features enable you to optimise your management and improve the service provided to customers (e.g. debit upon shipment of the goods).

These management interfaces allow for:

  • the total or partial cancellation of transactions before they are captured
  • the total or partial validation of transactions so they are captured
  • the total or partial refund of transactions that have already been captured
  • the creation or duplication of transactions

Some means of payment may have management rules that do not allow all transaction management operations.

Transaction ID

A transaction is identified by a unique reference per store. This reference is valid throughout the transaction's life cycle. This reference enables you to manage your payments. It is accessible on all the interfaces, logs and reporting tools at your disposal.

Creation

In a payment request, you choose the payment options that best suit the services which you want to provide your customers with.

Table 1. Main data
Field Comment
paymentPattern Type of payment (one shot, initial payment, recurring payment, etc.)
orderChannel Order channel used (Internet, MOTO, Fax, etc.). Internet is the default. The use of this field must match the conditions defined in the acquirer contract.
fraudData Settings of the anti-fraud rules of the transaction; they enable you to customise dynamically the rules saved in your store configuration.
captureMode

Transaction capture mode:

  • Cancellation mode: corresponds to the automatic capture of the transaction. This is the default mode; it makes it possible to capture the transaction on a predefined date (= capture deadline). When the capture deadline is reached, the transaction is captured automatically. By default, this capture deadline is set to 0 (end-of-day payment)
  • Validation mode: you control the date on which the transaction is captured. When the capture time is exceeded, you can no longer validate the transaction, which thus expires
  • Immediate mode: the transaction is captured immediately
captureDay Capture time before the transaction is captured. This time is set in days. It makes it possible to provide same-day ( captureDay  = 0) or deferred ( captureDay  > 0) payment.

Cancellation

This function makes it possible to cancel the transaction fully or partially before capturing it. Partial cancellation enables you to modify the amount to be captured. This feature is useful if you need to make sure that the products are in stock.

If a customer has ordered several products, you can partially cancel the amount of an unavailable product to debit the customer's account only with the amounts of the products actually delivered.

The cancellation of a transaction must take place before this transaction is captured. If the transaction has already been captured, cancellation is not possible. You can still refund your customer fully or partially.

When a cancellation is requested, the Sips server verifies two parameters:

  • amount: you cannot cancel an amount greater than the original amount of the transaction
  • capture deadline: this setting was defined at the time of the authorisation request. When this time is exceeded, the transaction is captured and can no longer be canceled
Note: a cancellation operation cannot be cancelled or validated.

A reversal of the credit card limit request is performed if this functionality is supported by the acquirer.

Validation

The validation function makes it possible to trigger the capture of a transaction. It thus enables you to provide deferred payment by debiting your customer’s account when the purchased products are shipped. When the “Validation” mode is chosen, each transaction must be validated so it can be captured. If you do not validate a given transaction before its capture time expires, this transaction expires. It is then impossible to capture it. If you fail to validate it in time, you will be able to submit the transaction again through the duplication operation. You can validate all or part of the transaction’s amount. You cannot validate an amount greater than the original amount of the transaction.
Note: A transaction can only be validated once. For multiple validations, choose the “Recycling” option. A validation cannot be canceled; however, you can cancel the amount that has been validated as long as the transaction has not been captured.

For certain means of payment, this feature is not available.

Refund

A refund makes it possible to credit the account of a customer who has previously been charged (product not received, unavailable, damaged, return, etc.). The refunded amount is credited to the customer's account, and the same amount is debited from your account. The refund is captured on the same day as the operation. You can refund a customer within 18 months of their order. You can make as many partial refunds as you want as long as you do not exceed this 18-month period, and the cumulative amount of refunds does not exceed the amount of the original transaction.

A feature makes it possible to prevent the refund of a transaction whose status is "chargeback". This status appears on the extranet.

Note: A refund cannot be canceled or validated.

Unlimited refund

The unlimited refund enables you to refund to the customer an amount greater than the amount of the transaction that was captured. The amount that is refunded beyond the original amount can be limited to a percentage of the original amount. This enables you, for example, to refund the return costs paid by your customer following a delivery error.

Duplication

You can create a new transaction from an old one if you know its reference. The duplication of a transaction is possible within the 18 months following its creation and within the limit of the expiry date of the means of payment. The transaction created during the duplication is a new transaction, all characteristics of which can be changed except for the card information, which you do not need to store in your information system. A transaction created by duplication can in turn be duplicated. The duplication of a transaction results in a new authorisation request based on the payment data (card number, account number, etc.) corresponding to the original transaction. The outcome of the duplicate transaction does not depend on the outcome of the original transaction: if the original transaction was rejected, it may be accepted after duplication, and vice versa. A transaction associated with a payment in multiple instalments can be duplicated. The payment for this new transaction will be made in one go.

Duplication thus enables you, for example, to rectify a transaction that was not validated because of an error or oversight, or a transaction that was rejected.

Note: the duplicated transaction is processed as a recurring one and cannot benefit from the 3-D Secure liability shift.

Recycling

The recycling operation enables you to use the same transaction partially several times e.g. to manage the successive shipments of the same order.

The recycling operation consists in validating a transaction in several goes, within the limit of its initial amount. The following example illustrates the case of a €100 order:

  • A customer bought a DVD for €30, a game for €50 and a book for €20
  • You make a card payment authorisation for an amount of €100
  • The DVD is in store. You confirm the €30 on the day you ship it. This sum will be captured (after the initial transaction has been validated)
  • The game is available a few days later. You can validate the €50 corresponding to this sale (you recycle the initial transaction with an amount of €50): a new payment of €50 is issued and settled (after the recycling of the initial transaction with an amount of 50 €)
  • Finally, the book is available. You validate the remaining €20: a new payment of €20 is issued and settled (after the recycling of the initial transaction with an amount of €20)
  • The limit of the recycling operation has been reached because the initial amount of €100 has been settled
Note: Recycling is a duplication that is limited to the amount left to capture. As a consequence, if the duplication is available for a means of payment, so is the recycling.

Challenge

If you use the Business Score solution, each transaction is analysed and evaluated through numerous criteria to establish a score. The “Challenge” function enables you to check the fraud risk of the transactions with orange fraud scores. Depending on the level of tolerance decided by your analysts, the transaction will be accepted or rejected.

  • transaction accepted: the life cycle of the transaction resumes
  • transaction rejected: the life cycle of the transaction is interrupted; it is not captured even if a validation operation has been performed or if the capture date has been reached
Note: the “Challenge” is a step of the life cycle. This operation can be found in the operation log and on the Sips Office Extranet .

Credit Holder

The “Credit Holder” operation enables you to create a new transaction, the amount of which is debited from your account and credited to the customer's account. This operation makes it possible to carry out promotional operations or to refund a customer whose initial transaction is no longer accessible because it was purged from the Back Office. This “Credit Holder” operation is independent of any other transaction; therefore, so it is not associated with any initial transaction.

In order not to be subject to a PCI DSS certification related to the knowledge or storage of the card number, you can generate a “Credit Holder” operation from the customer’s wallet ID or from the token, which then replaces the data of the means of payment.

Life cycle

The operations affect the status of the transaction. The following diagram shows all the possible states of the life of a Visa or MasterCard transaction. This diagram is the most complete; however, depending on the means of payment, the life cycle can be much simpler.

Status Comment
CANCELLED The transaction has been totally canceled by the merchant.
CAPTURED The transaction has been captured by the acquirer.
CREDITED The transaction has been totally refunded by the merchant.
EXPIRED The transaction has expired.
REFUSED The transaction has been refused.
TO_AUTHORIZE Awaiting a new authorisation request before capture.
TO_CAPTURE Awaiting capture
TO_CHALLENGE The transaction is to be verified by the merchant following an orange fraud score.
TO_CREDIT Awaiting capture to credit the customer's account.
TO_REPLAY Awaiting a new authorisation request before capture.
TO_VALIDATE Awaiting the merchant's validation before capture.

Capture

Capture, which consists in crediting your account and debiting the customer's (or the reverse in the case of a refund) is triggered by Sips every night. Then each bank is free to credit your account on a given value date. The payment of your transactions depends on the chosen capture mode (validation, cancellation or immediate) as well as the capture time you have specified.

Note: The transactions that Sips sends so the acquirer processes payments can be included in the transaction log if you ask for this option to be added.

Reporting

Sips has numerous reporting features. Several tools enable you to track the transactions made on your store: automatic and manual responses, transaction and operation logs, the transaction viewing tool ( Sips Office Extranet ), the transaction reconciliation log, and the chargeback log.

Note: You can insert your specific business data into the transaction and operation flows. Sips will return them unchanged, and the various reports will contain them.

Online reporting

Sips sends notifications to you and your customer.

Merchant notification

When you use Sips Paypage , you are informed in real time of the response to the transaction. The manual response is sent to you when the customer is redirected to your site after the payment or wallet management. On the other hand, the automatic response is sent whether the customer returns to the store or not. Besides, if your server is temporarily unavailable, multiple attempts to send the response are made (for more information on this option, please refer to the 'Online reporting > Automatic response' section of the functionality set-up guide). In addition, you can request the receipt of an e-mail confirmation, which will enable you to mitigate any possibility of loss related to the Internet connection. The e-mail confirmation will be identical to the one possibly sent to the customer.

Customer notification

If you so wish, the customer can receive, in addition to the payment receipt, an e-mail or SMS receipt that confirms the outcome of the transaction. Of course, the receipt sent via e-mail can be customised. It can be sent in text or HTML format, and can contain images. The receipt sent via SMS is shorter. It contains the most important information of the transaction and can be useful in the case of a payment via Sips Paypage , since the customer did not necessarily provide an e-mail address. In addition, for Web and Mobile solutions, a button on the receipt page enables the customer to return to your store. If this action is performed, Sips will send you the result of the transaction again so you can adapt the content of your page. You can thank the customer for their purchases or, conversely, suggest another means of payment to them.

Diagnosis

To know the detailed status of a transaction, you can also send a diagnosis request about it. This request can be useful, especially if you have not received a manual or automatic response.

Extranet

To improve transaction tracking, you can also view the payments made on your online store, through the Sips Office Extranet .

You can view:

  • a transaction from its number, the PAN, and the date of the transaction
  • a transaction list, based on a set of criteria (transaction number, date, merchant reference, transaction status, card type, currency, etc.). The results page enables you to view all the information related to a specific transaction
    Note: the Back Office provides you with all the transaction management tools that you need to monitor and manage your transactions in the best possible way.

Offline reporting

For most merchants, logs are sent once a day between 4:00 a.m. and 6:00 a.m. This information is usually sent as an e-mail attachment in CSV format. The data may also be sent via FTP, for large files for example.

Transaction log

The transaction log informs you of all the payments that were made (whether they were accepted or rejected) on your site. From this log, you can decide to deliver all the orders, the payment of which was accepted.

Operation log

The operation log informs you of the evolution of the life cycle of transactions. It includes the list of transaction management operations (validation, refund) as well as the captured transactions if you so wish.

Transaction reconciliation log

This log is the result of the reconciliation between the transactions stored by Sips , and the payment results returned by the acquirer or the financial institution after the transactions were captured. Sips processes these results to enrich the acquirer’s data with the Sips context of the transaction (transaction number, merchant-specific references, etc.). This log lets you know whether each transaction was actually credited by your acquirer/banking institution. The reconciliation log consolidates the financial view of the various means of payment accepted by your store.

Note: the provision of the reconciliation log is conditioned by the provision of the payment results by the acquirer or the financial institution. Certain means of payment are not included in the reconciliation logs.

Chargeback log

This log is the result of the reconciliation between the transactions stored by Sips , and the chargebacks (for example due to a customer dispute) reported by the acquirer or the financial institution. This feedback is processed by Sips to enrich the acquirer's data with the SIP context of the transaction (transaction number, merchant-specific references, etc.). You are thus informed in detail of chargebacks, and you can manage your customer follow-ups accordingly.

Note: the provision of the chargeback log is conditioned by the provision of the chargeback information by the acquirer or the financial institution. Certain means of payment are not included in the chargeback logs.

Wallet expiry log

This log contains all the cards that are saved in your wallets and will expire within a specific period of time (between one and three months).

Your interfaces

Payment pages hosted by Sips : Sips Paypage

Sips Paypage is an interface that supports the global payment process in a secure way. From the page used to select the means of payment to the display of the receipt, all the data are entered by the Sips servers, thus guaranteeing you simplicity and security. Sips Paypage contains all Sips features already available on the Web and is enriched with new multichannel media: touch tablets, interactive TVs, automatic terminals, etc.

Choice of means of payment

By default, Sips displays the logos of the means of payment that you have set up on your site. Thanks to the information of the transaction (amount of the basket, foreign customer, etc.), and if you so wish, you can then display a reduced list of means of payment (e.g. credit cards, PayPal). If you only accept bank cards as means of payment, this intermediate page is then "bypassed", and the payment information entry page is displayed directly.

Receipt

By default, Sips displays the payment receipt and specifies the important data of the transaction (amount, reference, authorisation number, etc.). You can, however, display the receipt directly on your site.

Mobile phone payment application: Sips In-App

If you have developed a specific mobile application to provide your customers with a fully integrated journey perfectly adapted to the laptop / tablet environment, Sips provides its mobile SDK tool. It enables your application to easily accept means of payment and optimise your customers’ shopping journey, in a secure environment that complies with the PCI DSS standard. Sips In-App is compatible with iOS and Android environments.

Transactions and operations in message mode: Sips Office

Sips Office is an interface that works through a server-to-server dialog. It enables you to manage your own payment pages as well as your own management interface. This interfacing mode provides you with numerous advantages:

  • There is no need to install and run an application on your infrastructures, which makes your system more flexible and reduces deployment time
  • Exchanges are based on standardised protocols widely used on the Internet; therefore, interfacing the systems is easier and quicker
  • The services are associated with a versioning system that can update them in a completely seamless way for the merchant systems that connect to them

For payment, if you use Sips Office , you have chosen to capture your customers' payment data yourself before sending them to Sips Office . Therefore, you will have to develop the interfacing with your customers, and handle the security and regulatory aspects accordingly.

For transaction management, operations (refunds, cancellations, etc.) are always carried out using transaction aliases, which enables you not to use or keep sensitive data (card numbers, account numbers), thus freeing you from PCI DSS constraints.

File-based transactions and operations: Sips Office Batch

The Sips Office Batch interface enables you to build transaction and operation files, and then upload them to a secure FTP account. Sips Office Batch notably enables you to perform mass transaction management operations, but also recurring payment and subscription.

It must be noted that the syntax of Sips Office Batch and Sips Office requests is almost identical. When constructing requests, only the particularities due to the technical interfaces will differentiate them. This greatly facilitates the transition from one to the other for complementary uses.

Merchant Extranet: Sips Office Extranet

Sips Office Extranet is a secure Web interface (HTTPS). You need basic Internet access, and you use your username and password to access your dedicated interface.

You can manage your transactions or trigger a payment. The latter function is especially useful if you take orders over the phone or receive order slips.

Note: beware: you must agree with your acquirer regarding the payment channel used in the context of your distance selling contract.

Comparison between Sips Paypage and Sips Office

Criterion Sips Paypage interface Sips Office interface
Functional scope Transaction creation only Transaction creation and management. Note that you can use Sips Paypage for payment and Sips Office for cash management.
PCI DSS

Benefits from PCI certification because the payment process is outsourced to the Sips servers.

You do not have to know the customer's PAN.

In the case of transaction creation, payment pages are managed by you; therefore, you are subjected to the PCI DSS certification.
Note: you can limit your scope by not storing any PAN information in your information system (e.g. by replacing the PAN with a token, a wallet ID or a hashPan).
3-D Secure 3-D Secure process made by Sips and seamless for you.

You manage the 3-D Secure authentication process.

You may also use Sips and another PSP to process your authentication and authorisation requests, dispatching them as you need.

Integration effort: Plug & Play solution that is easy to integrate. Solution that requires more development work: payment on the merchant side with management of the payment pages
Adding a means of payment Without any development work for you in most cases.
Note: sometimes, you must fill in specific fields in the payment request in order to benefit from the options of the means of payment (e.g. PayPal).
Development work is required to integrate the means of payment (process management, page management, etc.).
Customer journey Limited difference between your website and the payment server through the customisation of the payment pages by you (CSS, URL) No difference between your website and the payment server.
Integration into your IS Interfaces with your store Interfaces with your store for transaction creation and / or your Back Office for transaction management.
Reporting Homogeneous reporting Homogeneous reporting

Page customisation tool: CustomPages

CustomPages is a Web interface that enables you to customise the pages hosted on the Sips server. With this tool you can:

  • customise your payment pages in accordance with your graphic charter
  • customise your wallet management pages in accordance with your graphic charter
  • preview the look of these pages
  • trigger the installation of your customisation elements (CSS, images, header, footer) into the production environment
Note: the implementation of this feature is detailed in the " CustomPages Merchant Customisation Tool” document.

Security

PCI DSS programme

PCI DSS is an international security standard that aims to ensure the confidentiality and integrity of cardholders’ data, and thus to secure card and transaction data. Merchants as well as payment providers must comply with it to varying degrees depending on the importance of their business. Sips solution has been PCI DSS-certified since 2006. You are also required to comply with this security standard. We invite you to discuss this subject with your acquiring institution.

With Sips , you can operate on multiple channels (Internet, phone, mobile) and provide payment facilities, payment by subscription or instalment payment without having to know cardholders’ sensitive data. This greatly facilitates your PCI DSS certification process.

Sips helps merchants, as much as possible, to comply with this standard:

  • through the Sips Paypage interface: the merchant does not know the cardholders’ data
  • through the very advanced customisation offered on these payment pages secured by Sips , from graphic customisation to that of the payment URL
  • through the payment facilities proposed (payment deferred until shipment, instalment payment) from a transaction ID
  • through the subscription and recurring payment features available
  • through the tokenisation methods as described in this document

Securing payments

Sips offers several payment securing techniques:

Technique Description Benefits Shortcomings PCI DSS Self-Assessment Questionnaire
Payment via Sips Paypage .
  • Payment pages hosted by Sips .
  • You do not store card details, so you do not have any PCI DSS constraints.
  • Payment page customisation is more limited than if you host these pages.
SAQ-A
Payment via Sips Paypage iFrame.
  • Payment pages hosted by Sips .
  • You do not store card details, so you do not have any PCI DSS constraints.
  • You can customise the HTML page containing the payment iFrame as you wish, because you host this page.
  • Payment iFrame customisation is more limited than if you host this content.
SAQ-A
Payment via Sips Office .
  • Payment pages hosted by your website.
  • If you need to keep the card number, you must store it in your database.
  • You can customise the payment pages as desired because they are hosted on your premises.
  • You must comply with PCI DSS constraints regarding the storage of card numbers.
SAQ-D
Payment via Sips Office using card number tokenisation.
  • Payment pages hosted by your website.
  • The token is an identifier shared by you and Sips .
  • It replaces the card number (PAN).*
  • If you need to keep the card number, you store a token of the card number in your database.
  • You can customise the payment pages as desired because they are hosted on your premises.
  • The token is not a sensitive data.
  • It contributes to complying with PCI DSS standards.*
  • You have to store and manage every token you use.
SAQ-D
Paiement via Sips Office using client-side encryption (CSE).
  • Payment pages hosted by your website.
  • Encryption of sensitive data before it is transmitted to your servers and to the Sips servers.
  • You can customise the payment pages as desired because they are hosted on your premises.
  • Your server receives encrypted sensitive data (no transmission of clear information on your server) for a simplified compliance with PCI DSS standards.
  • You must manage an additional security key related to CSE.
SAQ A-EP

* The token and the PAN have the same length to minimise the changes to be made to your information system. This technique is available in each merchant interface. Other token features include:

  • complete PAN tokenisation (no digit remains clearly readable)
  • unique for a given card number
  • includes at least one letter to distinguish it from the clear PAN
  • irreversible (the card number cannot be deduced from the token): an absolutely secure solution
  • unrestricted use in your information system (fully-fledged data, for example reusable for statistical purposes)

Security of exchanges

The security of Sips is based on four essential pillars:

  • merchant authentication
  • the authorisation request made to the cardholder’s bank
  • confidentiality of the data, which are transmitted on the Internet in an encrypted form (card number, validity date, etc.)
  • data integrity to prevent any alteration of the messages exchanged

In order to secure the online payment process, you share a secret key with Sips , which enables the latter to authenticate you when you call Sips Paypage .

You are responsible for preserving this secret and you must take all the appropriate measures to:

  • save it in an encrypted form
  • never copy it to a non-secure disk
  • restrict access to it
  • never send it using a non-secure method (electronic or postal mail)

The compromise of a secret key and its use by a malicious third party would disrupt the normal functioning of the store, and could notably generate unjustified transactions or transaction management operations (e.g. refunds). Also, if the secret is compromised, you are required to request its revocation and renewal from our customer service department as soon as possible.

Implementation

To implement Sips , you must first sign contracts with various acquirers or service providers.

You will then have to choose your connectors and integrate them so you can connect your merchant site to the Sips payment server.

After a test phase, you will be able to open your site to the public, and enable your customers to make purchases and pay for them.

Contracts

The use of Sips requires that you first sign one (or more) acquiring contract(s) with acquirers, or banking or financial organisations, according to the means of payment of your choosing.

For the implementation of 3-D Secure, a three-party agreement is required between you, the acquirer and Worldline .

To accept multiple currencies, you must contact your banking or financial institution. Sips supports the most commonly accepted currencies in the world.

Implementation

This guide contains an interface comparison table that enables you to choose the interfaces adapted to your specific characteristics.

Depending on the chosen interface,

  • You will need to implement the communication between your server (Front Office and / or Back Office) and Sips . This implementation is described in detail in the connector guides.
  • You (or your service provider) must comply with the PCI DSS regulation.

Tests and go-live

The stores are always registered with your actual merchant ID; however, in the test environment, you use an ID and a secret simulation key provided in the documentation and shared by the various merchants. This test environment, also called simulation mode, enables you to validate your developments and thus the integration of connectors between the website and the payment platform. After these tests, your store is activated in the production environment.

Multiple stores

A merchant usually uses their own ID and secret key.

In the case of a set of stores managed by the same operator, it is possible to define a common key through an Intermediate Service Provider (ISP) to simplify the connection.

The ISP is an entity that acts as a merchant on behalf of other merchants. It secures communications during transaction processing without the need to define security keys for each of the registered merchants. (This concerns, for example, hosters or the management of shopping malls on the Internet.)

For further information

The following guides will provide you with further information for even more advanced implementation of the Sips solution. This list is not exhaustive.

Manual Why read it?
Data Dictionary This manual provides you with the definitions and values of connector and log fields.
Functionality setup guide This manual explains how to implement Sips features.
Reports description This manual describes the content of the logs sent by Sips .
Sips Paypage eShop customisation and CustomPages These manuals explain how to customise your payment pages so their graphic charter is similar to the rest of your site.
OneClick Payment This manual describes the OneClick solution that enables your customers to pay with one click without having to re-enter their card data.
Sips Message This manual explains how to implement the Sips message solution that enables you to send your customers payment notifications via e-mail or SMS.
Sips Download This manual explains how to download the documentation and your secret key via the Sips Download extranet.
Sips Office Extranet This manual describes all the transaction management actions that you can perform through the Sips Office Extranet .
Fraud risk management - Go-No-Go and Business Score These manuals explain the operation, configuration and use of the Go-No-Go anti-fraud engine and the Business Score scoring system. They enable you to define the fraud acceptance rules that you want to set up during payments.
Sips Paypage and Sips Office These manuals describe and explain how to implement the full set of Sips connector options.
Means of payment integration guides These manuals exist for each means of payment and describe in detail their specific characteristics, life cycles and processes.