In effect since the beginning of 2018, the second Payment Services Directive (PSD2) redefines security standards for online payments. Given the strong growth of e-commerce in Europe, it aims to increase security during payment processing, while fighting more actively against fraud attempts.

This is the goal of the PSD2: to strengthen and increase e-shoppers’ trust

With the enforcement of the Regulatory Technical Standards (RTS) arising from the PSD2 as of September 14, 2019, new requirements in terms of strong authentication must be applied to all transactions carried out over the Internet for a better protection of customers.

While a transition period with current payment systems has been planned, you must anticipate this change and comply with 3-D Secure 2, the new version of the protocol developed by EMVCo (organization bringing together representatives from the main card networks and leaders in the payment industry) which standardizes the process of strong authentication for online payments.

Please note: The 3-D Secure standard only applies to card payments (Visa, Mastercard, CB, American Express) and not to payments made with alternative or local payment methods (Klarna, iDEAL, Bancontact…).

As a payment service provider, HiPay is here to guide you and facilitate your transition to these new authentication methods.

What will change on September 14, 2019

Today, merchants or their payment service providers decide to use strong authentication on transactions based on their fraud management policy by triggering 3-D Secure 1.0. End customers are then redirected to a page from their bank, where they must enter, to prove their identity, a one-time code, generally received by SMS.

As of September 14, 2019, the decision to apply strong authentication will be made by the issuer, the cardholder’s bank (end customer). The issuer will make this decision according to the numerous criteria set in the PSD2 (limits, exemptions, fraud rate management…) and based on the analysis of more than 150 data collected during each purchasing process.

Therefore, to comply with the new PSD2 requirements and improve user experience, the 3-D Secure 2 protocol has been developed to benefit from a more dynamic and more secure authentication, that integrates innovative authentication methods, such as biometric authentication solutions.

More importantly, version 2 of the protocol will enable merchants to offer purchasing processes more integrated to their environment.

When the issuers will deem that the data sent make it possible to identify the cardholder, or when transactions will meet certain eligibility criteria, the authentication process will be completely transparent for the end users.

However, when the analyzed data will not allow the cardholder to be identified, a strong customer authentication will be required.

In both cases, responsibility will be transferred to the issuer.

Understanding Strong Customer Authentication

This new requirement imposes strong authentication on customers when they finalize their purchases, by combining two independent authentication factors.

These authentication factors can be:

element_connu.jpg something known by the end customer (e.g.: password, secret question, secret code, etc.),

element_detenu.jpg something owned by the end customer (e.g.: smartphone, connected device, token, chip card, etc.),

element_caracterisant.jpg something inherent to the end customer (e.g.: fingerprint, facial or vocal recognition, iris recognition, etc.).

 

The technical answer to these new requirements relating to strong authentication involves the implementation of 3-D Secure 2.

To comply with this new regulation, it is thus necessary to:

  • understand how 3-D Secure 2 works,
  • evaluate if you can benefit from an exemption when making a transaction,
  • collect the new types of data required by the regulation and provide them to your PSP for each transaction.

Transactions outside of the scope of PSD2 and exempt from strong authentication

Certain transactions may be exempt from strong authentication, others are outside of the scope of PSD2.

Thanks to HiPay’s anti-fraud tools, our teams will work together with merchants for optimal implementation of exemptions, with the goal of maximizing the fluidity of the customer journey, while actively fighting fraud.

For more information on possible exemptions, please refer to our web page dedicated to PSD2.

HiPay is here for you to comply with PSD2

To meet PSD2 requirements, HiPay will provide you guidance and support regarding the evolution of your technical integration.

Thus, HiPay makes it easier for you to implement 3-D Secure 2 by minimizing the constraints of integration on your end.

Implementing the new protocol does not modify the current architecture between the merchant and HiPay.

However, in order to maximize the success of your transactions and simplify your customer journey, it is strongly recommended to collect the new types of data described below and provide them to HiPay.

We invite you to review the new fields to integrate, described in the following table.

Our merchants using our CMS modules (Magento, PrestaShop, WooCommerce) or our SDKs (iOS, Android, PHP, JavaScript) will soon be informed of the date of their release.

New fields to integrate into existing /order and /hpayment APIs

Object name Required Description
account_info No Information about the customer account
device_channel Yes Device from which the transaction is initiated
previous_auth_info No Information about previous authentications of the customer on the merchant’s website
merchant_risk_statement No Information about the order of the customer, enabling to perform transaction risk analysis
recurring_info No Information about a recurring transaction
exemption No Exemption(s) declared by the merchant

Please note: all the fields that are not required are strongly recommended.

account_info [customer]

Field name Format Required Description / Note / Value example
account_change YYYYMMDD Integer No Date of the last change made by the customer on their account, including delivery and billing address, the addition of a payment means or a user

Please note:

Implement a field on your user table enabling to save any change made by the user on their account, then retrieve this value.

Most CMSes natively allow to retrieve this information from the customer account.

Value example:

20180507

opening_account_date YYYYMMDD Integer No Creation date of the customer account

Please note:

Implement a field on your user table enabling to save the creation date of the customer account.

Most CMSes natively allow to retrieve this information from the customer account.

Value example:

20180507

password_change YYYYMMDD Integer No Date of the last modification of the customer account password

Please note:

Implement a field on your user table enabling to flag any modification of the customer account password, then retrieve this value.

Most CMSes natively allow to retrieve this information from the customer account.

Value example:

20180507

account_info [purchase]

Field name Format Required Description / Note / Value example
count Integer (4) No Number of order(s) made by the customer during the last six months (all payment means taken into account)

Please note:

Retrieve the number of orders, regardless of the payment means used and status of the order made by the customer (e.g.: refunded, cancelled, etc.).

Value example:

2

card_stored_24h Integer (3) No Number of Add card attempt(s) on the customer account during the last 24 hours

Please note:

Implement a table saving Add card attempt(s) from customers with the date and time of the attempt. If the card is not authorized but the user wanted to save it, take the attempt into account. Retrieve the number of attempts from customers on Date Time – 24H.

Value example:

0

payment_attempts_24h Integer (3) No Number of transaction(s) (payments by payment card) made by the customer during the last 24 hours

Please note:

Retrieve the number of orders from the customer on Date Time – 24H with payment made by credit card.

Value example:

0

payment_attempts_1y Integer (3) No Number of transaction(s) (payments by payment card) made by the customer during the last 12 months

Please note:

Retrieve the number of orders from the customer on Date Time – 365D with payment made by credit card.

Value example:

0

account_info [payment]

Field name Format Required Note / Value example
enrollment_date YYYYMMDD Integer No Please note:

For a one-click payment, provide the date when the payment card has been saved in the customer account.

If payment is made with a saved card, retrieve the date when the card was saved in the customer account.

Value example:

20180507

account_info [shipping]

Field name Format Required Description / Note / Value example / Possible values
shipping_used_date YYYYMMDD Integer No Date of the first order made by the customer with this shipping address

Value example:

20180507

name_indicator Integer (1) No Indicates if the name of the customer is the same as on the shipping address for this transaction

Possible values:

1 = Account name identical to shipping name
2 = Account name different from shipping name

suspicious_activity Integer (1) No Indicates if the merchant has experienced suspicious activities (including fraud) on this customer account 

Please note:

If you subscribed to HiPay Sentinel, you do not have to provide this information.

If you did not subscribe to HiPay Sentinel, you have to send us the value (1 or 2) corresponding to the information from your anti-fraud system. 

Possible values:

1 = No suspicious activity has been observed

2 = Suspicious activity has been observed

JSON example:


              "account_info": {
                "customer": {
                  "account_change": 20180507,
                  "opening_account_date": 20180507,
                  "password_change": 20180507
                },
                "purchase": {
                  "count": 2,
                  "card_stored_24h": 0,
                  "payment_attempts_24h": 0,
                  "payment_attempts_1y": 0
                },
                "payment": {
                  "enrollment_date": 20180507,
                },
                "shipping": {
                  "shipping_used_date": 20180507,
                  "name_indicator": 1,
                  "suspicious_activity": 1
                }
              }
              

device_channel

Format Required Description / Note / Possible values
Integer (1) Yes Indicates the channel used to initiate the transaction

Please note:

2 (BROWSER) is the default value; otherwise, please provide the relevant value.

Possible values:

1 = App-based (APP)
2 = Browser (BRW)
3 = 3DS Requestor Initiated (3RI = MIT)

previous_auth_info [transaction_reference]

Format Required Description / Note / Value example
String (16) No Reference of the previous authenticated transaction for this customer

Please note:

Provide this information if you use several payment service providers and if the previous transaction was not processed through HiPay.

Value example:

987654321CBA

merchant_risk_statement [email_delivery_address]

Format Required Description / Note / Value example
String (254) No Electronic delivery address for intangible products

Please note:

Provide this information if the order includes at least one intangible product.

Value example:

[email protected]

merchant_risk_statement [delivery_time_frame]

Format Required Description / Note / Possible values
Integer (1) No Information about order delivery time

Please note:

Depending on the delivery method and carrier selected by the customer for the order, retrieve an approximate delivery time.

If the order includes products to be delivered by different carriers, retrieve the information from the product with the longest delivery time.

Possible values:

1 = Electronic delivery
2 = Same day shipping
3 = Overnight shipping
4 = Two-day or more shipping

merchant_risk_statement [purchase_indicator]

Format Required Description / Note / Possible values
Integer (1) No Information about product availability

Please note:

Provide the value 2 (future availability) only if none of the products included in the current order are in stock.

Possible values:

1 = Merchandise available
2 = Future availability

merchant_risk_statement [pre_order_date]

Format Required Description / Note / Value example
YYYYMMDD Integer (8) No Estimated restocking date in case of a pre-order

Please note:

If none of the products are in stock when ordering (purchase_indicator = 2), provide the restocking date.

Value example:

20190925

merchant_risk_statement [reorder_indicator]

Format Required Description / Note / Possible values
Integer (1) No Indicates if the customer has ordered the same products in the same quantities before

Please note:

Search in the customer’s order history for any order with the same product references in the same quantities.

Do not take into account product prices and possible discounts applied.

Possible values:

1 = First-time order
2 = Reorder

merchant_risk_statement [shipping_indicator]

Format Required Description / Note / Possible values
Integer (1) No Information about the delivery address

Please note:

Provide this information based on the types of products included in the order and the delivery method.

For intangible products not requiring any carrier, please provide:

5 = Digital goods
6 = Travel and event tickets, no shipping
7 = Other (gaming, digital services without shipping, e-media subscription)

For products requiring shipping, compare the delivery address with the billing address; depending on the result, please provide:

1 = Shipping to cardholder’s billing address
2 = Shipping to another verified address on file with the merchant
3 = Shipping to an address different from the cardholder’s billing address

When comparing addresses, you must take into account all the address fields (street, city, postal code, etc.).
An address is considered verified when it has already been used for a previous order.

Possible values:

1 = Shipping to cardholder’s billing address
2 = Shipping to another verified address on file with the merchant
3 = Shipping to an address different from the cardholder’s billing address
4 = Shipping to store / pick-up at local store
5 = Digital goods
6 = Travel and event tickets, no shipping
7 = Other (gaming, digital services without shipping, e-media subscription)

merchant_risk_statement [gift_card]

Field name Format Required Description / Note / Value example
amount Number No Information relating to the purchase of prepaid or gift cards: total amount of purchased cards

Please note:

If the order includes products such as prepaid or gift cards, retrieve the total amount of purchased cards.

Value example:

15.00

count Integer No Information relating to the purchase of prepaid or gift cards: total number of purchased cards

Please note:

If the order includes products such as prepaid or gift cards, retrieve the total number of purchased cards.

Value example:

1

currency String (3) No Information relating to the purchase of prepaid or gift cards: card currency ISO code 4217

Please note:

If the order includes products such as prepaid or gift cards, retrieve the card currency.

Value example:

EUR

JSON example:


             "merchant_risk_statement": {
               "email_delivery_address": "[email protected]",
               "delivery_time_frame": 1,
               "purchase_indicator": 1,
               "pre_order_date": 20190925,
               "reorder_indicator": 1,
               "shipping_indicator": 1,
               "gift_card": {
                 "amount": 15,
                 "count": 1,
                 "currency": "EUR"
               }
             }
             

recurring_info [expiration_date]

Format Required Description / Value example
YYYYMMDD Integer No In case of a recurring transaction, date after which no further authorizations shall be performed

Value example:

20180507

recurring_info [frequency]

Format Required Description / Value example
 Integer (4) No In case of a recurring transaction, indicates the minimum number of days(s) between authorizations

Value example:

31

JSON example:


                  "recurring_info:" {
                    "expiration_date": 20200318,
                    "frequency": 31
                  }
              

exemption

Format Required Description / Note
 String No Exemption(s) declared by the merchant

Please note:

It is through this field that you will be able to provide your exemption requests: for more details, please contact HiPay’s technical team.

Full PHP example:


            $data = array(
              // Order information
              "orderid"=> "hipay-test-12345678910",
              "description"=> "test product 01",
              "long_description"=> "full description of test product 01",
              "payment_product"=> "mastercard",
              "cardtoken"=> "daaf85868bcaee8klniazereiuop7b0ce133e88d",
              "eci"=> "7",
              "authentication_indicator"=> "1",
              "operation"=> "authorization",
              "currency"=> "EUR",
              "amount"=> 100,
              "shipping"=> 1,
              "tax"=> 1,
              "tax_rate"=> 1,
              "custom_data"=>
              '{
								"shipping_method":"click and collect",
								"first_order":"0",
								"products_list": "First product, Second product",
								"_reporting_data_1":"my custom data 1",
								"_reporting_data_2":"my custom data 2",
								"_reporting_data_3":"my custom data 3",
								"_reporting_data_4":"my custom data 4",
								"_reporting_data_5":"my custom data 5"
							}',

              // Customer information
              "email"=> "[email protected]",
              "phone"=> "01234567890",
              "birthdate"=> "19890525",
              "gender"=> "f",
              "firstname"=> "Jane",
              "lastname"=> "Doe",
              "country"=> "FR",
              "streetaddress"=> "10 rue de la facturation",
              "streetaddress2"=> "",
              "city"=> "Paris",
              "zipcode"=> "75012",
              "shipto_firstname"=> "Jane",
              "shipto_lastname"=> "Doe",
              "shipto_streetaddress"=> "20 rue de la livraison",
              "shipto_streetaddress2"=> "",
              "shipto_city"=> "Paris",
              "shipto_zipcode"=> "75012",
              "shipto_country"=> "FR",
              "cid"=> "123456",
              "ipaddr"=> "xxx.xx.xxx.xx",
              "accept_url"=> "",
              "decline_url"=> "",
              "pending_url"=> "",
              "exception_url"=> "",
              "cancel_url"=> "",

              //PSD2 information
              "account_info"=> "{
                'customer': {
                  'account_change': 20180507,
                  'opening_account_date': 20180507,
                  'password_change': 20180507,
                  },
                'purchase': {
                  'count': 2,
                  'card_stored_24h': 0,
                  'payment_attempts_24h': 0,
                  'payment_attempts_1y': 0
                  },
                'payment': {
                    'enrollment_date': 20180507
                  },
                'shipping': {
                    'shipping_used_date': 20180507,
                    'name_indicator': 1,
                    'suspicious_activity': 1
                    }
                  }",

                "device_channel"=> 2,

                "previous_auth_info"=> "{
                  'transaction_reference': '987654321CBA'
                  }",

                "merchant_risk_statement"=> "{
                  'email_delivery_address': '[email protected]',
                  'delivery_time_frame': 1,
                  'purchase_indicator': 1,
                  'pre_order_date': 20190925,
                  'reorder_indicator': 1,
                  'shipping_indicator': 1,
                  'gift_card': {
                    'amount': 15,
                    'count': 1,
                    'currency': 'EUR' }
                    }",

                "recurring_info"=> "{
                  'expiration_date': 20200318,
                  'frequency': 31
                }"
            );
            
Object name Required Description
account_info No Information about the customer account
device_channel Yes Device from which the transaction is initiated
browser_info Yes Customer’s browser information
previous_auth_info No Information about previous authentications of the customer on the merchant’s website
merchant_risk_statement No Information about the order of the customer, enabling to perform transaction risk analysis
recurring_info No Information about a recurring transaction
exemption No Exemption(s) declared by the merchant

Please note: all the fields that are not required are strongly recommended.

account_info [customer]

Field name Format Required Description / Note / Value example
account_change YYYYMMDD Integer No Date of the last change made by the customer on their account, including delivery and billing address, the addition of a payment means or a user

Please note:

Implement a field on your user table enabling to save any change made by the user on their account, then retrieve this value.

Most CMSes natively allow to retrieve this information from the customer account.

Value example:

20180507

opening_account_date YYYYMMDD Integer No Creation date of the customer account

Please note:

Implement a field on your user table enabling to save the creation date of the customer account.

Most CMSes natively allow to retrieve this information from the customer account.

Value example:

20180507

password_change YYYYMMDD Integer No Date of the last modification of the customer account password

Please note:

Implement a field on your user table enabling to flag any modification of the customer account password, then retrieve this value.

Most CMSes natively allow to retrieve this information from the customer account.

Value example:

20180507

account_info [purchase]

Field name Format Required Description / Note / Value example
count Integer (4) No Number of order(s) made by the customer during the last six months (all payment means taken into account)

Please note:

Retrieve the number of orders, regardless of the payment means used and status of the order made by the customer (e.g.: refunded, cancelled, etc.).

Value example:

2

card_stored_24h Integer (3) No Number of Add card attempt(s) on the customer account during the last 24 hours

Please note:

Implement a table saving Add card attempt(s) from customers with the date and time of the attempt. If the card is not authorized but the user wanted to save it, take the attempt into account. Retrieve the number of attempts from customers on Date Time – 24H.

Value example:

0

payment_attempts_24h Integer (3) No Number of transaction(s) (payments by payment card) made by the customer during the last 24 hours

Please note:

Retrieve the number of orders from the customer on Date Time – 24H with payment made by credit card.

Value example:

0

payment_attempts_1y Integer (3) No Number of transaction(s) (payments by payment card) made by the customer during the last 12 months

Please note:

Retrieve the number of orders from the customer on Date Time – 365D with payment made by credit card.

Value example:

0

account_info [payment]

Field name Format Required Note / Value example
enrollment_date YYYYMMDD Integer No Please note:

For a one-click payment, provide the date when the payment card has been saved in the customer account.

If payment is made with a saved card, retrieve the date when the card was saved in the customer account.

Value example:

20180507

account_info [shipping]

Field name Format Required Description / Note / Value example / Possible values
shipping_used_date YYYYMMDD Integer No Date of the first order made by the customer with this shipping address

Value example:

20180507

name_indicator Integer (1) No Indicates if the name of the customer is the same as on the shipping address for this transaction

Possible values:

1 = Account name identical to shipping name
2 = Account name different from shipping name

suspicious_activity Integer (1) No Indicates if the merchant has experienced suspicious activities (including fraud) on this customer account 

Please note:

If you subscribed to HiPay Sentinel, you do not have to provide this information.

If you did not subscribe to HiPay Sentinel, you have to send us the value (1 or 2) corresponding to the information from your anti-fraud system. 

Possible values:

1 = No suspicious activity has been observed
2 = Suspicious activity has been observed

JSON example:


              "account_info": {
                "customer": {
                  "account_change": 20180507,
                  "opening_account_date": 20180507,
                  "password_change": 20180507
                },
                "purchase": {
                  "count": 2,
                  "card_stored_24h": 0,
                  "payment_attempts_24h": 0,
                  "payment_attempts_1y": 0
                },
                "payment": {
                  "enrollment_date": 20180507,
                },
                "shipping": {
                  "shipping_used_date": 20180507,
                  "name_indicator": 1,
                  "suspicious_activity": 1
                }
              }
              

device_channel

Format Required Description / Note / Possible values
Integer (1) Yes Indicates the channel used to initiate the transaction

Please note:

2 (BROWSER) is the default value; otherwise, please provide the relevant value.

Possible values:

1 = App-based (APP)
2 = Browser (BRW)
3 = 3DS Requestor Initiated (3RI = MIT)

browser_info

If your integration uses the Hosted Fields / Hosted Payments methods, the browser_info data will be returned to you in the getPaymentData method response (in JSON format).

If you use a CMS, the browser_info data will be retrieved and sent to HiPay automatically.

If you neither use a CMS nor use the Hosted Fields / Hosted Payments methods, but use the HiPay JavaScript SDK, you can call the getBrowserInfo method to retrieve the browser_info data.

In any other case, you must directly retrieve the browser_info data in order to provide them to us.   

browser_info [java_enabled]

Format Required Description / Note
 Boolean Yes Boolean that represents the ability of the customer’s browser to execute Java

Please note:

Use the following Java method: navigator.javaEnabled()

browser_info [javascript_enabled]

Format Required Description / Note / Possible values
Boolean  Yes Boolean that represents the ability of the customer’s browser to execute JavaScript

Please note:

True by default

Possible values:

True

False

browser_info [language]

Format Required Description / Note / Value example
 String (1 – 8)  Yes Value that represents the customer’s browser’s language as defined in IETF BCP47

Please note:

Use the following JavaScript method: navigator.language

Value example:

fr

browser_info [color_depth]

Format Required Description / Note / Possible values
 Integer (1 – 2) Only if javascript_enabled = yes Value that represents the depth of the color palette for displaying images, in bits per pixel

Please note:

Use the following JavaScript method: window.screen.colorDepth

Possible values:

1 = 1 bit
4 = 4 bits
8 = 8 bits
15 = 15 bits
16 = 16 bits
24 = 24 bits
32 = 32 bits
48 = 48 bits

browser_info [screen_height]

Format Required Description / Note / Value example
 Integer (1 – 6) Only if javascript_enabled = yes Total height of the customer’s screen (in pixels)

Please note:

Use the following JavaScript method: window.screen.height

Value example:

1080

browser_info [screen_width]

Format Required Description / Note / Value example
 Integer (1 – 6)  Only if javascript_enabled = yes Total width of the customer’s screen (in pixels)

Please note:

Use the following JavaScript method: window.screen.width

Value example:

1920

browser_info [timezone]

Format Required Description / Note / Value example
 String (1 – 5)  Only if javascript_enabled = yes Time-zone offset in minutes between UTC time and the cardholder’s browser local time

Please note:

Use the following JavaScript method: new Date().getTimezoneOffset()

Value example:

300

browser_info [ipaddr]

Format Required Description / Value example
 String  No IP address of the purchasing customer

Value example:

127.0.0.1

 

browser_info [http_accept]

Format Required Description / Value example
String   No

This element should include the exact content of the HTTP Accept header, as sent to the merchant from the customer’s browser.

Value example:

*/*

 

browser_info [http_user_agent]

Format Required Description / Value example
String    No

This element should include the exact content of the HTTP User_Agent header, as sent to the merchant from the customer’s browser.

Value example:

Mozilla/4.0

 JSON example for the whole browser_info section:


            "browser_info": {
              "java_enabled": true,
              "javascript_enabled": true,
              "ipaddr": "127.0.0.1",
              "http_accept": "*/*",
              "http_user_agent": "Mozilla/4.0",
              "language": "fr",
              "color_depth": "1",
              "screen_height": 1080,
              "screen_width": 1920,
              "timezone": "300"
          }
            

previous_auth_info [transaction_reference]

Format Required Description / Note / Value example
String (16) No Reference of the previous authenticated transaction for this customer

Please note:

Provide this information if you use several payment service providers and if the previous transaction was not processed through HiPay.

Value example:

987654321CBA

merchant_risk_statement [email_delivery_address]

Format Required Description / Note / Value example
String (254) No Electronic delivery address for intangible products

Please note:

Provide this information if the order includes at least one intangible product.

Value example:

[email protected]

merchant_risk_statement [delivery_time_frame]

Format Required Description / Note / Possible values
Integer (1) No Information about order delivery time

Please note:

Depending on the delivery method and carrier selected by the customer for the order, retrieve an approximate delivery time.

If the order includes products to be delivered by different carriers, retrieve the information from the product with the longest delivery time.

Possible values:

1 = Electronic delivery
2 = Same day shipping
3 = Overnight shipping
4 = Two-day or more shipping

merchant_risk_statement [purchase_indicator]

Format Required Description / Note / Possible values
Integer (1) No Information about product availability

Please note:

Provide the value 2 (future availability) only if none of the products included in the current order are in stock.

Possible values:

1 = Merchandise available
2 = Future availability

merchant_risk_statement [pre_order_date]

Format Required Description / Note / Value example
YYYYMMDD Integer (8) No Estimated restocking date in case of a pre-order

Please note:

If none of the products are in stock when ordering (purchase_indicator = 2), provide the restocking date.

Value example:

20190925

merchant_risk_statement [reorder_indicator]

Format Required Description / Note / Possible values
Integer (1) No Indicates if the customer has ordered the same products in the same quantities before

Please note:

Search in the customer’s order history for any order with the same product references in the same quantities.

Do not take into account product prices and possible discounts applied.

Possible values:

1 = First-time order
2 = Reorder

merchant_risk_statement [shipping_indicator]

Format Required Description / Note / Possible values
Integer (1) No Information about the delivery address

Please note:

Provide this information based on the types of products included in the order and the delivery method.

For intangible products not requiring any carrier, please provide:

5 = Digital goods
6 = Travel and event tickets, no shipping
7 = Other (gaming, digital services without shipping, e-media subscription)

For products requiring shipping, compare the delivery address with the billing address; depending on the result, please provide:

1 = Shipping to cardholder’s billing address
2 = Shipping to another verified address on file with the merchant
3 = Shipping to an address different from the cardholder’s billing address

When comparing addresses, you must take into account all the address fields (street, city, postal code, etc.).
An address is considered verified when it has already been used for a previous order.

Possible values:

1 = Shipping to cardholder’s billing address
2 = Shipping to another verified address on file with the merchant
3 = Shipping to an address different from the cardholder’s billing address
4 = Shipping to store / pick-up at local store
5 = Digital goods
6 = Travel and event tickets, no shipping
7 = Other (gaming, digital services without shipping, e-media subscription)

merchant_risk_statement [gift_card]

Field name Format Required Description / Note / Value example
amount Number No Information relating to the purchase of prepaid or gift cards: total amount of purchased cards

Please note:

If the order includes products such as prepaid or gift cards, retrieve the total amount of purchased cards.

Value example:

15.00

count Integer No Information relating to the purchase of prepaid or gift cards: total number of purchased cards

Please note:

If the order includes products such as prepaid or gift cards, retrieve the total number of purchased cards.

Value example:

1

currency String (3) No Information relating to the purchase of prepaid or gift cards: card currency ISO code 4217

Please note:

If the order includes products such as prepaid or gift cards, retrieve the card currency.

Value example:

EUR

JSON example:


            "merchant_risk_statement": {
              "email_delivery_address": "[email protected]",
              "delivery_time_frame": 1,
              "purchase_indicator": 1,
              "pre_order_date": 20190925,
              "reorder_indicator": 1,
              "shipping_indicator": 1,
              "gift_card": {
                "amount": 15,
                "count": 1,
                "currency": "EUR"
              }
            }
            

recurring_info [expiration_date]

Format Required Description / Value example
YYYYMMDD Integer No In case of a recurring transaction, date after which no further authorizations shall be performed

Value example:

20180507

recurring_info [frequency]

Format Required Description / Value example
 Integer (4) No In case of a recurring transaction, indicates the minimum number of days(s) between authorizations

Value example:

31

JSON example:


              "recurring_info:" {
                "expiration_date": 20200318,
                "frequency": 31
              }
              

exemption

Format Required Description / Note
 String No Exemption(s) declared by the merchant

Please note:

It is through this field that you will be able to provide your exemption requests: for more details, please contact HiPay’s technical team.

Full PHP example:


            $data = array(
              // Order information
              "orderid"=> "hipay-test-12345678910",
              "description"=> "test product 01",
              "long_description"=> "full description of test product 01",
              "payment_product"=> "mastercard",
              "cardtoken"=> "daaf85868bcaee8klniazereiuop7b0ce133e88d",
              "eci"=> "7",
              "authentication_indicator"=> "1",
              "operation"=> "authorization",
              "currency"=> "EUR",
              "amount"=> 100,
              "shipping"=> 1,
              "tax"=> 1,
              "tax_rate"=> 1,
              "custom_data" =>
              '{
								"shipping_method":"click and collect",
								"first_order":"0",
								"products_list": "First product, Second product",
								"_reporting_data_1":"my custom data 1",
								"_reporting_data_2":"my custom data 2",
								"_reporting_data_3":"my custom data 3",
								"_reporting_data_4":"my custom data 4",
								"_reporting_data_5":"my custom data 5"
							}',
              
              // Customer information
              "email"=> "[email protected]",
              "phone"=> "01234567890",
              "birthdate"=> "19890525",
              "gender"=> "f",
              "firstname"=> "Jane",
              "lastname"=> "Doe",
              "country"=> "FR",
              "streetaddress"=> "10 rue de la facturation",
              "streetaddress2"=> "",
              "city"=> "Paris",
              "zipcode"=> "75012",
              "shipto_firstname"=> "Jane",
              "shipto_lastname"=> "Doe",
              "shipto_streetaddress"=> "20 rue de la livraison",
              "shipto_streetaddress2"=> "",
              "shipto_city"=> "Paris",
              "shipto_zipcode"=> "75012",
              "shipto_country"=> "FR",
              "cid"=> "123456",
              "ipaddr"=> "xxx.xx.xxx.xx",
              "accept_url"=> "",
              "decline_url"=> "",
              "pending_url"=> "",
              "exception_url"=> "",
              "cancel_url"=> "",

              //PSD2 information
              "account_info"=> "{
                'customer': {
                  'account_change': 20180507,
                  'opening_account_date': 20180507,
                  'password_change': 20180507,
                  },
                'purchase': {
                  'count': 2,
                  'card_stored_24h': 0,
                  'payment_attempts_24h': 0,
                  'payment_attempts_1y': 0
                  },
                'payment': {
                    'enrollment_date': 20180507
                  },
                'shipping': {
                    'shipping_used_date': 20180507,
                    'name_indicator': 1,
                    'suspicious_activity': 1
                    }
                  }",

                "device_channel"=> 2,

                "browser_info"=> "{
                  'java_enabled': true,
                  'javascript_enabled': true,
                  'ipaddr': '127.0.0.1',
                  'http_accept': '*/*',
                  'http_user_agent': 'Mozilla/4.0',
                  'language': 'fr',
                  'color_depth': '1',
                  'screen_height': 0,
                  'screen_width': 0,
                  'timezone': '300'
                  }",

                "previous_auth_info"=> "{
                  'transaction_reference': '987654321CBA'
                  }",

                "merchant_risk_statement"=> "{
                  'email_delivery_address': '[email protected]',
                  'delivery_time_frame': 1,
                  'purchase_indicator': 1,
                  'pre_order_date': 20190925,
                  'reorder_indicator': 1,
                  'shipping_indicator': 1,
                  'gift_card': {
                    'amount': 15,
                    'count': 1,
                    'currency': 'EUR' }
                    }",

                "recurring_info"=> "{
                  'expiration_date': 20200318,
                  'frequency': 31
                }"
            );
            

Important upcoming dates

  • End of August 2019:

Possibility to test the new fields arising from PSD2 in the /order and /hpayment test APIs (stage environment) and also the following HiPay Enterprise modules / SDKs:

– JavaScript SDK
– PHP SDK
– iOS SDK
– Android SDK
– PrestaShop 1.6 – 1.7 module
– Magento 1 module
– Magento 2 module
– WooCommerce module

  • Early September 2019:
  • Possibility to test the new fields arising from PSD2 in the /order and /hpayment production APIs
  • September 14, 2019:

The new standards in terms of strong authentication (Regulatory Technical Standards – RTS) linked to PSD2 will come into force in Europe.