In effect since the beginning of 2018, the second Payment Services Directive (PSD2) redefines security standards for online payments. Given the strong growth of e-commerce in Europe, it aims to increase security during payment processing, while fighting more actively against fraud attempts.
This is the goal of the PSD2: to strengthen and increase e-shoppers’ trust
With the enforcement of the Regulatory Technical Standards (RTS) arising from the PSD2 since September 14, 2019, new requirements in terms of strong authentication must be applied to all transactions carried out over the Internet for a better protection of customers.
Therefore, you must comply with 3-D Secure v2, the new version of the protocol developed by EMVCo (organization bringing together representatives from the main card networks and leaders in the payment industry) which standardizes the process of strong authentication for online payments.
Please note: The 3-D Secure standard only applies to card payments (Visa, Mastercard, CB, American Express) and not to payments made with alternative or local payment methods (Klarna, iDEAL, Bancontact…).
As a payment service provider, HiPay is here to guide you and facilitate your transition to these new authentication methods.
What changes as from September 14, 2019
Today, merchants or their payment service providers decide to use strong authentication on transactions based on their fraud management policy by triggering 3-D Secure 1.0. End customers are then redirected to a page from their bank, where they must enter, to prove their identity, a one-time code, generally received by SMS.
As from September 14, 2019, the decision to apply strong authentication will be made by the issuer, the cardholder’s bank (end customer). The issuer will make this decision according to the numerous criteria set in the PSD2 (limits, exemptions, fraud rate management…) and based on the analysis of more than 150 data collected during each purchasing process.
Therefore, to comply with the new PSD2 requirements and improve user experience, the 3-D Secure v2 protocol has been developed to benefit from a more dynamic and more secure authentication, that integrates innovative authentication methods, such as biometric authentication solutions.
More importantly, version 2 of the protocol will enable merchants to offer purchasing processes more integrated to their environment.
When the issuers will deem that the data sent make it possible to identify the cardholder, or when transactions will meet certain eligibility criteria, the authentication process will be completely transparent for the end users.
However, when the analyzed data will not allow the cardholder to be identified, a strong customer authentication will be required.
In both cases, responsibility will be transferred to the issuer.
Understanding Strong Customer Authentication
This new requirement imposes strong authentication on customers when they finalize their purchases, by combining two independent authentication factors.
These authentication factors can be:
something known by the end customer (e.g.: password, secret question, secret code, etc.),
something owned by the end customer (e.g.: smartphone, connected device, token, chip card, etc.),
something inherent to the end customer (e.g.: fingerprint, facial or vocal recognition, iris recognition, etc.).
The technical answer to these new requirements relating to strong authentication involves the implementation of 3-D Secure v2.
To comply with this new regulation, it is thus necessary to:
- integrate the fields required for the smooth functioning of 3-D Secure v2,
- evaluate the scope of your transactions that could be exempt from strong authentication.
Transactions outside of the scope of PSD2 and exempt from strong authentication
Certain transactions may be exempt from strong authentication, others are outside of the scope of PSD2.
Thanks to HiPay’s anti-fraud tools, our teams will work together with merchants for optimal implementation of exemptions, with the goal of maximizing the fluidity of the customer journey, while actively fighting fraud.
For more information on possible exemptions, please refer to our web page dedicated to PSD2.
HiPay is here for you to comply with PSD2
To meet PSD2 requirements, HiPay will provide you with guidance and support regarding the evolution of your technical integration.
Thus, HiPay makes it easier for you to implement 3-D Secure v2 by minimizing the constraints of integration on your end.
Implementing the new protocol does not modify the current architecture between the merchant and HiPay.
However, in order to maximize the success of your transactions and simplify your customer journey, it is strongly recommended to collect the new types of data described below and provide them to HiPay.
We invite you to review the new fields to integrate, described in the following table.
Our merchants using our CMS modules (Magento, PrestaShop, WooCommerce) or our SDKs (iOS, Android, PHP, JavaScript) will be informed of the date of their release.
New fields to integrate into existing /order and /hpayment APIs
Object / field name
Required
Description
Customer identity
Yes
- firstname - lastname Click here for more information
Billing address
No
- streetaddress - city - zipcode - country Click here for more information
Cardholder
Yes
Cardholder's name (for the tokenization process) - cardholder Click here for more information
account_info
No
Information about the customer account
device_channel
Yes
Device from which the transaction is initiated
browser_info
Yes
Customer's browser information
merchant_risk_statement
No
Information about the order of the customer, enabling to perform transaction risk analysis
recurring_info
No
Information about a recurring transaction
Please note: all the fields that are not required are strongly recommended.
account_info [customer]
Field name
Format
Required
Description / Note / Value example
account_change
YYYYMMDD Integer
No
Date of the last change made by the customer on their account, including delivery and billing address, the addition of a payment means or a user Please note: Implement a field on your user table enabling to save any change made by the user on their account, then retrieve this value. Most CMSes natively allow to retrieve this information from the customer account. Value example: 20180507
opening_account_date
YYYYMMDD Integer
No
Creation date of the customer account Please note: Implement a field on your user table enabling to save the creation date of the customer account. Most CMSes natively allow to retrieve this information from the customer account. Value example: 20180507
password_change
YYYYMMDD Integer
No
Date of the last modification of the customer account password Please note: Implement a field on your user table enabling to flag any modification of the customer account password, then retrieve this value. Most CMSes natively allow to retrieve this information from the customer account. Value example: 20180507
account_info [purchase]
Field name
Format
Required
Description / Note / Value example
count
Integer (4)
No
Number of order(s) made by the customer during the last six months (all payment means taken into account) Please note: Retrieve the number of orders, regardless of the payment means used and status of the order made by the customer (e.g.: refunded, cancelled, etc.). Value example: 2
card_stored_24h
Integer (3)
No
Number of Add card attempt(s) on the customer account during the last 24 hours Please note: Implement a table saving Add card attempt(s) from customers with the date and time of the attempt. If the card is not authorized but the user wanted to save it, take the attempt into account. Retrieve the number of attempts from customers on Date Time - 24H. Value example: 0
payment_attempts_24h
Integer (3)
No
Number of transaction(s) (payments by payment card) made by the customer during the last 24 hours Please note: Retrieve the number of orders from the customer on Date Time - 24H with payment made by credit card. Value example: 0
payment_attempts_1y
Integer (3)
No
Number of transaction(s) (payments by payment card) made by the customer during the last 12 months Please note: Retrieve the number of orders from the customer on Date Time - 365D with payment made by credit card. Value example: 0
account_info [payment]
Field name
Format
Required
Note / Value example
enrollment_date
YYYYMMDD Integer
No
Please note: For a one-click payment, provide the date when the payment card has been saved in the customer account. If payment is made with a saved card, retrieve the date when the card was saved in the customer account. Value example: 20180507
account_info [shipping]
Field name
Format
Required
Description / Note / Value example / Possible values
shipping_used_date
YYYYMMDD Integer
No
Date of the first order made by the customer with this shipping address Value example: 20180507
name_indicator
Integer (1)
No
Indicates if the name of the customer is the same as on the shipping address for this transaction Possible values: 1 = Account name identical to shipping name 2 = Account name different from shipping name
suspicious_activity
Integer (1)
No
Indicates if the merchant has experienced suspicious activities (including fraud) on this customer account Please note: If you subscribed to HiPay Sentinel, you do not have to provide this information. If you did not subscribe to HiPay Sentinel, you have to send us the value (1 or 2) corresponding to the information from your anti-fraud system. Possible values: 1 = No suspicious activity has been observed 2 = Suspicious activity has been observed
JSON example:
"account_info": {
"customer": {
"account_change": 20180507,
"opening_account_date": 20180507,
"password_change": 20180507
},
"purchase": {
"count": 2,
"card_stored_24h": 0,
"payment_attempts_24h": 0,
"payment_attempts_1y": 0
},
"payment": {
"enrollment_date": 20180507,
},
"shipping": {
"shipping_used_date": 20180507,
"name_indicator": 1,
"suspicious_activity": 1
}
}
device_channel
Format
Required
Description / Note / Possible values
Integer (1)
Yes
Indicates the channel used to initiate the transaction Please note: 2 (BROWSER) is the default value; otherwise, please provide the relevant value. Possible values: 2 = Browser (BRW) 3 = 3DS Requestor Initiated (3RI = MIT)
browser_info
If your integration uses the Hosted Fields / Hosted Payments methods, the browser_info data will be returned to you in the getPaymentData method response (in JSON format).
If you use a CMS, the browser_info data will be retrieved and sent to HiPay automatically.
If you neither use a CMS nor use the Hosted Fields / Hosted Payments methods, but use the HiPay JavaScript SDK, you can call the getBrowserInfo method to retrieve the browser_info data.
In any other case, you must directly retrieve the browser_info data in order to provide them to us.
browser_info [java_enabled]
Format
Required
Description / Note
Boolean
Yes
Boolean that represents the ability of the customer's browser to execute Java Please note: Use the following Java method: navigator.javaEnabled()
browser_info [javascript_enabled]
Format
Required
Description / Note / Possible values
Boolean
Yes
Boolean that represents the ability of the customer's browser to execute JavaScript Please note: True by default Possible values: True False
browser_info [language]
Format
Required
Description / Note / Value example
String (5)
Yes
Value that represents the customer's browser's language as defined in IETF BCP47 Please note: Use the following JavaScript method: navigator.language Value example: fr-FR
browser_info [color_depth]
Format
Required
Description / Note / Possible values
Integer (1 - 2)
Only if javascript_enabled = yes
Value that represents the depth of the color palette for displaying images, in bits per pixel Please note: Use the following JavaScript method: window.screen.colorDepth Possible values: 1 = 1 bit 4 = 4 bits 8 = 8 bits 15 = 15 bits 16 = 16 bits 24 = 24 bits 32 = 32 bits 48 = 48 bits
browser_info [screen_height]
Format
Required
Description / Note / Value example
Integer (1 - 6)
Only if javascript_enabled = yes
Total height of the customer's screen (in pixels) Please note: Use the following JavaScript method: window.screen.height Value example: 1080
browser_info [screen_width]
Format
Required
Description / Note / Value example
Integer (1 - 6)
Only if javascript_enabled = yes
Total width of the customer's screen (in pixels) Please note: Use the following JavaScript method: window.screen.width Value example: 1920
browser_info [timezone]
Format
Required
Description / Note / Value example
String (1 - 5)
Only if javascript_enabled = yes
Time-zone offset in minutes between UTC time and the cardholder's browser local time Please note: Use the following JavaScript method: new Date().getTimezoneOffset() Value example: 300
browser_info [ipaddr]
Format
Required
Description / Value example
String
Yes
IP address of the purchasing customer Value example: 127.0.0.1
browser_info [http_accept]
Format
Required
Description / Value example
String
Yes
This element should include the exact content of the HTTP Accept header, as sent to the merchant from the customer's browser. Value example: */*
browser_info [http_user_agent]
Format
Required
Description / Value example
String
Yes
This element should include the exact content of the HTTP User_Agent header, as sent to the merchant from the customer's browser. Value example: Mozilla/4.0
JSON example for the whole browser_info section:
"browser_info": {
"java_enabled": true,
"javascript_enabled": true,
"ipaddr": "127.0.0.1",
"http_accept": "*/*",
"http_user_agent": "Mozilla/4.0",
"language": "fr-FR",
"color_depth": 1,
"screen_height": 1080,
"screen_width": 1920,
"timezone": "300"
}
merchant_risk_statement [email_delivery_address]
Format
Required
Description / Note / Value example
String (254)
No
Electronic delivery address for intangible products Please note: Provide this information if the order includes at least one intangible product. Value example: jane.doe@test.com
merchant_risk_statement [delivery_time_frame]
Format
Required
Description / Note / Possible values
Integer (1)
No
Information about order delivery time Please note: Depending on the delivery method and carrier selected by the customer for the order, retrieve an approximate delivery time. If the order includes products to be delivered by different carriers, retrieve the information from the product with the longest delivery time. Possible values: 1 = Electronic delivery 2 = Same day shipping 3 = Overnight shipping 4 = Two-day or more shipping
merchant_risk_statement [purchase_indicator]
Format
Required
Description / Note / Possible values
Integer (1)
No
Information about product availability Please note: Provide the value 2 (future availability) only if none of the products included in the current order are in stock. Possible values: 1 = Merchandise available 2 = Future availability
merchant_risk_statement [pre_order_date]
Format
Required
Description / Note / Value example
YYYYMMDD Integer (8)
No
Estimated restocking date in case of a pre-order Please note: If none of the products are in stock when ordering (purchase_indicator = 2), provide the restocking date. Value example: 20190925
merchant_risk_statement [reorder_indicator]
Format
Required
Description / Note / Possible values
Integer (1)
No
Indicates if the customer has ordered the same products in the same quantities before Please note: Search in the customer's order history for any order with the same product references in the same quantities. Do not take into account product prices and possible discounts applied. Possible values: 1 = First-time order 2 = Reorder
merchant_risk_statement [shipping_indicator]
Format
Required
Description / Note / Possible values
Integer (1)
No
Information about the delivery address Please note: Provide this information based on the types of products included in the order and the delivery method. For intangible products not requiring any carrier, please provide: 5 = Digital goods (online services, electronic gift cards, or redemption codes) 6 = Travel and event tickets, no shipping 7 = Other (gaming, digital services without shipping, e-media subscription) For products requiring shipping, compare the delivery address with the billing address; depending on the result, please provide: 1 = Shipping to cardholder's billing address 2 = Shipping to another verified address on file with the merchant 3 = Shipping to an address different from the cardholder's billing address When comparing addresses, you must take into account all the address fields (street, city, postal code, etc.). An address is considered verified when it has already been used for a previous order. Possible values: 1 = Shipping to cardholder's billing address 2 = Shipping to another verified address on file with the merchant 3 = Shipping to an address different from the cardholder's billing address 4 = Shipping to store / pick-up at local store 5 = Digital goods (online services, electronic gift cards, or redemption codes) 6 = Travel and event tickets, no shipping 7 = Other (gaming, digital services without shipping, e-media subscription)
merchant_risk_statement [gift_card]
Field name
Format
Required
Description / Note / Value example
amount
Number
No
Information relating to the purchase of prepaid or gift cards: total amount of purchased cards Please note: If the order includes products such as prepaid or gift cards, retrieve the total amount of purchased cards. Value example: 15.00
count
Integer
No
Information relating to the purchase of prepaid or gift cards: total number of purchased cards Please note: If the order includes products such as prepaid or gift cards, retrieve the total number of purchased cards. Value example: 1
currency
String (3)
No
Information relating to the purchase of prepaid or gift cards: card currency ISO code 4217 Please note: If the order includes products such as prepaid or gift cards, retrieve the card currency. Value example: EUR
JSON example:
"merchant_risk_statement": {
"email_delivery_address": "jane.doe@test.com",
"delivery_time_frame": 1,
"purchase_indicator": 1,
"pre_order_date": 20190925,
"reorder_indicator": 1,
"shipping_indicator": 1,
"gift_card": {
"amount": 15,
"count": 1,
"currency": "EUR"
}
}
recurring_info [expiration_date]
Format
Required
Description / Value example
YYYYMMDD Integer
No
In case of a recurring transaction, date after which no further authorizations shall be performed Value example: 20180507
recurring_info [frequency]
Format
Required
Description / Value example
Integer (4)
No
In case of a recurring transaction, indicates the minimum number of day(s) between authorizations Value example: 31
JSON example:
"recurring_info:" {
"expiration_date": 20200318,
"frequency": 31
}
Full PHP example:
$data = array(
// Order information
"orderid"=> "hipay-test-12345678910",
"description"=> "test product 01",
"long_description"=> "full description of test product 01",
"payment_product"=> "mastercard",
"cardtoken"=> "daaf85868bcaee8klniazereiuop7b0ce133e88d",
"eci"=> "7",
"authentication_indicator"=> "1",
"operation"=> "authorization",
"currency"=> "EUR",
"amount"=> 100,
"shipping"=> 1,
"tax"=> 1,
"tax_rate"=> 1,
"custom_data" =>
'{
"shipping_method":"click and collect",
"first_order":"0",
"products_list": "First product, Second product",
"_reporting_data_1":"my custom data 1",
"_reporting_data_2":"my custom data 2",
"_reporting_data_3":"my custom data 3",
"_reporting_data_4":"my custom data 4",
"_reporting_data_5":"my custom data 5"
}',
// Customer information
"email"=> "jane.doe@test.com",
"phone"=> "01234567890",
"birthdate"=> "19890525",
"gender"=> "f",
"firstname"=> "Jane",
"lastname"=> "Doe",
"country"=> "FR",
"streetaddress"=> "10 rue de la facturation",
"streetaddress2"=> "",
"city"=> "Paris",
"zipcode"=> "75012",
"shipto_firstname"=> "Jane",
"shipto_lastname"=> "Doe",
"shipto_streetaddress"=> "20 rue de la livraison",
"shipto_streetaddress2"=> "",
"shipto_city"=> "Paris",
"shipto_zipcode"=> "75012",
"shipto_country"=> "FR",
"cid"=> "123456",
"ipaddr"=> "xxx.xx.xxx.xx",
"accept_url"=> "",
"decline_url"=> "",
"pending_url"=> "",
"exception_url"=> "",
"cancel_url"=> "",
// PSD2 information
"account_info"=> "{
'customer': {
'account_change': 20180507,
'opening_account_date': 20180507,
'password_change': 20180507,
},
'purchase': {
'count': 2,
'card_stored_24h': 0,
'payment_attempts_24h': 0,
'payment_attempts_1y': 0
},
'payment': {
'enrollment_date': 20180507
},
'shipping': {
'shipping_used_date': 20180507,
'name_indicator': 1,
'suspicious_activity': 1
}
}",
"device_channel"=> 2,
"browser_info"=> "{
'java_enabled': true,
'javascript_enabled': true,
'ipaddr': '127.0.0.1',
'http_accept': '*/*',
'http_user_agent': 'Mozilla/4.0',
'language': 'fr-FR',
'color_depth': 1,
'screen_height': 0,
'screen_width': 0,
'timezone': '300'
}",
"merchant_risk_statement"=> "{
'email_delivery_address': 'jane.doe@test.com',
'delivery_time_frame': 1,
'purchase_indicator': 1,
'pre_order_date': 20190925,
'reorder_indicator': 1,
'shipping_indicator': 1,
'gift_card': {
'amount': 15,
'count': 1,
'currency': 'EUR' }
}",
"recurring_info"=> "{
'expiration_date': 20200318,
'frequency': 31
}"
);
Object / field name
Required
Description
Customer identity
Yes
- firstname - lastname Click here for more information
Billing address
No
- streetaddress - city - zipcode - country Click here for more information
account_info
No
Information about the customer account
device_channel
Yes
Device from which the transaction is initiated
merchant_risk_statement
No
Information about the order of the customer, enabling to perform transaction risk analysis
recurring_info
No
Information about a recurring transaction
Please note: all the fields that are not required are strongly recommended.
account_info [customer]
Field name
Format
Required
Description / Note / Value example
account_change
YYYYMMDD Integer
No
Date of the last change made by the customer on their account, including delivery and billing address, the addition of a payment means or a user Please note: Implement a field on your user table enabling to save any change made by the user on their account, then retrieve this value. Most CMSes natively allow to retrieve this information from the customer account. Value example: 20180507
opening_account_date
YYYYMMDD Integer
No
Creation date of the customer account Please note: Implement a field on your user table enabling to save the creation date of the customer account. Most CMSes natively allow to retrieve this information from the customer account. Value example: 20180507
password_change
YYYYMMDD Integer
No
Date of the last modification of the customer account password Please note: Implement a field on your user table enabling to flag any modification of the customer account password, then retrieve this value. Most CMSes natively allow to retrieve this information from the customer account. Value example: 20180507
account_info [purchase]
Field name
Format
Required
Description / Note / Value example
count
Integer (4)
No
Number of order(s) made by the customer during the last six months (all payment means taken into account) Please note: Retrieve the number of orders, regardless of the payment means used and status of the order made by the customer (e.g.: refunded, cancelled, etc.). Value example: 2
card_stored_24h
Integer (3)
No
Number of Add card attempt(s) on the customer account during the last 24 hours Please note: Implement a table saving Add card attempt(s) from customers with the date and time of the attempt. If the card is not authorized but the user wanted to save it, take the attempt into account. Retrieve the number of attempts from customers on Date Time - 24H. Value example: 0
payment_attempts_24h
Integer (3)
No
Number of transaction(s) (payments by payment card) made by the customer during the last 24 hours Please note: Retrieve the number of orders from the customer on Date Time - 24H with payment made by credit card. Value example: 0
payment_attempts_1y
Integer (3)
No
Number of transaction(s) (payments by payment card) made by the customer during the last 12 months Please note: Retrieve the number of orders from the customer on Date Time - 365D with payment made by credit card. Value example: 0
account_info [payment]
Field name
Format
Required
Note / Value example
enrollment_date
YYYYMMDD Integer
No
Please note: For a one-click payment, provide the date when the payment card has been saved in the customer account. If payment is made with a saved card, retrieve the date when the card was saved in the customer account. Value example: 20180507
account_info [shipping]
Field name
Format
Required
Description / Note / Value example / Possible values
shipping_used_date
YYYYMMDD Integer
No
Date of the first order made by the customer with this shipping address Value example: 20180507
name_indicator
Integer (1)
No
Indicates if the name of the customer is the same as on the shipping address for this transaction Possible values: 1 = Account name identical to shipping name 2 = Account name different from shipping name
suspicious_activity
Integer (1)
No
Indicates if the merchant has experienced suspicious activities (including fraud) on this customer account Please note: If you subscribed to HiPay Sentinel, you do not have to provide this information. If you did not subscribe to HiPay Sentinel, you have to send us the value (1 or 2) corresponding to the information from your anti-fraud system. Possible values: 1 = No suspicious activity has been observed 2 = Suspicious activity has been observed
JSON example:
"account_info": {
"customer": {
"account_change": 20180507,
"opening_account_date": 20180507,
"password_change": 20180507
},
"purchase": {
"count": 2,
"card_stored_24h": 0,
"payment_attempts_24h": 0,
"payment_attempts_1y": 0
},
"payment": {
"enrollment_date": 20180507,
},
"shipping": {
"shipping_used_date": 20180507,
"name_indicator": 1,
"suspicious_activity": 1
}
}
device_channel
Format
Required
Description / Note / Possible values
Integer (1)
Yes
Indicates the channel used to initiate the transaction Please note: 2 (BROWSER) is the default value; otherwise, please provide the relevant value. Possible values: 1 = App-based (APP) 2 = Browser (BRW) 3 = 3DS Requestor Initiated (3RI = MIT)
merchant_risk_statement [email_delivery_address]
Format
Required
Description / Note / Value example
String (254)
No
Electronic delivery address for intangible products Please note: Provide this information if the order includes at least one intangible product. Value example: jane.doe@test.com
merchant_risk_statement [delivery_time_frame]
Format
Required
Description / Note / Possible values
Integer (1)
No
Information about order delivery time Please note: Depending on the delivery method and carrier selected by the customer for the order, retrieve an approximate delivery time. If the order includes products to be delivered by different carriers, retrieve the information from the product with the longest delivery time. Possible values: 1 = Electronic delivery 2 = Same day shipping 3 = Overnight shipping 4 = Two-day or more shipping
merchant_risk_statement [purchase_indicator]
Format
Required
Description / Note / Possible values
Integer (1)
No
Information about product availability Please note: Provide the value 2 (future availability) only if none of the products included in the current order are in stock. Possible values: 1 = Merchandise available 2 = Future availability
merchant_risk_statement [pre_order_date]
Format
Required
Description / Note / Value example
YYYYMMDD Integer (8)
No
Estimated restocking date in case of a pre-order Please note: If none of the products are in stock when ordering (purchase_indicator = 2), provide the restocking date. Value example: 20190925
merchant_risk_statement [reorder_indicator]
Format
Required
Description / Note / Possible values
Integer (1)
No
Indicates if the customer has ordered the same products in the same quantities before Please note: Search in the customer's order history for any order with the same product references in the same quantities. Do not take into account product prices and possible discounts applied. Possible values: 1 = First-time order 2 = Reorder
merchant_risk_statement [shipping_indicator]
Format
Required
Description / Note / Possible values
Integer (1)
No
Information about the delivery address Please note: Provide this information based on the types of products included in the order and the delivery method. For intangible products not requiring any carrier, please provide: 5 = Digital goods (online services, electronic gift cards, or redemption codes) 6 = Travel and event tickets, no shipping 7 = Other (gaming, digital services without shipping, e-media subscription) For products requiring shipping, compare the delivery address with the billing address; depending on the result, please provide: 1 = Shipping to cardholder's billing address 2 = Shipping to another verified address on file with the merchant 3 = Shipping to an address different from the cardholder's billing address When comparing addresses, you must take into account all the address fields (street, city, postal code, etc.). An address is considered verified when it has already been used for a previous order. Possible values: 1 = Shipping to cardholder's billing address 2 = Shipping to another verified address on file with the merchant 3 = Shipping to an address different from the cardholder's billing address 4 = Shipping to store / pick-up at local store 5 = Digital goods (online services, electronic gift cards, or redemption codes) 6 = Travel and event tickets, no shipping 7 = Other (gaming, digital services without shipping, e-media subscription)
merchant_risk_statement [gift_card]
Field name
Format
Required
Description / Note / Value example
amount
Number
No
Information relating to the purchase of prepaid or gift cards: total amount of purchased cards Please note: If the order includes products such as prepaid or gift cards, retrieve the total amount of purchased cards. Value example: 15.00
count
Integer
No
Information relating to the purchase of prepaid or gift cards: total number of purchased cards Please note: If the order includes products such as prepaid or gift cards, retrieve the total number of purchased cards. Value example: 1
currency
String (3)
No
Information relating to the purchase of prepaid or gift cards: card currency ISO code 4217 Please note: If the order includes products such as prepaid or gift cards, retrieve the card currency. Value example: EUR
JSON example:
"merchant_risk_statement": {
"email_delivery_address": "jane.doe@test.com",
"delivery_time_frame": 1,
"purchase_indicator": 1,
"pre_order_date": 20190925,
"reorder_indicator": 1,
"shipping_indicator": 1,
"gift_card": {
"amount": 15,
"count": 1,
"currency": "EUR"
}
}
recurring_info [expiration_date]
Format
Required
Description / Value example
YYYYMMDD Integer
No
In case of a recurring transaction, date after which no further authorizations shall be performed Value example: 20180507
recurring_info [frequency]
Format
Required
Description / Value example
Integer (4)
No
In case of a recurring transaction, indicates the minimum number of day(s) between authorizations Value example: 31
JSON example:
"recurring_info:" {
"expiration_date": 20200318,
"frequency": 31
}
Full PHP example:
$data = array(
// Design and configuration of the payment page
"template" =>"basic-js",
"time_to_limit_to_pay" =>"",
"css" =>"",
"language" =>"fr_FR",
"merchant_display_name" =>"My company name",
"display_selector"=>"1",
// Order information
"orderid"=> "hipay-test-12345678910",
"description"=> "test product 01",
"long_description"=> "full description of test product 01",
"payment_product"=> "mastercard",
"cardtoken"=> "daaf85868bcaee8klniazereiuop7b0ce133e88d",
"eci"=> "7",
"authentication_indicator"=> "1",
"operation"=> "authorization",
"currency"=> "EUR",
"amount"=> 100,
"shipping"=> 1,
"tax"=> 1,
"tax_rate"=> 1,
"custom_data"=>
'{
"shipping_method":"click and collect",
"first_order":"0",
"products_list": "First product, Second product",
"_reporting_data_1":"my custom data 1",
"_reporting_data_2":"my custom data 2",
"_reporting_data_3":"my custom data 3",
"_reporting_data_4":"my custom data 4",
"_reporting_data_5":"my custom data 5"
}',
"accept_url"=> "",
"decline_url"=> "",
"pending_url"=> "",
"exception_url"=> "",
"cancel_url"=> "",
// Customer information
"email"=> "jane.doe@test.com",
"phone"=> "01234567890",
"birthdate"=> "19890525",
"gender"=> "f",
"firstname"=> "Jane",
"lastname"=> "Doe",
"country"=> "FR",
"streetaddress"=> "10 rue de la facturation",
"streetaddress2"=> "",
"city"=> "Paris",
"zipcode"=> "75012",
"shipto_firstname"=> "Jane",
"shipto_lastname"=> "Doe",
"shipto_streetaddress"=> "20 rue de la livraison",
"shipto_streetaddress2"=> "",
"shipto_city"=> "Paris",
"shipto_zipcode"=> "75012",
"shipto_country"=> "FR",
"cid"=> "123456",
"ipaddr"=> "xxx.xx.xxx.xx",
// PSD2 information
"account_info"=>
"{
'customer':
{
'account_change': 20180507,
'opening_account_date': 20180507,
'password_change': 20180507,
},
'purchase':
{
'count': 2,
'card_stored_24h': 0,
'payment_attempts_24h': 0,
'payment_attempts_1y': 0
},
'payment':
{
'enrollment_date': 20180507
},
'shipping':
{
'shipping_used_date': 20180507,
'name_indicator': 1,
'suspicious_activity': 1
}
}",
"device_channel"=> 2,
"merchant_risk_statement"=>
"{
'email_delivery_address': 'jane.doe@test.com',
'delivery_time_frame': 1,
'purchase_indicator': 1,
'pre_order_date': 20190925,
'reorder_indicator': 1,
'shipping_indicator': 1,
'gift_card':
{
'amount': 15,
'count': 1,
'currency': 'EUR'
}
}",
"recurring_info"=>
"{
'expiration_date': 20200318,
'frequency': 31
}"
);
Testing
To test in HiPay's stage platform the format of all PSD2 fields, you must:
- Send a transaction in EUR currency;
- Send a total order amount between €100 and €200;
- Use a payment method affected by PSD2.
In the event of missing or invalid parameters, the error returned is of the form:
The following DSP2 fields are invalid or missing: browser_info.java_enabled, device_channelThe associated reason code is 1010201 (invalid parameter).
Important dates
- September 11, 2019:
The Banque de France has authorized an 18-month migration plan for online electronic payments to comply with PSD2 (for more information, please read the press release).
- April 1, 2020:
Strong authentication mandatory for all transactions above €500
- April 1, 2021:
Strong authentication mandatory for all e-commerce transactions
SDKs and modules available and updated to PSD2
- JavaScript SDK
https://developer.hipay.com/online-payments/sdk-reference/sdk-js - PHP SDK
https://developer.hipay.com/online-payments/sdk-reference/sdk-php - PrestaShop 1.6 - 1.7 module
https://developer.hipay.com/cms-modules/prestashop/prestashop-enterprise - Magento 1 module
https://developer.hipay.com/cms-modules/magento/magento-1-enterprise - Magento 2 module
https://developer.hipay.com/cms-modules/magento/magento-2-enterprise - Android SDK
https://developer.hipay.com/mobile-payments/android/android-sdk-configuration - WooCommerce module
https://developer.hipay.com/cms-modules/woocommerce/woocommerce-enterprise - iOS SDK
https://developer.hipay.com/mobile-payments/ios/ios-sdk-configuration
