Versions Compared

Old Version 16

changes.mady.by.user Admin

Saved on

compared with

New Version 17

changes.mady.by.user Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space ENWORK and version Documentation
Section
Column
width900

Overview

A Silent Order Post or Direct Post is a transmission method where form data from a merchant website are getting directly posted to a third-party server. This is commonly achieved through the form action attribute that specifies the URL the data are sent to.

Info

Sensitive data such as card details can be captured within a merchant’s website without being processed by the merchant server as the POST is submitted silently. The URL endpoint in

Multiexcerpt include
SpaceWithExcerptEN
MultiExcerptNamePlatform-Name
PageWithExcerptWording
to receive Silent Order Post requests is referred to as PayNow.

<form action="../payNow.aspx" method="post">

This approach is very similar to

Multiexcerpt include
SpaceWithExcerptEN
MultiExcerptNamePartner-Name
PageWithExcerptWording
hosted payment forms and leaves the merchant in full control of the checkout experience as all website elements are delivered from the merchant’s server.


Note
titlePCI-DSS Considerations

Merchants processing card transactions using the Silent Post model must submit the PCI DSS Self-Assessment Questionnaire (SAQ) A-EP. This SAQ is more comprehensive and thus might require more time and resources in comparison to SAQ A applicable to merchants that use hosted payment pages. However, merchants should always consult with their acquirer to evaluate the level of compliance required and refer to the PCI DSS guidelines. This does not affect the use of pseudo card numbers which is possible without submitting the SAQ questionaire.

Note
titleNotice about Cookie-/Session Handling

Please note that some browsers might block necessary cookies when returning to Your shop. Here you will find additial information and different solution approaches.

Table of Contents


Multiexcerpt include
SpaceWithExcerptEN
MultiExcerptNameLink_CookieSessionHandling
DisableCachingtrue
PageWithExcerptReuse API

Sequence Diagram

Payment Request

Please POST the form data as outlined in table below to

Multiexcerpt include
SpaceWithExcerptEN
MultiExcerptNameBaseURL
PageWithExcerptWording
payNow.aspx.

Form Elements

Table Filter
defaultBeschreibung
isFirstTimeEnterfalse
hideColumnstrue
sparkNameSparkline
hidePanetrue
datepatterndd M yy
id1625494349836_-1514246176
worklog365|5|8|y w d h m|y w d h m
isORAND
separatorPoint (.)
order0
Multiexcerpt
MultiExcerptNameform_elements
Table Transformer
dateFormatdd M yy
export-wordfalse
show-sourcefalse
export-csvfalse
id1625494349838_506791153
transposefalse
worklog365|5|8|y w d h m|y w d h m
separator.
export-pdffalse
sqlSELECT * FROM T*
Data ElementLegacy ElementDescriptionBeschreibung

MerchantID

--

Merchant identifier assigned by

Multiexcerpt include
SpaceWithExcerptEN
MultiExcerptNamePartner-Name
PageWithExcerptWording

HändlerID, die von 

Multiexcerpt include
SpaceWithExcerptDE
MultiExcerptNamePartner-Name
PageWithExcerptDE:Wording
vergeben wird

Len

--

The length of the original encrypted with Blowfish

Die Länge des Originals verschlüsselt mit Blowfish

Data

--

Blowfish encrypted data

Per Blowfish verschlüsselte Daten

number

CCNr

Card number

Kartennummer

securityCode

CCCVC

Card security value

Kartenprüfnummer

expiryDate

CCExpiry

Card expiry in format YYYYMM

Kartenablaufdatum im Format JJJJMM

brand

CCBrand

Card network

Kartensystem

cardholder

CreditCardHolder

Name of the cardholder as printed on the card.

Notice: Alphanumeric special characters, listed in EMV Book 4, “Appendix B”. Special characters have been added with EMV 3DS Version 2.3, but not all participants (banks) already support that standard.

Name des Karteninhabers, wie er auf der Karte gedruckt ist.

Hinweis: Alphanumerische Sonderzeichen gemäß EMV Book 4, „Anhang B“. Sonderzeichen wurden mit EMV 3DS Version 2.3 hinzugefügt, aber nicht alle Teilnehmer (Banken) unterstützen diesen Standard bereits.

(- 

Multiexcerpt include
SpaceWithExcerptEN
MultiExcerptNamePartner-Name
PageWithExcerptWording
will continue to support the legacy form data fields that are currently in use. -)

Data

Table Filter
defaultBeschreibung
isFirstTimeEnterfalse
hideColumnstrue
sparkNameSparkline
hidePanetrue
datepatterndd M yy
id1625494349840_-2077968118
worklog365|5|8|y w d h m|y w d h m
isORAND
separatorPoint (.)
order0
Multiexcerpt
MultiExcerptNamedata
Table Transformer
dateFormatdd M yy
export-wordfalse
show-sourcefalse
export-csvfalse
id1625494349841_-1476467538
transposefalse
worklog365|5|8|y w d h m|y w d h m
separator.
export-pdffalse
sqlSELECT * FROM T*

Table Excerpt Include
statictrue
nameMerchantID
pageMerchantID
typepage

Table Excerpt Include
statictrue
nameTransID
pageTransID
typepage

KeyFormatCNDDescriptionBeschreibung

MsgVer

ans..5

M

Message version.

Accepted values:

  • 2.0

Message-Version.

Zulässige Werte:

  • 2.0

RefNr


O

Merchant’s unique reference number, which serves as payout reference in the acquirer EPA file. Please note, without the own shop reference delivery you cannot read out the EPA transaction and regarding the additional

Multiexcerpt include
SpaceWithExcerptEN
MultiExcerptNamePartner-Name
PageWithExcerptWording
settlement file (CTSF) we cannot add the additional payment data.

(info) Details on supported format can be found below in payment specific section.

Eindeutige Referenznummer des Händlers, welche als Auszahlungsreferenz in der entsprechenden Acquirer EPA-Datei angegeben wird. Bitte beachten Sie, ohne die Übergabe einer eigenen Auszahlungsreferenz können Sie die EPA-Transaktionen nicht zuordnen, zusätzlich kann das 

Multiexcerpt include
SpaceWithExcerptDE
MultiExcerptNamePartner-Name
PageWithExcerptDE:Wording
Settlement File (CTSF) auch nicht zusätzlich angereichert werden.

(info) Informationen zum unterstützten Format finden Sie weiter unten in der zahlartspezifischen Beschreibung.

Table Excerpt Include
statictrue
nameAmount
pageAmount
typepage

Table Excerpt Include
statictrue
nameCurrency
pageCurrency
typepage

Table Excerpt Include
statictrue
nameCapture
pageCapture
typepage

KeyFormatCNDDescriptionBeschreibung

billingDescriptor

ans..22

O

A descriptor to be printed on a cardholder’s statement. Please also refer to the additional comments made elswhere for more information about rules and regulations.

Ein auf dem Kontoauszug des Karteninhabers zu druckender Beschreiber. Beachten Sie bitte auch die andernorts gemachten zusätzlichen Hinweise für weitere Informationen über Regeln und Vorschriften.

OrderDesc

ans..768

O

Order description

Beschreibung der Bestellung

AccVerify

a3

O

Indicator to request an account verification (aka zero value authorization). If an account verification is requested the submitted amount will be optional and ignored for the actual payment transaction (e.g. authorization).

Values accepted:

  • Yes

Indikator zur Anforderung einer Konto-Verifizierung (alias Nullwert-Autorisierung). Wenn eine Konto-Verifizierung angefordert wird, ist der übermittelte Betrag optional und wird für die tatsächliche Zahlungstransaktion (d.h. Autorisierung) ignoriert.

Zulässige Werte:

  • Yes

threeDSPolicy

JSON

O

Object specifying authentication policies and excemption handling strategies

Objekt, dass die Authentisierungs-Richtlinien und Strategien zur Behandlung von Ausnahmen angibt

priorAuthenticationInfo

JSON

O

Prior Transaction Authentication Information contains optional information about a 3DS cardholder authentication that occurred prior to the current transaction.

Das Objekt Prior Transaction Authentication Information enthält optionale Informationen über eine 3DS-Authentisierung eines Karteninhabers, die vor der aktuellen Transaktion erfolgt ist.

browserInfo

JSON

M

Accurate browser information are needed to deliver an optimized user experience. Required for 3DS 2.0 transactions.

Exakte Browserinformationen sind nötig, um eine optimierte Nutzererfahrung zu liefern. Erforderlich für 3DS 2.0 Transaktionen.

accountInfo

JSON

O

The account information contains optional information about the customer account with the merchant.

Die Kontoinformationen enthalten optionale Informationen über das Kundenkonto beim Händler.

billToCustomer

JSON

C

The customer that is getting billed for the goods and / or services. Required unless market or regional mandate restricts sending this information.

Der Kunde, dem die Waren und / oder Dienstleistungen in Rechnung gestellt werden. Erforderlich, sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken.

shipToCustomer

JSON

C

The customer that the goods and / or services are sent to. Required if different from billToCustomer.

Der Kunde, an den die Waren und / oder Dienstleistungen gesendet werden. Erforderlich, falls von billToCustomer abweichend.

billingAddress

JSON

C

Billing address. Required (if available) unless market or regional mandate restricts sending this information.

Rechnungsadresse. Erforderlich (falls verfügbar), sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken.

shippingAddress

JSON

C

Shipping address. If different from billingAddress, required (if available) unless market or regional mandate restricts sending this information.

Lieferadresse. Falls abweichend von billingAddress, erforderlich (falls verfügbar), sofern nicht Markt- oder regionale Mandate das Senden dieser Informationen beschränken.

credentialOnFile

JSON

C

Object specifying type and series of transactions using payment account credentials (e.g. account number or payment token) that is stored by a merchant to process future purchases for a customer. Required if applicable.

Objekt, dass Art und Reihe der Transaktionen angibt, die unter Verwendung von beim Händler hinterlegten Zahlungsdaten (z.B. Kontonummer oder Zahlungs-Token) zur Verarbeitung künftiger Käufe eines Kunden erfolgen. Erforderlich, falls zutreffend.

merchantRiskIndicator

JSON

O

The Merchant Risk Indicator contains optional information about the specific purchase by the customer.

If no shippingAddress is present it is strongly recommended to populate the shippingAddressIndicator property with an appropriate value such as shipToBillingAddress, digitalGoods or noShipment.

Der Händler-Risikoindikator enthält optionale Informationen über den bestimmten Einkauf des Kunden.

Falls keine shippingAddress vorhanden ist, ist es dringend empfohlen, die Eigenschaft shippingAddressIndicator mit einem entsprechenden Wert wie shipToBillingAddress, digitalGoods oder noShipment auszufüllen.

Table Excerpt Include
statictrue
nameURLSuccess
pageURLSuccess
typepage

Table Excerpt Include
statictrue
nameURLFailure
pageURLFailure
typepage

Table Excerpt Include
statictrue
nameURLNotify
pageURLNotify
typepage

Table Excerpt Include
statictrue
nameMAC
pageMAC
typepage

Table Excerpt Include
statictrue
nameUserData
pageUserData
typepage

Sample HTML Form

(info) BASEURL=

Multiexcerpt include
SpaceWithExcerptEN
MultiExcerptNameBaseURL
PageWithExcerptWording

Multiexcerpt
MultiExcerptNamesample
Code Block
languagexml
linenumberstrue
<!DOCTYPE html>
<html>
	<head>
		<title>Merchant Checkout</title>
	</head>
	<body>
		<form name="card form" action="BASEURLpayNow.aspx" method="post">
			<input type="hidden" name="MerchantID" value="MerchantID">
			<input type="hidden" name="Len" value="Length of the Blowfish encrypted data">
			<input type="hidden" name="Data" value="Blowfish encrypted data">
			Cardholder:
			<input type="text" name="cardholder"><br> 
			Card number:
			<input type="text" name="number"><br>
			Expiry date:
			<input type="text" name="expiryDate"><br>
			CVV2:
			<input type="text" name="securityCode"><br>
			Card brand:
			<input type="text" name="brand"><br>
			<input type="submit" value="Submit">
		</form>
	</body>
</html>


When the payment is completed 

Multiexcerpt include
SpaceWithExcerptEN
MultiExcerptNamePlatform-Name
PageWithExcerptWording
will send a notification to the merchant server (i.e. URLNotify) and redirect the browser to the URLSuccess resepctively to the URLFailure.


The blowfish encrypted data elements as listed in the following table are transferred via HTTP POST request method to the URLNotify and URLSuccess/URLFailure.

Note
Notice: Please note that the call of URLSuccess or URLFailure takes place with a GET in case of fallback to 3-D Secure 1.0. Therefore your systems should be able to receiver parameters both via GET and via POST.

HTTP POST to URLSuccess / URLFailure / URLNotify

Table Filter
defaultBeschreibung
isFirstTimeEnterfalse
hideColumnstrue
sparkNameSparkline
hidePanetrue
datepatterndd M yy
id1625494349843_-1641511740
worklog365|5|8|y w d h m|y w d h m
isORAND
separatorPoint (.)
order0
Multiexcerpt
MultiExcerptNamehttp_post
Textliche Beschreibung des Codes

Table Transformer
dateFormatdd M yy
export-wordfalse
show-sourcefalse
export-csvfalse
id1625494349844_1363819937
transposefalse
worklog365|5|8|y w d h m|y w d h m
separator.
export-pdffalse
sqlSELECT * FROM T*

Table Excerpt Include
statictrue
nameMID
pagemid
typepage

Table Excerpt Include
statictrue
nameMsgVer
pagemsgver
typepage

Table Excerpt Include
statictrue
namePayID
pagePayID
typepage

Table Excerpt Include
statictrue
nameXID
pageXID
typepage

Table Excerpt Include
statictrue
nameTransID
pageTransID
typepage

Table Excerpt Include
statictrue
nameschemeReferenceID
pageschemeReferenceID
typepage

KeyFormatCNDDescriptionBeschreibung
refnr
OReference number taken from requestReferenznummer vom Request.

Status

a..20

M

Status of the transaction.

Values accepted:

  • Authorized

  • OK (Sale)

  • FAILED

In case of Authentication-only the Status will be either OK or FAILED.

Status der Transaktion.

Zulässige Werte:

  • Authorized

  • OK (Sale)

  • FAILED

Im Falle von nur Authentisierung ist der Status entweder OK oder FAILED.

Table Excerpt Include
statictrue
nameDescription

ans..1024

M

Textual description of the code

pageDescription
typepage

Table Excerpt Include
statictrue
nameCode
pageCode
typepage

KeyFormatCNDDescriptionBeschreibung

card

JSON

M

Card response data

Kartenantwortdaten

ipinfo

JSON

C

Object containing IP information. Presence depends on the configuration for the merchant.

Objekt mit IP-Informationen. Das Vorhandensein hängt von der Konfiguration des Händlers ab.

threedsdata

JSON

M

Authentication data

Authentisierungsdaten

resultsresponse

JSON

C

In case the authentication process included a cardholder challenge additional information about the challenge result will be provided.

Falls der Authentisierungsprozess eine Challenge des Karteninhabers enthalten hat, werden zusätzliche Informationen über das Ergebnis der Challenge bereitgestellt
externalPaymentDataJSONOOptional additional data from acquirer/issuer/3rd party for authorization.Optionale Daten des Acquirers/Issuers/externen Dienstleisters für eine Autorisierung

Table Excerpt Include
statictrue
nameUserData
pageUserData
typepage

Table Excerpt Include
statictrue
nameMAC
pageMAC
typepage