Define integration needs¶
Worldline makes available a wide range of integration options that serves banks as well as small merchants.
We credit our success to having developed two strong foundational skill sets — IT and Internet payments. We continue to expand our reach and strengthen our portfolio. And while we have the stability of a mature organization, we have intentionally maintained the quick responsiveness that characterizes smaller companies.
The client must decide whether to implement an API or batch from a server, from mobile devices or a combination of these.
If the client decides to use the API or batch access interfaces, there are options like Tokenization and Client Side Encryption that can be used to minimize the scope of PCI DSS, Compliance and any other applicable security or privacy standards in the client’s jurisdiction. This is only applicable to card processing.
Will you be requiring 3D Secure?¶
3D Secure is a card-association independent name for the mechanism used by the
Verified by Visa, MasterCard SecureCode, American Express SafeKey, JCB J/Secure and similar programs.
Since January 2015, EMVCo, a company which is collectively owned by American Express, Discover, JCB, Mastercard, UnionPay and Visa, is responsible of the development of the EMV 3-D Secure 2.0 specification.
When an enrolled cardholder makes an online purchase, the issuing bank conducts a Web-based dialog with the cardholder to authenticate the identity of the customer.
The benefits for the clients implementing 3D Secure include reducing the Chargeback risk and shifting liability for charge-backs from the clients to the issuing banks (for some specific cases). 3D Secure may or may not be required by your acquiring bank.
Overview of Payment Methods¶
Worldline offers complete, outsourced International Payment Solutions through a single, secure interface. Worldline has the technology, experience and bank network to serve Global Enterprise clients with solutions that are quick to implement and generate both top-line and bottom-line results. Worldline’s APIs, batch, Device API and Payment Page access interfaces are your tools to streamline your online payment processing. Worldline’s interfaces accept inbound transactions in real time, route them through Worldline’s global financial network, and return normalized answer codes to the client application within seconds.
Settlements are accepted both online in real time and off line via batched files. All transactions processed via Worldline can also be accessed within minutes through an online reporting interface. There may be multiple layers of Processors/Gateways between the client and the acquiring bank. Sometimes clients connect directly to Acquirers and sometimes acquirers also use processor/gateway divisions. The acquiring bank, issuing bank, and scheme may be the same, for example, closed loop systems like Amex and Diners. The issuing bank is the one that the consumer has his billing relationship with (cards, bank account etc). Acquirers/schemes have complex rules for which currencies, business models (recurring/subscriptions, e-commerce, mail order/telephone order etc) and Payment Methods (card types) they support, and which countries they can process in based on where the merchant has its legal entity(ies). Not all Payment Methods support a separate ‘reservation’ of funds (authorization), instead account authorization and settlement are done in one step (a ‘debit’ transaction).
Push versus Pull Payments¶
Cards and Direct Debit are a ‘pull’ from the customer’s account, so they don’t really have to wait for the funds. There should be a delay for DD due to fraud risk. EFT is a push from the customer’s account, so the merchant must passively wait for the funds to be transferred. IBP is a push from the customer’s account, but the merchant does not have to wait since funding is guaranteed. OriginalCredit/Payout is a push from the merchant account to the customer's (refund).
The delay between Order Initiation and Order Payment (and subsequent Fulfilment) can be as short as same day or as long as several weeks depending on the payment method.
Host-to-Host, Delayed, and Redirect Payments¶
Delayed and Redirect is another way to classify different payment methods. For example, Card payments are processed immediately. EFT, DD, and Payout payments are delayed. IBP is a Redirect payment method. Payments can be delayed and redirect, for example, EFT/virtual account in Korea.
Host-to-Host Payment Flow¶
Host-to-Host payment flow is the traditional method used for credit and debit card processing. The client makes a direct call from their payment platform to the payment platform of a Payment Service Provider (PSP) or acquiring bank and gets an immediate response.
Delayed Payment Flow¶
Delayed Payments can be used for traditional wire transfers and direct debit schemes. When consumers push funds using EFT they include the reference, and when they use direct debit they provide bank account information.
Redirect Payment Flow¶
The Redirect Payment flow provides access to global payment options, complete customization, and reduces complexity. Worldline supports several types of e-Wallets (a real-time account-based and cash-based payment method) as well as other redirect-based payment methods common in some markets (like Korea, China, India) and notifies the consumer when the payment is confirmed.
Card is a pull payment method that can be processed as either a Host-to-Host or Redirect flow. Credit Cards are issued by banks or financial institutions. There are generally two types of credit card. * Open loops (schemes/associations) - The card issuer and acquirer are different and are connected by a clearing network (scheme/association), for example, Visa and MasterCard. * Closed-loop – The card issuer, acquirer and clearing network are run by the same company, for example, American Express, Diners, Discover, and JCB.
Debit Cards are connected directly to a bank account. * Visa, MasterCard, and Maestro have their own Debit Cards. * Many Debit Cards are local or regional cards that are only accepted in the country/region of issue. * Debit Cards generally have lower merchant fees per transaction than Credit Cards.
Internet Bank Payments (IBP)¶
Internet Bank Payments are considered a push payment that is processed as a Redirect with immediate response. If a customer is checking out on a client Payment Page and chooses to use their bank’s online site for payment, they are redirected to the bank online site where they log in, review and approve the order. When they get back to the client Payment Page, the client will get an immediate approval or decline from the bank. If the customer gets lost on the redirect back to the client’s confirmation page, Worldline sends a notification to the client with the transaction status. Worldline periodically queries the bank for the transaction status of transactions that are not final.
- Reasons for a customer getting lost include: connectivity, network issues, or if there is customer action or inaction (session timeouts).
- The IBP payment method does not have Chargebacks.
- Worldline reconciles payments for IBPs on a daily basis, and funds the client for IBP orders on a weekly basis.
- The list of available IBP banks for a certain market can be hosted by Worldline on the Payment Page or by the client in their checkout flow. If the client chooses to display the list of banks in their checkout flow, the list of banks can be retrieved dynamically or be statically configured.
- Some banks require that you provide the bank list in a drop-down menu, which can be either hosted on the Worldline Payment Page or in the client’s checkout flow. Worldline recommends that the client host the list of the banks and dynamically retrieves the list from Worldline.
Electronic Funds Transfer (EFT)¶
Electronic Funds Transfers are considered a push with a Host-to-Host flow with a delayed payment confirmation. Electronic Funds Transfer or EFT refers to a standard credit transfer using the country’s domestic credit clearing network(s) (sometimes called a clearing house or ACH network). An EFT is the electronic exchange or transfer of money from one account to another, either within the same financial institution or across multiple institutions. Worldline offers this as an alternative to cards or IBP, since it allows anyone with a bank account (and even people without bank accounts in many cases) to pay a merchant for an order.
When a customer orders from a client and selects to pay using an EFT (which may have different names in different countries), the client informs the customer to pay the order to a specific bank account, with the total order amount and an order reference. The customer then goes to their bank (either online, over the phone or to a branch) and makes an EFT (wire) transfer to that account, with the total order amount and provides the order reference. When the client gets reporting of a deposit with that order reference and amount, they will fulfil the order.
Direct Debit (DD)¶
Direct Debits are considered a pull with a Host-to-Host flow with a delayed payment confirmation. Direct Debit is only available using the API access interface. It is a traditional mandate based ACH payment method that was originally designed to manage recurring payments, supporting subscription-based business models and utility companies. In some geographical markets Direct Debit has become a consumer choice when purchasing online for one-time and recurring payments. Direct Debits are easy to use. The consumer experience is close to the experience of using a Credit Card. Direct Debit use builds customer loyalty. Direct Debit provides a low-cost, easy-to-reconcile merchant controlled cash flow.
No real-time Authorization or payment guarantee is available in direct debit bank schemes. Direct Debit is primarily designed for recurring payments, like subscription payments but is also commonly used for one-time payments.
Payouts are considered a push (from the client to the end consumer) with a Host-to-Host flow with a delayed payment confirmation.
The Payout payment method is intended to be used in combination with other payment methods (non-card) to refund consumers. Payout is an account-to-account payment method that uses domestic local clearing systems providing cost efficient payments to consumers. This payment method can also be used to process refunds where the payment method has no native support for refunds.
To make a Payout to a consumer, the consumer must have a local bank account in a country where Worldline supports this service.
Transaction channels are an indication of how the transaction originates at the client. Worldline supports e-commerce (Web Online), call center and mail order (MOTO) transaction channels.
Consumers can restrict the highest amount and set the lowest amount that can be allowed per transaction. The minimum amount can be set to any number higher than zero, and the maximum amount can be set to a determined limit depending on the supported currency and the expected order amount.
For recurring transactions the customer must have an account on file with the client and must be charged on a regular frequency, for example: utilities, subscriptions, or card-on-file accounts.
Worldline supports many different transaction and settlement currencies which are related to the agreements with the acquiring banks. When you use the API or batch Access Interfaces, you must include the ISO 4217 alphabetic or numeric code associated with the currency used for the transaction.
A Soft Descriptor can be used for sending in order specific information that will show up on the customer’s account/card statement. Worldline uses two fields to capture this information:
- Line one should be the client name
- Line two should be the customer service phone number, email, or Web site URL
Not all banks or payment methods support Soft Descriptors, and the specifications for soft descriptors vary by bank and payment method. Please talk to your Project Manager for guidance.
The Order ID is the unique client identifier for a specific customer order. Worldline recommends using an Order ID reference that will be recognized by the client’s internal users and systems since it will be reflected in all Worldline reporting and online tools (OTT). For each set of transactions relating to the same order, the Order ID must be unique, for example: an authorization, capture, and credit for a single order can use the same Order ID, but two successful authorizations cannot use the same Order ID.
Payment Page recommendations¶
If you are going to use the Payment Page for payment processing, these are things you must consider.
Number of retries¶
This determines how many times a cardholder can try to enter a card number before they get redirected to the merchant.
If the customer gets lost on the way back to the client confirmation page, Worldline can send a REST or Web service notification to the client informing them of the order status. The client must implement a Web service that accepts notifications.
3D Secure decision¶
If a 3D Secure authentication was not successful, a decision is made to determine whether the transaction should be authorized or not authorized.
To implement 3D Secure in the Payment Page, Worldline needs the Merchant name, URL, and Country Code.
Number of concurrent notifications¶
If a client is expecting a high peak volume of transactions, the number of concurrent notifications must be determined and set.
Store Card information for subsequent use¶
If you want to store a card for recurring payments, subscriptions or similar, the client can call the tokenization API to store or update details about a card. The tokenization can also be done as part of a payment transaction by indicating with a flag in either a call via PaymentPage, Device REST API, the Payment REST API or the Web Service. Worldline will in that case create a separate StoreToken transaction.
- When you make an authorization you will reserve the money on the cardholders account. This reservation will be held for a few of days depending on the issuing bank. In general, this should be five days. .
- If you decide to not go through with the transaction, you can cancel or reverse the authorization. This effectively releases the hold on the cardholder’s account. This depends on whether the issuing bank supports this function.
- When an authorization has occurred, you must capture (or settle) the money.
- You can do this immediately or with a delay. Which one you use depends upon your business model.
If you deliver the product to the cardholder with a delay, you will need to do the capture with a delay (in most cases). This is regulated in the card scheme (Visa, MasterCard etc.) rules. However, in some markets/countries or some acquiring banks only support a one-step (debit) process, where the transaction is automatically captures upon a successful authorization.
If you are making an immediate capture this is supported with a debit flag for Payment Page, and autoCapture flag for the REST APIs.
- If you are implementing auto capture, you don’t have to implement the authorization or capture transaction.
- If you are making a delayed capture you can use the API access interface, Batch Interface or the OneSource transaction management console.
- In some cases, you might want to do a partial capture, multi-capture or over-capture, which is supported by some banks. This depends on your business model. Please discuss this with your Integration Manager.
- You may want to refund the money to the cardholder. This will be done using the Credit transaction type. This is only supported in the API access interfaces, terminal API, Batch interface or OneSource.
- A refund can reference an earlier Capture transaction. This gives you the opportunity to minimize the risk that you refund too much money to the cardholder.
- We also support Credit transactions without the reference. In effect, this is putting money back on the cardholder’s card. This is only supported by some banks.
- In the OneSource console, we do not support Credit transactions without a reference.
As a separate feature of the Tokenization Service, Worldline supports Account Updater, by which the client can retrieve updated information about updated or closed accounts, expiry dates and more.