• France
status page
Demo shops
assistance
FAQContact support
Search
Categories
Tags
docs.
France
Spain
Europe (English)
India
Homepage
Use cases
Create a payment
Create an installment payment
Create a multi-card (split) payment
Create a payment by Alias (Token)
Create a payment link
Create a recurring payment
Manage subscriptions
Manage your transactions (refund, cancel...)
Analyze your reports
API docs
Embedded Form
REST API
Hosted payment
Mobile payment
File exchange
SDD mandates by REST API
Snippets
Payment methods
Plugins
Marketplace
Guides
Merchant Back Office
Back Office Expert
Functional guides

Presentation of the service

Payment by token file exchange

The payment by token file exchange service allows merchant websites to carry out debit transactions with the bank cards of their subscribing customers.

The service makes it possible to carry out these operations in the form of “batch processing”: the merchant site sends a series of orders to the payment gateway in the form of files.

The files are submitted by the merchant website to the server with files provided by the payment gateway.

The payment gateway processes these orders and, in turn, generates response files.

The merchant website then retrieves the response files and analyzes the contents to update its information system.

This service uses the service of payments by token management described below.

 

Under PSD2, each transaction initiated by the merchant without the presence of the buyer (MIT) must be associated with an initial CIT transaction during which the cardholder authenticated themselves.

This “chaining” principle is made possible thanks to a reference generated by the issuer, after authentication, and then transmitted in the authorization request of an MIT operation.

In case of a subscription, the chaining reference is generated when the token is created while the buyer is present (i.e. on the payment page or via the JavaScript client), and then stored by the payment gateway in the token.

The payment gateway uses this reference for each MIT transaction requested by the merchant via the file exchange service.

Without this reference, the issuer can reject the transaction due to lack of authentication (soft decline).

Before requesting the creation of a transaction via the file exchange service, you must make sure that the token to be debited has been authenticated by the holder.

The use of the createTokenFromTransaction REST service or the “Create token from transaction” function of the Expert Back Office is therefore no longer compliant.

In conclusion, once the token has been created via the payment page or the JavaScript client, the gateway automatically manages the chaining of transactions made via the file exchange service.

Management of payments by token

The payment by token management service allows merchants to offer their buyer the possibility to associate a token with a payment method, which will facilitate their subsequent payments on the website (no more need to re-enter the credit card number or the IBAN).

Tokens allow you to:

  • Make fast and secure payments.

    The buyer no longer has to fill in bank details when making subsequent payments (1-click payment).

    The gateway stores the bank details in a highly secure environment, in accordance with the PCI-DSS requirements. Only the token is transferred during the exchange.

  • Make recurring payments (subscriptions).
  Token are usable by all the shops of the same company.

The service also allows you to:
  • Identify cards that are due to expire, in order to notify the Merchant via a file containing the token of the expiring card.
  • Update the bank details associated with a token via the payment page, or manually via the Expert Back Office.
  • Automatically detect if the payment method has expired and offer an update in case of payment by token.
  • When creating a token, detect if the payment method has been previously registered.
  • Manage other buyer detail updates.

 

In compliance with the banking data security and protection rules implemented by PCI DSS, the payment method details are destroyed after the associated token has not been used for 15 months.

The token will remain visible in the Expert Back Office and can be updated with new details.

Jobs
Legal
GDPR
25.18-1.11