ComNpay is a secure Internet payment solution. A true virtual EPT (Electronic Payment Terminal), ComNpay lets you process payments over the Internet 24 hours a day, 7 days a week.
This service handles the entire payment stage by transferring it to our secure payment platform.
ComNpay offers two integration modes depending on your needs
The ComNpay solution is easily integrated into your website, whatever its configuration. ComNpay offers two integration modes depending on your needs.
As a PSP (Payment Service Provider)
ComNpay interfaces with your e-commerce website and enables your customers to pay online. Your customers are automatically redirected to the ComNpay payment page.
Through an API (Application Program Interface)
ComNpay interfaces with your existing e-payment solution. Your sales application submits your customer’s payment information to ComNpay which then processes the data to make the payment.
Description of the PSP payment process
- The buyer connects to your website and enters their order or fills their basket online; they then choose the payment method
- They are then taken to your customizable payment page hosted on the secure ComNpay website
- The customer enters their bank card number, expiry date and the visual cryptogram on the back of the card, they then click on "confirm"
- The payment server confirms the validity of the customer's bank card and requests authorization from the financial institution for the selected payment method
- The customer is returned to your website at the end of the payment process
The ComNpay technical platform handles processing of the payment on line in a secure manner.
The security systems include the following:
- SSL encryption (Secure Socket Layer) which secures the data exchanged between the customer and the payment server ;
- Payment card controls verifying the card number, expiry date and the visual cryptogram ;
- Systematic payment authorization requests to the issuing bank for each transaction with immediate refusal of non-existent, stolen or lost cards ;
- Card payment controls limiting the number of transactions for a given card and a given period ;
- The 3D secure system can be configured to authenticate the customer as the holder of the card used for payment ;
- Encryption and storage of sensitive cardholder data in a certified PCI DSS zone. This certification offers the highest level of banking security
PCI DSS, what is it?
Visa and MasterCard have defined a standard which is designed to protect cardholders making online payments. The standard improves the security of transactions and storage of banking data.
Export sensitive data (PGP key)
In order to send us sensitive data, such as card extractions (following a change of payment institution), you must encrypt this information. To do this, simply send us an email to the following address: email@example.com by encrypting the data via the following PGP key:
- Key ID : 35E45D620604F505
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFs0pgYBEACwIBiGbF/4/A+pfeBf+/R1uM9EguWFg5Wt7riT70gyy3ommWK5 aX4wWfK/lDJh3lTDHu9+PbMMPtHvJLlFiITLqjYbGJiv6ySRw+DDAgLtZJIpJ0ep Krp5t3gxkdLkleIlp4rX2R1iwtHbaFMBUOw/ermC1ZVJ3ihi4rUQmuRw3q1qxvxt g121Ar4yeiQ7CXIRW8AqTtm4CyuQ8zyooMAsfTteh1cPQ8gk+VnPge8l5JeaO/gI jxdJU+byaWZSnMQlgU5Jo+R7ySyNM9igUgt/IJRxLwfWZm0oeNUmHpsjKumPSfIi 7r7WwjaWyNQPyeedYh9Xt9Yc0+me7NkrZruOBaZjirmcqq7Dh2kDnJ1gCG9yz8Zp oRMdAnQPJ4yTwz1LWEk/oL2gQkQ+yNImtoouK9W9haSpKmQoTy50TInsUaiisJwF c2CylzbJi/fQ2KJh/WompXopH0KCRxTm2yS2yQX1Dgql/b1XwQFcHIeTBwKE/9Yh +3tnCNveM84lW61R8OYeYowAWSApuXlgqZXd1RQsLf33KS9kmahNupIdDTPeb0Hs iwTN6bQXBmUL1rKbC/8OUToSPifTCJTMELaSZ3WJnnLdrzuvWgyUPyrLvdqpFh6g WE3/0mUC+LWlihAHB9hObG205lJyY0sRWBRyrnRCTlGqqI32vmIy2qxr5wARAQAB tB9Db21OcGF5IDx0ZWNobmlxdWVAY29tbnBheS5jb20+iQJOBBMBCAA4FiEEqQ7G IB6NzhMRiu1cNeRdYgYE9QUFAls0pgYCGyMFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQNeRdYgYE9QUriQ//URXsQdnJ19hBJTLUb0kjL9GIUSPLXvGOi1r+33ro 0sjApktVfIjT3iICK6n3WzfDfkaq2GNoFB7nqEqWVMgyzmZ3EiKLDyrS77xj0LZ4 IMHXjZqfBz9xbkFFlzEbt1u1LipLAzsQpGeg35oVzBh2hQDik5R3ie8aPJZAv7E8 cH7liW8iWfQOAKgHMdJGFpDF0Wv/luYD2Xc5VxTA2aYZ2Kpbqro9w1Jr4ZLTKAty LQdoVC8bR7b0H36F/rB4jD+wzS06jfD3EptN2Ha66ZxF5SZ3QIRZtRSy3TBy8uE0 rp6ovJDBUyQadDwH7/OqtyvFELABxmjBGzkR/r/aC7a4BUl3lp01LECi+i9lM1k/ S0Q74/brfQW8oULC2I9v3RMpY3uzKFtQ8NBgymUmVwuSAPeF3RNGKp0RrSuYRFw/ e4F3ANcxJ5N5REgfMVr4RFtWoipUMP6ADemLBdOlnDggaKbttVGDe1ltpvE3l9iF PsS3d45WZhfLEvUyhfTuv74tzw3lxtRwEvWKwRmdqOJEqVTWYHQPdwXAIsgR3cnr PYw7/lv/ZZMN4RNI9XoPYpkKO21HPi7AAcTt5SXDG5ukumrhoHE4OJLLVlE8lG9Q 5JrY0Z2pEC88NEk1X+FvDSw1xXtD7jqWoERlITIyM0WVTwvfbf2VbXAUTEI+m0jP EY25Ag0EWzSmBgEQANbR4HEqUHfHYLisWCJMANmDG3ukSvkSwLjZOhnN1f0X+44Z xqr/3kL5eVVuAO63xNMLaxzj8Gmj1f3xe0tOIgd1jGECr96D/uZq5APoRBVgz6sf 7wJN3uI8h883cLb3p1hKRUxUYeXGK7ZciJBpiIBUHeOdRewZ3v3luHDJE21X8CG3 nEqhMg4ApoNG57GQHdIvEK15Jizg92TtXMOz+u7BZZHX1F2usEvWahCzRh+sq8Dk GjVf1rmLKh12lwdQXdZVGFzEKWe3PXxqzFm0fP6hQPbGl5bRgjwZ6dCHct6k6muY dLCZWGr2ZMKqjLM4Rq9t/t2tkI8Nx06ow2zBfJYXwzJnj3aqL7VUrpedIYyK2l/W 5J84FZQzHTNpePUEqRvdnkW/BHp3ff8rNnsN1nbRelEoBWDG3+I/wKTspzpeZAoD snL3eKBE/7/HVJ3um8miIKE01r3T+iPDg0pLa8AnyHVc9YWds9u5y1YUzMqnQFHL RYh8ZYPpXLufjKaZUIptGGDhbZkG4H4wFGrRNItQEx071qEa8A9XMPsy813Cc7RN 7Z0bghIrKodmNyEW1taiLOSULdkxjMUW4nYIk+vpIgY/alP/rlA922LPmoaY+5ZP o6t91Zc/Oh22VEXDUevMkniy5IbKRorlP+dqAp+EJFr6GhtgdYxOC+yAcbZVABEB AAGJAjYEGAEIACAWIQSpDsYgHo3OExGK7Vw15F1iBgT1BQUCWzSmBgIbDAAKCRA1 5F1iBgT1BdGoD/4xxVbGZxFYsaNGWn0t2Vvq0iT8cl9Ev1i14Us7VZJ+OQx/MgND q0TOcCtYAKJ8VhghvflHusqK4IO6XZokTpZLOgbMR1SdLpaS48w+vSCPoksedFq1 l0osOThN2tMxYdyi1hnGu7mn5xNKOAUk7CVowGUxuZZ0rcdO6OpMHP/fpiAbpZlY MOFPt01w1/ndACmVxVm2D+/M8hKmTkFXV3InuxUa8LbJ70ZjTqvqY/HnEpdfNN10 zWg3qpZO8gYvXIgusgLMGwsp9eOQji0PUtJ78MskSzF2sRF/qBuNBee6TgrSq8u+ +4qp4oTh8GMbWpZXcvUAsKQZiZ/ALmTPOJTi5c/D6xqov+PZMN+GbSixU3flV5w1 F6mIjvydoYewJAPKDbRX+LXCFU8aj1VXmbNnzQzhJnrMLGtkaos6SWqLggiB029/ 1/lzP5lAEuIdZm2IxhU/mJQN/+jwGIQ/b00Sxu9eTolottU4wUTzLQej7J2RIP01 SkVCC36tjfmSFkmaO0U7hcwC8VA5RUKSClzPRKWA/rRGM/SIxofWck7Ko6auOzc8 FCAOz2ULC01gs6bR6TApUV0eqsAzPpLbiVsOlb8lzll3Un3ntOy8cKi4RzzNJzxx NekVnAvl6VeS38CSqaADWwfUw7UNHxLmBn2aOQd9uB0Ds9pGOWRszyWarA== =dxF+ -----END PGP PUBLIC KEY BLOCK-----
3D Secure 2
Following a migration plan drawn up by the Banque de France, the 3D Secure authentication protocol will be upgraded to version 2.0. This new version is a real opportunity to facilitate your customers' purchasing process while improving risk management for E-commerce financial transactions.
What does it change for your customers?
3D Secure 2 allows companies and their payment provider to send more information about each transaction to the cardholder's bank. This includes specific payment data, such as the delivery address, as well as contextual data, such as the customer's device ID or previous transaction history.
The cardholder's bank may use this information to assess the risk level of the transaction and choose an appropriate response:
- If the data is sufficient for the bank to be confident that the true cardholder is making the purchase, the transaction goes through frictionless flow and authentication is performed without any additional input from the cardholder.
- If the bank decides that it requires additional proof, the customer will be asked to authenticate to validate the payment.
Although a limited form of risk-based authentication is already supported by 3D Secure 1, the ability to share more data using 3D Secure 2 is intended to increase the number of transactions that can be authenticated without further customer intervention.
What does this mean for you?
With 3D Secure2, it will no longer be possible to disable 3DS. However, the merchant will be able to request an exemption in his payment request (this is called the merchant preference). In this case, if the request is accepted by the issuer, the buyer will not have to authenticate (no challenge) but the merchant will assume responsibility in case of non-payment (no transfer of responsibility to the issuer).
3D Secure 2 provides for cases in which interaction with the buyer (the challenge) will not be necessary:
- Low amount transactions ( < 30€ )
- Low-risk transactions
- Payments in several instalments * (a strong authentication will be required on the first payment due date for the total amount due)
- Recurring payments that are limited in time and whose due dates do not vary in amount (a strong authentication will be required on the first payment due date for the total amount due)
For this purpose, more information will be used by the issuer to assess the risk of the transaction:
- Equipment data (IP address, language, screen size, GPS coordinates, screen resolution, ...)
- Merchant data (delivery to the billing address, in-store deliveries, first order or not, ...)
- Cardholder data (number of transactions, creation date, date of last password change, ...)
In order to improve your customer's experience (using frictionless mode), and to increase your conversion rate, we strongly advise you to update your cash-in module:
- API : It will now be mandatory to send us your client's navigation data : (except application and recurring payments) https://docs.comnpay.com/api.html#navigateur. In addition, you will have to implement 3D Secure V2 authentication: https://docs.comnpay.com/api.html#finalize-debit-after-3ds-authentication-v2 (quite similar to 3D Secure V1). The 3D Secure V1 and V2 will continue to coexist until all banks are ready to make all payments in 3D Secure V2. Since november 2021, payments are no longer guaranteed without these changes.
- Payment page : Browser data is managed by our payment page. You are therefore under no obligation to update. However, we advise you to provide more information about your customer (when you can): https://docs.comnpay.com/psp-en.html#cardholder
- Plugins (Prestashop, WooCommerce) : No update is required for the moment. A new communication will be sent to you in case of an update.
- Afone Paiement portal tools (Payment by email / SMS / ...) : No update is required for the moment. A new communication will be sent to you in case of modification of the portal.
ComNpay supports the 3D Secure 2 navigation flow on the payment page, modules, and Afone Paiement tools. However, an update of the APIs is to be expected for the navigation data. We will apply 3D Secure 2 when it is supported by the cardholder's bank, and will revert to 3D Secure 1 when the new version is not yet supported.
Here are the cards that can be used to simulate the various payment in our homologation platform:
Without 3D Secure: Any payment strictly less than 30€.
For any payment superior or equal to 30€:
- 3D Secure V1: 2221001892683407
- 3D Secure V2 with authentication: 5306889942833340 > The code to be entered in the authentication page is 1234
- 3D Secure V2 without authentication ("frictionless"): 5512459816707530
The ComNpay solution offers a number of functions
Accepted payment methods
ComNpay can accept payments from the following cards: CB, Visa and MasterCard.
You can configure the length of your payment sessions (maximum payment confirmation time for the cardholder, including 3D Secure authentication). For example, if a transaction is not confirmed, stocks can be released at the end of the waiting period.
Sessions can be exceeded in 2 ways:
- No activity on the page before entering the card information: the page is replaced by the message "Your session has expired. Please re-enter your order"
- The session expires after entry of the card information (e.g. spending too long on the 3DS authentication page): payment was refused because your "session expired" (code 280), same message as above
NB: minimum 10 minutes, maximum 6 hours
At the end of the payment process, this function produces a receipt containing the essential information about the transaction. Your customer can keep a record of the transaction (as long as they printed out).
Please note that you can also activate the automatic emailing of this ticket to your customer by :
- Filling your customer's email here
- Activating the option on your Afone Paiement portal (ComNpay > Administration > Sending Ticket Porteur by e-mail)
This function lets you receive a confirmation email whenever payments are made on your website. You can define the alert produced by a payment:
- In real-time
- Or receive daily, weekly or monthly statements (Excel format)
Customization of the payment page
This function lets you customize your payment page :
By using our customization tool you can make sure that the payment page corresponds to your graphic charter (logo, colors, choice of font...)
You can create several templates from your Afone Paiement back office (ComNpay > Configuration > Customization). Define a default one, and choose for each website the template to use. For the technical part, it's here (parameter codeTemplate)
One-click payment enables your customers to pay without having to enter their bank details each time. Our system records your customer's bank details on the first purchase and then identifies them later using an alias number associated with their bank details. As such, once a client has been identified on your website they no longer need to enter their bank details for subsequent purchases.
Payment in 3 installments
ComNpay lets you offer your customers the ability to paint 3 installments, without extra charges and without the need for justifying documents or other formalities. NB: 3D Secure is required for payment of the 1st installment. The following installments are withdrawn automatically on D+30 and D+60.
This function lets you offer your customers or prospective customers the ability to pay a payment request over the Internet simply by sending an email:
- You simply enter the payment information using the dedicated ComNpay interface and obtain the identifiers
- You send the identifiers to your customer
- Once received, your customer pays the invoice over the Internet using the identifiers received
This function lets you create an online campaign with immediate payment. Your campaign is presented on an entirely customizable description page including your company logo on the photo of the product. You decide which customer information is to be collected and you can view the transactions completed. You can then send the link to your customers who only need to confirm the order by entering their details and paying on line. You therefore benefit from a tool for monitoring the results of your campaign.
You have a secure management tool which is permanently accessible via the Internet and enables you to monitor the evolution of your business in real time and to configure your payment solution according to your needs.