Terminology

Introduction

ComNpay is a secure Internet payment solution. A true virtual EPT (Electronic Payment Terminal), ComNpay lets you process payments over the Internet 24 hours a day, 7 days a week.

This service handles the entire payment stage by transferring it to our secure payment platform.

ComNpay offers two integration modes depending on your needs

The ComNpay solution is easily integrated into your website, whatever its configuration. ComNpay offers two integration modes depending on your needs.

As a PSP (Payment Service Provider)

ComNpay interfaces with your e-commerce website and enables your customers to pay online. Your customers are automatically redirected to the ComNpay payment page.

Through an API (Application Program Interface)

ComNpay interfaces with your existing e-payment solution. Your sales application submits your customer’s payment information to ComNpay which then processes the data to make the payment.

Description of the PSP payment process

The buyer connects to your website and enters their order or fills their basket online; they then choose the payment method
They are then taken to your customizable payment page hosted on the secure ComNpay website

The customer enters their bank card number, expiry date and the visual cryptogram on the back of the card, they then click on "confirm"
The payment server confirms the validity of the customer's bank card and requests authorization from the financial institution for the selected payment method
The customer is returned to your website at the end of the payment process

Security

The ComNpay technical platform handles processing of the payment on line in a secure manner.

The security systems include the following:

SSL encryption (Secure Socket Layer) which secures the data exchanged between the customer and the payment server ;
Payment card controls verifying the card number, expiry date and the visual cryptogram ;
Systematic payment authorization requests to the issuing bank for each transaction with immediate refusal of non-existent, stolen or lost cards ;
Card payment controls limiting the number of transactions for a given card and a given period ;
The 3D secure system can be configured to authenticate the customer as the holder of the card used for payment ;
Encryption and storage of sensitive cardholder data in a certified PCI DSS zone. This certification offers the highest level of banking security

PCI DSS, what is it?

Visa and MasterCard have defined a standard which is designed to protect cardholders making online payments. The standard improves the security of transactions and storage of banking data.

Export sensitive data (PGP key)

In order to send us sensitive data, such as card extractions (following a change of payment institution), you must encrypt this information. To do this, simply send us an email to the following address: technique@comnpay.com by encrypting the data via the following PGP key:

Key ID : 35E45D620604F505

3D Secure 2

Following a migration plan drawn up by the Banque de France, the 3D Secure authentication protocol will be upgraded to version 2.0. This new version is a real opportunity to facilitate your customers' purchasing process while improving risk management for E-commerce financial transactions.

What does it change for your customers?

3D Secure 2 allows companies and their payment provider to send more information about each transaction to the cardholder's bank. This includes specific payment data, such as the delivery address, as well as contextual data, such as the customer's device ID or previous transaction history.

The cardholder's bank may use this information to assess the risk level of the transaction and choose an appropriate response:

If the data is sufficient for the bank to be confident that the true cardholder is making the purchase, the transaction goes through frictionless flow and authentication is performed without any additional input from the cardholder.
If the bank decides that it requires additional proof, the customer will be asked to authenticate to validate the payment.

Although a limited form of risk-based authentication is already supported by 3D Secure 1, the ability to share more data using 3D Secure 2 is intended to increase the number of transactions that can be authenticated without further customer intervention.

What does this mean for you?

With 3D Secure2, it will no longer be possible to disable 3DS. However, the merchant will be able to request an exemption in his payment request (this is called the merchant preference). In this case, if the request is accepted by the issuer, the buyer will not have to authenticate (no challenge) but the merchant will assume responsibility in case of non-payment (no transfer of responsibility to the issuer).

3D Secure 2 provides for cases in which interaction with the buyer (the challenge) will not be necessary:

Low amount transactions ( < 30€ )
Low-risk transactions
Payments in several instalments * (a strong authentication will be required on the first payment due date for the total amount due)
Recurring payments that are limited in time and whose due dates do not vary in amount (a strong authentication will be required on the first payment due date for the total amount due)

For this purpose, more information will be used by the issuer to assess the risk of the transaction:

Equipment data (IP address, language, screen size, GPS coordinates, screen resolution, ...)
Merchant data (delivery to the billing address, in-store deliveries, first order or not, ...)
Cardholder data (number of transactions, creation date, date of last password change, ...)

In order to improve your customer's experience (using frictionless mode), and to increase your conversion rate, we strongly advise you to update your cash-in module:

API : It will now be mandatory to send us your client's navigation data : (except application and recurring payments) https://docs.comnpay.com/api.html#navigateur. In addition, you will have to implement 3D Secure V2 authentication: https://docs.comnpay.com/api.html#finalize-debit-after-3ds-authentication-v2 (quite similar to 3D Secure V1). The 3D Secure V1 and V2 will continue to coexist until all banks are ready to make all payments in 3D Secure V2. Since november 2021, payments are no longer guaranteed without these changes.
Payment page : Browser data is managed by our payment page. You are therefore under no obligation to update. However, we advise you to provide more information about your customer (when you can): https://docs.comnpay.com/psp-en.html#cardholder
Plugins (Prestashop, WooCommerce) : No update is required for the moment. A new communication will be sent to you in case of an update.
Afone Paiement portal tools (Payment by email / SMS / ...) : No update is required for the moment. A new communication will be sent to you in case of modification of the portal.

Conclusion

ComNpay supports the 3D Secure 2 navigation flow on the payment page, modules, and Afone Paiement tools. However, an update of the APIs is to be expected for the navigation data. We will apply 3D Secure 2 when it is supported by the cardholder's bank, and will revert to 3D Secure 1 when the new version is not yet supported.

Test cards

Here are the cards that can be used to simulate the various payment in our homologation platform:

Without 3D Secure: Any payment strictly less than 30€.

For any payment superior or equal to 30€:

3D Secure V1: 2221001892683407
3D Secure V2 with authentication: 5306889942833340 > The code to be entered in the authentication page is 1234
3D Secure V2 without authentication ("frictionless"): 5512459816707530

The ComNpay solution offers a number of functions

Accepted payment methods

ComNpay can accept payments from the following cards: CB, Visa and MasterCard.

Payment session

You can configure the length of your payment sessions (maximum payment confirmation time for the cardholder, including 3D Secure authentication). For example, if a transaction is not confirmed, stocks can be released at the end of the waiting period.

Sessions can be exceeded in 2 ways:

No activity on the page before entering the card information: the page is replaced by the message "Your session has expired. Please re-enter your order"
The session expires after entry of the card information (e.g. spending too long on the 3DS authentication page): payment was refused because your "session expired" (code 280), same message as above

NB: minimum 10 minutes, maximum 6 hours

Customer receipt

At the end of the payment process, this function produces a receipt containing the essential information about the transaction. Your customer can keep a record of the transaction (as long as they printed out).

Please note that you can also activate the automatic emailing of this ticket to your customer by :

Filling your customer's email here
Activating the option on your Afone Paiement portal (ComNpay > Administration > Sending Ticket Porteur by e-mail)

Email notification

This function lets you receive a confirmation email whenever payments are made on your website. You can define the alert produced by a payment:

In real-time
Or receive daily, weekly or monthly statements (Excel format)

Customization of the payment page

This function lets you customize your payment page :

By using our customization tool you can make sure that the payment page corresponds to your graphic charter (logo, colors, choice of font...)

You can create several templates from your Afone Paiement back office (ComNpay > Configuration > Customization). Define a default one, and choose for each website the template to use. For the technical part, it's here (parameter codeTemplate)

One-click payment

One-click payment enables your customers to pay without having to enter their bank details each time. Our system records your customer's bank details on the first purchase and then identifies them later using an alias number associated with their bank details. As such, once a client has been identified on your website they no longer need to enter their bank details for subsequent purchases.

Payment in 3 installments

ComNpay lets you offer your customers the ability to paint 3 installments, without extra charges and without the need for justifying documents or other formalities. NB: 3D Secure is required for payment of the 1st installment. The following installments are withdrawn automatically on D+30 and D+60.

Pre-authorization

This function lets you confirm the validity of a payment card and make sure the customer is solvent, without having debited their account.

You can do this in 2 ways:

Actually debit the pre-authorized amount
Cancel the pre-authorization

Email payment

This function lets you offer your customers or prospective customers the ability to pay a payment request over the Internet simply by sending an email:

You simply enter the payment information using the dedicated ComNpay interface and obtain the identifiers
You send the identifiers to your customer
Once received, your customer pays the invoice over the Internet using the identifiers received

Your campaigns

This function lets you create an online campaign with immediate payment. Your campaign is presented on an entirely customizable description page including your company logo on the photo of the product. You decide which customer information is to be collected and you can view the transactions completed. You can then send the link to your customers who only need to confirm the order by entering their details and paying on line. You therefore benefit from a tool for monitoring the results of your campaign.

Management interface

You have a secure management tool which is permanently accessible via the Internet and enables you to monitor the evolution of your business in real time and to configure your payment solution according to your needs.