| Warning |
|---|
An alert is issued by the GIE CB on a vulnerability actively exploited and affecting e-commerce stores using prestashop software. This vulnerability allows remote commands to be executed on the server, so it is considered critical. In case of compromise, it is possible for fraudsters to bypass the security measures put in place by the various PATs (tokenization, payment pages in an iframe, etc.). According to specialized press reports, attacks detected so far reveal that fraudsters seek in particular to capture customers' payment data. Here are the checks and actions to be carried out by acceptors to secure their Prestashop e-commerce platform:
Once the checks are done, PrestaShop versions between 1.6.0.10 and 1.7.8.6 should be updated to version 1.7.8.7 and then maintained by applying the published updates. Some recommended links: |
| Table of Contents | ||
|---|---|---|
|
Introduction
AXEPTA BNP Paribas allows you to accept payments using different payment methods. Each of them offers different possibilities, through an e-commerce platform, such as:
- Standard payment
- One click payment
- Recurring payment.
Prerequisites
Required php version of the server should be minimum 7.1
The plugin supports the following versions : 1.6.1 / 1.7.5 / 1.7.6 / 1.7.7/ 1.7.8
Installation of the plugin
The installation of the plugin requires the following steps :
- Go to the "Modules" tab of the backoffice of your shop (left side of the screen) > "Module catalogues", click on "install plugin" then upload the zip file containing the plugin.
2. On the "Module Manager" tab (from the same menu), type "Axepta" in the search bar and find the "Axepta BNP Paribas " plugin.
3. Click on « Configure » button to start. This configuration screen allows you to configure the generic parameters of the shop, especially if it's a "multi-shops".
You can also update the xml flow if other payment methods are added to your BNP Paribas contract.
Then, click on “ Configurer your plugin Axepta BNP Paribas” to configure your payment methods (details on the next section).
4. Once installed, you can always uninstall/disable/remove a plugin.
Global configuration of the plugin
To create a new configuration, click on the "+" in the top right corner:
Then, fill the data provided by BNP Paribas in the following fields and choose to activate or not your account then click on "save".
Then indicate on which shop(s) the plugin should be applied :
The configuration of your first MID now appears in the global list :
You can now choose the different payment methods to activate on your shop by clicking on the "Update" button. The associated tab will appear.
The payment methods displayed are those corresponding to your activation key.
The payment methods in grey correspond to those that are not part of your offer. You have the possibility to visualize the complete offer in order to see everything that the Axepta module proposes.
Some payment methods may appear in frey if the country or countries in which the payment method is authorized are not activated in your backoffice. To activate the countries, you have to go to the "International" tab > "Geographical zones" and activate the desired countries by clicking on the small red cross :
You will have to go through the menu "Modules" > "Axepta payment configuration" to go back to the payment methods configuration :
Click on "Update" and go to the bottom of the screen to continue configuration your account's options.
Front Label:
This represents the field you want to customize for your customers to pay. Example : "Pay with AXEPTA BNP Paribas"
Currency :
The currency indicated is the currency of your activation key. This data cannot be modified, it is only shown as an indication for the management of the account.
Please note that you need to make sure that the currency is enabled beforehand in the Prestashop backoffice. To do this, go to "International" > "Location" > "Currencies" > and click on "Add a new currency":
For example:
Rendering mode :
The display of the payment page is possible in 2 ways with the plugin:
- Redirection => External redirection of the user to the payment page
- iFrame => Displaying the payment page on the shop in an iFrame
3DSecure and exemption management :
The3DSecureisstillactivatedonyourstore,youcanneverthelessactivatethe"Exemptionrequest"optionwhichwillallowyoutorequestanauthenticationexemptionforthecardholderduringasimplepaymentonyourmerchantsite.
Toenableexemptionrequests,pleaseselect"Yes"inthe"Exemptionrequest"boxtodisablepleaseselect"No"
Ifyouwishtoactivateexemptionrequestsyoumustthenfillinthe"Amount"boxwhichcorrespondstothemaximumamountthatwilltriggeranexemptionrequest.Abovethisamount,theexemptionrequestwillnotbetriggered.
Attention :Pleasenotethattheuseof3DSecureauthenticationprotectsthemerchantagainstthereasonforunpaid invoices "holderdispute".Intheeventofarequestforexemptionfromauthenticationbythemerchant,thelatterlosesthistransferofresponsibilityinthemajorityofcases (Formoredetails: Liability shift and 3DS Matrix - Documentation Axepta BNP Paribas - Axepta).Thisisarequestforexemption,thisdoesnotmeanthatitwillbegrantedsystematicallybytheissuerofthecardholder'scard.ExemptionrequestsonlyworkwithtransactionspaidinEuro.
Oneclick payment :
This option allows you to activate the oneclick payment via registration of the payment method by the user in his customer account.
Subscription :
This option allows you to activate the subscription payment on the shop.
Capture method :
This option allows you to choose the payment capture method:
- Automatic => The capture will be done automatically in the night.
- Manual => After a defined time, you can choose just after choosing this option the delay before the capture (Delay in hours before capture (integer between 1 and 696)).
Logs :
This option allows you to activate the logs in particular to send data back to the support in case of issue.
Your account is now configured.
You can configure as many accounts as your BNP Paribas contract allows. To add an account, you must go to "Axepta payment configuration" and do the same operations. The list of accounts will be updated with each new registration.
Payment modes configuration
One-off payment
To activate the different payment methods, you must go to the "Payments" tab > "Preferences" > and check "BNP Paribas Axepta" for all the currencies you would like to configure and then click on "Save" :
Still in "Payment" > "Preferences", you can also restrict the payment method to some specific currencies.
One-click payment
This functionnality allows your customers to save their payment methods data so that they can pay faster the next time.
To enable this functionnality, you only need to make sure that you checked the « Oneclick payment » button in your account's options ( "Modules" > "Configuration paiements Axepta" > "Modifier" the MID you would like to configure)
The customer will be able to manage the saved cards in his account view by clicking on “One click cards” :
The list of saved cards will be displayed and the customer will be able to delete one or many card just by clicking on the "delete" button.
Subscriptions
Enable subscriptions
To enable this functionnality, you only need to make sure that you checked the « subscription payment » button in your account's options ( "Modules" > "Configuration paiements Axepta" > "Modifier" the MID you would like to configure)
Configuration
When the subscription functionality is enabled, it's possible to configure items to pay by subscription.
To configure items, you need to go to "Catalogue" > "Produits" > search by name of the item that you would like to pay by subscription.
On the product sheet (when you click on a product's name), go to the "plugins" tab and click on "Configure" :
You can configure an item by adding the following information:
- Type : indicates if the item will be paid by subscription or standard payment.
- Periodicity : indicated the type of subscription (monthly or daily)
- Interval occurrence : Number of times that the payment will be proceeded. If this value is not filled, the occurrence is unlimited.
- Recurring amount : Indicated the amount of the item in subscription, so this value can be different from the initial price of the item. This value represents the value that will be withdrawn in the future transactions.
Subscriptions management
In the tab "orders" > "Axepta list of subscriptions", you can visualize the list of orders related to subscriptions and find the following informations for every order :
● Order ID
● Product
● Reference
● Customer ID
● Amount
● Subscription status
● Date of the next payment
Available actions in this section are:
● Enable a subscription
● Disable a subscription
● Check détails about an order
● Check details about the customer
Subscriptions management (user view)
The customer can manage his subscriptions in his user account by clicking on the specific box "My payments by subscription"
The customer can disable or enable again a subscription directly by clicking on the "disable/enable" button
The subscription statut is updated automatically in the backoffice.
Transactions management
A list of paid orders using the different payment methods is available in the section : “Orders" > "AXEPTA list of transactions”. You will find the list of all orders with the following informations :
- ID
● Order's reference
● Trigramme
● Pay ID
● Response code
● Amount
● Brand
● Payment type
● Transaction's date
● Transaction's type (payment, cancellation, refund, recurring for subscription)
● Status (success, failure, authorization..)
When you select an order, you get more information about the payment (delivery address, customer's information, refund/cancellation options... )
Refund / cancellation
To make a refund, you need, first, to select on which shop the order was made (top right side of the screen).
Then, choose the order you would like to refund (in the details of the transaction,) and click on “Remboursement partiel” in the tab "order" to create a voucher.
You will be redirect to the tab "product" on the same page.
Choose an amount for the refund (total or partial) as long as the amount doesn't exceed the total amount of the initial transaction.
Then, click on “Remboursement partiel” :
Once the amount saved, and still in the details of an order, you will be able to :
- Select the transaction you would like to refund
- Select the voucher
- Click on "refund".
The product appears in the details of the order as "refunded"
When an order is fully refunded, you can update the status of this order by clicking on "refunded" > "update status" on the top of screen.
Description of payment methods
| Payment methods | Countries | Currencies |
| AMEX | All | All |
| CB/VISA/Mastercard | All | All |
| Cetelem 3X | FR | EUR |
| Cetelem 4X | FR | EUR |
| Cetelem Presto | FR | EUR |
| Mastercard/VISA | All | All |
| Paypal | All | All |
| Sofort Klarna | DE, AT, BE, IT, ES, NL, CH, PL | EUR |
| Alipay | CN | AUD, CAD, EUR, GBP, HKD, NZD, SGD, USD |
| Bancontact | BE | EUR |
| Boleto Bancário | BR | USD |
| eNets | SG | SGD |
| EPS | AT | EUR |
| Giropay | DE | EUR |
| iDeal | NL | EUR |
| Multibanco | PT | EUR |
| MyBank | ES,GR, IT | EUR |
| MyClear FPX | MY | MYR |
| Paysafecard | AAT, AU, BE, BG, CA, CH, CY, CZ, DE, DK, ES, FI, FR, GB, GE, GI, HR, HU, IE, IT, LI, LT, LU, MT, MX, NL, NO, NZ, PE, PL, PT, RO, SE, SI, SK, UY | AUD, CAD, CHF, EUR, GBP, NOK, PLN, RON, SEK, USD |
| POLi | AU | AUD |
| Przelewy24 | PL | EUR, PLN |
| RHB Bank | MY | MYR |
| SEPA Direct debit | AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LI, LT, LU, LV, MC, MT, NL, NO, PL, PT, RO, SE, SI, SK, SM | EUR |
| TrustPay | CZ | CZK |
| TrustPay | SK | EUR |
| CN | EUR, GBP, USD |