Create and host your own credit card to collect credit card data of your customer. PCI DSS Self-Assessment Questionnaire (SAQ) A-EP is mandatory. |
This approach is very similar to BNP hosted payment forms and leaves the merchant in full control of the checkout experience as all website elements are delivered from the merchant’s server.
The 3DS authentication is handled by the Axepta Platform.
Steps :
OverviewA Silent Order Post or Direct Post is a transmission method where form data from a merchant website are getting directly posted to a third-party server. This is commonly achieved through the form action attribute that specifies the URL the data are sent to.
|
PayNow links the benefits of Platform forms and Server-to-Server connections: As opposed to the Platform form, where the form is loaded from the Platform server by calling payssl.aspx, the PayNow form has to be provided by the merchant’s system. The form uses the same parameters as described here below.
In contrast to the Platform form, the parameters are not forwarded as URL parameters as is the case when calling the payssl.aspx, but as form input parameters. By the way for calling the PayNow.aspx the same parameters can be used as for PaySSL.aspx.
Please notice that in case of Fallback to 3-D Secure 1.0 the URLSuccess or URLFailure is called with GET. Therefore your systems should be able to receive parameters both via GET and via POST.
|
|
The credit card data must be transmitted to paynow.aspx with the following parameters.
Please POST the form data as outlined in table below to payNow.aspx.
|
(- will continue to support the legacy form data fields that are currently in use. -)
|
BASEURL= https://paymentpage.axepta.bnpparibas/
|
When the payment is completed will send a notification to the merchant server (i.e. URLNotify) and redirect the browser to the URLSuccess resepctively to the URLFailure.
The blowfish encrypted data elements as listed in the following table are transferred via HTTP POST request method to the URLNotify and URLSuccess/URLFailure.
Notice: Please note that the call of URLSuccess or URLFailure takes place with a GET in case of fallback to 3-D Secure 1.0. Therefore your systems should be able to receiver parameters both via GET and via POST. |
|