Frequently asked questions
FAQs
3DS v2
To make things easier for both merchants and consumers, PSD2 allows for some exemptions from strong customer authentication. What’s important to note is that all transactions that qualify for an exemption won’t be automatically exempted. In the case of card transactions, for example, it’s the card issuing bank that decides if an exemption is approved or not. So, even if a transaction qualifies for an exemption the customer might still have to make a strong customer authentication, if the card issuing bank chooses to demand it.
If the issuer is applying new PSD2 ruleset and 3DS is not active in the merchant's account, the transaction will be rejected with a new error code - soft decline. Therefore, please make sure to have 3DS active for each brand in your account(s). If you are integrated with DirectLink (Server to Server), you will need to implement the soft decline mechanism.
Exclusions are transactions that are OUT of scope for PSD2 SCA regulations:
- Mail order/telephone order
- One leg journey - Payee's PSP (aka Merchant's acquirer) or Payer's PSP (aka Buyer's payment method issuer) is outside of EEA zone
- Anonymous prepaid cards up to 150€ (article 63)
- MIT - merchant initiated transactions
Exemptions are transactions that are IN the scope of PSD2 SCA regulations:
- Low value transactions
- Subscriptions
- Risk analysis
- Whitelisting
Unless the authentication is an obligatory step (i.e. in case of a card registration or an initial transaction of a series of recurring transactions), issuers can decide to pass on the authentication. In such a scenario the issuer will be liable in case of a charge back.
This situation is only possible if you are integrated via DirectLink only (Merchant own page / FlexCheckOut), as in Santander TPV eCommerce Pro hosted payment page page, Santander TPV eCommerce Pro is collecting the mandatory data.
First of all, Santander TPV eCommerce Pro will identifiy the flow to be directed to v1 or v2 based on the card numbers.
If the card is enrolled V2, there are the following possible scenarios:
Mandatory data:
- If the wrong data is passed, transaction is blocked
- If some data is missing, Santander TPV eCommerce Pro will direct your transaction to v1 flow
- If no data is passed, transaction is NOT blocked but diverted to flow v1
Recommended or optional data:
- if no data is passed, transaction is NOT blocked, but cannot benefit from exemption.
From 1st January 2020 for Europe and from 14th September 2021 for UK, Strong Customer Authentication (SCA) rules will come into effect for all digital payments in Europe. Right now, banks, payment service providers and card networks are all working on technical solutions that will comply with the requirements for PSD2. To accept payments after January 1st you will have to make sure that these technical solutions will work with your online store.
Accepting payments from the world’s largest card networks, Visa, Mastercard and Amex, will require that you have implemented the security solution 3D Secure for your online store. 3D Secure has been used since 2001 to improve the security for online card transaction but now a new version has been developed that will facilitate the PSD2 Strong Customer Authentication requirements.
We recommend you to use 3-D Secure, since it helps prevent fraud and also protects you from liability in case of any fraud. From January 1st 2020 it will also be a requirement for accepting the payments from major cards.
3DSv2 is inviting merchants to send additional information (mandatory / recommended ... ). All you need to know as a merchant can be found here:
Our test platform is ready for you to start testing. A simulator will support all different scenarios.
Testing cards have been provided and can be found on the support site, as well as in the TEST environment (Configuration > Technical Information > Test info).
Please contact us should you wish to start using 3-D Secure version 2 (3DSv2) in production.
In a case like this, Santander TPV eCommerce Pro will automatically manage a fallback to 3-D Secure v1.
The EU’s Second Payment Services Directive (2015/2366 PSD2) entered into force in January 2018, aiming to ensure consumer protection across all payment types, promoting an even more open, competitive payments landscape. Acting as a payment service provider, we pride ourselves on being confirmed PSD2 compliant since 29 May 2018.
One of the key requirements of PSD2 relates to Strong Customer Authentication (SCA) that will be required on all electronic transactions in the EU from 1st January 2021 for Europe and from 14th September 2021 for UK. SCA will require cardholders to authenticate themselves with at least TWO out of the following three methods:
- Something they know (PIN, password, …)
- Something they possess (card reader, mobile. …)
- Something they are (voice recognition, fingerprint, …
This means your customers, in practice, will no longer be able to make a card payment online by using only the information on their cards. Instead they will have to, for example, verify their identity on a bank app that is connected to their phone and requires a password or fingerprint to approve the purchase.
More information about PSD2 can be found here: https://www.europeanpaymentscouncil.eu/sites/default/files/infographic/2018-04/EPC_Infographic_PSD2_April%202018.pdf
We are in a process of certification for v2.2 and it will be in production in Q4 2020.
Configuration
The time to activate a payment method depends on the following factors:
- It generally takes the acquirer or bank about a week to complete your affiliation. If you already have an affiliation, the activation takes a few days.
- Some payment methods require additional checks before they can be activated, e.g. in case of 3-D Secure, which is requested directly at VISA or MasterCard (and not at the acquirer).
With Santander TPV eCommerce Pro Collect, you can activate several payment methods in one go.
Even though we advise against using it since this feature will no longer be supported from 25 August 2020, you can configure the so-called referrer check, in addition to the SHA signature authentication. With this setting, our system checks the origin of the transaction request which is the URL the request comes from (the referrer). The aim is so that unauthorised URLs (that were not configured in your account) will not be able to call the payment page.
In order to set it up or remove it, simply go to Technical Information > Data and origin verification. Under Checks for e-Commerce & Alias Gateway, you can enter one or more URLs that you want to enable to call the payment page: orderstandard.asp / orderstandard_utf8.asp.
Possible errors related to the referrer are "unknown order/1/r" and "unknown order/0/r". Go to Possible errors for more information about these errors.
Important: We strongly advise against it and therefore to leave it blank.
However, if you would still like to use it,
- The URL(s) must always start with http:// or https://
- You must enter the ‘origin’ of the URL being accepted (Origin: <scheme> "://" <hostname> [ ":" <port> ])’ (For example: https://www.mysite.net)
- If you have several domains, multiple URLs can be entered. For example, http://www.mysite.com;http://www.mysite.net;https://www.secure.mysite.com. The URLs must be separated by a semicolon, with no spaces before or after the semicolon.
- If you perform a test transaction from our test page, please remember to enter our site’s origin URL as a referrer, otherwise you will receive an error.
We also would like to take the opportunity to remind you that although the referrer allows our system to identify the origin of an order, SHA signature authentication remains the most trusted way to secure your transactions on your PSPID. You can find more information on that in our SHA signature integration guide.
Transactions
By default you can send goods or deliver your service once a transaction has reached the status "9 - Payment requested". However, although status 5 is a successful status, it's only a temporary reservation of an amount of money on the customer's card. A transaction in status 5 still needs to be confirmed (manually or automatically) to proceed to the status 9, which is the final successful status for most payment methods.
Go to Transaction statuses for more information.
In your Santander TPV eCommerce Pro account menu, you can easily lookup your transactions by choosing "Operations" and then clicking either "View transactions" or "Financial history", depending on the type of transaction results you're looking for.
Go to Consult your transactions for more information.
You can only perform refunds on transactions for which the funds have already been transferred to your bank account. A cancellation or deletion can be done before a payment has been fully processed, i.e. before the daily cut-off time at the acquirer, at which point all transactions of the previous day are processed.
A full green thumbs-up icon means that the transaction was completed with a 3-D Secure authentication method, such as Digipass or a card reader. However, it doesn't necessarily mean the payment itself was processed successfully. Therefore, you should always check the transaction status to know whether you'll receive your money.
Go to Transaction statuses for more information.
If you want to check specific details of an order/transaction or perform maintenance on transactions, you should use View transactions. "Financial history" is the most convenient to periodically check incoming and outgoing funds.
For more information, go to View transactions vs Financial history.
You can easily refund a payment with the "Refund" button in the order overview of a transaction (via View transactions). If your account supports it, you can also make refunds with a DirectLink request or with a Batch file upload (for multiple transactions).
Please note that the Refunds option has to be enabled in your account.
Go to Maintain your transactions for more information.
To make things easier for both merchants and consumers, PSD2 allows for some exemptions from strong customer authentication. What’s important to note is that all transactions that qualify for an exemption won’t be automatically exempted. In the case of card transactions, for example, it’s the card issuing bank that decides if an exemption is approved or not. So, even if a transaction qualifies for an exemption the customer might still have to make a strong customer authentication, if the card issuing bank chooses to demand it.
If the issuer is applying new PSD2 ruleset and 3DS is not active in the merchant's account, the transaction will be rejected with a new error code - soft decline. Therefore, please make sure to have 3DS active for each brand in your account(s). If you are integrated with DirectLink (Server to Server), you will need to implement the soft decline mechanism.
Exclusions are transactions that are OUT of scope for PSD2 SCA regulations:
- Mail order/telephone order
- One leg journey - Payee's PSP (aka Merchant's acquirer) or Payer's PSP (aka Buyer's payment method issuer) is outside of EEA zone
- Anonymous prepaid cards up to 150€ (article 63)
- MIT - merchant initiated transactions
Exemptions are transactions that are IN the scope of PSD2 SCA regulations:
- Low value transactions
- Subscriptions
- Risk analysis
- Whitelisting
This situation is only possible if you are integrated via DirectLink only (Merchant own page / FlexCheckOut), as in Santander TPV eCommerce Pro hosted payment page page, Santander TPV eCommerce Pro is collecting the mandatory data.
First of all, Santander TPV eCommerce Pro will identifiy the flow to be directed to v1 or v2 based on the card numbers.
If the card is enrolled V2, there are the following possible scenarios:
Mandatory data:
- If the wrong data is passed, transaction is blocked
- If some data is missing, Santander TPV eCommerce Pro will direct your transaction to v1 flow
- If no data is passed, transaction is NOT blocked but diverted to flow v1
Recommended or optional data:
- if no data is passed, transaction is NOT blocked, but cannot benefit from exemption.
From 1st January 2020 for Europe and from 14th September 2021 for UK, Strong Customer Authentication (SCA) rules will come into effect for all digital payments in Europe. Right now, banks, payment service providers and card networks are all working on technical solutions that will comply with the requirements for PSD2. To accept payments after January 1st you will have to make sure that these technical solutions will work with your online store.
Accepting payments from the world’s largest card networks, Visa, Mastercard and Amex, will require that you have implemented the security solution 3D Secure for your online store. 3D Secure has been used since 2001 to improve the security for online card transaction but now a new version has been developed that will facilitate the PSD2 Strong Customer Authentication requirements.
We recommend you to use 3-D Secure, since it helps prevent fraud and also protects you from liability in case of any fraud. From January 1st 2020 it will also be a requirement for accepting the payments from major cards.
3DSv2 is inviting merchants to send additional information (mandatory / recommended ... ). All you need to know as a merchant can be found here:
Our test platform is ready for you to start testing. A simulator will support all different scenarios.
Testing cards have been provided and can be found on the support site, as well as in the TEST environment (Configuration > Technical Information > Test info).
Please contact us should you wish to start using 3-D Secure version 2 (3DSv2) in production.
In a case like this, Santander TPV eCommerce Pro will automatically manage a fallback to 3-D Secure v1.
The EU’s Second Payment Services Directive (2015/2366 PSD2) entered into force in January 2018, aiming to ensure consumer protection across all payment types, promoting an even more open, competitive payments landscape. Acting as a payment service provider, we pride ourselves on being confirmed PSD2 compliant since 29 May 2018.
One of the key requirements of PSD2 relates to Strong Customer Authentication (SCA) that will be required on all electronic transactions in the EU from 1st January 2021 for Europe and from 14th September 2021 for UK. SCA will require cardholders to authenticate themselves with at least TWO out of the following three methods:
- Something they know (PIN, password, …)
- Something they possess (card reader, mobile. …)
- Something they are (voice recognition, fingerprint, …
This means your customers, in practice, will no longer be able to make a card payment online by using only the information on their cards. Instead they will have to, for example, verify their identity on a bank app that is connected to their phone and requires a password or fingerprint to approve the purchase.
More information about PSD2 can be found here: https://www.europeanpaymentscouncil.eu/sites/default/files/infographic/2018-04/EPC_Infographic_PSD2_April%202018.pdf
We are in a process of certification for v2.2 and it will be in production in Q4 2020.
The time to activate a payment method depends on the following factors:
- It generally takes the acquirer or bank about a week to complete your affiliation. If you already have an affiliation, the activation takes a few days.
- Some payment methods require additional checks before they can be activated, e.g. in case of 3-D Secure, which is requested directly at VISA or MasterCard (and not at the acquirer).
With Santander TPV eCommerce Pro Collect, you can activate several payment methods in one go.
Even though we advise against using it since this feature will no longer be supported from 25 August 2020, you can configure the so-called referrer check, in addition to the SHA signature authentication. With this setting, our system checks the origin of the transaction request which is the URL the request comes from (the referrer). The aim is so that unauthorised URLs (that were not configured in your account) will not be able to call the payment page.
In order to set it up or remove it, simply go to Technical Information > Data and origin verification. Under Checks for e-Commerce & Alias Gateway, you can enter one or more URLs that you want to enable to call the payment page: orderstandard.asp / orderstandard_utf8.asp.
Possible errors related to the referrer are "unknown order/1/r" and "unknown order/0/r". Go to Possible errors for more information about these errors.
Important: We strongly advise against it and therefore to leave it blank.
However, if you would still like to use it,
- The URL(s) must always start with http:// or https://
- You must enter the ‘origin’ of the URL being accepted (Origin: <scheme> "://" <hostname> [ ":" <port> ])’ (For example: https://www.mysite.net)
- If you have several domains, multiple URLs can be entered. For example, http://www.mysite.com;http://www.mysite.net;https://www.secure.mysite.com. The URLs must be separated by a semicolon, with no spaces before or after the semicolon.
- If you perform a test transaction from our test page, please remember to enter our site’s origin URL as a referrer, otherwise you will receive an error.
We also would like to take the opportunity to remind you that although the referrer allows our system to identify the origin of an order, SHA signature authentication remains the most trusted way to secure your transactions on your PSPID. You can find more information on that in our SHA signature integration guide.
Transactions
By default you can send goods or deliver your service once a transaction has reached the status "9 - Payment requested". However, although status 5 is a successful status, it's only a temporary reservation of an amount of money on the customer's card. A transaction in status 5 still needs to be confirmed (manually or automatically) to proceed to the status 9, which is the final successful status for most payment methods.
Go to Transaction statuses for more information.
In your Santander TPV eCommerce Pro account menu, you can easily lookup your transactions by choosing "Operations" and then clicking either "View transactions" or "Financial history", depending on the type of transaction results you're looking for.
Go to Consult your transactions for more information.
You can only perform refunds on transactions for which the funds have already been transferred to your bank account. A cancellation or deletion can be done before a payment has been fully processed, i.e. before the daily cut-off time at the acquirer, at which point all transactions of the previous day are processed.
A full green thumbs-up icon means that the transaction was completed with a 3-D Secure authentication method, such as Digipass or a card reader. However, it doesn't necessarily mean the payment itself was processed successfully. Therefore, you should always check the transaction status to know whether you'll receive your money.
Go to Transaction statuses for more information.
If you want to check specific details of an order/transaction or perform maintenance on transactions, you should use View transactions. "Financial history" is the most convenient to periodically check incoming and outgoing funds.
For more information, go to View transactions vs Financial history.
You can easily refund a payment with the "Refund" button in the order overview of a transaction (via View transactions). If your account supports it, you can also make refunds with a DirectLink request or with a Batch file upload (for multiple transactions).
Please note that the Refunds option has to be enabled in your account.
Go to Maintain your transactions for more information.
By default you can send goods or deliver your service once a transaction has reached the status "9 - Payment requested". However, although status 5 is a successful status, it's only a temporary reservation of an amount of money on the customer's card. A transaction in status 5 still needs to be confirmed (manually or automatically) to proceed to the status 9, which is the final successful status for most payment methods.
Go to Transaction statuses for more information.
In your Santander TPV eCommerce Pro account menu, you can easily lookup your transactions by choosing "Operations" and then clicking either "View transactions" or "Financial history", depending on the type of transaction results you're looking for.
Go to Consult your transactions for more information.
You can only perform refunds on transactions for which the funds have already been transferred to your bank account. A cancellation or deletion can be done before a payment has been fully processed, i.e. before the daily cut-off time at the acquirer, at which point all transactions of the previous day are processed.
A full green thumbs-up icon means that the transaction was completed with a 3-D Secure authentication method, such as Digipass or a card reader. However, it doesn't necessarily mean the payment itself was processed successfully. Therefore, you should always check the transaction status to know whether you'll receive your money.
Go to Transaction statuses for more information.
If you want to check specific details of an order/transaction or perform maintenance on transactions, you should use View transactions. "Financial history" is the most convenient to periodically check incoming and outgoing funds.
For more information, go to View transactions vs Financial history.
You can easily refund a payment with the "Refund" button in the order overview of a transaction (via View transactions). If your account supports it, you can also make refunds with a DirectLink request or with a Batch file upload (for multiple transactions).
Please note that the Refunds option has to be enabled in your account.
Go to Maintain your transactions for more information.