Release 24.6

go directly to content

Search by keywords

American Express integration

To search in the page use Ctrl+F on your keyboard

Sherlock's is a secure multi-channel e-commerce payment solution that complies with the PCI DSS standard. It allows you to accept and manage payment transactions by taking into account business rules related to your activity (payment upon shipping, deferred payment, recurring payment, payment in instalments, etc.).

The purpose of this document is to explain the American Express means of payment integration into Sherlock's.

This document is intended to help you implement the American Express means of payment on your e-commerce site.

It includes:

  • functional information for you
  • implementation instructions for your technical team

To get an overview of the Sherlock's solution, we advise you to consult the following documents:

  • Functional presentation
  • Functionality set-up guide

The American Express card is an international payment card issued by and associated with the American Express payment network.

The American Express network offers a wide range of personal and professional cards, and above all allows card users to defer settlement of the amount owed.

American Express has also joined the 3-D Secure programme, under the Safekey brand, to reduce the risk of fraud on customers online purchases.

To pay with an American Express network card, cardholders have to provide their card details, namely:

  • Card number
  • Expiry date
  • Visual security code (or security code, referred to as CID or 4DBC for American Express)
  • If the cardholder's card and your merchant ID are enrolled in Safekey, the customer will be required to enter a dynamic one-time use code, usually received on their mobile phone.
Payment channels
Internet V Default payment channel
MAIL_ORDER, TELEPHONE_ORDER V SafeKey authentication not applicable
Fax V SafeKey authentication not applicable
IVS V SafeKey authentication not applicable
Means of payment
Immediate payment X
End-of-day payment V Default method
Deferred payment V In case of SafeKey authentication, the capture delay is limited to 6 days.
Payment upon shipping V In case of SafeKey authentication, the capture delay is limited to 6 days.
Payment in instalments V Only the 1st transaction could be SafeKey authenticated transaction.
Subscription payment V SafeKey authentication not applicable
Batch payment V SafeKey authentication not applicable
OneClick payment V
Currency management
Multicurrency acceptance V According to your contract
Currency settlement V According to your contract

The authorisation duration for American Express cards depends on your acquirer. By default, the duration is 6 days.

In the case of a deferred payment lasting 6 days or less, Sherlock's makes an authorisation request to the acquirer for the full amount of the transaction which will then be remitted according to the requested mean of payment.

As for a deferred payment lasting longer than 6 days, Sherlock's makes two authorisation requests to the acquirer:

  • the 1st online authorisation request, called “account verification”, allows to check the account status and validity without impacting the authorisation limit.
Note: the account verification must be supported by your acquirer. Otherwise, a real authorisation for a small amount (for example, EUR 2.00 in the euro zone) is made to check the cardholder's account validity.
  • a 2nd authorisation request for the real transaction amount at the time of bank withdrawal.

For INTERNET, MAIL_ORDER and TELEPHONE_ORDER channels, on the Sherlock’s Office and Sherlock’s Office Batch interfaces only, you are allowed to perform an account verification on your own initiative (not conditioned by the deferred payment delay). To do this, you have to set the transaction amount to “0”. Therefore, Sherlock's will perform an account verification from the acquirer, and the transaction will be stored in the Sherlock's information system, but won’t be remitted in bank.

Attention: the account verification system must be supported by your acquirer. Otherwise, an attempt to perform an account verification on your initiative will be handled as a standard authorisation request with an amount of “0”.

During a payment, sometimes the current transaction cannot be finalised. This is the case, for instance, when one of the actors in the banking network encounters a failure when processing an authorisation request. The Sherlock's server will send a message to cancel the transaction which is called cap adjustment. This message allows the issuing bank to update, if necessary, the cardholder's card outstandings.

Attention: in order to operate, the adjustment cap in case of an error must be supported by the acquirer.

Payments are remitted to American Express according to the payment terms you set. As standard, the remittance in bank is triggered at night as from 10 pm CET (Central European Time) via a file exchange with American Express.

American Express has created the Safekey programme to enhance transactions reliability. This programme is very similar to the 3-D Secure programme offered by Visa and MasterCard. In this programme, customers trying to pay with an American Express card are asked to authenticate themselves as being cardholders. This authentication procedure involves American Express as both card acquirer and card issuer.

If all parties follow the authentication process rules, American Express may guarantee the transaction payment for you. Sherlock's does not provide any information regarding the payment guarantee offered by American Express.

The Safekey authentication procedure results may trigger the automatic transaction relegation. This means that under specific circumstances, the transaction is processed as if no Safekey authentication procedure had been performed at all.

The automatic relegation is triggered by any of these circumstances:

  • the card used is not marked as enrolled in the Safekey authentication programme.
  • a technical issue (e.g. temporary service failure) occurs during the Safekey authentication procedure.

In the case of a deferred payment request with Safekey authentication, the delay cannot exceed 6 days (if the merchant requests a delay greater than 6 days, Sherlock's system will automatically force this delay to 6 days during the payment process).

When you subscribe to the Safekey authentication programme, all Safekey eligible payments will be processed using this authentication system. However, it is possible to disable the Safekey authentication programme on demand, by populating a dedicated flag in the request.

Attention: beforehand,you must subscribe to the option allowing to deactivate the Safekey authentication programme on demand.
This deactivation on demand is possible on the "Sherlock’s Paypage" interface only.
No liability shift will apply if Safekey authentication is bypassed.

A reversal request aims to cancel the modification of the issuer authorisation cap.

This reversal request is always linked to an authorisation request.

Tip: the reversal request is available for acquirers accepting it (please contact us to have the list).

The reversal request is sent to the acquirer in the following case:

  • the merchant fully cancels the transaction;
  • the authorisation server doesn't respond positively to an authorisation request for the following reasons: "approved after identification" or "approved for partial amount";
  • no response has been received after an authorisation request (timeout);

For American Express payment mean, credit holder request must always follow an initial debit transaction.

The difference with a refund request is that credit holder request allows you to credit your customer's account from an initial debit transaction that was not created on Sherlock's.

American Express may verify the integrity of your credit holder requests by doing some checks:

  • your American Express balance account should be positive;
  • ratio between the number of credit holder requests and number of debit requests should be coherent;
  • ...

In case of suspicion, American Express reserves the right to contact you.

Tip: Please reach to your American Express representative to get the full list of precautions to take.

When performing CVV check, American Express accept any transaction whatever the code is right or wrong. Result of this check is returned in field (

cardCSCResultCode
) when performing authorisation request.

You can also choose to just take in account value of field (cardCSCResultCode) to adapt response or eventually proceed a cancellation of transaction

Note: Behavior within American Express is not altered. Transactions will remains accepted on AMEX whatever the CVV is right or wrong.

In order to offer the American Express means of payment on your website, you have to sign a distance selling contract with American Express. Thereafter, you transmit us the contract number for recording in our information system.

All currencies may potentially be accepted on Sherlock's (Please refer to the paragraph 'currencyCode' of Data dictionary) provided they are specified in one of the contracts agreed upon with American Express. Please note that American Express contracts are single currency contracts. This means you should sign one American Express acceptance contract for each desired currency.

If you use several order channels, you must open one American Express contract per channel.

Note: Consequently, If you use several order channels, for example MOTO and Internet/In-App, as well as several currencies, for example Euros and Dollars, you will need four contracts:
  • one contract for MOTO and Euros
  • one contract for MOTO and Dollars
  • one contract for Internet/In-App and Euros
  • one contract for Internet/In-App and Dollars

Sherlock's offers you three solutions to integrate the American Express means of payment:

  • Sherlock’s Paypage which directly acts as the payment interface with customers via their web browser.
  • Sherlock’s Office which gives you the possibility to display your payment pages and works through a server-to-server dialog.
  • Sherlock’s Office Batch which allows you to process batch payments.

The remittance modes available for an American Express transaction are:

  • Cancellation mode: default mode allowing transaction remittance on a predefined date, called capture delay. When this capture delay is reached, the remittance is sent automatically. This delay is set via the captureDay field with its 0 default value (end-of-day payment).
  • Validation mode: you must validate the transaction to trigger the remittance. A capture delay must also be defined. When this capture delay is reached or exceeded, you will not be able to validate the transaction, which will therefore expire automatically.

The diagram below explains the different transaction statuses according to the chosen capture mode:


description of the possible statuses for an American Express transaction

In cancellation mode (captureMode = AUTHOR_CAPTURE), if the transaction is accepted and the capture delay (captureDay) is not exceeded, the transaction is set to TO-CAPTURE status. If it is exceeded, the transaction is set to TO_AUTHORIZE status. In validation mode (captureMode = VALIDATION), if the transaction is accepted and the capture delay (captureDay) is not exceeded, the transaction goes to TO_VALIDATE status. If the capture delay is exceeded, the transaction is set to status TO_REPLAY. Regardless of the capture mode, if the transaction is refused (responseCode not equal to 00), the transaction is set to status REFUSED.

The payment process for Sherlock’s Paypage is described below:


steps of an American Express payment via Paypage

1) The customer makes the payment. 2) He is redirected to the payment mean selection page hosted by Sherlock's, he selects American Express and enters his card number. 3) He is redirected to the ACS page where he authenticates himself. 4) He is redirected to a Sherlock's page. 5) If he clicks on the back to eshop button, they are redirected to your website which triggers the manual response to be sent. 6) Sherlock's sends an automatic response.

The AMEX acquisition system provides a specific system performing some additional controls on the transaction, named AMEX Enhanced Authorization (AMEX-EA).

This system uses data from multiple optional fields to perform these controls.

The following table summarises the different response cases to be processed:

Status Response fields Action to take
Payment accepted acquirerResponseCode = 00
authorisationId = (cf. the Data Dictionary).
paymentMeanBrand = AMEX
paymentMeanType = CARD
responseCode = 00
cardCSCResultCode = 4D
You can deliver the order.
Payment accepted with wrong CVV responseCode = 00
cardCSCResultCode != 4D (please refer to the Data dictionary)
Transaction is authorized but a wrong CVV has been dectected. You may cancel the transaction or keep as it
Refusal for wrong CVV acquirerResponseCode = 00
responseCode = 14
cardCSCResultCode != 4D (please refer to the Data dictionary)
Transaction refused because CVV is wrong
Acquirer refusal acquirerResponseCode = (cf. the Data Dictionary).
responseCode = 05
The authorisation is refused for a reason unrelated to fraud.
If you have not opted for the "new payment attempt" option (please read the Functionality set-up Guide for more details), you can suggest that your customer pay with another means of payment by generating a new request.
Refusal due to the number of attempts reached responseCode = 75 The customer has made several attempts that have all failed.
Refusal due to a technical issue acquirerResponseCode = 90-98
responseCode = 90, 99
Temporary technical issue when processing the transaction. Suggest that your customer redo a payment later.

For the complete response codes (responseCode) and acquirer response codes (acquirerResponseCode), please refer to the Data dictionary.

For more information, please refer to the 3-D Secure guide for analysing authentication data.

The payment process for Sherlock’s Office is described below:


steps of an American Express payment via Office

1) You collect the card information on the payment page hosted on your website and transmit this information to information to Sherlock's via the cardCheckEnrollment method. 2) Sherlock's sends you the url of the ACS. 3) You redirect your customer to the ACS. 4) Your client authenticates and is redirected to your site. 5) You collect authentication information and send an authorization request to Sherlock's via the cardValidateAuthenticationAndOrder method. 6) Sherlock's sends you the payment response and you display the payment result to your your customer on your website.

American Express payments can be initiated using the cardCheckEnrollment function of the CheckOut service.

The following fields are used to send information specific to this means of payment:

Field name Remarks/rules
cardNumber Mandatory
cardExpiryDate Mandatory
cardCSCValue Mandatory, 4 digits (4DBC)
paymentMeanBrand Must be populated with AMEX.
merchantLocationId Optional. If provided in request, will be sent with the transaction in the remittance file to Amex.

For more information, please refer to the 3-D Secure guide on Sherlock’s Office connector to implement the other steps of a 3-D Secure payment.

The following operations are available on American Express transactions:

Cash management
Cancellation V
Validation V
Refund V
Duplication V

The diagram below allows you to know which cash management operation is available when a transaction is in a given state:


Scheme too complex to describe, please contact support sips@worldline.com

The reports provided by Sherlock's allow you to have a comprehensive and consolidated view of your transactions, cash operations, accounts and chargebacks. You can use this information to improve your information system.

The availability of American express transactions for each type of report is summarised in the table below:

Reports availability
Transactions report V
Operations report V
Reconciliations report V
Chargebacks report V
Note: for American Express transactions, the paymentMeanBrand field is populated with the value AMEX.
Attention: in order to enable reconciliations reports for your American Express transactions in your Sherlock's reports, you need to provide a specific request to American Express. Please please approach your usual American Express contact.

You can view your American Express transactions and perform various cash management operations with Sherlock's Gestion.



This site uses trackers to improve your experience, perform analysis and researches on your use of Sherlock's documentation website.
You have several options:
Closing this banner you refuse the use of trackers on your device.

Configuration