Release 24.5

go directly to content

Search by keywords

Carte Bancaire integration

To search in the page use Ctrl+F on your keyboard

Sherlock's is a secure multi-channel e-commerce payment solution that complies with the PCI DSS standard. It allows you to accept and manage payment transactions by taking into account business rules related to your activity (payment upon shipping, deferred payment, recurring payment, payment in instalments, etc.).

The purpose of this document is to explain the CB means of payment integration into Sherlock's.

This document is intended to help you implement the CB means of payment on your e-commerce site.

It includes:

  • functional information for you
  • implementation instructions for your technical team

To get an overview of the Sherlock's solution, we advise you to consult the following documents:

  • Functional presentation
  • Functionality set-up guide

France has its own CB acceptance network, separate from the global Visa and Mastercard networks. Most French cards are co-badged CB+Visa or CB+Mastercard, and therefore have 2 logos, CB and Visa or Mastercard.

To pay with a CB network card, cardholders have to provide their card details, namely:

  • card number
  • expiry date
  • visual security code

With European PSD2, 3-D Secure authentication is now mandatory. When processing a payment, the cardholder must prove that he is the actual owner of the CB card he is using. The way of how the cardholder authenticate himself depends on the issuer bank and on fraud consideration.

Payment channels
Internet V Default payment channel
MAIL_ORDER, TELEPHONE_ORDER V
Fax V
IVS V
Means of payment
Immediate payment X
End-of-day payment V Default method
Deferred payment V Limited to 99 days, except for 3-D Secure which is limited to 6 days because of the liability shift rules.
Payment upon shipping V Limited to 99 days, except for 3-D Secure which is limited to 6 days because of the liability shift rules.
Payment in instalments V
Subscription payment V
Batch payment V
OneClick payment V

Payments are remitted to a bank according to the payment terms you set. As standard, the remittance in bank is triggered at night as from 10 pm CET (Central European Time) via a file exchange with the acquirer.

For INTERNET and MOTO channels, you are allowed to perform an account verification on your own initiative (not conditioned by the deferred payment delay). To do this, you have to set the transaction amount to “0”. Therefore, Sherlock's will perform an account verification from the acquirer, and the transaction will be stored in the Sherlock's information system, but won’t be remitted in bank.

Attention: the account verification system must be supported by your acquirer. Otherwise, an attempt to perform an account verification on your initiative will be handled as a standard authorisation request with an amount of “0”.

If you have the required option, a card checking is done using a lost and stolen list provided by the acquirer. This checking will be carried out during the transaction validation or the remittance steps.

If the provided card is in the lost and stolen cards list during the validation, the operation is rejected.

If the provided card is in the lost and stolen cards list during the remittance, the transaction will not be remitted.

Attention: this checking must be supported by your acquirer. The checking prior to validation is carried out only if the transaction was not authorised on the same day but the transaction authorisation is still valid.

As a payment acceptance solution, Sherlock's 2.0 is subject to the European MIF Regulation (EU's OJ 2015/751 L123 of 19/5/2015). Among these rules, the "brand selection" requires you to offer customers with a co-badged card the choice of brand at the time of payment, which affects the payment page.

A co-badged card is a card that supports at least two brands. Most cards issued in France are co-badged with the CB brand. For CB acceptance, the possible combinations of co-badged cards are:

  • CB + Visa
  • CB + MasterCard
  • CB + VPAY
  • CB + Maestro
  • CB + Visa Electron

Thus, you must allow customers with a co-badged card to select the brand.

The screen below shows an example of a CB + Visa co-badged card, with the CB brand as default. The customer can change the brand by clicking on the link at the bottom of the screen.



Attention: for cards that are not co-badged, no choice of brand is given.
If you performed the Sherlock's solution integration before the MIF / Brand selection migration, the VPay and Electron brands have been assimilated into the Visa brand and Maestro into the MasterCard brand.
If you wish to differentiate between the Vpay, Visa Electron and Maestro brands, you must specify this during the store registration on Sips or make the request to the distributor.
The identification of these brands affects the returned payment response: the paymentMeanBrand field can take one of the new values VPAY, VISA_ELECTRON or MAESTRO.
When a duplication request is issued on a transaction that has been subject to a brand selection process, the new transaction will exploit the selection result from the initial transaction.

A reversal request aims to cancel the modification of the issuer authorisation cap.

This reversal request is always linked to an authorisation request.

Tip: the reversal request is available for acquirers accepting it (please contact us to have the list).

The reversal request is sent to the acquirer in the following case:

  • the merchant fully cancels the transaction. The cancellation is prioritized: it is completed even if the reversal fails;
  • the authorisation server doesn't respond positively to an authorisation request for the following reasons: "approved after identification" or "approved for partial amount";
  • no response has been received after an authorisation request (timeout);

Multiple payment on dispatch is a payment scenario that allows an order to be taken and your customer to be charged for each dispatch of goods.

In the case of payment by CB payment method for multiple payment on dispatch, CB announces eligibility for a payment guarantee of up to 30 days for each new transaction corresponding to a new dispatch. However, CB issues the following conditions:

  • The cumulative amount of shipping transactions must not exceed the amount authenticated at the time the order was placed
  • Each new shipment must be authorised with the acquirer no later than 30 days after the order is authenticated

If one of these conditions is not respected, the 30-day payment guarantee promised by CB will be lost.

Sherlock's is not able to display a payment guarantee indicator for this payment kinematics. The order-taking transaction will have its payment guarantee indicator set to Y if it is authenticated in accordance with PSD2. The transactions corresponding to the different shipments will have their guarantee indicator set to E, meaning that they are eligible for the payment guarantee but that Sherlock's cannot certify it. For more information, you can consult the data dictionary for the guaranteeIndicator field.

In order to offer the CB means of payment on your website, you have to sign a Sherlock's contract.

Sherlock's offers you three solutions to integrate the CB means of payment:

  • Sherlock’s Paypage which directly acts as the payment interface with customers via their web browser.
  • Sherlock’s Office which gives you the opportunity to display your payment pages and works through a server-to-server dialog.
  • Sherlock’s Office Batch which allows you to process batch payments.

The remittance modes available for a CB transaction are:

  • Cancellation mode: default mode allowing transaction remittance on a predefined date, called capture delay. When this capture delay is reached, the remittance is sent automatically. This delay is set via the captureDay field with its 0 default value (end-of-day payment).
  • Validation mode: you must validate the transaction to trigger the remittance. A capture delay must also be defined. When this capture delay is reached or exceeded, you will not be able to validate the transaction, which will therefore expire automatically.

The diagram below explains the different transaction statuses according to the chosen capture mode:


description of the possible statuses for a transaction

In cancellation mode (captureMode = AUTHOR_CAPTURE), if the transaction is accepted and the capture delay (captureDay) is not exceeded, the transaction changes to TO_CAPTURE status. If it is exceeded, the transaction changes to TO_AUTHORIZE status. In validation mode (captureMode = VALIDATION), if the transaction is accepted and the capture delay (captureDay) is not exceeded, the transaction changes to TO_VALIDATE status. If the capture delay is exceeded, the transaction is set to TO_REPLAY status. Regardless of the capture mode, if the transaction is rejected (responseCode not equal to 00), it is set to REFUSED status.

The payment process for Sherlock’s Paypage is described below:


image showing the kinematics of a payment via Paypage

1) After finalizing the order on the merchant website, the customer proceeds to the payment. 2) The customer is redirected to the payment pages hosted on the Sherlock's side and selects CB. 3) The customer is redirected to the ACS of his bank to do a strong authentication. 4) When the customer returns to Sherlock's the ticket with the result is displayed. 5) If the customer clicks on the return to shop button, they are redirected to the merchant's website which unlocks the manual response. 6) The Sherlock's engine also sends an automatic response to the merchant website.

The following fields have a particular behaviour:

Field name Remarks/rules
statementReference The value sent to this field will appear on your account statement (Available only for some acquirers).
Note: the field paymentMeanBrand can be set to VISA for Vpay and Electron cards and to MASTERCARD for Maestro cards.
Note: for the 3-D Secure v2 payments, it is recommended to populate some fields to foster the frictionless. Please refer to the 3-D Secure guide.

The following table summarises the different response cases to be processed:

Status Response fields Action to take
Payment accepted acquirerResponseCode = 00
authorisationId = (cf. the Data Dictionary).
cardProductCode = (cf. the Data Dictionary).
cardProductName = (cf. the Data Dictionary).
cardProductProfile = (cf. the Data Dictionary).
cardProductUsageLabel = (cf. the Data Dictionary).
virtualCardIndicator = (cf. the Data Dictionary).
issuerCode = (cf. the Data Dictionary).
issuerCountryCode = (cf. the Data Dictionary).
paymentMeanBrand =
paymentMeanType = CARD
responseCode = 00
You can deliver the order.
Acquirer refusal acquirerResponseCode = (cf. the Data Dictionary).
responseCode = 05
The authorisation is refused for a reason unrelated to fraud.
If you have not opted for the "new payment attempt" option (please read the Functionality set-up Guide for more details), you can suggest that your customer pay with another means of payment by generating a new request.
Soft decline acquirerResponseCode = A1
responseCode = 05
The acquirer has refused the payment because there was no 3-D Secure authentication.
Please try the payment again by activating the 3-D Secure authentication.
Refusal due to the number of attempts reached responseCode = 75 The customer has made several attempts that have all failed.
Refusal due to a technical issue acquirerResponseCode = 90-98
responseCode = 90, 99
Temporary technical issue when processing the transaction. Suggest that your customer redo a payment later.

For the complete response codes (responseCode) and acquirer response codes (acquirerResponseCode), please refer to the Data dictionary.

In the case of Sherlock’s Paypage, the payment process and the brand selection are managed by Sips. In return, Sherlock's notifies the merchant about the brand selection made by the customer through the following fields:

Field Description
paymentMeanBrand Brand selected for the transaction acceptance
paymentMeanBrandSelectionStatus

Brand selection method. This field takes the following values:

  • Empty: brand selection not activated for the shop.
  • "NOT_APPLICABLE": brand selection activated but transaction not eligible.
  • "APPLIED_DEFAULT": acceptance of the default brand (with no selection action by the holder).
  • "APPLIED_HOLDER": the holder specifically chooses the brand.

This field has been restored in the latest versions of the connector and of the transaction reports.

To activate the brand selection, you must first:

  1. Give your default brand choices for each co-badged card combination in order to configure the brand selection on the Sherlock's server:
    • CB + VISA = CB or Visa
    • CB + MASTERCARD = CB or MasterCard
    • CB + VPAY = CB or VPay
    • CB + MAESTRO = CB or Maestro
    • CB + VISA ELECTRON = CB or Visa Electron
  2. Guarantee the customisation compatibility with the choice of brand in case you use your own customisation (via a merchant CSS).

If you host the means of payment selection page, you must avoid confusion between the means of payment and brand selections, for example the card logos grouping.



If you request dynamic brand filtering using the paymentMeanBrandList field of the payment request, then the paymentMeanBrandSelectionStatus field calculation rules are:

Co-badged card? Filtering Cardholder’s action PaymentMeanBrand​SelectionStatus
YES One of the card brands is not in the paymentMeanBrandList list. N/A NOT_APPLICABLE
YES All of the card brands are in the paymentMeanBrandList list. Default brand acceptance (no selection action) APPLIED_DEFAULT
YES All of the card brands are in the paymentMeanBrandList list. The cardholder specifically selects the brand. APPLIED_HOLDER
NO / N/A NOT_APPLICABLE

You must control the dynamic means of payment filtering to avoid impacting on the payment process and to be compliant with the purchase contract.

If the card entered is not compatible with the list of accepted cards then Sherlock's does not accept the transaction and will invite the customer to try again. After 3 attempts, Sherlock's rejects the transaction.

Recommendation: most of the CB cards are co-badged in France (CB-VISA, CB-VPAY, CB-VISA ELECTRON, CB-MASTERCARD and CB-MAESTRO), and we advise you not to separate the CB-VISA-VPAY-VISA ELECTRON-MASTERCARD-MAESTRO brands at the time of payment.

The payment process for Sherlock’s Office is described below:


steps of an American Express payment via Office

1) You collect the card information on the payment page hosted on your website and transmit this information to information to Sherlock's via the cardCheckEnrollment method. 2) Sherlock's sends you the url of the ACS. 3) You redirect your customer to the ACS. 4) Your client authenticates and is redirected to your site. 5) You collect authentication information and send an authorization request to Sherlock's via the cardValidateAuthenticationAndOrder method. 6) Sherlock's sends you the payment response and you display the payment result to your your customer on your website.

American Express payments can be initiated using the cardCheckEnrollment function of the CheckOut service.

The following fields are used to send information specific to this means of payment:

Field name Remarks/rules
cardNumber Mandatory
cardExpiryDate Mandatory, if specified on the card.
cardCSCValue The CVV is optional for transactions using the MOTO, MAIL_ORDER or TELEPHONE_ORDER payment channels.
paymentMeanBrand If you have implemented the European MIF - brand selection regulation, please refer to the paragraph Brand selection on Sherlock’s Office.
The paymeantMeanBrand field can be populated with VISA for Vpay and Electron cards and with MASTERCARD for Maestro cards.

For more information, please refer to the 3-D Secure guide on Sherlock’s Office connector to implement the other steps of a 3-D Secure payment.

The following table summarises the different response cases to be processed:

Status Response fields Action to take
Payment accepted acquirerResponseCode = 00
authorisationId = (cf. the Data Dictionary).
cardData.cardProductCode = (cf. the Data Dictionary).
cardData.cardProductName = (cf. the Data Dictionary).
cardData.cardProductProfile = (cf. the Data Dictionary).
cardData.cardProductUsageLabel = (cf. the Data Dictionary).
cardData.virtualCardIndicator = (cf. the Data Dictionary).
cardData.issuerCode = (cf. the Data Dictionary).
cardData.issuerCountryCode = (cf. the Data Dictionary).
cardData.issuerName = (cf. the Data Dictionary).
paymentMeanBrand =
responseCode = 00
You can deliver the order.
Acquirer refusal acquirerResponseCode = (cf. the Data Dictionary).
responseCode = 05
The authorisation is refused for a reason unrelated to fraud, you can suggest that your customer pay with another means of payment by generating a new request.
Soft decline acquirerResponseCode = A1
responseCode = 05
The acquirer has refused the payment because there was no 3-D Secure authentication.
Please try the payment again by activating the 3-D Secure authentication.
Refusal due to a technical issue acquirerResponseCode = 90-98
responseCode = 90, 99
Temporary technical issue when processing the transaction. Suggest that your customer redo a payment later.

For the complete response codes (responseCode) and acquirer response codes (acquirerResponseCode), please refer to the Data dictionary.

Please refer to 3-D Secure guide to analyse the authentication information.

In the case of Sherlock’s Office and Sherlock’s In-App for transaction acceptance, you can manage the brand selection. You must detect cards that are co-badged with the CB brand and offer a choice of brand to the cardholder, then send this choice to Sips by populating the following fields:

Field Description
paymentMeanBrand

Brand selected for the transaction acceptance. Mandatory field for Brand selection (paymentMeanBrandSelectionStatus field populated).

  • If the holder has not made any specific brand choice then you indicate the default brand in this field.
  • In the event of a brand error, the transaction is declined (response code 14).
  • If the paymentMeanBrandSelectionStatus field is populated and the paymentMeanBrand field is empty, then the transaction is rejected (response code 30).
  • The Vpay and Electron brands must be associated with Visa and the Maestro brands with MasterCard (changes to come in an upcoming release).
paymentMeanBrandSelectionStatus

Brand selection method. This field takes the following values:

  • Empty: brand selection not activated by the shop (default value).
  • "NOT_APPLICABLE": brand selection activated but transaction not eligible.
  • "APPLIED_DEFAULT": acceptance of the default brand (with no selection action from the holder).
  • "APPLIED_HOLDER": the holder specifically chooses the brand.

This field is available in the latest versions of the connector and has been restored in the latest versions of the transaction reports.

For the detection of cards co-badged with CB, you must ask your acquirer to receive the cards reference file named "Liste d'acceptation enrichie VADS (pour le grand commerce / PAT)" (secure distance selling enriched acceptance list (for large retailers / PSPs), flow id SICB - CNFFHV2). This list allows you to identify the brands of a card from its BIN.

Finally, you must avoid confusion between the means of payment and brand selections, for example the card logos grouping.



The following operations are available on CB transactions:

Cash management
Cancellation V
Cancellation available on the total or partial amount of the transaction.
Depending on your acquirer, a total cancellation can cause a reversal request sending.
Validation V Validation available on the partial amount of the transaction.
Refund V Refund available on the partial amount of the transaction and for amounts greater than the initial amount (unlimited refund).
Duplication V
Credit V

The diagram below informs you which cash management operation is available when a transaction is in a given state:


image too complex to be described, please contact the  support

The reports provided by Sherlock's allow you to have a comprehensive and consolidated view of your transactions, cash operations, accounts and chargebacks. You can use this information to improve your information system.

The availability of CB transactions for each type of report is summarised in the table below:

Reports availability
Transactions report V
Operations report V
Reconciliations report V
Chargebacks report V
Note: for CB transactions, the paymentMeanBrand field is populated with the value CB.

You can view your CB transactions and perform various cash management operations with Sherlock's Gestion.



This site uses trackers to improve your experience, perform analysis and researches on your use of Sherlock's documentation website.
You have several options:
Closing this banner you refuse the use of trackers on your device.

Configuration