Introduction
Sherlock's is a secure multi-channel e-commerce payment solution that complies with the PCI DSS standard. It allows you to accept and manage payment transactions by taking into account business rules related to your activity (payment upon shipping, deferred payment, recurring payment, payment in instalments, etc.).
The purpose of this document is to explain the Google Pay™ means of payment integration into Sherlock's.
Who does this document target?
This document is intended to help you implement the Google Pay™ means of payment on your e-commerce site.
It includes:
- functional information for you
- implementation instructions for your technical team
To get an overview of the Sherlock's solution, we advise you to consult the following documents:
- Functional presentation
- Functionality set-up guide
Understanding Google Pay™ payments with Sherlock's
General principles
Google Pay™ is a means of payment offered by Google to issue payments in a simple and secure way on app or website, without card or cash.
The cardholder will need to get a Google account and the he could :
- use a payment card already stored in its Google Wallet
- add a new payment card in its Google Wallet and use it
- used a payment card registered in its Google.com account
With this solution, customers pay for their purchases online without having to enter their card details all the time. In addition, with the wallet application they can view their transaction history.
Acceptance rules
Available functionalities
Payment channels | ||
---|---|---|
Internet | V | Default payment channel |
MAIL_ORDER, TELEPHONE_ORDER | X | |
Fax | X | |
IVS | X | |
Sherlock’s In-App | X |
Means of payment | ||
---|---|---|
Immediate payment | X | |
End-of-day payment | V | Default method |
Deferred payment | V | Limited to 6 days. |
Payment upon shipping | V | Limited to 6 days. |
Payment in instalments | X | |
Subscription payment | X | |
Batch payment | X | |
OneClick payment | X |
Currency management | ||
---|---|---|
Multicurrency acceptance | V | |
Currency settlement | X | |
Dynamic currency conversion | X |
Google Pay™ payment mean characteristics
Here are the rules applied to the Google Pay™ means of payment:
Feature | Restriction | Restriction by |
---|---|---|
Means of payment | MASTERCARD VISA
ELECTRON |
Sherlock's |
2 authentication methods are available :
- CRYPTOGRAM_3DS : The Google Pay API will return a device token on an Android-powered device authenticated with a 3-D Secure cryptogram .
- PAN_ONLY : The Google Pay API will return cards on file on Google.com.
All anti-fraud checks are supported under the Google Pay™ means of payment payments (fraud tool).
To define the Google Pay payment logo on your payment page, you'll have to follow the Google Pay™ brand guideline available here : https://developers.google.com/pay/api/web/guides/brand-guidelines
Authentication request
Depending on the authentication method selected by the customer (CRYPTOGRAM_3DS or PAN_ONLY, the authentication could be handled by Google Pay™ or the issuer's bank
Regardless of the authentication method selected, once the customer
validate its payment with Google Pay™, then Google
will cyphered the payment data with our key. You'll have to send this data
to us using paymentDataProviderCheck
function, in order to decypher and check the payment data.
Then you'll get 2 options :
- In "CRYPTOGRAM_3DS" authentication method : The customer use a
payment card enrolled in its Google Wallet and authenticate its payment
on a Android-powered device. Then the authentication is handled by
Google and we'll send you in response a DPAN (Device Payment Account
Number), the card expiry date,a CAVV/TAVV (3-D secure cryptogram) and an ECI
indicator. You should use these data to call the
cardOrder
function in order to process authorisation.
- In "PAN_ONLY" authentication method : The customer use a payment
card registered in its Google account, then he'll have to authenticate
itself to the issuer of its payment card selected. In this case, you get
in response a paymentToken Sips (card PAN tokenized) and the card
expiryDate. Tou should use these data to call the
cardCheckEnrollment
function, then we'll send you the ACS redirection URL in order to request a customer authentication, and to finalize you should call thecardValidateAuthenticationAndOrder
function to process the authorisation.
Authorisation request
The maximum capture delay allowed for an the Google Pay™ means of payment payment is 6 days.
If you enter a longer capture delay, it will be automatically forced by the payment platform.
Payment remittance in the bank
Payments are remitted to a bank according to the payment terms you set. As standard, the remittance in bank is triggered at night as from 10 pm CET (Central European Time) via a file exchange with the acquirer.
Signing your Google Pay™ acceptance contract
To provide the Google Pay™ means of payment means of payment on your website you have to :
- sign a distance selling contract with your acquiring bank. Thereafter, you transmit us the contract number for recording in our information system.
- register to Google Pay™ and follow the registration process define on https://developers.google.com/pay/api/web/overview and follow this integration guide.
Once your registration completed with Google we could create a dedicated contract in our system. For this contratc you should give us your Google merchantId. Then you could start your tests on our dedicated plateform. Once your tests will have been validated, we could activate your Google Pay™ contract in Production.
Making a Google Pay™ payment
- Sherlock’s Office which gives you the opportunity to display your payment pages and works through a server-to-server dialog.
You should also follow the Google Pay tutorial and follow this checklist in order to add this means of payment to your checkout page.
Data | value |
---|---|
gateway | wlsips |
gatewayMerchantID | merchantId WL
Sips |
Instead other means of payment processed with Sherlock’s Office, you won't have to get a PCI-DSS SAQ-D level for Google Pay™, because you'll never could get sensitive data.
The remittance modes available for a the Google Pay™ means of payment transaction are:
- Cancellation mode: default mode allowing transaction remittance on a predefined date, called capture delay. When this capture delay is reached, the remittance is sent automatically. This delay is configured via the captureDay field. This field has a default value set to 0 (end-of-day payment).
- Validation mode: you must validate the transaction to trigger the remittance. A capture delay must also be defined. When this capture delay is reached or exceeded, you will not be able to validate the transaction, which will therefore expire automatically.
The below diagram explains the different transaction statuses according to the chosen capture mode:
Making a Google Pay payment with Sherlock’s Paypage
The payment process for Sherlock’s Paypage is described below :
Setting the payment request
The following field has a particular behaviour:
Field name | Remarks/rules |
---|---|
captureDay | The value sent in the request must be 6 at a maximum. A
larger value will be forced to 6. |
Analysing the response
The following table summarises the different response cases to be processed:
Status | Response fields | Action to take |
---|---|---|
Payment accepted | acquirerResponseCode = 00
authorisationId = (cf. the
Data Dictionary).paymentMeanBrand = card used
in the wallet (VISA, MASTERCARD).paymentMeanType =
CARDpaymentMeanDataProvider =
GOOGLEPAY (CRYPTOGRAM_3DS only)walletType = GOOGLE_WALLET
(PAN_ONLY only)responseCode =
00 |
You can deliver the order. |
Acquirer refusal | acquirerResponseCode = (cf.
the Data Dictionary).responseCode =
05 |
The authorisation is refused for a reason unrelated to fraud, you can suggest that your customer pay with another means of payment by generating a new request. |
Refusal due to a technical issue | acquirerResponseCode = 90-98
responseCode = 90,
99 |
Temporary technical issue when processing the transaction. Suggest that your customer redo a payment later. |
For the complete response codes (responseCode
) and acquirer response
codes (acquirerResponseCode
), please refer
to the Data dictionary.
Making a Google Pay™ payment with Sherlock’s Office
The payment process for Sherlock’s Office is described below:
CRYPTOGRAM_3DS kinematic model
This model is applicable with a device token on an Android-powered device authenticated with a 3-D Secure cryptogram Google Pay™
PAN_ONLY kinematic model
This model is applicable with a card on file returned from Google.com
Set up the Google Pay™ token decryption request
To process a Google Pay™ payment with Sherlock’s Office, vous first have to integrate in your checkout page the the Google Pay™ means of payment button and and configure it. Then the Google Pay™ means of payment will create a secured paytment token that you'll have to send us in order to decipher it with paymentDataProviderCheck.
The following fields must be set :
Field name | Remarks/rules |
---|---|
intermediateServiceProvider | Optional (only if you have one secret key shared by multiple merchant) |
merchantId | Mandatory, store identifier supplied by WL Sips to the merchant when the latter registers their store |
interfaceVersion | Mandatory |
keyVersion | Mandatory |
seal | Mandatory, signature of the Data field that guarantees the security of the payment request |
sealAlgorithm | Optional (HMAC-SHA-256 by default) |
paymentMeanDataProvider | GOOGLEPAY |
paymentData | Mandatory, payment token generated by Google Pay API |
{
"protocolVersion": "ECv2",
"signature": "MEQCIH6Q4OwQ0jAceFEkGF0JID6sJNXxOEi4r+mA7biRxqBQAiAondqoUpU/bdsrAOpZIsrHQS9nwiiNwOrr24RyPeHA0Q==",
"intermediateSigningKey": {
"signedKey": "{\"keyExpiration\":\"1542323393147\",\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/1+3HBVSbdv+j7NaArdgMyoSAM43yRydzqdg1TxodSzA96Dj4Mc1EiKroxxunavVIvdxGnJeFViTzFvzFRxyCw\\u003d\\u003d\"}",
"signatures": [
"MEYCIQCO2EIi48s8VTH+ilMEpoXLFfkxAwHjfPSCVED/QDSHmQIhALLJmrUlNAY8hDQRV/y1iKZGsWpeNmIP+z+tCQHQxP0v"
]
},
"signedMessage": "{\"tag\":\"jpGz1F1Bcoi/fCNxI9n7Qrsw7i7KHrGtTf3NrRclt+U\\u003d\",\"ephemeralPublicKey\":\"BJatyFvFPPD21l8/uLP46Ta1hsKHndf8Z+tAgk+DEPQgYTkhHy19cF3h/bXs0tWTmZtnNm+vlVrKbRU9K8+7cZs\\u003d\",\"encryptedMessage\":\"mKOoXwi8OavZ\"}"
}
Analysing the response
All possible response status :
Status | responseCode | action to be performed |
---|---|---|
Decyphering succes | 00 | You can run the next step of the kinematic. |
Contract issue | 03 | Check that you have a the Google Pay™ means of payment contract with WL Sips and Google. |
Transaction issue | 12 | Check the seal computed, and also the data sent in the request. |
Data issue | 30 | The function could not be performed because one of the parameters is incorrect. Please consult the data dictionary for the details of each error code and for the format of each parameter. |
Technical issue | 99 | Temporary technical issue while processing the transaction. Suggest your customer to make another payment later. |
The following fields are set in order to decypher the Google Pay™ payment token.
Field name | Remarks / rules |
---|---|
paymentToken | Must be always valued, DPAN if CRYPTOGRAM_3DS / Sips token if PAN_ONLY |
cardExpiryDate | DPAN or card expiry date |
paymentMeanBrand | VISA/MASTERCARD |
authenticationResult | the Google Pay™ means of payment authentication data, only available in CRYPTOGRAM_3DS case |
authenticationResult field (only for CRYPTOGRAM_3DS) is a container with the following fiels inside.
Field name | Remarks / rules |
---|---|
holderAuthentProgram | "GOOGLEPAY" |
googlePay.eci | The ECI indicator provided by the Google Pay™ means of payment |
googlePay.cavv | The security code provided by the Google Pay™ means of payment |
Set up the payment request for CRYPTOGRAM_3DS authentication method
To make a payment with Sherlock’s Office, you must use cardOrder
function.
The Google Pay payment request includes all mandatory fields of the connector you are using.
The following fields have a particular behaviour:
Field name | Remarks/rules |
---|---|
panEntryMode | OEMPAY |
paymentMeanDataProvider | GOOGLEPAY |
authenticationResult.googlepay.cavv | The security code provided by the Google Pay™ means of payment and got from paymentDataProviderCheck. |
authenticationResult.googlepay.eci | The ECI indicator provided by the Google Pay™ means of payment and got from paymentDataProviderCheck. |
paymentMeanBrand | Must be populated with the card brand (Visa, Mastercard, …)and got from paymentDataProviderCheck. |
cardNumber | Provide the DPAN (= the Google Pay™ means of payment card number)and got form paymentDataProviderCheck (paymentToken). |
cardExpiryDate | DPAN expiry date provided by the Google Pay™ means of payment and got from paymentDataProviderCheck. |
orderChannel | INTERNET ou INAPP |
holderAuthentProgram | GOOGLEPAY |
walletType | Should not be populated. |
schemeTokenData.tavv | The security code provided by the Google Pay™ means of payment and got from paymentDataProviderCheck. Replace the usage of field authenticationResult.googlepay.cavv (still usable) for CB2A 161 protocol |
Analysing the response in CRYPTOGRAM_3DS case
The following table summarises the different response cases to be processed:
Status | Response fields | Action to take |
---|---|---|
Payment accepted | acquirerResponseCode = 00
authorisationId = (cf. the
Data Dictionary).paymentMeanBrand = card used
in the wallet (VISA, MASTERCARD).paymentMeanDataProvider =
GOOGLEPAYresponseCode =
00 |
You can deliver the order. |
Acquirer refusal | acquirerResponseCode = (cf.
the Data Dictionary).responseCode =
05 |
The authorisation is refused for a reason unrelated to fraud, you can suggest that your customer pay with another means of payment by generating a new request. |
Refusal due to a technical issue | acquirerResponseCode = 90-98
responseCode = 90,
99 |
Temporary technical issue when processing the transaction. Suggest that your customer redo a payment later. |
For the complete response codes (responseCode
) and acquirer response
codes (acquirerResponseCode
), please refer
to the Data dictionary.
Step 1 : checking the selected card enrollment
You use the 3-D Secure enrollment of the card using the cardCheckEnrollment
.
Setting the payment request for PAN_ONLY authentication method
The the Google Pay™ means of payment payment request includes all mandatory fields of the connector you are using.
The following fields have a particular behaviour in the PAN_ONLY kinematic :
Field name | Remarks/rules |
---|---|
panEntryMode |
WALLET |
walletType |
GOOGLE_WALLET |
amount |
Payment amount, displayed on the checkout page. |
captureDay |
Deadline for settlement, by default 0, max 6 days |
cardExpiryDate |
card expiry date provided by the Google Pay™ means of payment and got from paymentDataProviderCheck. |
cardNumber |
Payment token provided by WL Sips and got from paymentDataProviderCheck |
merchantName |
Shop name of your website that will be displayed on the
authentication page of the holder's bank. If not filled in,
the name of your shop specified when your shop was registered on
Sherlock's will be displayed. |
merchantUrl |
URL of your website that will be displayed on the
authentication page of the holder's bank. If not filled in,
the URL of your shop specified when your shop when registered on
Sherlock's will be displayed. |
orderChannel |
For payments made through the Internet, please set to INTERNET |
panType |
TOKEN_PAN |
challengeMode3DS |
In a 3-D Secure context V2, if you want ask an exemption
please refer to corresponding chapter
.If a card addition is planned in a wallet, then this field
must be valued to «CHALLENGE_MANDATE» |
paymentMeanBrand |
Got from paymentDataProviderCheck |
Analysing the response
When you receive the response, before analyzing it and following the advice in the table below, check the seal. The recalculated seal must be identical to the seal received.
Use case | Response fields | What to do |
---|---|---|
Card is 3-D Secure enrolled. |
redirectionStatusCode =
00 |
You must redirect the customer to their bank's ACS via the
URL indicated in the redirectionUrl field (see
next step). |
Card is not 3-D Secure enrolled. |
redirectionStatusCode =
01 |
Proceed to step 5: authorisation request. |
Webshop is not enrolled in the 3-D Secure programme. |
redirectionStatusCode =
40 |
Please contact LCL's technical support. |
Technical error preventing the 3-D Secure process from running smoothly. | redirectionStatusCode = 10,
80, 89 |
Proceed to step 5: authorisation request. |
Transaction is not valid. |
redirectionStatusCode =
12 |
One or more data in the query is not correct. Check the
errorFieldName , field and fix
the wrong value. |
Token is unknown. |
redirectionStatusCode =
12 |
Check the cardNumber field. |
Card has expired. | redirectionStatusCode =
14 |
Ask again to your customer to select another means of payment or to enter a new means of payment. |
Secret key or key version is not valid |
redirectionStatusCode =
34 |
Check the secret key used (field secretKey ) and the key
version (field keyVersion ) |
Detokenisation is down | redirectionStatusCode =
99responseCode =
99 |
This is possibly a one-time issue, please submit the request again. In the event of a further error, please stop the process. Then tell LCL's technical support about the incident. |
Step 2 : redirecting the customer to their bank's ACS
Please refer to the paragraph relating to the redirection to the ACS
of the
Sherlock’s Office documentation to know how to implement this
message.
Step 3 : retrieving customer's authentication data
Please refer to the paragraph back from the ACS of the Sherlock’s Office JSON documentation to know how to implement this message.
Step 4: 3-D Secure authorisation request
Please refer to the paragraph 3-D Secure authorisation request of the Sherlock’s Office JSON documentation to know how to implement this message.
Managing your Google Pay™ transactions
Available cash operations
The following operations are available on the Google Pay™ means of payment transactions:
Cash management | ||
---|---|---|
Cancellation | V | Cancellation available on the partial amount of the transaction. |
Validation | V | Validation available on the partial amount of the transaction. |
Refund | V | Refund available on the partial amount of the transaction and for amounts greater than the initial amount (unlimited refund). |
Duplication | X | |
Recycling | X |
The diagram below allows you to know which cash management operation is available when a transaction is in a given state:
Viewing your Google Pay™ transactions
Reports
The reports provided by Sherlock's allow you to have a comprehensive and consolidated view of your transactions, cash operations, accounts and chargebacks. You can use this information to improve your information system.
The availability of the Google Pay™ means of payment transactions for each type of report is summarised in the table below:
Reports availability | |
---|---|
Transactions report | V |
Operations report | V |
Operations report | V |
Chargebacks report | V |
paymentMeanBrand
field is
populated with the card brand (Visa,Mastercard). In the transactions
report, the value "GOOGLEPAY" is visible in
paymentMeanDataProvider
field (location 91) for
CRYPTOGRAM_3DS authentication method. PAN_ONLY authentication method, the
value "GOOGLE_WALLET" is visible in
walletType
field (location 43).Sherlock's Gestion
TO COMPLETE with screenshot
Running Google Pay™ tests
Testing with Sherlock’s Paypage
Two testing modes are available:
- the mock mode with a "Pay with GooglePay mock" button (PAN_ONLY and CRYPTOGRAM_3DS modes available)
- the connected mode with Google test data and "Pay with GooglePay" button (rendering equivalent to final production rendering, but CRYPTOGRAM_3DS mode not available)
Contact your usual contact person who will activate Google Pay™ on your eshop.
Mock mode
A mock Google Pay™ button will appear on the payment methods selection page.
You can then choose to test either CRYPTOGRAM_3DS or PAN_ONLY mode:
- Enter your merchandId
- Use our test cards to test different responseCodes
- In CRYPTOGRAM_3DS mode, enter a cryptogram
Connected mode with Google test data
Only the PAN_ONLY mode is available.
You must use a browser connected to a Google test account:
- create your own Google test account (create a Google account with an existing e-mail address or create a dedicated e-mail address)
- with your test account, use this link and click on the "join the group" button
Run the test while logged in to your Google test account. When you click on the Pay with Google button on the Paypage, the test wallet opens and offers you a card to use.
You can test several responseCode by varying the transaction amount:
- If the amount YY,XX of the transaction has for euro cents XX equals 00 then the responseCode will be 00
- If XX equals 05 the responseCode will be 05
- If XX equals 99 the responseCode will be 99
- For the other values, the responseCode code will be 00
Testing with Sherlock’s Office
Please contact Google to get test data.