Release 24.5

go directly to content

Search by keywords

Google Pay integration

To search in the page use Ctrl+F on your keyboard

Sherlock's is a secure multi-channel e-commerce payment solution that complies with the PCI DSS standard. It allows you to accept and manage payment transactions by taking into account business rules related to your activity (payment upon shipping, deferred payment, recurring payment, payment in instalments, etc.).

The purpose of this document is to explain the Google Pay™ means of payment integration into Sherlock's.

This document is intended to help you implement the Google Pay™ means of payment on your e-commerce site.

It includes:

  • functional information for you
  • implementation instructions for your technical team

To get an overview of the Sherlock's solution, we advise you to consult the following documents:

  • Functional presentation
  • Functionality set-up guide

Google Pay™ is a means of payment offered by Google to issue payments in a simple and secure way on app or website, without card or cash.

The cardholder will need to get a Google account and the he could :

  • use a payment card already stored in its Google Wallet
  • add a new payment card in its Google Wallet and use it
  • used a payment card registered in its Google.com account

With this solution, customers pay for their purchases online without having to enter their card details all the time. In addition, with the wallet application they can view their transaction history.

Payment channels
Internet V Default payment channel
MAIL_ORDER, TELEPHONE_ORDER X
Fax X
IVS X
Sherlock’s In-App X
Means of payment
Immediate payment X
End-of-day payment V Default method
Deferred payment V Limited to 6 days.
Payment upon shipping V Limited to 6 days.
Payment in instalments X
Subscription payment X
Batch payment X
OneClick payment X
Currency management
Multicurrency acceptance V
Currency settlement X
Dynamic currency conversion X

Here are the rules applied to the Google Pay™ means of payment:

Feature Restriction Restriction by
Means of payment
MASTERCARD
VISA
ELECTRON
Sherlock's

2 authentication methods are available :

  • CRYPTOGRAM_3DS : The Google Pay API will return a device token on an Android-powered device authenticated with a 3-D Secure cryptogram .
  • PAN_ONLY : The Google Pay API will return cards on file on Google.com.

All anti-fraud checks are supported under the Google Pay™ means of payment payments (fraud tool).

To define the Google Pay payment logo on your payment page, you'll have to follow the Google Pay™ brand guideline available here : https://developers.google.com/pay/api/web/guides/brand-guidelines

Attention: the security code is not populated in the the Google Pay™ means of payment payment process.

Depending on the authentication method selected by the customer (CRYPTOGRAM_3DS or PAN_ONLY, the authentication could be handled by Google Pay™ or the issuer's bank

Regardless of the authentication method selected, once the customer validate its payment with Google Pay™, then Google will cyphered the payment data with our key. You'll have to send this data to us using paymentDataProviderCheck function, in order to decypher and check the payment data.

Then you'll get 2 options :

  • In "CRYPTOGRAM_3DS" authentication method : The customer use a payment card enrolled in its Google Wallet and authenticate its payment on a Android-powered device. Then the authentication is handled by Google and we'll send you in response a DPAN (Device Payment Account Number), the card expiry date,a CAVV/TAVV (3-D secure cryptogram) and an ECI indicator. You should use these data to call the cardOrder function in order to process authorisation.
  • In "PAN_ONLY" authentication method : The customer use a payment card registered in its Google account, then he'll have to authenticate itself to the issuer of its payment card selected. In this case, you get in response a paymentToken Sips (card PAN tokenized) and the card expiryDate. Tou should use these data to call the cardCheckEnrollment function, then we'll send you the ACS redirection URL in order to request a customer authentication, and to finalize you should call the cardValidateAuthenticationAndOrder function to process the authorisation.

The maximum capture delay allowed for an the Google Pay™ means of payment payment is 6 days.

If you enter a longer capture delay, it will be automatically forced by the payment platform.

Payments are remitted to a bank according to the payment terms you set. As standard, the remittance in bank is triggered at night as from 10 pm CET (Central European Time) via a file exchange with the acquirer.

To provide the Google Pay™ means of payment means of payment on your website you have to :

  • sign a distance selling contract with your acquiring bank. Thereafter, you transmit us the contract number for recording in our information system.
  • register to Google Pay™ and follow the registration process define on https://developers.google.com/pay/api/web/overview and follow this integration guide.

Once your registration completed with Google we could create a dedicated contract in our system. For this contratc you should give us your Google merchantId. Then you could start your tests on our dedicated plateform. Once your tests will have been validated, we could activate your Google Pay™ contract in Production.

  • Sherlock’s Office which gives you the opportunity to display your payment pages and works through a server-to-server dialog.

You should also follow the Google Pay tutorial and follow this checklist in order to add this means of payment to your checkout page.

Specific data to set on Google Pay™ API
Data value
gateway wlsips
gatewayMerchantID merchantId WL Sips

Instead other means of payment processed with Sherlock’s Office, you won't have to get a PCI-DSS SAQ-D level for Google Pay™, because you'll never could get sensitive data.

The remittance modes available for a the Google Pay™ means of payment transaction are:

  • Cancellation mode: default mode allowing transaction remittance on a predefined date, called capture delay. When this capture delay is reached, the remittance is sent automatically. This delay is configured via the captureDay field. This field has a default value set to 0 (end-of-day payment).
  • Validation mode: you must validate the transaction to trigger the remittance. A capture delay must also be defined. When this capture delay is reached or exceeded, you will not be able to validate the transaction, which will therefore expire automatically.

The below diagram explains the different transaction statuses according to the chosen capture mode:



The payment process for Sherlock’s Paypage is described below :


Steps of a Google Pay payment with Paypage

1) The customer process payment. 2) He's redirected to Sherlock's payment page. 3) He select Google Pay payment mean. 4) A Google Pay pop-up show up with its available payment means listapparait avec la list if he's already identified with its Google Account, otherwise he will have to log in its Google account. 5) The Google Pay server encrypt the sensitive payment data in a payment token (depending on the payment card selected, if its a card enrolled in a Google Pay account, the the customer will have to authenticate itself with its mobile : CRYPTOGRAM_3DS model). 6) The payment token is sent to Sips end the customer is redirected to Sherlock's payment page. 6')If the selected payment card is not enrolled Google Pay, but store in the customer's Google account, then he will be redirected to its bank authentication page (ACS) : PAN_ONLY model. 7) If the customer click on "return to webshop" button, he will be redirected to the webshop's website and a manual response is sent. 8) Sherlock's send an automatic response.

The following field has a particular behaviour:

Field name Remarks/rules
captureDay The value sent in the request must be 6 at a maximum.
A larger value will be forced to 6.

The following table summarises the different response cases to be processed:

Status Response fields Action to take
Payment accepted acquirerResponseCode = 00
authorisationId = (cf. the Data Dictionary).
paymentMeanBrand = card used in the wallet (VISA, MASTERCARD).
paymentMeanType = CARD
paymentMeanDataProvider = GOOGLEPAY (CRYPTOGRAM_3DS only)
walletType = GOOGLE_WALLET (PAN_ONLY only)
responseCode = 00
You can deliver the order.
Acquirer refusal acquirerResponseCode = (cf. the Data Dictionary).
responseCode = 05
The authorisation is refused for a reason unrelated to fraud, you can suggest that your customer pay with another means of payment by generating a new request.
Refusal due to a technical issue acquirerResponseCode = 90-98
responseCode = 90, 99
Temporary technical issue when processing the transaction. Suggest that your customer redo a payment later.

For the complete response codes (responseCode) and acquirer response codes (acquirerResponseCode), please refer to the Data dictionary.

The payment process for Sherlock’s Office is described below:


Steps of a Google Pay payment with Office

This model is applicable with a device token on an Android-powered device authenticated with a 3-D Secure cryptogram Google Pay™



This model is applicable with a card on file returned from Google.com



To process a Google Pay™ payment with Sherlock’s Office, vous first have to integrate in your checkout page the the Google Pay™ means of payment button and and configure it. Then the Google Pay™ means of payment will create a secured paytment token that you'll have to send us in order to decipher it with paymentDataProviderCheck.

The following fields must be set :

Field name Remarks/rules
intermediateServiceProvider Optional (only if you have one secret key shared by multiple merchant)
merchantId Mandatory, store identifier supplied by WL Sips to the merchant when the latter registers their store
interfaceVersion Mandatory
keyVersion Mandatory
seal Mandatory, signature of the Data field that guarantees the security of the payment request
sealAlgorithm Optional (HMAC-SHA-256 by default)
paymentMeanDataProvider GOOGLEPAY
paymentData Mandatory, payment token generated by Google Pay API
Note: you'll have to send us the "paymentToken = paymentData.paymentMethodData.tokenizationData.token;" without modifying its original JSON format
Note: paymentToken example :
{
  "protocolVersion": "ECv2",
  "signature": "MEQCIH6Q4OwQ0jAceFEkGF0JID6sJNXxOEi4r+mA7biRxqBQAiAondqoUpU/bdsrAOpZIsrHQS9nwiiNwOrr24RyPeHA0Q==",
  "intermediateSigningKey": {
    "signedKey": "{\"keyExpiration\":\"1542323393147\",\"keyValue\":\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/1+3HBVSbdv+j7NaArdgMyoSAM43yRydzqdg1TxodSzA96Dj4Mc1EiKroxxunavVIvdxGnJeFViTzFvzFRxyCw\\u003d\\u003d\"}",
    "signatures": [
      "MEYCIQCO2EIi48s8VTH+ilMEpoXLFfkxAwHjfPSCVED/QDSHmQIhALLJmrUlNAY8hDQRV/y1iKZGsWpeNmIP+z+tCQHQxP0v"
    ]
  },
  "signedMessage": "{\"tag\":\"jpGz1F1Bcoi/fCNxI9n7Qrsw7i7KHrGtTf3NrRclt+U\\u003d\",\"ephemeralPublicKey\":\"BJatyFvFPPD21l8/uLP46Ta1hsKHndf8Z+tAgk+DEPQgYTkhHy19cF3h/bXs0tWTmZtnNm+vlVrKbRU9K8+7cZs\\u003d\",\"encryptedMessage\":\"mKOoXwi8OavZ\"}"
}

All possible response status :

Status responseCode action to be performed
Decyphering succes 00 You can run the next step of the kinematic.
Contract issue 03 Check that you have a the Google Pay™ means of payment contract with WL Sips and Google.
Transaction issue 12 Check the seal computed, and also the data sent in the request.
Data issue 30 The function could not be performed because one of the parameters is incorrect. Please consult the data dictionary for the details of each error code and for the format of each parameter.
Technical issue 99 Temporary technical issue while processing the transaction. Suggest your customer to make another payment later.

The following fields are set in order to decypher the Google Pay™ payment token.

Field name Remarks / rules
paymentToken Must be always valued, DPAN if CRYPTOGRAM_3DS / Sips token if PAN_ONLY
cardExpiryDate DPAN or card expiry date
paymentMeanBrand VISA/MASTERCARD
authenticationResult the Google Pay™ means of payment authentication data, only available in CRYPTOGRAM_3DS case

authenticationResult field (only for CRYPTOGRAM_3DS) is a container with the following fiels inside.

Field name Remarks / rules
holderAuthentProgram "GOOGLEPAY"
googlePay.eci The ECI indicator provided by the Google Pay™ means of payment
googlePay.cavv The security code provided by the Google Pay™ means of payment

To make a payment with Sherlock’s Office, you must use cardOrder function.

The Google Pay payment request includes all mandatory fields of the connector you are using.

The following fields have a particular behaviour:

Field name Remarks/rules
panEntryMode OEMPAY
paymentMeanDataProvider GOOGLEPAY
authenticationResult.googlepay.cavv The security code provided by the Google Pay™ means of payment and got from paymentDataProviderCheck.
authenticationResult.googlepay.eci The ECI indicator provided by the Google Pay™ means of payment and got from paymentDataProviderCheck.
paymentMeanBrand Must be populated with the card brand (Visa, Mastercard, …)and got from paymentDataProviderCheck.
cardNumber Provide the DPAN (= the Google Pay™ means of payment card number)and got form paymentDataProviderCheck (paymentToken).
cardExpiryDate DPAN expiry date provided by the Google Pay™ means of payment and got from paymentDataProviderCheck.
orderChannel INTERNET ou INAPP
holderAuthentProgram GOOGLEPAY
walletType Should not be populated.
schemeTokenData.tavv The security code provided by the Google Pay™ means of payment and got from paymentDataProviderCheck. Replace the usage of field authenticationResult.googlepay.cavv (still usable) for CB2A 161 protocol

The following table summarises the different response cases to be processed:

Status Response fields Action to take
Payment accepted acquirerResponseCode = 00
authorisationId = (cf. the Data Dictionary).
paymentMeanBrand = card used in the wallet (VISA, MASTERCARD).
paymentMeanDataProvider = GOOGLEPAY
responseCode = 00
You can deliver the order.
Acquirer refusal acquirerResponseCode = (cf. the Data Dictionary).
responseCode = 05
The authorisation is refused for a reason unrelated to fraud, you can suggest that your customer pay with another means of payment by generating a new request.
Refusal due to a technical issue acquirerResponseCode = 90-98
responseCode = 90, 99
Temporary technical issue when processing the transaction. Suggest that your customer redo a payment later.

For the complete response codes (responseCode) and acquirer response codes (acquirerResponseCode), please refer to the Data dictionary.

You use the 3-D Secure enrollment of the card using the cardCheckEnrollment.

The the Google Pay™ means of payment payment request includes all mandatory fields of the connector you are using.

The following fields have a particular behaviour in the PAN_ONLY kinematic :

Field name Remarks/rules
panEntryMode WALLET
walletType GOOGLE_WALLET
amount Payment amount, displayed on the checkout page.
captureDay Deadline for settlement, by default 0, max 6 days
cardExpiryDate card expiry date provided by the Google Pay™ means of payment and got from paymentDataProviderCheck.
cardNumber Payment token provided by WL Sips and got from paymentDataProviderCheck
merchantName Shop name of your website that will be displayed on the authentication page of the holder's bank.
If not filled in, the name of your shop specified when your shop was registered on Sherlock's will be displayed.
merchantUrl URL of your website that will be displayed on the authentication page of the holder's bank.
If not filled in, the URL of your shop specified when your shop when registered on Sherlock's will be displayed.
orderChannel For payments made through the Internet, please set to INTERNET
panType TOKEN_PAN
challengeMode3DS In a 3-D Secure context V2, if you want ask an exemption please refer to corresponding chapter .If a card addition is planned in a wallet, then this field must be valued to «CHALLENGE_MANDATE»
paymentMeanBrand Got from paymentDataProviderCheck

When you receive the response, before analyzing it and following the advice in the table below, check the seal. The recalculated seal must be identical to the seal received.

Use case Response fields What to do
Card is 3-D Secure enrolled.

responseCode = 00

redirectionStatusCode = 00
You must redirect the customer to their bank's ACS via the URL indicated in the redirectionUrl field (see next step).
Card is not 3-D Secure enrolled.

responseCode = 00

redirectionStatusCode = 01
Proceed to step 5: authorisation request.
Webshop is not enrolled in the 3-D Secure programme.

responseCode = 40

redirectionStatusCode = 40
Please contact LCL's technical support.
Technical error preventing the 3-D Secure process from running smoothly. redirectionStatusCode = 10, 80, 89 Proceed to step 5: authorisation request.
Transaction is not valid.

responseCode = 12

redirectionStatusCode = 12
One or more data in the query is not correct. Check the errorFieldName, field and fix the wrong value.
Token is unknown.

responseCode = 14

redirectionStatusCode = 12
Check the cardNumber field.
Card has expired. redirectionStatusCode = 14 Ask again to your customer to select another means of payment or to enter a new means of payment.
Secret key or key version is not valid

responseCode = 34

redirectionStatusCode = 34
Check the secret key used (field secretKey) and the key version (field keyVersion)
Detokenisation is down redirectionStatusCode = 99
responseCode = 99
This is possibly a one-time issue, please submit the request again. In the event of a further error, please stop the process. Then tell LCL's technical support about the incident.

Please refer to the paragraph relating to the redirection to the ACS of the Sherlock’s Office documentation to know how to implement this message.

Please refer to the paragraph back from the ACS of the Sherlock’s Office JSON documentation to know how to implement this message.

Please refer to the paragraph 3-D Secure authorisation request of the Sherlock’s Office JSON documentation to know how to implement this message.

The following operations are available on the Google Pay™ means of payment transactions:

Cash management
Cancellation V Cancellation available on the partial amount of the transaction.
Validation V Validation available on the partial amount of the transaction.
Refund V Refund available on the partial amount of the transaction and for amounts greater than the initial amount (unlimited refund).
Duplication X
Recycling X

The diagram below allows you to know which cash management operation is available when a transaction is in a given state:


Diagram very complex to describe, please contact support sips@worldline.com

The reports provided by Sherlock's allow you to have a comprehensive and consolidated view of your transactions, cash operations, accounts and chargebacks. You can use this information to improve your information system.

The availability of the Google Pay™ means of payment transactions for each type of report is summarised in the table below:

Reports availability
Transactions report V
Operations report V
Operations report V
Chargebacks report V
Note: for Google Pay™ transactions, paymentMeanBrand field is populated with the card brand (Visa,Mastercard). In the transactions report, the value "GOOGLEPAY" is visible in paymentMeanDataProvider field (location 91) for CRYPTOGRAM_3DS authentication method. PAN_ONLY authentication method, the value "GOOGLE_WALLET" is visible in walletType field (location 43).

TO COMPLETE with screenshot

Attention: Take care to use a dedicated test environment (browser, Google test account).

Two testing modes are available:

  • the mock mode with a "Pay with GooglePay mock" button (PAN_ONLY and CRYPTOGRAM_3DS modes available)
  • the connected mode with Google test data and "Pay with GooglePay" button (rendering equivalent to final production rendering, but CRYPTOGRAM_3DS mode not available)

Contact your usual contact person who will activate Google Pay™ on your eshop.

Mock mode

A mock Google Pay™ button will appear on the payment methods selection page.



You can then choose to test either CRYPTOGRAM_3DS or PAN_ONLY mode:

  • Enter your merchandId
  • Use our test cards to test different responseCodes
  • In CRYPTOGRAM_3DS mode, enter a cryptogram


Connected mode with Google test data

Only the PAN_ONLY mode is available.

You must use a browser connected to a Google test account:

  • create your own Google test account (create a Google account with an existing e-mail address or create a dedicated e-mail address)
  • with your test account, use this link and click on the "join the group" button


Run the test while logged in to your Google test account. When you click on the Pay with Google button on the Paypage, the test wallet opens and offers you a card to use.



You can test several responseCode by varying the transaction amount:

  • If the amount YY,XX of the transaction has for euro cents XX equals 00 then the responseCode will be 00
  • If XX equals 05 the responseCode will be 05
  • If XX equals 99 the responseCode will be 99
  • For the other values, the responseCode code will be 00

Please contact Google to get test data.

This site uses trackers to improve your experience, perform analysis and researches on your use of Sherlock's documentation website.
You have several options:
Closing this banner you refuse the use of trackers on your device.

Configuration