Make your business transparent with reporting capabilities
Product facts
- The management level uses the BIP reporting for strategic analysis and decision making (MIS)
- The operative management checks the reporting for verifying the successful processing (KPI)
- The technical operation teams ensure the system quality through received reports and alerts (Integration)
Benefits
- Ensure the quality of your payment business
- Make your payment acceptance rates transparent
- Optimize choice of payment methods based on acceptance rates
- Control your merchant accounts through payment and risk management analytics
- Easy sales controlling through payment analytics
- Use reports as basis for your reconciliation processes
Functionality
- Reports include all technical and business relevant data for processed or declined transactions.
- Receive aggregated reports grouped by more than 20 dimensions from payment method to country and currency to date.
- Receive reports automatically or by download your individual report manually.
- Freely customize your export or select a template from pre-defined templates.
- Create and store customized reporting templates personalized to your needs.
- Reports are PCI-compliant, e.g. they either do not contain card data or card data are masked.
- Choose between different report file formats such as csv and excel.
- Use the reports for: o Reconciliation purpose such as system consolidations, o Operational processes such as tracking of processed/shipped orders, o Conversion rate analysis, e.g. which payment methods have the highest acceptance rates, o Chargeback analysis, e.g. monitor chargeback rates.
Technical features
- Single transactions export: o Includes all technical and business relevant data, o Automatic or manual export option.
- • Aggregated export: o Shows sums and volumes of processed payments o Manual export option.
- • Data warehouse analysis export: o Perform payment and chargeback analysis, by payment method, payment type, country, currency, chargeback reason codes, etc… o Multi-dimensional cube for analysis of top 5sales channel KPI, top regional or payment method figures, check conversions per scheme etc.. o Navigate through time and analyze chargeback and rejection rates and reasons o Presentation layer provides different graphical diagram templates serving any use case displaying the processing data in charts of column, line, pie or bar diagrams. o Manual export option.
- • XML query API: o Send real-time request xml queries for single and multi-transaction status

Simple PCI – from burden to benefit
Facts
Benefits
- You act PCI-DSS-compliant from day one
- No compliance issues with credit card payments
- No extra effort for secure transactions with credit card payments
- You can focus on your business
- You save up to €300,000 per year on PCI compliance
- Highest-available degree of security
Compliance core processes
- System and security engineers are on duty 24/7to react immediately to any kind of service or security event
- The processing system has to be located in PCI-compliant data centres that have video surveillance and access control through the use of a badge, PIN code and hand/palm scanner
- Implementation of an incident response plan, which describes procedures to be taken in the event of a security or data breach
Compliance core principles
- The ‘four-eyes principle’ is enforced throughout the company, including in the development and operations departments
- Cross-department workflows to ensure ‘four-eyes principle’ is implemented
- Need-to-know principle, in which all information is kept confidential
- Separation of operations and development to enforce need-to-know principle and strict security: for example, developers have no access to any live system nor do they know of any of the passwords used in the production environment
- Ongoing, company-wide security-awareness training
- Daily, ongoing processes like log-file monitoring, security and audit-logging reviews
- Regular security assessments and penetration tests by certified security engineers
- Standardised cross-department system-change-management processes
Technical compliance
- Redundant, multilayer external and internal firewalls
- Redundant Web application firewalls
- More than 25 security-monitoring servers in the production environment
- Passwords are one-way encrypted
- Instant notification of alerts via SMS and email to all operations members
- Segregation of duties (need-to-know principle)
- Multiple internal networks to segregate system components according to security levels
- Active–active load-balancer setup to optimise system performance and reliabilities
- Encrypted communication channels (VPN, SSLv3, etc.) between data centres
- DDOS mitigation solution to automatically detect and mitigate DDOS attacks on the payment system
- Encrypted storage of sensitive information like credit card numbers –encrypted, secure and verified backups
- Network intrusion detection systems (NIDS) on every network perimeter to detect dangerous and malicious traffic between every single system component
- Host intrusion detection systems (HIDS) on every single server node, for instance, to detect file manipulation and unlawful access attempts
- Real-time antivirus scanning on all APIs
- System components are always kept secure and up-to-date by means of regular system maintenance(security updates and patches) without downtime or impact on customers
- One functionality per server – decentralization of services to maximize security and transparency
- Internal security specialists (TISP, OPST etc.) to validate all system changes
- Real-time security monitoring, weekly internal and external security scans and penetration tests to ensure maximum security
- OWASP security training for developers to enforce secure programming based on standards set by security engineers around the world
- Pair programming to ensure high-quality application source code
- Every single line of source code is verified by a second engineer before it is applied to the system

Merchant-managed recurring billing
Product facts
- A customer account is opened and personal data as well as payment details are stored in a secure data vault abstracted by a token
- Customers are debited initially and on a regular basis, following industry standards, in order to minimise payment bounce rates
- Fast and easy integration starting with initial payment processing
- Merchant is in full control of payment management and can request varying debit amounts and/or frequencies(e.g. first month free or changing payment amounts)
- Simple updates of any billing details
- Acceptance across various clearing institutions supported
- Data portability in case you decide to leave; as your data belongs to you, export functions allow stored subscription data to be retrieved
- Easy extension of Account Updater information possible
Benefits
- Offer your own flexible subscription models
- Have full control of all billing parameters
- Adapt your marketing strategy with flexible price or product variations, which activate shoppers and help you to react to market changes immediately
- Address new shopper groups
- Increase shopper conversion rate through individual subscription and marketing models
- Minimise business risk through tokenisation
- Start immediately after one day of implementation
- No interruption of merchant services during data and service migration
- No data lock. Your data belong to you!
How it works
- The registration module collects all essential shopper data and payment methods used for regular payments, managing these in a secure way that is certified according topics (level 1). The registration data is abstracted via a token used for subsequent payment.
- The merchant calls the payment platform and requests to debit a shopper, referencing the registration details via the token provided; this initiates a recurring payment cycle.
- The merchant repeats the payment collection as defined by the shopper’s subscription agreement. For regular processing, merchants can adapt their marketing strategy with flexible price or product variations, which activate the shopper or initiate a reaction to competitors.
- In case the shopper cancels the service, the merchant deregisters the shopper in the registration module. All data will be deactivated and archived securely according to industry standards and regulations.
- In case the Account Updater service is supported by the issuer, expired card details can be automatically updated.

Recurring Billing with Stored Billing Plans
Easy recurring billing with a ready-to-use, PCI-compliant stored billing plan implementation
Product facts
Recurring billing with stored billing plans allows merchants to collect regular payments from shoppers in an automated way.
The merchant system can create a billing plan by submitting a scheduling request to the payment gateway. This request defines the amount, currency, trial period, frequency, duration and optionally notice period for the billing plan.
The payment gateway will then automatically debit the customer in regular intervals according to the billing plan.
The merchant can adjust or terminate the billing plan at any time
Benefits
- Save time and money through process automation
- Minimise business risk through tokenisation
- Minimise PCI-DSS effort
- Billing plans range from simple to sophisticated
- Fast and easy integration– no development required on your part
- Full data exports available; no data lock-in
Functionality
- During shopper registration, the payment gateway collects all essential shopper and payment data, managing these in a secure way that is certified according to PCI. The registration data is represented via a token used for subsequent payments.
- Based on this registration, you can set up an automated billing plan by submitting a scheduling request to the gateway. In addition to the token, the scheduling request contains the amount, currency and description of the payment to be repeated, as well as the trial period, frequency, duration and an optional cancellation period for the billing plan.
- After the billing plan is set up, the gateway will automatically trigger recurring payments in regular intervals as defined in the billing plan for the duration of that plan. If an account updater service is supported by the issuer, expired card details can be automatically updated.
You are free to change or cancel existing billing plans at any time by sending a rescheduling (change) or de-scheduling (cancellation) request to the gateway. Cancellations will become effective only after the cancellation period of the billing plan, if one was defined earlier on. - Even after a billing plan has expired or has been cancelled, the same registration token can still be used for new billing plans or one-off payments until the merchant decides to de-register the shopper. In this case, all shopper data will be deactivated and archived securely according to PCI data security standards and regulations.
Technical details
- Multiple independent billing plans can be created for the same token, which allows the modelling of advanced recurring scenarios.
- The token and the payment data represented by it are stored independently from the billing plan and can be used for one-off payments in addition to the billing plan.
PCI-compliant tokenisation solution
Product facts
Benefits
- No need to save any sensitive account details
- Simple and secure implementation of scenarios such as one-click checkouts or recurring billing
- Minimize PCI-DSS effort for you
- Applicable for non-PCI-regulated data such as bank accounts or eWallets
- Compatible with e-commerce systems and processors
- Works with any checkout module
Functionality
- Register account details and get a token returned
- No need to save account details in your system
- Matching token and account details is only possible in the highly secured gateway environment
- Less sensitive data like BIN, last 4 digits, holder or expiry date can be saved for identification reasons without breaching card industry standards
- Ideal supplement to the gateway’s hosted payment page solu¬tions for fully PCI-DSS-compliant processing with no hassle
- Captures and refunds, partial captures or receipts are fully available for tokenised accounts
Technical features
- The link between the token and the actual data exists only within the payment gateway.
- The payment platform is fully certified according to PCI-DSS Level 1, meets the highest security standards and is operated by a team of experts dedicated to security, privacy and compliance.
- The payment platform is operated in a data centre certified to PCI-DSS, ISO 27001 and ISO 9001 standards.
- The gateway and hence the tokenisation itself meets your highest demands in terms of availability, scalability and reliability.
- Intelligent clean-up routines ensure the availability of your data as long as required by your business.
- The gateway does not lock you in by holding your data hostage.

Smart Transaction Routing
Product facts
Benefits
- Improve your profit margins through smart transaction routing
- Reduce costs through low-cost routing
- Manage fraud, distribute and limit risk exposure
- Meet acquirer requirements and protect valuable MIDs
- Implement asecond-source-strategy for acquirers (e.g. as a backup)
- Optimise the conversion rate by routing to the most likely converting scheme (e.g. the domestic one)
- Easily shift transactions between different MIDs
Functionality
You can configure if, where and how transactionsare routed to different MIDs based on:- Credit cardbrand
- Direct debitcountry
- Currency
- Credit card/debit card BIN country
- Credit card/debit card BIN or BIN range
- Clearing institute velocity
- Merchant account velocity1
- Weighting (e.g. 60%–40% split)
- First-timevs.returning/known shopper
- Recurring or one-time payment
- Ticket size (payment amount)
Technical features
Number or total volume of transactions per time unit.
Please refer to the following feature matrix to find out which routing options might best help you to maximise your profits.Type of routing
Explanation
Usage examples
Optimise profits through advanced risk management
Product facts
- A complete data validation
- All expected basic risk checks
- A wide selection of intelligent risk checks
- A large number of third-party risk checks and database providers that are already integrated.
- A complete set of credit assessment tools, such as 3-D Secure, AVS, CVV, etc.
- Comprehensive monitoring of transaction patterns
- Extensive manual review functionalities
- Effective risk scoring
- To individually tailor checks and set exit conditions
Benefits
- Minimize chargeback fees, fraudulent and unauthorized transactions
- Increase conversion rate rather than refusing good business
- Customize filter settings according to your business needs
- Increase reputation through minimizing fraud
- Easy to use – no special technical configurations needed
Functionality
Our more than 120 internal risk management tools can be applied to transactions involving e-commerce, remittance, adult entertainment, MLM (multi-level marketing), travel, pharmacy, dating, gaming and gambling. We have several years’ experience in creating the perfect fit for your merchant’s risk set-up.Technical features
To achieve a state-of-the-art risk management, all checks offered can be easily activated through the merchant backend platform. No technical configuration is needed. Activation of additional external risk checks is also available. All checks are executed and scored in real time.- Data validation, like doublet checks, black and white lists
- General checks, like BIN checks, address verification
- IP-based checks, e.g. anonymous proxy or geo-location built on Neustar IP (formerly Quova)
- Plausibility and velocity checks
- Intelligent fraud detection algorithms
- Authentication checks, like 3-D Secure, email, SMS, bank account or credit card authentication
- Monitoring and control through data-mining correlation tests
- External risk checks, like Schufa, Info score, Threat Matrix, ReD Shield, Gatekeeper, Delta vista Transactions that are below a predefined and fully customisable threshold are declined; the rest are approved.

Maximise profits through modular risk intelligence
Product facts
Benefits
- Boost your revenues by minimisingchargebacks, fraud and unauthorised transactions
- Keep good business and increase the conversion rate by activating only necessary risk checks
- Risk checks can be processed independently of a payment transaction
- Meet the requirements of your acquiring partner or scheme provider
- Control risk through transaction velocity restrictions
- Adaptable to all industries
- Easy to activate
Functionality
The gateway serves a variety of payment and financial institutions worldwide. Therefore, our more than 120 internal risk management tools can be applied to transactions including e-commerce, remittance, adult entertainment, multi-level marketing, travel, pharmacy, dating, gaming and gambling and many more. We have abundant experience in creating the perfect fit for an optimal risk set-up. Validation and risk checks can be carried out in a stand-alone transaction, before the actual payment, to allow you to adapt your workflow according to the result. Stand-alone risk checks can be used to determine the payment method selection offered to a shopper. Shoppers with a low score value only have access to payment methods with little to zero risk, e.g. online bank transferTechnical features
All checks are executed and scored in real time. Transactions that are below a customisable threshold are declined; the rest are approved. You can also choose to have transactions marked for manual review if they fall within a certain score range.- Semantic customer validation
- Algorithmic and database account validation
- Black and white lists on account numbers, email addresses, IP addresses, BINs, etc.
- Payment type and ticket size restrictions
- Plausibility checks
- IP-based and geolocation checks built on Neustar IP (formerly Quova)
- Correlation checks
- Fraud-detection algorithms
- Velocity checks on accounts, merchants, IP and email addresses
- Authentication methods such as micro deposits, SMS, email, bank account or credit card authentication
- AVS verification
- 3D Secure (Verified by Visa / MasterCard Secure Code / J/Secure)
- Additional selection of third-party checks available

Merchant Payment Integration Options
Product facts
Merchant application landscapes can be very diverse and complex, parts are changing fast and others are staying over time. There is no one size fits all but you need to have flexible options that can be embedded perfectly into your landscape and covers your needs best. You can choose from:
- COPY and PAY easy merchant integration in minutes with merchant hosted payment page
- Classic hosted payment page
- Full-featured XML API
- Simple-to-use HTTP POST key-value-pair API
- Batch processing
- Virtual terminal
- Mobile Commerce and Mobile Point of Sale SDK and full white label solutions
- Wide selection of shop engine payment plugins
Benefits
- Get online quickly to start earning money faster
- Options that can be used fast but still customized to your needs
- Pick the right options that fit into your existing application landscape and workflows
- Easy switch from and to other integrations
- Generate customer trust with PCI DSS compliance
- Integrate with every aspect of all payment related back office system
Functionality
By applying COPY and PAY, our new merchant integration option, merchants can integrate a self-hosted payment page within minutes and still maintain full control on their look and feel. Alternatively to fit existing portfolios we continue to provide and support a classic hosted payment page. Both options require minimum PCI compliance efforts.
The XML and HTTP POST APIs allows merchants to send in online payment transactions while maintaining full end-to-end control over the user experience as well as integrating their back offices with the payment gateway.
For integrating your back office for example the logistics or order management solutions that generate large number of transactions at the same time, such as SAP R/3, there is a high-performance batch processing interface available
The virtual terminal user interface is optimized for fast data entry by call center agents.
Mobile Point of Sale (mPOS) allows merchants to accept card-present transactions at the point of sale on mobile devices using magnetic stripe readers as well as EMV certified Chip &PIN setups.
Mobile Commerce (mCommerce) allows shoppers to pay on their mobile devices in mobile applications from shopper apps to mobile wallets.
Merchant that use popular shop engines just download and install the appropriate payment plug-in.
Technical features
Please refer to the following feature matrix to help you find out which integration options fit your business best.
Integration options
Reduce PCI complexity*
Typical use case
Merchant size
End to end control of user experience
Ease of integration
Backoffice triggered transaction
Shopper triggered transaction
XML-API
POST API
Payment processor, PCI certified merchant OR backed integration when using payment page
Medium/Large
√
√
Complex
Moderate
√
√
√
√
COPY and PAY Merchant hosted payment page
√
Quick Rollout and On boarding with great flexibility
Small to large depending on customisation level
√
Instant
√
Classic hosted payment page
√
“Classic option” for outsourcing PCI and payment flows
Medium/ large
Easy
√
Batch processing
Back office integration such as order management
Large
Complex
√
Virtual terminal
√
Call centre
All
Instant
Mobile Commerce
√
In-app sales, mobile wallets
Small/mediuml
Easy
√
Mobile POS
√
mobile POS merchants
Small
Moderate
√
Shop engine payment plugins
√
Standard shop system
Small/medium
Easy
√
*For more information please refer to:https://www.pcisecuritystandards.org/documents/pci_dss_saq_instr_guide_v2.0.pdf
COPY and PAY
COPY and PAY, easy payment integration for merchants: Host your own payment page, in your own design within minutes
Product facts
Hosted payment page solutions share one common challenge independent of their providers: merchants often have to compromise when it comes to the look and feel of a page. With the platform’s new merchant integration option your requirements are met without compromises –and without trade-offs when it comes to PCI compliance or ease of integration.
The issue with hosted payment page solutions is that customising a given payment template can only come so close to developing the payment page and workflow that is really needed by you.
A payment page developed and hosted by a payment provider simply cannot perfectly meet all the requirements you may have when it comes to the look and feel of the page. Merchant requirements in general just vary too much, and customisation – to whatever extent – cannot cope with the different processes coming from all these business backgrounds.
The platform’s COPY and PAY enables you to create your own payment page, perfectly integrating with the corporate identity of your web site, while easily meeting PCI DSS compliance requirements and keeping things simple.
You can:
- Integrate in less than 10 minutes – guaranteed
- Use all the payment schemes available on the platform, including 3D Secure and asynchronous payment schemes
- Host your own payment page, in your own corporate identity, instead of having to use a predefined page
- Meet PCI compliance requirements with minimum effort
- Get a kick-start by using predefined widgets to design your own payment form
- Have full control of your checkout and payment workflow and hence full control on its conversion
- Integrate payment functionality in just a matter of minutes
- Get the all-in-one payment solution for mobile devices and classic browsers
Functionality
By applying the platform’s new merchant integration option “COPY and PAY”, you develop and host your very own payment page. In this case, you will not touch critical credit card data, as the form posts the data directly to the gateway’s servers, so PCI compliance is achieved with a minimum of effort.
A sophisticated widget library makes it easy to build the payment forms and handles the different workflows that come with different payment methods.
Technical details
It’s as easy as this:
- You prepare a token for the payment by sending one request with credentials and unmodifyable data, such as an amount in a server-to-server call.
- On the payment page, you either use one of the ready-made widgets to create a pre-integrated payment form, or have to include a simple JavaScript call to a form designed by you. The shopper then triggers the payment using the account details from the browser.
- Finally, you easily get the result of the payment in a simple call either server-side or from the browser, using the token obtained earlier.
And as flexible as that:
What if you need a checkbox for a newsletter that needs to be sent right away along with the account details?
No problem: any merchant-defined parameters can be sent and are returned.
What if you want to send credentials from the server first and then collect the shopper’s address data in a browser form, calculate the final amount on the server and finally let the shopper enter the account details?
Not an issue: The payment session in “COPY and PAY “is accessible by a token until the payment is ultimately triggered. You are informed about data entered in each and every step.
What if you require the widget library to do something different than intended?
As easy as this: it’s just JavaScript and CSS; it is well designed and documented. It can be copied, modified or just used as a reference template – whatever is necessary to get the perfect result for the case at hand.
What if you want to integrate 3D Secure or asynchronous payment schemes?
No problem – the various call backs involved in complex asynchronous workflows automatically get handled by the COPY and PAY integration. For you, the workflow is the same, whether the payment scheme is asynchronous or not.
Try it out: https://sample.test.ctpe.info/Integrationguide/CopyandPay.html
Graphics: The platform’s widget library
Start off by using the platform’s widget library with the default style and JavaScript, and ultimately go on to host your own style and JavaScript.