GestPay Cryptography Technical Specification 2.1

Doc: GestPay - Security with Encryption Technical Specifications
GestPay
Security with Encryption Technical Specifications
Page 1 of 46
Summary
Document information ...................................................................................................3 Version information ...4 1 Introduction.............................................................................................................5 2 System Architecture................................................................................................6 3 Description of Process Phases.................................................................................8 3.1 Phase I: Transaction Data Encryption...................................................8 3.2 Phase II: Payment Page Call ................................................................................8 3.3 Phase III: Communication of Transaction Result ..............................................10 3.3.1 Response to Merchant .................................................................................10 3.3.2 Response to Buyer ......................................................................................10 3.4 Phase IV: Decryption of Transaction Result ......................................................11 4 Authentication ...........................................................................................................12 5 Structure of Transaction Data ...................................................................................13 5.1 Transaction Data to Send to GestPay .................................................................13 Transaction Data Received by GestPay ...................................................................15 6 Merchants Profile ....................................................................................................17 6.1 Authentication Configuration ............................................................................17 6.2 Configuration of response url and e-mail...........................................................18 6.3 Configuration of Fields & Parameters ..............................................................19 7 Description of GestPayCrypt Object ....................................................................20 8 WebService ..........................................................................................................23 Instructions for use of encryption module with WEBSERVICE interface...................23 List of calls available with WSCryptDecrypt webservice. ..........................................25 9 Software requirements .........................................................................................27 9.1 Buyer browser requirements ........................................................................27 9.2 Merchant server requirements .....................................................................27 9.2.1 Installation of GestPayCrypt.class (Java) ............................................27 9.2.2 Installation of GestPayCrypt.dll (COM)..............................................28 10 Example transactions .......................................................................................30 10.1 Transaction number 1 ..................................................................................30 10.2 Transaction number 2 ..................................................................................33 11 Examples of implementation ...........................................................................36 12 Table of errors..................................................................................................39 13 Table of currency codes ...................................................................................43 14 Table of language codes .................................................................................44 15 Table of Verified by Visa codes ......................................................................45 16 Payment orders in test environment.................................................................46 17 Links ................................................................................................................46
Page 2 of 46
Document Information
Project name: Title: Creation date Language: Company: GestPay GestPay - Security with Encryption Technical Specifications Marco Loro English EasyNolo
Page 3 of 46
Version Information
Version 1.0.0 1.0.1 1.0.2 1.1.0 1.1.1 1.1.2 1.1.3 1.1.4 1.1.5 1.1.6 1.1.7 2.0.0 2.0.1 2.0.2 2.0.3 2.1 Description Initial version Handling of TransactionResult attribute Chapter 2, list corrected GestPay url modified Document totally revised Browser requirements updated Server requirements updated Custom field requirements updated Error Codes updated Language Codes updated Custom code requirements and gestpay parameters updated Currency codes updated 3D Secure Errata Corrige Specific domain for test codes introduced New 3DLevel response parameter introduced Webservice Encryption Specifications Date Author 15.03.2001 Sellanet 20.03.2001 Sellanet 22.03.2001 Sellanet 28.03.2001 09.04.2001 22.11.2001 04.03.2002 15.03.2002 30.05.2002 20.08.2002 27.01.2003 28.01.2003 20.04.2005 13.06.2007 Sellanet Sellanet Sellanet Sellanet Sellanet Sellanet Sellanet Sellanet Sellanet Easy Nolo S.p.A. Easy Nolo S.p.A.
15.07.2009 Easy Nolo S.p.A. 12.01.2010 EasyNolo S.p.a.
Page 4 of 46
1 Introduction
The purpose of this document is to illustrate the architectural and functional aspects of the GestPay platform and to provide the necessary indications regarding the interface. The chapter System architecture describes the various components of the system and the modes of interaction between them and between the parties involved (merchant, buyer and GestPay). The chapter Description of process phases details all of the phases that make up the payment process, in particular the information that must be passed to GestPay and the information that will be returned. The chapter Authentication describes how GestPay authenticates the merchant server that makes calls to the system. The chapter Payment transaction data structure describes the information that identifies a payment transaction and the result that GestPay returns after processing the transaction. The chapter Merchant profile describes how to configure the merchant profile that allows GestPay to process transactions correctly. The chapter GestPayCrypt object description examines the use of the component that handles server-to-server communication during the phases in which this kind of communication is sent between the server that receives the virtual shop as guest and GestPay. The chapter WebService focuses on the use of the webservice responsible for handling the encryption and decryption services substituting the GestpayCrypt object described above between the server which hosts the virtual store and GestPay. The chapter Software requirements illustrates the minimum requirements for installation of the software required to interface with GestPay. The chapter Example transactions describes a number of typical transactions, highlighting the information exchanged and the modes of interaction between the various components. In addition, there are some tables that make it possible to code certain information sent by or received from GestPay.
Page 5 of 46
2 System Architecture
Within the system architecture, 3 components can be identified: Buyer client Merchant Server GestPay Server Communication between the various components takes place over the Internet using the http or https protocols (the GestPay server has a 128-bit Verisign digital certificate). The payment process is split into communication steps in which the components interact, exchanging the information needed to complete the transaction. Merchant
1 4
8b
Customer
2 7a 9b
8a
10b
PRE-payment POST-payment Request Responses
GestPay
Architecture scheme
1. The buyer selects the items to buy and decides to proceed with payment. 2. The merchants server contacts GestPay server via the Internet to encrypt the payment transaction data. 3. GestPay performs the necessary controls to authenticate the merchants server and validate the transaction data, returning, in the event of an affirmative response, an encrypted parameter string that represents the payment transaction to be processed. 4. The encrypted parameter string is communicated to the customers browser. The customer is directed to the GestPay server to complete the payment process. 5. The merchants browser calls back the payment page, passing the encrypted parameter string and the code assigned to the merchant (Shop Login). Data security checks are performed on the transaction: if the checks are passed, the payment page can be displayed and the the data needed to complete the transaction
Page 6 of 46
Doc: GestPay - Security with Encryption Technical Specifications can be entered. The following steps describe the process by which the transaction result is communicated both to the merchant and to the buyer. 6. GestPay communicates to the merchants server an encrypted parameter string which returns the result of the transaction. 7a.The merchants server contacts the GestPay server via Internet to decrypt the encrypted data string which returns the result of the transaction. 8a.GestPay decrypts the string and returns the parameters which return the result of the transaction in unencrypted form. 7b.GestPay communicates the encrypted parameter string which brings the transaction result to the browser of the customer, who is directed to the merchants server. 8b.The buyers browser calls back the response page created by the merchant, passing the encrypted parameter string. 9b.The merchants server contacts the GestPay server via Internet to decrypt the encrypted data string that returns the transaction result. 10b. GestPay decrypts the string and returns, in unencrypted form, the parameters that return the transaction result, allowing the merchant to provide the buyer with the references required to complete the purchase process. The following scheme analyses the payment process, underlining the chronological order in which the communication steps take place. Notice that in some cases (steps 7 and 8) simultaneous communications are established between the components under consideration when they implement the procedures that must manage the information exchanged between the steps.
Components
GestPay Server
Merchant Server
Customer Client
10
Step
Page 7 of 46
3 Description of Process Phases

A payment transaction is made up of 4 basic phases in which there are one or more communication steps. In each phase, the information necessary to process the transaction is exchanged between the various components.
3.1 Phase I: transaction data encryption

The information required for the payment is previously communicated to GestPay to be encrypted. To guarantee an optimum security level, no sensitive information is communicated in unencrypted form to the buyers server. In this phase, the merchants server requests the encryption service from GestPay, obtaining the encrypted string that represents the transaction to process. The data that identify a transaction and their use will be described in chapter 4. Encryption can be handled in one of two ways: Use of the GestPayCrypt object Server-to-server communication is handled by the GestPayCrypt object released by EasyNolo, which must be previously installed on the merchants server. The virtual shop pages concerned with handling information required for the payment call the object. Use of the WSCryptDecrypt WebService The use of the webservice does not require any installation on the server, but simply a call to the webservice using the https protocol. The response is in the XML format. If the merchants authentication checks and validation of transaction data are passed, GestPay returns the encrypted data string to the merchants server to be sent to the buyers server to continue the payment process. Otherwise, a specific error code will be returned to allow the problem detected to be identified.
3.2 Phase II: payment page call

After obtaining the encrypted data string (as described in the preceding section), the buyers browser is directed to the payment page on the GestPay server at the following address: https://ecomm.sella.it/gestpay/pagam.asp?a=<ShopLogin>&b=<encrypted string> for test codes: https://testecomm.sella.it/gestpay/pagam.asp?a=<ShopLogin>&b=<encrypted string>
The call to the page will be made passing two parameters: a The code identifying the merchant (Shop Login) b The encrypted data string identifying the transaction The payment page will acquire the parameters and verify the identity checks (parameter a must refer to a recognised merchant) and transaction data security (parameter b must
Page 8 of 46
correspond to the encrypted data string communicated by the merchant during the previous phase). If the checks are passed, the payment page will be displayed to the buyer, who must enter the data required to complete the payment process. If the checks are not passed, the payment page is not displayed and the process passes to the following phase in order to communicate the negative transaction result.
Page 9 of 46
3.3 Phase III: communication of transaction result

GestPay communicates the transaction result both to the merchant and the buyer. 3.3.1 Response to merchant Notification is forwarded with a server-to-server call to the page specifically configured on the merchants server (the notification page URL is one of the items of information that make up the merchants profile, configurable through the GestPay Back Office environment). Call syntax is the following: http://<url server to server>?a=<ShopLogin>&b=<encrypted string> The call to the page will be made passing two parameters: a the code which identifies merchant (Shop Login) b the encrypted data string which contains the result of the transaction The page residing on the merchants server must have the html tags <HTML></HTML> in the source. If there are communication errors, GestPay will make several forwarding attempts for two days after the transaction. The merchant will also receive a transaction result notification e-mail at the address configured in his/her profile. In addition, the processed transaction can be viewed by accessing the GestPay Back Office environment in the Active Report section. 3.3.2 Response to Buyer GestPay immediately communicates the result of the transaction by displaying a virtual receipt showing essential transaction data. GestPay directs the buyers browser to the merchants server to conclude the purchasing process. The merchant must prepare two urls (and configure them in the merchants profile) which will be called in the event of a negative or positive response and will allow the merchant to manage communication with the buyer while maintaining the editorial style that characterises the virtual shop. The call syntax is the following: http://<url merchant>?a=<ShopLogin>&b=<encrypted string> If there is an anomaly in the server-to-server communication described above, GestPay displays a message to the buyer warning that there may be problems directing him/her to the merchants server to conclude the purchasing process. In this situation, the buyer receives a notification from GestPay about the transaction result and is invited, if there are anomalies, to contact the merchant by other means (e.g. e-mail) to conclude the purchasing process. The buyer will also receive a transaction result notification e-mail at the address provided on the payment page, if indicated.
3.4 Phase IV: decryption of transaction result

GestPay communicates the transaction result through an encrypted string (parameter b of the call to the url preconfigured by the merchant). The string is initially forwarded to
Page 10 of 46
the merchant during server-to-server communication and makes it possible once it has been decrypted to update the status of the transaction recorded in the merchants information system. The same string is also sent from the buyers browser to the merchants server and makes it possible once it has been decrypted to complete the payment process. Web pages preconfigured by the merchant for receiving the transaction result (in the case of both server-to-server communication and through the buyers browser) must call the GestPay server to request the decryption service and obtain the information that represents the result of the processed transaction in unencrypted form. The request to decrypt the string received can be made through: GestPayCrypt Object Server-to-server communication is handled by the GestPayCrypt object released by EasyNolo and which must be installed on the merchants server in advance. WebService WSCryptDecrypt The use of the webservice does not require any installation on the server, but simply a call to the webservice using the https protocol. The response is in the XML format.
Page 11 of 46
4 Authentication
Server-to-server calls are managed by a component released by EasyNolo. Server authentication of the merchant requesting encryption or decryption services is made by verifying: Shop Login validity: ShopLogin parameter must correspond to a code recorded in GestPay customers details. IP address server: the calling server IP address must correspond to one of the IP addresses configured in the merchants profile. Shop Login status: the merchants status must be active (the merchants status is managed by the GestPay administrator and not directly by the merchant) If the authentication checks are not passed, a specific error will be returned, making it possible to identify the anomaly found in the authentication process.
Page 12 of 46
5 Structure of Transaction Data

A transaction is characterised by a series of information that must be communicated to GestPay to complete the payment process and by information returned to the system as the transaction result. By suitably configuring his/her profile within the Back Office environment, the merchant can define what information to send to or receive from GestPay, and by what means.
5.1 Transaction Data to Send to GestPay

Some of the information to communicate to GestPay is required in order to complete the Some information that is other essential to the payment configured as compulsory payment process, while information can beprocess omittediswithout compromising the by GestPay. This attribute cannot be modified. processing of the transaction.Through the GestPay Back Office environment, merchants The following gives the information that must be communicated can define whattable information is required and what information is optional. to GestPay in order to make a transaction: Name
ShopLogin Currency
Format
VarChar (30) Num (3)
Type R/O
P P R R
Description
ShopLogin Code identifying currency in which transaction amount is denominated (see Currency Codes table) Transaction amount. Do not insert thousands separator. Decimals (max. 2 numbers) are optional and separator is the point (see examples) Identifier attributed to merchants transaction Credit card number Credit card expiry month (01, 0212) Credit card expiry year (01, 0299) Buyers name and surname Buyers e-mail address Code identifying language used in communication with buyer String containing specific information as configured in the merchants profile
Amount
Num (9)
ShopTransactionID CardNumber ExpMonth ExpYear BuyerName BuyerEmail Language
VarChar (50) VarChar (20) Char (2) Char (2) VarChar (50) VarChar (50) Num (2)
P I/P I/P I/P I/P I/P P
R R R R O O O
CustomInfo (1)
1
VarChar (1000)
Each field can be up to a maximum of 300 characters in length
The Name column contains the attribute identifier with which a specific item of information is communicated to the GestPayCrypt object, which handles server-toserver communication for the encryption services. The Format column indicates whether the information value is numeric or alphanumeric. If it is alphanumeric, the maximum allowable number of characters is given in brackets. Page 13 of 46
Doc: GestPay - Security with Encryption Technical Specifications The Type column specifies whether the information must be communicated to the component (passed as Parameter) or if it can be entered by the buyer (passed as Input) in the payment page. The R/O column specifies whether the information is Required (if omitted the transaction cannot be completed) or Optional. However, the minimum quantity of information configured, which allows phase I to be processed, is made up of: Currency Amount Shop TransactionID This information, in fact, is defined as required and must be communicated to GestPay using the GestPayCrypt component. During phase I, GestPay makes validation checks on the information that constitutes the payment transaction, verifying consistency with the merchants profile setup. If anomalies are detected, the transaction is abandoned, returning a specific error. This approach makes it possible to identify possible anomalies connected with the transaction immediately, preventing the buyer from being directed to the payment page with an encrypted data string that corresponds to an invalid transaction. The CustomInfo attribute contains specific information that the merchant wishes to communicate to or receive from GestPay. What information is included in the CustomInfo attribute is defined in the Back Office environment in the Fields & Parameters section. The information included will follow this form: datum1=value1*P1*datum2=value2*P1* *P1*datumn=valuen The separator between logically different information is the reserved sequence of characters *P1*. Other characters that must not be used within the parameters encoded by GestPay and in customised information are: & (space) ( ) * < / /* > [ % , ] // ; ? : = *P1* --
Page 14 of 46
Transaction data received by GestPay

GestPay communicates the payment transaction result to the merchant through an encrypted data string that contains a series of information returned. Using the GestPayCrypt object, merchants will obtain the information reporting the transaction result in unencrypted form and will be able to update their own information system, allowing buyers to complete the purchasing process. The following table contains the information returned by GestPay as transaction result. Name
ShopLogin Currency
Format
VarChar (30) Num (3)
Type
P P
R/O
R R
Description
ShopLogin Code identifying currency in which transaction amount is denominated (see Currency Codes table) Transaction amount. Do not insert thousands separator. Decimals (max. 2 numbers) are optional and separator is the point (see examples) Identifier attributed to merchants transaction Buyers name and surname Buyers e-mail address Transaction result Transaction authorisation code Identifier attributed to the transaction by GestPay Nationality of institute issuing card Flag for Verified by Visa transactions (see table of VbV Codes) Error code Error description Alert code Level of authentication for VBV Visa / Mastercard Securecode transactions. The string may have the value FULL or HALF Alert description in chosen language String that has the specific information as configured in the merchants profile
Amount
Num (9)
ShopTransactionID BuyerName BuyerEmail TransactionResult AuthorizationCode BankTransactionID
VarChar (50) VarChar (50) VarChar (50) Char (2) VarChar (6) Num (9)
P I/P I/P P P P
R O O R R R
Country VbV ErrorCode ErrorDescription AlertCode 3DLevel
VarChar (30) VarChar (50) Num (9) VarChar (255) Num (9)
P P P P P
O O R R O
VarChar(255) AlertDescription CustomInfo(1) VarChar (255) VarChar (1000)
P P P
O O O
Each field can be up to a maximum of 300 characters in length.
The minimum information required to report the transaction result (defined as required) is made up of: Currency Amount ShopTransactionID TransactionResult AuthorizationCode ErrorCode Page 15 of 46
Doc: GestPay - Security with Encryption Technical Specifications ErrorDescription BankTransactionID Other information is defined as optional and will be returned according to the merchants profile settings made in the GestPay Back Office environment. A transaction result can be interpreted by verifying the TransactionResult field value. The possible values are: TransactionResult Description OK Positive transaction result KO Negative transaction result XX Suspended transaction result (only in the case of money transfers)
Page 16 of 46
6 Merchants Profile
Each merchant can configure his/her profile by accessing the GestPay Back Office environment at: https://ecomm.sella.it/gestpay/login.asp for test codes https://testecomm.sella.it/gestpay/login.asp Some settings regard the procedure and the information that must be sent to or will be returned by GestPay.
6.1 Authentication configuration

GestPay identifies the merchant requesting the encryption service through the GestPayCrypt component by comparing the calling server IP address to the IP addresses configured in the profile associated with the Shop Login used for the call. If the calling server is not recognised, the transaction process ends and a specific error is returned. In the Configuration IP Addresses section of the Back Office environment, the merchant can enter up to a maximum of 10 IP addresses (if calls to GestPay originate from a server farm).
Configuration IP Addresses
Page 17 of 46
6.2 Configuration of response url and e-mail

GestPay communicates the transaction result with a server-to-server call to the page specifically prepared by the merchant and by directing the buyers browser to the pages configured by the merchant (different pages for positive or negative results). In the Configuration Responses section in the Back Office environment, it is possible to specify the URLs used by the system to communicate the transaction result. In this section it is also possible to specify the addresses that will be used for notifications via e-mail.
Configuration Responses
Page 18 of 46
6.3 Configuration of Fields & Parameters

Merchants can define the transaction structure (specifying what information beside the required information will have to be sent to GestPay) by configuring in the Back Office environment what information is to be sent in phase I and what information must be returned when the transaction result is communicated. This system allows the merchant to customise the transaction structure with proprietary information that will be stored in the GestPay archives and will allow each transaction to be identified using customised search keys. Moreover, customised information can be returned with the transaction result communication, thus allowing the merchants information system to manage this information appropriately.
Merchants profile configuration - Fields & Parameters
Page 19 of 46
7 Description of GestPayCrypt Object

Server-to-server communication between GestPay and merchant is automatically handled by the GestPayCrypt component released by EasyNolo. This component is a Java library that will be called by the web pages preconfigured by the merchant to handle encryption of the transaction data and decryption of the result communicated by GestPay. The GestPayCrypt library is available as open source on the EasyNolo website. Table 1 contains the attributes and the methods made available by the Java library. In the virtual shop pages configured to handle payments the merchant implements a call to the GestPayCrypt component which handles requests to use the GestPay encryption service. Class attributes will be filled in with data that identify the transaction. To request the encryption service it is necessary to call the Encrypt method. If the encryption operation has concluded correctly (value of ErrorCode attribute = 0), the encrypted data string returned by GestPay will be available by reading the EncryptedString attribute value. Otherwise, the values of the ErrorCode and ErrorDescription attributes will allow the reasons that have prevented the encryption operation to be identified. To request the decryption service, it is necessary to call the Decrypt method, after filling in the Shop Login and EncryptedString attributes with values communicated by GestPay in Phase III. Information containing the result of the transaction will be available by reading the Java library attributes that correspond to the information regarding the transaction result.
Page 20 of 46
Doc: GestPay - Security with Encryption Technical Specifications The attributes and methods of the GestPayCrypt Java library are described below: Class: GestPayCrypt Attributes
AlertCode AlertDescription Amount AuthorizationCode BankTransactionID BuyerEmail BuyerName CardNumber Country Currency CustomInfo CVV EncryptedString Encryption ErrorCode ErrorDescription ExpMonth ExpYear Language MIN PasswordEncrypt ShopLogin ShopTransactionID TransactionResult VBV VBVrisp 3DLevel Alert code Alert description Transaction amount Transaction authorisation code Identifier assigned to transaction by GestPay Buyers email address Buyers name and surname Credit card number Nationality of institute issuing card Code identifying currency in which transaction amount is denominated String containing specific merchant information String containing value of Cvv2 / Cvc2 / 4dbc code of credit card Encrypted string Flag to activate local encryption Error code Error description Credit card expiry month Credit card expiry year Language code for communication with buyer Not used Password for local encryption Shop login identifying merchant Identifier assigned to transaction by merchant Transaction result Flag for Verified by Visa transactions Not used Level of authentication for Visa VBV / Mastercard Securecode transactions Used to set Amount attribute Used to set BuyerEmail attribute Used to set BuyerName attribute Used to set CardNumber attribute Used to set Currency attribute Used to set CustomInfo attribute Used to set CVV attribute Used to set ExpMonth attribute Used to set ExpYear attribute Used to set EncryptedString attribute Used to set Encryption attribute to TRUE Used to set Language attribute Not used Used to set PasswordEncrypt attribute Used to set ShopLogin attribute Used to set ShopTransactionID attribute Used to set Encryption attribute to FALSE
SET Methods
SetAmount (val) SetBuyerEmail (val) SetBuyerName (val) SetCardNumber (val) SetCurrency (val) SetCustomInfo (val) SetCVV SetExpMonth (val) SetExpYear (val) SetEncryptedString (val) SetEncryption SetLanguage (val) SetMIN SetPasswordEncrypt SetShopLogin (val) SetShopTransactionID (val) SetWithoutEncryption
Page 21 of 46
GET methods
Decrypt Encrypt GetAlertCode GetAlertDescription GetAmount GetAuthorizationCode GetBankTransactionID GetBuyerEmail GetBuyerName GetCountry GetCurrency GetCustomInfo GetEncryptedString GetErrorCode GetErrorDescription GetShopLogin GetShopTransactionID GetTransactionResult GetVBV GetVBVrisp Get3DLevel Used to request encryption service attribute Used to request decryption service attribute Used to read AlertCode attribute attribute Used to read AlertDescription attribute Used to read Amount attribute Used to read AuthorizationCode attribute Used to read BankTransactionID attribute Used to read BuyerEmail attribute Used to read BuyerName attribute Not used Used to read Currency attribute Used to read CustomInfo attribute Used to read EncryptedString attribute Used to read ErrorCode attribute Used to read ErrorDescription attribute Used to read ShopLogin attribute Used to read ShopTransactionID attribute Used to read TransactionResult attribute Used to read VbV attribute Not used Used to read 3DLevel attribute
Page 22 of 46
8 Webservice
Instructions for the use of the encryption module with the WEBSERVICE interface This document contains the necessary instructions for using the WSCryptDecrypt webservice. This component is a library that must be called from the web pages configured by the merchant to handle transaction data encryption and decryption of the result communicated by GestPay. The WSCryptDecrypt web service is available on the production and test servers and does not require any installation on the merchants server. The merchant must implement in the page(s) of the virtual store configured to handle payments a call to the webservice which handles requests to use the GestPay encryption service. To request the encryption service it is necessary to call the Encrypt method. An example of a positive XML response returned by the web service is given below:
<?xml version="1.0" encoding="utf-8" ?> <GestPayCryptDecrypt> <TransactionType>ENCRYPT</TransactionType> <TransactionResult>OK</TransactionResult> <CryptDecryptString>CF66F38B4EC881.</CryptDecryptstring> <ErrorCode>0</ErrorCode> <ErrorDescription /> </GestPayCryptDecrypt>
If the encryption operation is concluded correctly (TransactionResult value = OK), the encrypted data string returned by GestPay will be available by reading the value of the CryptDecryptString attribute. If this is not the case, the values of the ErrorCode and ErrorDescription attributes will make it possible to identify the reasons that prevented the encryption operation. To request the decryption service it is necessary to call the Decrypt method, passing the Shoplogin and EncryptedString attributes with the values communicated by GestPay in Phase III. The information containing the transaction result will be available by reading the information in the XML response file corresponding to the result of the transaction. The webservice must be called from the application configured by the merchant to handle the sending of transaction data and reading the result communicated by GestPay in XML format. The address of the service is the following URL:
https://ecomms2s.sella.it/gestpay/gestpayws/WSCryptDecrypt.asmx
for test codes

https://testecomm.sella.it/gestpay/gestpayws/WSCryptDecrypt.asmx
Page 23 of 46
Generation of Proxy Class to use webservice functions from various languages

The proxy class in the chosen language can be created automatically through the wsdl.exe program (in this case provided by Microsoft) simply by specifying the contract file relating to the webservice, in this case: The addresses of descriptions of the service are found at the following URLs: For production codes: https://ecomms2s.sella.it/gestpay/gestpayws/WSCryptDecrypt.asmx?WSDL For test codes: https://testecomm.sella.it/gestpay/gestpayws/WSCryptDecrypt.asmx?WSDL For example: wsdl /language:VB /out: wss2sProxyClass.vb https://testecomm.sella.it/gestpay/gestpayws/WSCryptDecrypt.asmx?WSDL The .vb file will be generated, with handling of the proxy class relating to the webservice which will simply be imported into the project and used. With visual Studio .net it is possible to add the webservice references in order to have the classes of the referenced webservice automatically available in the project (see Add Web Reference). For other languages, verify normal operations for interfacing with webservices.
Page 24 of 46
List of calls available with WSCryptDecrypt webservice. A complete list of methods for the WSCryptDecrypt object is provided below.
WEBService methods Method name Encrypt Decrypt Description Encryption Decryption
The various method calls are handled as function calls to the web service without passing an XML string. The values of the various calls must be passed as parameters.
Input parameters, Encrypt method Method name ShopLogin UICCode Amount ShopTransactionID (val) CardNumber (val) ExpMonth (val) ExpYear (val) BuyerName (val) BuyerEmail Language (val) CVV (val) CustomInfo (val) Description Used to set value of ShopLogin attribute Assigns currency code Assigns transaction amount Assigns code attributed by merchant to transaction Assigns card number Assigns card expiry month Assigns card expiry year Assigns buyers name Assigns buyers email Assigns language for emails to buyer Assigns security code printed on card Assigns string containing any customised parameters
Input parameters, Decrypt method Method name Description ShopLogin Used to set value of ShopLogin attribute CryptedString String to decrypt received from GestPay
Page 25 of 46
Il file XML e descritto e pu essere validato tramite il relativo file GestPayCryptDecrypt.xsd che qui andiamo a descrivere nel dettaglio
XML values returned Method name TransactionType Description The type of request executed can have the following values: ENCRYPT (E) DECRYPT (D) Returns Returns Returns Returns Returns Returns Returns Returns Returns Returns result of transaction with values OK and KO encrypted string code attributed by merchant to transaction code attributed by bank to transaction authorisation code currency code transactio amount nationality of institute issuing card any aditional parameters buyers name and email address, separated as follows:
TransactionResult (E,D) CryptDecryptString (E) ShopTransactionID (D) BankTransactionID (D) AuthorizationCode (D) Currency (D) Amount (D) Country (D) CustomInfo (D) BuyerType (D)
ErrorCode (E,D) ErrorDescription (E,D) AlertCode (D) AlertDescription (D)
BuyerEmail Returns buyers email address BuyerName Returns buyers name Returns a code referring to result of transaction Returns description associated with value of ErrorCode Returns code for violation of risk management criteria Returns description associated with value of AlertCode
Page 26 of 46
Doc: GestPay - Security with Encryption Technical Specications
9 Software Requirements
GestPay software requirements concern the buyers browser and the server hosting the virtual store.
9.1 Buyer browser requirements

The https://ecomm.sella.it/gestpay/ domain is associated with a 128-bit Verisign The buyers browser must be must configured to accept cookies and Javascript. digital certificate. Browsers be compatible with this level of encryption. The minimum recommended required versions are Internet Explorer 4.0 and Netscape 4.76.
9.2 Merchant server requirements

Check with the server administrator that the computer can reach the following addresses: If http (port 80) communication is used: http://ecomms2s.sella.it/testhttp/test.asp For test codes: http://testecomm.sella.it/testhttp/test.asp If https (port 443) communication is used: https://ecomms2s.sella.it/testhttps/test.asp For test codes: https://testecomm.sella.it/testhttps/test.asp
9.2.1 Installation of GestPayCrypt.class (Java)

The GestPayCrypt Java library (GestPayCrypt. class) must be copied into the web server directory containing the Java libraries. For example, in a system with architecture based on Windows NT and Internet Information Server it must be installed in the following directory: ...\java\TrustLib On the web server that hosts web pages that call the GestPayCrypt library, Java Virtual Machine (from 1.1.3 version on) must be installed.
Page 27 of 46
9.2.2 Installation of GestPayCrypt.dll (COM)

The COM object can be installed only in Windows environments (NT 4.0 or above; MTS; IE 4.x or above installed with Microsoft VM Java), saved at any location on the disk and subsequently registered using one of the following operations: Windows NT - 2000 from the command prompt using the command: REGSVR32 path (e.g. c:\winnt\system32\GestPayCrypt.dll) Note. For Windows Server 2003 and Windows Xp versions this registration method is not recommended. Through Com+ (for Windows 2000 or above) or MTS (for NT 4.0) Path: Left panel consoleroot /Microsoft transaction server/Computer/MyComputer (or other computer name)/Packages Installed Right-click > Create new package (taking care not to use Interactive User, but assign an account with sistem administrator privileges for the package) Open the package /Components Right-click > New Component > Install new component >Add Select the Dll OK Note. For more information consult the Microsoft website at the following address: http://msdn.microsoft.com/library/default.asp?url=/library/enus/cossdk/htm/pgcreatingapplications_06ib.asp
Page 28 of 46
Windows 2003 Follow the manual available at the following address:
http://service.easynolo.it/download/Tutorial_Installazione_oggetti.zip
Page 29 of 46
10 Example Transactions
This chapter describes a number of significant examples of interfacing with Gestpay. The ShopLogin used in the examples is 9000001. The merchants profile is the following: Merchants Profile IP Address Server-to-server Communication Url Url for positive responses Url for negative responses E-mail for sending OK result E-mail for sending KO result E-mail for sending information
171.85.234.97 http://www.myshop.com/s2s.asp http://www.myshop.com/respOK.asp http://www.myshop.com/respKO.asp result_OK@myshop.com result_KO@myshop.com info@myshop.com
9.1 Transaction # 1
The merchant decides to communicate to GestPay only the essential information to allow the buyer to make the payment. The payment page must be displayed to the buyer who enters the sensitive data requie to complete the payment in protected (SSL 128-bit) mode. The transaction to process has the following characteristics: Merchants Transaction Shop Transaction ID Transaction Amount Currency Transaction
34az85ord19 1828.45 euro
Let us suppose that the transaction is concluded positively (payment will be made), returning the following result: Result Authorisation code 54e813 Bank transaction ID 216 In the following pages, each individual phase that makes up the payment process will be described, highlighting the information exchanged between GestPay and the merchants server.
Page 30 of 46
Doc: GestPay - Security with Encryption Technical Specifications Phase I The merchants server communicates the information that characterises the transaction to GestPay, setting the value of the GestPayCrypt attributes: GestPayCrypt ShopLogin Currency Amount ShopTransactionID Language
9000001 242 1828.45 34az85ord19 2
GestPay authenticates the calling server and validates the information characterising the transaction. If the checks are passed, it returns an encrypted string to GestPay: Encrypted Data String ShopLogin EncryptString Phase II The buyers server is directed to the GestPay server to complete the payment process. The call to the payment page is made passing two parameters that correspond to the shop login and to the encrypted data string received in the previous phase by GestPay: Payment page Url Https://ecomm.sella.it/gestpay/pagam.asp?a=9000001&b=2C53F1B5.................... GestPay authenticates the Shop login (parameter a) and performs security checks on the encrypted data string (parameter b). If the checks are passed, the payment page is displayed to the buyer, who can enter the data necessary to complete the payment. Otherwise, an error will be communicated. Phase III After processing the transaction, GestPay communicates the transaction result (encrypted data string) to the merchant. Server-to-server communication Http://www.myshop.com/s2s.asp?a=9000001&b=4D341A8B.............. After server-to-server communication has concluded positively, GestPay directs the buyers browser to the merchants server (in this case to the Url for positive responses). If this is not the case, the buyer is informed that it is not possible to direct him/her to the merchants server to conclude the purchasing process.
9000001 2C53F1B5...................
Page 31 of 46
Redirection of buyers client Http://www.myshop.com/respOK.asp?a=90000011&b=4D341A8B............. The transaction result is also communicated to the merchant via e-mail. Send E-mail Result_OK@myshop.com
Phase IV GestPay communicates the transaction result to the merchant, sending an encrypted data string. Using the GestPayCrypt object, the merchant must request the string decryption service to interpret the transaction result correctly and update the information in his/her own information system, thus allowing the buyer to complete the purchasing process. The merchants server communicates the encrypted data string containing the transaction result to GestPay, through GestPayCrypt. Encrypted Data String ShopLogin EncryptedString
9000001 4D341A8B.............
GestPay authenticates the calling server and the integrity of the encrypted data string. If the controls are passed, it returns the unencrypted information to GestPayCrypt allowing the merchant to interpret the transaction result correctly: GestPay Result ShopLogin Currency Amount ShopTransactionID TransactionResult AuthorizationCode BankTransactionID ErrorCode ErrorDescription
9000001 242 1828.45 34az85ord19 OK 54e813 216 0 Transaction Executed
Page 32 of 46
10.2 Transaction #2
The merchant decides to communicate to GestPay not only the information that is indispensable to allow the buyer to make the payment, but also the buyers name, surname and e-mail address (this information is suggested by default on the payment page so that the buyer does not need to enter it a second time). Other customised information is sent by the merchant (the client code attributed to the buyer and technical information). The payment page must be displayed to the buyer who enters any sensitive data necessary to complete the payment in protected mode (128bit SSL). In addition, one of the customised items of information (client code) must be displayed on the payment page. The transaction to process has the following characteristics: Transaction Shop Transaction ID Transaction Amount Currency Transaction Language Buyers Name and Surname Buyers E-mail Address Customised info 1 Customised info 2
34az85ord19 1245.6 Euro Spanish Mario Bianchi mario.bianchi@isp.it BV_CODCLIENTE=12 BV_SESSIONID=398
We shall assume that the transaction is concluded positively (payment is made), reporting the following result: Result Authorisation code 9823y5 Bank transaction ID 860 The following pages describe each individual phase that makes up the payment process, highlighting the information exchanged between GestPay and the merchants server. Phase I The merchants server communicates the information that characterises the transaction to GestPay, setting the value of the GestPayCrypt attributes: GestPayCrypt ShopLogin Currency Amount ShopTransactionID Language BuyerName BuyerEmail CustomInfo
9000001 242 15.6 34az85ord19 3 Mario Bianchi mario.bianchi@isp.it BV_CODCLIENTE=12*P1*SESSIONID=398
Page 33 of 46
GestPay authenticates the calling server and validates the information that characterises the transaction. If the controls are passed, it returns an encrypted string to GestPay: Encrypted Data String ShopLogin EncryptString
9000001 30715CA8..
Phase II The buyers server is directed to the GestPay server to complete the payment process. The call to the payment page is made passing two parameters that correspond to Shop login and to the encrypted data string received in the previous phase by GestPay: Payment page Url https://ecomm.sella.it/gestpay/pagam.asp?a=9000001&b=30715CA8....................
GestPay verifies the Shop login (parameter a) and performs security checks on the encrypted data string (parameter b). If the checks are passed, the buyer, who can now enter the data necessary to complete the payment, views the payment page. If the checks are not passed, an error will be communicated.
Phase III After processing the transaction, GestPay communicates the transaction result (encrypted data string) to the merchant. Server-to-server communication http://www.myshop.com/s2s.asp?a=9000001&b=F45E129A.............. After server-to-server communication has concluded positively, GestPay directs the buyers browser to the merchants server (in this case to the Url for positive responses). If this is not the case, the buyer is informed that it is not possible to direct him/her to the merchants server to complete the purchasing process. Redirection of Buyers Client http://www.myshop.com/respOK.asp?a=90000011&b= F45E129A............. The transaction result is also communicated to the merchant and the buyer via e-mail. Send E-mail result_OK@myshop.com mario.bianchi@isp.it
Page 34 of 46
Phase IV GestPay communicates the transaction result to the merchant, sending an encrypted data string. Using the GestPayCrypt object, the merchant must request string encryption to interpret the transaction result correctly and update the information in his/her own system, thus allowing the buyer to complete the purchasing process. The merchants server communicates the encrypted data string containing the transaction result to GestPay, through GestPayCrypt. Encrypted Data String ShopLogin EncryptedString
9000001 6C12459A............
GestPay authenticates the calling server and checks the encrypted data string. If the checks are passed, it returns an unencrypted data string containing the transaction result: GestPay Result ShopLogin Currency Amount ShopTransactionID TransactionResult AuthorisationCode BankTransactionID CustomInfo ErrorCode ErrorDescription
9000001 242 15.6 34az85ord19 OK 9823y5 860 BV_CODCLIENTE=12*P1*SESSIONID=398 0 Transaction Executed
Page 35 of 46
11 Examples of Implementation
This chapter describes an example of interfacing with GestPay created using the ASP language. Working scripts created using some of the most widely distributed development languages (ASP,JSO,PHP) can be downloaded from http://service.easynolo.it/download.asp.
ASP Example PAGE FOR CONNECTING TO PAYMENT PAGE (PAYMENT REQUEST)
<% START OF ENCRYPTION SCRIPT DO NOT MODIFY THIS PART Set objCrypt = GetObject("java:GestPayCrypt") if Err.number <> 0 then Response.Write Err.number & Err.description end if MODIFY THIS PART (SETTING VALUES OF TRANSACTION ATTRIBUTES) Replace text contained between square brackets [] with data required to carry out transaction. The lines containing data marked as NOT REQUIRED must be deleted if not used REQUIRED FIELDS myshoplogin= [SHOP LOGIN] e.g. 9000001 mycurrency=[CURRENCY CODE] e.g. 242 for euro or 18 for lira myamount=[AMOUNT WITHOUT THOUSANDS SEPARATOR WITH POINT AS DECIMAL SEPARATOR] e.g. 1256.28 myshoptransactionID=[TRANSACTION IDENTIFIER] e.g. 34az85ord19
FIELDS NOT REQUIRED (DELETE ANY LINES WHICH ARE NOT RELEVANT) mybuyername=[BUYERS NAME AND SURNAME]e.g. Mario Bianchi mybuyeremail=[BUYERS EMAIL]e.g. Mario.bianchi@isp.it mylanguage=[CODE FOR LANGUAGE TO USE IN COMMUNICATION] e.g. 3 for Spanish mycustominfo=[CUSTOMISED PARAMETERS] e.g. BV_CODCLIENTE=12*P1*BV_SESSIONID=398
Page 36 of 46
DO NOT MODIFY THIS PART objCrypt.SetShopLogin(myshoplogin) objCrypt.SetCurrency(mycurrency) objCrypt.SetAmount(myamount) objCrypt.SetShopTransactionID(myshoptransactionID) objCrypt.SetBuyerName(mybuyername) objCrypt.SetBuyerEmail(mybuyeremail) objCrypt.SetLanguage(mylanguage) objCrypt.SetCustomInfo(mycustominfo) call objCrypt.Encrypt if objCrypt.GetErrorCode = 0 then b = objCrypt.GetEncryptedString a = objCrypt.GetShopLogin end if END OF ENCRYPTION SCRIPT. IF ALL OK 2 VARIABLES, A AND B, ARE OBTAINED, TO BE USED TO PASS PARAMETERS TO BANCA SELLA EXAMPLE WITH HTML FORM %> <form action=https://ecomm.sella.it/gestpay/pagam.asp> <input name=a type=hidden value=<%=a%>> <input name=b type=hidden value=<%=b%>> <input type=submit value= OK > </form>
Page 37 of 46
PAGE FOR HANDLING PAYMENT RESPONSE

<% START OF DECRYPTION SCRIPT DO NOT MODIFY
INPUT PARAMTERS ARE READ AND PARAMETER B IS DECRYPTED parameter_a = trim(request(a)) parameter_b = trim(request(b)) Set objdeCrypt = GetObject("java:GestPayCrypt") if Err.number <> 0 then Response.Write Err.number & Err.description end if objdeCrypt.SetShopLogin(parameter_a) objdeCrypt.SetEncryptedString(parameter_b) call objdeCrypt.Decrypt THERE FOLLOWS A SERIES OF VARIABLES WHOSE VALUE IS SET TO THE DATA RECEIVED BY GESTPAY TO BE USED TO INTEGRATE WITH MERCHANTS OWN SYSTEM
myshoplogin=trim(objdeCrypt.GetShopLogin) mycurrency=objdeCrypt.GetCurrency myamount=objdeCrypt.GetAmount myshoptransactionID=trim(objdeCrypt.GetShopTransactionID) mybuyername=trim(objdeCrypt.GetBuyerName) mybuyeremail=trim(objdeCrypt.GetBuyerEmail) mytransactionresult=trim(objdeCrypt.GetTransactionResult) myauthorizationcode=trim(objdeCrypt.GetAuthorizationCode) myerrorcode=trim(objdeCrypt.GetErrorCode) myerrordescription=trim(objdeCrypt.GetErrorDescription) myerrorbanktransactionid=trim(objdeCrypt.GetBankTransacti onID) myalertcode=trim(objdeCrypt.GetAlertCode) myalertdescription=trim(objdeCrypt.GetAlertDescription) mycustominfo=trim(objdeCrypt.GetCustomInfo) END OF DECRYPTION SCRIPT %>
Page 38 of 46
12 Table of Errors
Code
0 57 58 63 64 65 66 74 97 100 150 208 212 251 810 811 901 902 903 904 905 906 907 908 910 911 913 914 915 916 917 918 919 920 950 951 998 999 1100 1101 1102 1103 1104
Description
Transaction correctly processed Credit card frozen Confirmed amount exceeds authorised amount Demand for settlement of a non-existent transaction Pre-authorisation expired Incorrect currency Pre-authorisation already notified Authorisation denied Authorisation denied Transaction interrupted by bank authorisation system Incorrect merchant configuration in bank authorisation system Incorrect expiry date Bank authorisation system unavailable Insufficient credit Bank authorisation system not available Incorrect merchant configuration in bank authorisation system Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Authorisation denied Credit card not authorised Incorrect merchant configuration in bank authorisation system Incorrect credit card check-digit Operation not performed Empty parameter string Invalid format of parameter string No parameter name precedes = symbol Parameter string ending with a separator Invalid parameter name
Page 39 of 46 Doc: GestPay - Security with Encryption Technical Specifications
Code 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146
Description Invalid parameter value Repeated parameter name Unexpected parameter name. Please double check "Fields and Parameters" configuration in Back Office. Compulsory parameter not set Missing parameter Missing PAY1_UICCODE parameter Invalid currency code Missing PAY1_AMOUNT parameter Nonnumeric amount Amount with incorrect number of decimal digits Missing PAY1_SHOPTRANSACTIONID parameter PAY1_SHOPTRANSACTIONID parameter too long Invalid language identifier Non-numeric characters in credit card number Credit card number incorrect length Incorrect credit card check-digit Credit card belongs to a non-authorised company Expiry year without expiry month Expiry month without expiry year Invalid expiry month Invalid expiry year Expired expiry date Invalid cardholder email address Parameter string too long Parameter value too long Call rejected: missing parameter A Call rejected: Shop not recognised Call rejected: shop without active status Call rejected: missing parameter B Call rejected: empty parameter B Call rejected: other parameters beside A and B are present Call rejected: transaction did not begin with a call to server-to-server Call rejected: transaction already processed Call rejected: card number or expiry date missing Call rejected: missing published payment page Transaction cancelled by buyer Call rejected: input parameter string not acceptable Call rejected: invalid IP address Transaction abandoned by buyer Compulsory field not set Invalid OTP Amount too small
Page 40 of 46
Code 1147 1148 1150 1151 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 7401 7402 7403 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 7414
Description Amount too large Invalid cardholder name IPIN must be set Parameter error Technical error in connection with credit card company network Transaction exceeds maximum number of operations within time period Transaction exceeds maximum number of operations performed by the same buyer within time period Transaction exceeds maximum amount within time period Transaction exceeds maximum amount payable by same buyer within time period Transaction contains a field value that had been declared not acceptable Buyer abandoned transaction because it was a duplicate transaction Wrong line length Wrong value in SHOPTRANSACTIONID field Wrong value in CURRENCY field Wrong value in AMOUNT field Wrong value in AUTHORIZATION DATE field Transaction not found Transaction ambiguous Text file contains several rows regarding same transaction Refund operation requested for amount exceeding transaction balance Wrong value in BANKTRANSACTIONID field Fields BANKTRANSACTIONID and SHOPTRANSACTIONID are empty Transacion cannot be deleted Transacion cannot be refunded Transacion cannot be settled Transacion cannot be renounced Authorisation refused by credit card companies Card not authorised Card not recognised Card empire Call credit card company Incorrect card date Incorrect transaction date System error Merchant not recognised Invalid format Amount not available Not settled Operation not allowed Network not available
Page 41 of 46
Code 7415 7416 7417 7418 7419 7420 7421 9997 9998 9999
Description Collect card Number of PIN attempts exceeded Blocked terminal Forcibly closed terminal Transaction not permitted Transaction not authorised Service suspended on 01.01.2002 Phase with error Phase correctly ended System error
Note. The error codes returned by GestPay are constantly updated. If you do not find a specific error code returned by the procedure, please see the Error codes entry contained in the OnLine Help section in the Back Office environment.
Page 42 of 46
13 Table of currency codes

Currency codes are handled by GestPay using the currency attribute. Code UIC 18 242 1 2 71 103 234 3 Description Italian lira Euro Dollar Pound Japanese Yen Hong Kong Dollar Real Swiss franc
Page 43 of 46
14 Table of Language Codes

The language code is handled by GestPay using the Language attribute. Code 1 2 3 4 5 Description Italian English Spanish French German
Page 44 of 46
15 Table of Verified by Visa Codes

The VbV code is handled by GestPay using the VbV attribute. Code OK KO Description VbV-certified transaction Transaction not VbV-certified
Page 45 of 46
16 Payment Orders in Test Environment

Remember that to simulate the authorisation of a payment order in the test environment it is necessary to use a currently valid credit card. Amounts relating to authorised payment orders will be set against the credit limit of the card used and will never be debited. We therefore recommend that payment orders are made for small amounts so as not to run down the remaining credit on the card used for the tests.
17 Links
Test codes http://service.easynolo.it/download.asp Technical support https://www.easynolo.it/easynolo/ecommerce/assistenza/richiedi_assistenza.jsp?p=com_42 F.A.Q. https://www.easynolo.it/easynolo/ecommerce/assistenza/faq_ecommerce.jsp?p=com_55 Forum http://service.easynolo.it/forum.asp E-Commerce on Sella. http://www.sella.it/gbs/shop/ecommerce/gestpay/index.jsp Back Office environment for actual merchants https://ecomm.sella.it/gestpay/backoffice/LoginGestPay.asp Back Office environment for test merchants https://testecomm.sella.it/gestpay/backoffice/logingestpay.asp
Page 46 of 46

GestPay Cryptography Technical Specification 2.1

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

GestPay Cryptography Technical Specification 2.1

Enviado por

Direitos autorais:

Formatos disponíveis

Doc: GestPay - Security with Encryption Technical Specifications

Doc: GestPay - Security with Encryption Technical Specifications

Doc: GestPay - Security with Encryption Technical Specifications

Doc: GestPay - Security with Encryption Technical Specifications

15.07.2009 Easy Nolo S.p.A. 12.01.2010 EasyNolo S.p.a.

Doc: GestPay - Security with Encryption Technical Specifications

Doc: GestPay - Security with Encryption Technical Specifications

PRE-payment POST-payment Request Responses

Doc: GestPay - Security with Encryption Technical Specifications

3 Description of Process Phases

3.1 Phase I: transaction data encryption

3.2 Phase II: payment page call

Doc: GestPay - Security with Encryption Technical Specifications

Doc: GestPay - Security with Encryption Technical Specifications

3.3 Phase III: communication of transaction result

3.4 Phase IV: decryption of transaction result

Doc: GestPay - Security with Encryption Technical Specifications

Doc: GestPay - Security with Encryption Technical Specifications

Doc: GestPay - Security with Encryption Technical Specifications

5 Structure of Transaction Data

5.1 Transaction Data to Send to GestPay

ShopTransactionID CardNumber ExpMonth ExpYear BuyerName BuyerEmail Language

P I/P I/P I/P I/P I/P P

Each field can be up to a maximum of 300 characters in length

Doc: GestPay - Security with Encryption Technical Specifications

Transaction data received by GestPay

ShopTransactionID BuyerName BuyerEmail TransactionResult AuthorizationCode BankTransactionID

Country VbV ErrorCode ErrorDescription AlertCode 3DLevel

VarChar(255) AlertDescription CustomInfo(1) VarChar (255) VarChar (1000)

Each field can be up to a maximum of 300 characters in length.

Doc: GestPay - Security with Encryption Technical Specifications

6.1 Authentication configuration

Doc: GestPay - Security with Encryption Technical Specifications

6.2 Configuration of response url and e-mail

Doc: GestPay - Security with Encryption Technical Specifications

6.3 Configuration of Fields & Parameters

Merchants profile configuration - Fields & Parameters

Doc: GestPay - Security with Encryption Technical Specifications

7 Description of GestPayCrypt Object

Doc: GestPay - Security with Encryption Technical Specifications

Doc: GestPay - Security with Encryption Technical Specifications

for test codes

Doc: GestPay - Security with Encryption Technical Specifications

Generation of Proxy Class to use webservice functions from various languages

Doc: GestPay - Security with Encryption Technical Specifications

Doc: GestPay - Security with Encryption Technical Specifications

ErrorCode (E,D) ErrorDescription (E,D) AlertCode (D) AlertDescription (D)

Doc: GestPay - Security with Encryption Technical Specications

9.1 Buyer browser requirements

9.2 Merchant server requirements

9.2.1 Installation of GestPayCrypt.class (Java)

Doc: GestPay - Security with Encryption Technical Specications

9.2.2 Installation of GestPayCrypt.dll (COM)

Doc: GestPay - Security with Encryption Technical Specications

Windows 2003 Follow the manual available at the following address:

Doc: GestPay - Security with Encryption Technical Specications

171.85.234.97 http://www.myshop.com/s2s.asp http://www.myshop.com/respOK.asp http://www.myshop.com/respKO.asp result_OK@myshop.com result_KO@myshop.com info@myshop.com

34az85ord19 1828.45 euro

9000001 242 1828.45 34az85ord19 2

Doc: GestPay - Security with Encryption Technical Specifications

9000001 242 1828.45 34az85ord19 OK 54e813 216 0 Transaction Executed

Doc: GestPay - Security with Encryption Technical Specifications

34az85ord19 1245.6 Euro Spanish Mario Bianchi mario.bianchi@isp.it BV_CODCLIENTE=12 BV_SESSIONID=398

9000001 242 15.6 34az85ord19 3 Mario Bianchi mario.bianchi@isp.it BV_CODCLIENTE=12*P1*SESSIONID=398

9000001 242 15.6 34az85ord19 3 Mario Bianchi mario.bianchi@isp.it BV_CODCLIENTE=12P1SESSIONID=398

9000001 242 15.6 34az85ord19 OK 9823y5 860 BV_CODCLIENTE=12P1SESSIONID=398 0 Transaction Executed