Secure PayGate
Create individual payment links and send them by mail
Saferpay Secure PayGate enables you to create offers, add a payment link and send them to your buyer via e-mail. Clicking on the payment link takes the buyer directly to the Saferpay payment page, where they can pay online without card information ever being transmitted over an unsecure channel.
This allows written or telephone orders (Mail/Phone Order) to be allocated for online payment by using a 3-D Secure procedure (Verified by Visa, MasterCard SecureCode, American Express SafeKey, Diners Club Protect Buy).
Payment with Secure PayGate involves the following steps:
The merchant enters a offer and sends it to the buyer via e-mail through the Saferpay application or their own e-mail program.
The buyer activates the payment link they received in the e-mail. They are then connected to Saferpay via a secure connection. The Saferpay payment page opens in their browser. They select a payment method and make the payment.
The payment page confirms that the payment was successful and sends the cardholder a confirmation via e-mail.
The Saferpay application sends the merchant an e-mail informing them that the payment has been made.
The payment is visible in the journal as a Secure PayGate reservation. It must be booked there after the usual checks.
The booking is sent to the acquirer together with the other bookings in the batch close.
Requirements for Secure PayGate
The Secure PayGate service must be activated with Saferpay and a secure electronic commerce agreement concluded with the acquirer.
Additional technical requirements:
For the usage of the JSON API functions a Saferpay eCommerce Licence is mandatory.
Storage and tracking of Secure PayGate payments
The following measures are necessary to ensure you are prepared for any objections (chargebacks) and can provide the acquirer with the necessary documentation on request:
Send a copy of all e-mails to the "BCC address" and store them, together with the attached GTCs, for at least 24 months.
Obtain the details of the cardholder's payment, including the MPI log, from the Saferpay Backoffice.
Accessing Secure PayGate
In the navigation bar, click on "Secure PayGate" or one of the sub-items to access the area concerned. You can then navigate within Secure PayGate via the same items in the menu on the left.
Settings
To activate Secure PayGate, the first time you access the application you must specify the basic settings.
First of all, enter the e-mail address you want payment notifications to be sent to.
By activating the “Default Authorization Type” function, you can define whether Secure PayGate transactions should be captured automatically or pre-authorized. Please bear in mind that the authorization must captured if it is not set to be captured automatically.
Available options are:
Normal (final) authorization: Only the authorization takes place. The capture must be made manually.
Preauthorization: Only the authorization takes place. The capture must be made manually. Use this options when it's likely that amount will change until the capture takes place, or if you want to capture way later (up to 30 days).
Note, that the amount cannot be increased, only lowered.
Pre-Authorizations are only supported with Visa, V PAY, Mastercard and Maestro.
Normal (final) authorization with automatic capturing: Transaction is captured automatically, after successful auhorization. This option is the default.
Default Condition controls the default 3-D Secure behavior.
It offers 3 options:
No condition (Default): 3D Secure will be attempted -if activated-, but the result has no impact on the outcome of the transaction.
Only with liability shift: If 3-D Secure does not report the liability shift to be true, the transaction will not be attempted. The payment will fail.
Only with liability shift and 3-D Secure challenge: This option is like the previous one, with the addition of a 3-D Secure challenge flow. This flow will force the user through a full authentication, before the transaction will be attempted.
We recommend using the latter option for high amounts, in order to enable a higher level of security.
It is very important to know, that this setting only affects the transaction, before it is attempted.
It is possible for the liability shift to be rejected, with the transaction. While rare cases, this setting will not prevent these transactions from being overall successful.
Should liability shift be of the upmost importance for you, we do not recommend option Default authorization Type to be set to Automatic capture, so you can cancel a transaction, if need be.
Then specify whether you want to retain the pre-set payment processing messages for cardholders or link clients to your own website.
Optionally, the web address for the confirmation page following successful and unsuccessful payment and aborted payment can contain the placeholder {{{PAYMENTPAGETOKEN}}}
. After the payment process has ended, the placeholder is replaced by the Payment Page Token. Here is an example:
Address of the confirmation page, once the payment has reached an outcome:
https://www.yoursaferpayshop.com/spgreturn/success/{{{PAYMENTPAGETOKEN}}}
After the Payment Page Token has been received via a confirmation page or via the URL for notification, the JSON API method PaymentPage/Assert can be selected to obtain the details of the transaction. The transaction can be assigned via the reference number of the offer. The reference number is located in the Transaction.OrderId
field of the PaymentPage/Assert response.
A server-to-server message is delivered via the URL for notification for each payment.
The “URL for Notification” from the “Payment Page Configuration” settings in the Saferpay Backoffice has no effect on Secure PayGate.
The next step is to enter your "Sender e-mail address", "BCC address" and "Reply to address" for Secure PayGate.
You can choose any prefix for your "Sender e-mail address". This address is what the recipient sees when they receive your message.
The "BCC address" ensures that all e-mails sent through Secure PayGate are stored in your own e-mail system. We recommend choosing an impersonal address for the "BCC address". This ensures you comply with the contractual conditions regarding the storage of transaction documents.
The "Reply to address" is where you receive notifications about non-deliverable e-mails or error messages (recipient not available, e-mail could not be delivered).
The last step is to attach your General Terms and Conditions (T&C) so that they are sent to clients as an attachment to each e-mail. This ensures you comply with the payment acquiring company's requirement to make card holders aware of your T&C.
Choose the language and then attach the T&C in that language. At least one set of T&C must be attached.
Each time an e-mail is sent, the T&C documents – if available – will be attached automatically in the language chosen for the email.
Once you have saved your settings you will be ready to use the Secure PayGate service.
Overview
Click on "Overview" to access the Secure PayGate overview. The overview lists all the quotes you have created together with their status.
Advanced search
If the overview contains a large number of offers, you can use the Advanced search function to help find a previously created offer. Click on the filter symbol, on the overview page, to open the Advanced search dialog.
This offers you the option to filter by an expiration date, the offer status and the terminal, if you have multiple.
Offer status
An offer can have one of four status:
Open offers: Open offers are where the buyer has not yet made their payment. They are shown in the overview by means of an open green circle.
Sent offers: While more of a sub-status, an offer, that has been sent through the Saferpay Backoffice will be indicated by a little mail-symbol.
Paid offers: Paid offers are shown in the overview by means of a solid green circle.
Expired offers: Expired offers are where the buyer has allowed the payment deadline to lapse. They are shown in the overview by means of an open red circle.
Create a new Link/Offer
Create an individual offer for processing a specific transaction.
If you want to use an offer several times, it makes sense to create a template.
Once you've clicked on Create new link, a new window will open.
This window will give you multiple options.
Individual Offer: Create a new offer, based on no template.
Template: Below that, you'll find a list of your already created templates. The text-field above is a search-field, which will let you search through your templates, if you have multiple.
Creating the offer
Once you have made your choice, you will be redirected to the creation screen, with the following inputs:
(1) Terminal: A terminal is where all your payment methods and their attributes (Currencies, account number, other features, like 3D Secure) are connected to. Usually, only one Secure PayGate terminal is activated, but you can have more, if you wish. This can be useful, if you want to split offers between countries and/or the revenue to other bank accounts, as there usually can only be one bank account per payment method and only one type of payment method per terminal.
You will be presented with a full list of terminals. However, you may also search for a given terminal and its description/name, which you can set under Settings => Terminals, making it easier to keep track of your terminals.
(2) Sales description: Here you can leave a short desciption, which will be displayed inside the transaction details, once a transaction is made, but also on the Saferpay Payment Page, for your customer. This text can be anything, like an order-number, or a short description, of what the customer is buying.
(3) Reference number: Also sometimes called OrderId. The Reference number is your internal, order number. It will be displayed in the transaction journal, where you also can search for said number, the transaction details, as well as your reconciliation-files. The latter makes this Id very important for accounting purposes, as it helps to keep track of your transaction.
We highly recommend its usage.
Furthermore, you should make sure, that the ID is unique for each order, as redundant Ids can cause issues, especially, if you have automated accounting-systems, that rely on unique reference numbers.
(4) Amount & Currency: Here you can set the desired amount and currency (decimals are supported).
Note, that the currency dropdown will only display the currencies, that are activated on that terminal.
Furthermore, while a payment method may be generally available, it will not be displayed to your customer, if the selected currency is not activated. You can check this under Settings => Terminals.
(5) Authorization Type: The authorization type dictates, how Saferpay should proceed, once the transaction itself has been successful. There are three different types to cose from:
Authorization: The transaction will be authorized, but not captured. The transaction must then be reviewed and captured manually, for the money to be transfered to the merchants bank account.
Pre-authorization (Visa/Mastercard only): Each authorization has a minimum time-limit, in which the payout of the authorized amount is guaranteed to be transfered, upon capture. Usually, this time-frame is 10 days, however a pre-authorization will extend this to 30 days, if desired.
Automatic capture: The transaction is automatically captured, initiating the money-flow right away.
Not all payment methods do support/need a capture. Those, who do not, will be handled, as if they were automatically captured. A full overview can be found here.
(6) Condition: This option controls the behavior in regards of 3D Secure and the resulting Liability Shift. It offers 3 options:
No condition: 3D Secure will be attempted -if activated-, but the result has no impact on the outcome of the transaction.
Only with liability shift (Default): If 3-D Secure does not report the liability shift to be true, the transaction will not be attempted. The payment will fail.
Only with liability shift and 3-D Secure challenge: This option is like the previous one, with the addition of a 3-D Secure challenge flow. This flow will force the user through a full authentication, before the transaction will be attempted.
We recommend using the latter option for high amounts, in order to enable a higher level of security.
Furthermore, it is used automatically, if the (7) Store payment means option is turned on.
It is very important to know, that this setting only affects the transaction, before it is attempted.
It is possible for the liability shift to be rejected, with the transaction. While rare cases, this setting will not prevent these transactions from being overall successful.
Should liability shift be of the upmost importance for you, we do not recommend option (5) Authorization Type to be set to Automatic capture, so you can cancel a transaction, if need be.
(7) Store payment means: Select this, if you want the customers card to be saved within Saferpay Secure Card Data.
This option is only shown, if Secure Card Data is enabled on your account. See Licensing for more information.
If activated, the Condition - option will be set to Only with liability shift and 3-D Secure challenge, in order to be PSD2 compliant.
This option only really makes sense, if you connect the Secure PayGate to the Saferpay JSON API for automated processing.
(8) Payment Page configuration: Select a Payment Page configuration, if available, allowing you to adjust the Payment Page look and feel to your corporate design.
(9) Language: Select the desired language, Saferpay will display its contents in.
(10) Customer email configuration: This option controls, whether the customer needs to enter their email, or not. it has three options:
Required field: The customer must enter thei email on the Saferpay Payment Page, in order to progress.
Optional field: The customer can enter their e-mail, but do not have to.
Hidden: No e-mail field is displayed and the customer thusly cannot enter it.
(12) Merchant Notification: Saferpay will send a confirmation e-mail to the provided merchant e-mail address(es), once a payment has been made.
(13) Expiry date: Choose, when the offer/link expires, either by setting a custom date and time, or selecting one of the provided options.
(14) Payment link: This is your payment link, the customer will be redirected to. You can either use the Saferpay provided mailing option, or copy the link, so you can insert it into your own mail-program.
(15) QR-Code: Your payment link as a QR-Code. This code will also be sent via the E-mail.
Customer Address
Next, you can enter the customer address and/or select the "Customer is allowed to change address data"-option, so the customer may enter it himself, or edit it, should your inputs be faulty.
If no address is needed, you can also deactivate this area for no address to be captured.
Sending the offer
The Secure PayGate offers the possibility to also send the payment link via an e-mail. If you activate this option, you can adjust the Subject, the message text, salutation/signature and of course the recipient of the sent mail.
Per default, the Secure PayGate will take the e-mail(s) you have configured in the Settings Tab. However, you can change these addresses, by clicking on change.
If you want to include additional documents, like your AGB, or a reciept, you can select and add one or more attachments by clicking on Browse under Attachments. The total volume of the e-mail may not exceed 5 MB. Permitted file types are .doc, .docx, .xls, .xlsx, .pdf, .jpg, .gif and .png. Please note that an attachment is only required if the e-mail is being sent via the Backoffice. If you are using your local e-mail program, the attachments from the Backoffice are not included for technical reasons.
Furthermore, you can also configure a reminder e-mail, that is sent at a fixed time-frame, before the offer expires, to remin the payer, that it is still open, if not alredy payed.
The reminder mail does go by the expiration date of the offer (see above) and not by the time, when the offer has been sent. So this reminder will be sent xxx amount of time, before the set expiration date has been reached.
So please also make sure, that you set the reminder at a time, that is in the future, going from the expiration date. Otherwise you'll receive an error, preventing the offer from being sent/saved.
Customize the payer confirmation mail
Furthermore, you can create an automated payment confirmation (in case of successful payment). As soon as the payment has gone through, your customer will receive a payment confirmation by e-mail. The e-mail is then delivered to the Recipient address, the offer has ben sent to.
Once all the details have been entered, the e-mail can be sent. If you click on "Send offer", Secure PayGate sends the offer along with the attachment to the cardholder in the chosen language.
Using the “Save” button, the displayed payment link is copied into the clipboard, e.g. to embed it into an electronic invoice.
Alongside a Save and Save & Send offer option at the bottom of the page, you can also send the offer via an e-mail program installed on your PC by clicking on the "Open in e-mail program" button.
Note, that Save & Send, aswell as Save & Open, will only be displayed, if you activated the Send link to payer via email switch, as shown above.
Once the offer has been sent it is displayed in the overview and can be used again.
Batch upload
Saferpay also offers the option to create multiple Single-Use links via a batch-file upload. For that, please navigate to the order Overview and click on Create new links by file.
Upload
You will be redirected to the upload page, where you can select your desired Secure PayGate Terminal and upload your file.
File specification
If you need a file specification, you can also find it on this page, as mentioned there, or see this screenshot.
Templates
Creating a template
If a quote is used frequently, it makes sense to create a template. To do this, click on Templates and then on Insert new template.
You'll find, that the template creation looks and works in the same way, as a normal order-creation, only missing the address-section, as it is always different.
Give your template a template name, select the terminal, fill in all fields contained in the form and click on Create. Once saved, the template is shown in the list of all templates:
The template can then be used to create a offer.
Creating an offer using a template
To create a offer using a template, first switch to the overview. Click on Create new link.
The familiar selection screen will appear, with your templates being listed on the bottom. Using the text field above, you can search through your templates.
Adapting the email design
You can add a design and logo to your offer and confirmation emails which are sent to the customer . To do this, switch to the menu item “Settings” → “Payment Page Configuration” in the Saferpay Backoffice and create a new configuration. Then mark the configuration as “Default” in the overview to use this design for your offer emails.
Payment by the buyer
Once the offer has been sent, the buyer receives an e-mail with a payment link:
When they click on “Pay Now”, the client's browser is connected directly to the Saferpay payment page via a secure connection. From there, the client can select a payment method supported by you and make the payment. Once the payment has been processed successfully, both you and the client receive a payment confirmation via e-mail. The payment appears in the Saferpay Backoffice journal as a reservation.
Multiuse Links/QR-Codes
This section allows you to create payment links, alongside a QR-Code, that is valid for multiple payments, where the payer can chose the amount he/she wants to pay.
This can be helpful for simple donation-sites, or other use-cases, where a full-blown webshop is too much, where the usage of single links for each order would not outweigh the effert necessary to create them, and/or where the payer proactively should engage in a payment, without the merchant having to act beforehand.
Overview
Similar to the regular Secure PayGate offers, you'll first see the overview, that'll provide you with a list of all links you have created so far. You can either decide to remove the link, by clicking on Remove, or edit an existing link, more on that later.
After removing a link, it is marked with the status "deleted". After 6 months, the link is permanently deleted and disappears from the list. Until then, a deleted link can be restored.
Creating a new Link/QR-Code
By clicking on "Create new Multi-Use Payment Link", you will be redirected to the creation mask.
Creation Mask
While similar to the normal creation mask, multiuse links offer a reduced featureset, of a normal Secure PayGate offer, due to some not being necessary in this scenario.
(1) Sales description: Here you can leave a short desciption, which will be displayed inside the transaction details, once a transaction is made, but also on the Saferpay Payment Page, for your customer. This text can be anything, like an order-number, or a short description, of what the customer is buying.
(2) Terminal: A terminal is where all your payment methods and their attributes (Currencies, account number, other features, like 3D Secure) are connected to. Usually, only one Secure PayGate terminal is activated, but you can have more, if you wish. This can be useful, if you want to split offers between countries and/or the revenue to other bank accounts, as there usually can only be one bank account per payment method and only one type of payment method per terminal.
You will be presented with a full list of terminals. However, you may also search for a given terminal and its description/name, which you can set under Settings => Terminals, making it easier to keep track of your terminals.
(3) Currency: Here you can set the desired currency.
Note, that the currency dropdown will only display the currencies, that are activated on that terminal.
Furthermore, while a payment method may be generally available, it will not be displayed to your customer, if the selected currency is not activated. You can check this under Settings => Terminals.
(4) Fixed amount: Set a fixed payment amount. If this option is disabled, the payer can set the payment amount by itself. If activated, it will deactivate option (5) Minimal Amount.
(5) Minimal Amount: The minimal amount, a payer can enter.
(6) Authorization Type: The authorization type dictates, how Saferpay should proceed, once the transaction itself has been successful. There are three different types to cose from:
Authorization: The transaction will be authorized, but not captured. The transaction must then be reviewed and captured manually, for the money to be transfered to the merchants bank account.
Pre-authorization (Visa/Mastercard only): Each authorization has a minimum time-limit, in which the payout of the authorized amount is guaranteed to be transfered, upon capture. Usually, this time-frame is 10 days, however a pre-authorization will extend this to 30 days, if desired.
Automatic capture: The transaction is automatically captured, initiating the money-flow right away.
(7) Customer email configuration: Determines whether the payer can/must enter his/her email address on the payment page.
(8) Payment Page configuration: Select a Payment Page configuration, if available, allowing you to adjust the Payment Page look and feel to your corporate design.
(9) Referencenumber prefix: If the reference number of the transactions is to be used for reconciliation matching, a prefix can be specified here, which is added before the automatically generated reference number of each transaction.
(10) Billing address needed: Specify whether the payer must enter the billing address.
(11) Delivery address needed: Specify whether the payer must enter the delivery address.
(12) Merchant Notification: Saferpay will send a confirmation e-mail to the provided merchant e-mail address(es), once a payment has been made.
(13) Payment link: This is your payment link, the customer will be redirected to. You can either use the Saferpay provided mailing option, or copy the link, so you can insert it into your own mail-program.
(14) QR-Code: This is your QR-code. Upon scanning, your customer is redirected to the Saferpay Payment Page, to perform the payment.
You can download the QR-Code as a .png, by simply clicking on it!
(15) Flyer: You can also download a pre-fabricated flyer and print it, if you want to.
On the Payment Page
While this also uses the Saferpay Payment Page, there is one major addition to the overall payment-flow, that needs attention.
As previously mentioned, the amount itself is defined by the payer itself, so before the payment method can be selected, the payment page will display a form, that accepts the amount, the payer wants to pay.
Additionally the payers e-mail is captured, which is used to send a payment confirmation e-mail to. It is also displayed in the transaction details, under Billing Address, so you may contact your customer.
Secure PayGate API
Secure PayGate links and orders can also be crated via our Management API, which allows an application to automatically create and handle Secure PayGate offers. Please refer to our Management API over here, to learn more.
Secure PayGate Quick Guide
Here you will find a short Quick Guide for the Secure PayGate in different languages.
Last updated