Académique Documents
Professionnel Documents
Culture Documents
PAYBOX SERVICES
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 1 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
SUMMARY
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 3 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
The “Paybox System” Product
I - PRESENTATION :
The „Paybox System‟ product is a secure system for the management of payment by banker‟s
card and by private cards on Internet retail sites.
The „Paybox System‟ product can be easily integrated into all e-commerce systems. The CGI
module simply needs to be installed and called up from the page of the retailer‟s e-commerce
site which precedes the Paybox System payment page. The paying customer has nothing to
install.
The CGI (Common Gateway Interface) module is an executable program which enables the
retrieval of certain data (such as the retailer‟s identifier, the order reference number, the amount
of the transaction etc. ). The module encrypts this data and redirects the customer to the Paybox
System payment page.
Once the product has been integrated into the e-commerce site, the customers can make
payments in complete safety. When the order has been placed, they will be redirected to the
PAYBOX SERVICES server, which will set up an encrypted connexion with the purchaser (in
SSL 128 bits, so that the input of the banker‟s card number is carried out in complete security)
and displays a payment page.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 4 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Paybox System checks the validity of the card by making a request to the retailer‟s banking
authorization centre.
If the payment is accepted, a receipt is posted on to the screen of the purchaser (optional). This
same receipt will be sent to him/her via e-mail as proof of purchase. The purchaser may then
return to the e-commerce site to continue buying.
Paybox System also sends a copy of the receipt to the retailer. Using „url http‟, the retailer may
manage automatically the result of attempted payments.
At the end of the day, Paybox System gathers together all the payments made on the site and
sends the result the retailer‟s remote data collection centre so that the transactions may be
processed.
Once the remote data collection has been carried out, the trader receives a report receipt via e-
mail.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 5 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Centre d‟Autorisation : Autorisation Centre
AUTORISATION : AUTHORIZATION
TELECOLLECTE : DATA COLLECTION
Serveur de Télécollecte : Data Collection Server
Ticket Télécollecte E-mail : Data Collection Receipt e-mail
Ticket Paiement E-Mail : Payment Receipt e-mail
CONFIRMATION OU REFUS : CONFIRMATION OR REFUSAL
SERVEUR WEB DU COMMERANT : RETAILER’S WEB SERVER
ENVOI PAGE ET SAISIE N° CARTE : SENDING OF PAGE AND CARD INPUT
REMPLISSAGE DU CADDY : BASKET IS FILLED
SAISIE COORDONNEES CLIENT : INPUT OF CUSTOMER’S DETAILS
BERIFICATION DE LA COMMANDE : ORDER CHECK
REDIRECTION VERS SERVEUR PAYBOX : REDIRECTION TO PAYBOX SERVER
Navigateur Web du Client : CUSTOMER’S WEB BROWSER
Protocoles bancaires CBSA/CBPR sur X25 : Bank protocols CBSA/CBPR, CB2A version 5.1 et
5.2 on X25
II – AVAILABLE MODULES :
The CGI module, provided by PAYBOX SERVICES, is available as a free download on the site
http://www.paybox.com.
Download the module that corresponds to your Web server‟s operating system (the module is
available on our site www.paybox.com, under the heading « téléchargement »).
This module should then be installed on the « cgi-bin » directory of your Web server (this
directory can be renamed).
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 6 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
The module could be renamed „modulev2.cgi‟. For reasons of compatibility, however, the
module must not be renamed „module.cgi‟.
Please note:
- check that the FTP transfer has been carried out in binary mode and not in ascii, as the module
is executable. If in doubt, compare the size in octets of your module installed in the cgi-bin
directory with that on the www.paybox.com site (by positioning the mouse on the logo) : the
size should be identical.
- check that the cgi-bin directory is correctly set to the level of your Web server to enable the
execution of executable scripts. For example, if the module is in download mode instead of
executing mode, this means that the cgi-bin directory is not properly set.
- if using the WEB server of Microsoft (IIS), change the program name from „modulev2.cgi‟
to „modulev2.exe‟ during installation.
- The TCP ports to be authorized from your servers to the servers of PAYBOX SERVICES for
your architecture are 80 (http), 443 (HTTPS) et 53 (DNS).
Once installed, the module should be directly executable using the Internet address on your
browser (for example : http://www.maboutique.com/cgi-bin/modulev2.cgi).
When running, you should see a message such as „paybox input error code (-7)‟ or „paybox
input error code (-3)‟ : this means that the module is running correctly (the error only being due
to the absence of variables to be referenced). For errors of the following type:
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 7 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
IV - LAUNCHING MODULEV2.CGI :
Once the module has been installed, you need to execute it from the page of your site which
precedes the Paybox system payment page. When the module is launched, it should be
accompanied by different variables, as it can be executed in various modes.
There are no restrictions as to the language to be used to call up this module : you may use
HTML, ASP, PHP, and PERL etc.
a – The variables :
In order to be able to make a payment on the PAYBOX server, the „modulev2.cgi‟ needs to
retrieve the information necessary to carry out the payment and to manage the links between
the buyer, the retailer and the „PAYBOX SERVICES‟ site. This data is stored in the following
variables (the names are fixed and in capital letters) :
Version
name of variable description siz e type
module
Mode of retrieval of information : from 1 to 4 numbers of 1 to 4
PBX_MODE mandatory >= 2.00
values of 1,2,3 or 4. numbers.
PBX_SITE Site number (TPE) given by the bank [see page 68]. 7 numbers. mandatory >= 2.00
PBX_RANG Rank number (‟machine‟) given by the bank [see page 68]. 2 numbers. mandatory >= 2.00
Return page from Paybox to your site after payment has Up to 150
PBX_EFFECTUE optional >= 2.00
been accepted [see page 17]. characters.
Return page from Paybox to your site after payment has Up to 150
PBX_REFUSE optional >= 2.00
been refused [see page 17]. characters.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 8 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Return page from Paybox to your site after payment has Up to 150
PBX_ANNULE optional >= 2.00
been cancelled [see page 17]. characters.
URL for call server to server after each attempt of jusqu‟à 150
PBX_REPONDRE_A facultatif >= 2.00
payments [see page 19] caractères.
Up to 150
PBX_BACKUP4 The URL of the fourth backup payment server of Paybox. optional >= 2.00
characters.
Up to 32
PBX_TYPEPAIEMENT Means of payment to be used [see page 34] optional >= 2.00
characters
Up to 32
PBX_TYPECARTE Type de card to be used [see page 34] optional >= 2.00
characters
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 10 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Time-out (in secondes) to check the avalaibility of the
fourth backup payment server of Paybox. 1 to 3
PBX_TIMEOUT4 optional >= 2.11
numbers.
Default value 20.
PBX_1EURO_CODEEXTERNE Only for the payment « 1Euro.com » : promotional code 3 numbers. optional >= 3.02
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 11 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Only for the payment « 1Euro.com » : data about the
customer.
Example :
M#DUPONT#Jean#Rue
Lecourbe#BatimentA##75010#PARIS#FR#0102030405##
0#0#12#
Value provided by the merchant to indicate the option of
PBX_CODEFAMILLE payment with SOFINCO card (or partner of SOFINCO), 3 numbers optional >= 2.00
COFINOGA or CDGP.
Format YYMM.
PBX_SANSCONNEXION O : No search for the availability of a server 1 caractère optional >= 3.05
Example :
Jean#DUPONT#Rue
Lecourbe##75010#PARIS#FR#jean.dupont@gmail.com#0
102030405#
List of currency to display on the page payments.
7 currencies will be taken in account :
Euro (EUR),
Franc Suisse (CHF),
Dollar US (USD),
Yen (JPY),
6 x 3
Yuan (CNY),
characters
Livre Sterling (GBP),
PBX_CURRENCYDISPLAY separated optional >=3.07
Dollar Canadien (CAD) by a
NO_CURR (no currency) comma
PBX_3DS „O‟ (default value) : Authentication 3D-Secure of the 1 character optional >= 3.07
cardholder to do
„N‟ : No authentication 3D-Secure of the cardholder.
Error code to return in the pre-production/tests
PBX_ERRORCODETEST environment. Variable ignored in the production 5 numbers optional >=3.14
environment.
IP address et TCP port of a http proxy.
260
PBX_PROXY facultatif >=3.07
characters
Format @IP:TCP Port
This mode consists of creating an HTML form which will call up the module with specified
parameter fields (corresponding to the necessary variables).
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 13 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
The variable „PBX_MODE‟ should have the value „1‟. Some variables such as „ PBX_TOTAL‟,
„PBX_PORTEUR‟ or „PBX_CMD‟ should be managed dynamically as these values change with
each payment.
The customer needs to click on the button named „payment‟ to launch the payment page.
The identification of the retailer (site 1999888, rank 99 and username 2) corresponds to the
Paybox test shop.
Le payment will be 1500 euro centimes (i.e. 15 €) and the identification of the payment in
relation to the retailer‟s order will be the reference « ma_reference_123456 ».
Once payment has been made, and if it is accepted, the page
„http://www.commerce.fr/merci.html‟ will be displayed and a payment receipt will be sent to
both the retailer and the customer at „client@test.com‟.
If the payment is refused or cancelled, the page „http://www.commerce.fr/regret.html‟ will be
called up.
Please note :
This mode does not offer optimal security against the manipulations of ill-intentioned users,
who can very well capture your HTML page on their computers, modify some values (such as
the amount or your retailer‟s number), and then re-execute the page with these new values.
In order to avoid this type of attack, it is therefore strongly recommended that you
simultaneously use another mode to protect access to sensitive variables.
This mode enables the management of the variables via a local „text‟ file. Thus, when the
module is called up, the value for „PBX_MODE‟ needs to be the number „3‟.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 14 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Of course, given that the variable „PBX_MODE‟ cannot be put into a read file, the use of a local
file must be combined with another mode, for example HTML form (mode 1) or by command
line (mode 4). Thus, „PBX_MODE‟ will never have the single value of „3‟, but rather „13‟ or „43‟
(NB: the order is important, „31‟ or „34‟ will result in an error).
Then use the variable „PBX_OPT‟ to indicate the access path and the file name.
This path must be specified in syntax acceptable by the server‟s operating system.
For example :
If PBX_OPT does not contain the file access path (absolute or partial), the „modulev2.cgi‟ will
consider that the file is located in the current directory in which it has been called up.
If PBX_OPT does not exist, or is empty, the „modulev2.cgi‟ will look for the file „pbxinfos.txt‟ in
the current directory. This directory could be that in which the file is called up, or that in which
the cgi module is installed (this varies according to the operating system - Path reference)
This file will contain the variables in a specific format : each line must contain one, and only
one, variable followed by the sign „ = „ and by the required value. Each line finishes with a
carriage return (cr/lf or lf). Empty lines, or those beginning with the symbol „#‟ are ignored
(you are therefore able, if you so wish, to add comments).
Below is an example of the use of a local file using an HTML form, thus enabling the display of
the payment page:
# identifier of my site
PBX_SITE=1999888
PBX_RANG=99
PBX_IDENTIFIANT=2
PBX_TOTAL=1500
PBX_DEVISE=978
PBX_CMD=ma_reference_123456
PBX_PORTEUR=client@test.com
PBX_RETOUR=montant:M;ref:R;auto:A;trans:T
# return url
PBX_EFFECTUE=http://www.commerce.fr/merci.html
PBX_REFUSE=http://www.commerce.fr/regret.html
PBX_ANNULE=http://www.commerce.fr/regret.html
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 15 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
As variables such as „PBX_TOTAL‟, „PBX_CMD‟ or „PBX_PORTEUR‟ have different values for
each payment, if you wish to include them in the local file, you will have to create a file for each
payment attempt.
Please note :
- in PHP, you must use the function “shell_exec()” rather than “exec()” to call up
“modulev2.cgi”.
This mode enables you to use the „modulev2.cgi‟ as a normal (non CGI) programme, which is
called up by a CGI programme.
The parameters must be specified on the command line, as the arguments of the programme,
and the variable „PBX_MODE‟ must contain the number „4‟.
This system requires the use of an intermediary CGI programme developed by the person
responsible for the retailer‟s site. This programme must, on its own, retrieve the information
necessary for the „modulev2.cgi‟, and then prepare the corresponding command line and
execute (call up) the „modulev2.cgi‟.
This mode is a technique closely linked to the server‟s operating system and to the business
software of the site. It uses environment variables and requires a more detailed access to the
retailer‟s server, as well as the development of scripts or specific programmes on the part of the
person responsible for the retailer‟s site.
These variables can be read by any programme using the standard function C „getenv()‟. You
can then consider the preparation of certain parameters necessary to „modulev2.cgi‟, such as
any number of environment variables which will be invisible from the customer‟s browser.
For example, instead of calling up the „modulev2.cgi‟ from an HTML form, you will be able to
call up your CGI programme „commercant.cgi‟ (in Perl, in C or another L4G specific to the
software used), which will know the amount of the purchase.
Your programme will then create the environment variable „PBX_TOTAL‟, and will then call up
the „modulev2.cgi‟ :
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 16 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
<INPUT TYPE = submit NAME = bouton_paiement VALUE = „paiement‟>
</FORM>
Your programme „commercant.cgi‟ in turn executes the following commands (example for
Unix) :
Several modes can be used to call up the „modulev2.cgi‟. For this reason, the variable
„PBX_MODE‟ can contain up to 4 numbers from „1‟, „2‟, „3‟ and „4‟.
In this case, the „modulev2.cgi‟ will look for the variables according to the specified modes and
in the specified order. This enables, for example, the definition of default values in a file or in
the memory.
If PBX_MODE = 1234,
- then „modulev2.cgi‟ will first look for the variables in the HTML fields,
- it will then look for the missing variables in the local environment,
- it will then look for the missing variables in the file,
- it will then look for the missing variables in the command line.
Once payment has been made on the Paybox payment page, the customer has the opportunity
to return to the retailer‟s site through 3 urls.
The trader can automatically manage the validation of his order forms by following the result of
the transaction through a 4th url, called „url http‟.
The reply of Paybox System to the trader‟s site may be made through 3 different addresses
(urls) depending if the payment is accepted, refused or cancelled.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 17 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
These 3 urls can be set by default in the Paybox database : if so, this needs to be made clear in
the registration form filled out by the retailer.
There can also be dynamically managed by the trader, using the 3 following variables :
- PBX_EFFECTUE,
- PBX_REFUSE,
- PBX_ANNULE.
These urls are called up the moment the customer clicks on the button „retour boutique‟ („back
to the shop‟) on the page which summarizes the payment (when the payment receipt is
displayed), or on the page indicating that the transaction has not been authorised.
You may also chose the option of having an immediate return : you can make this clear in the
registration form, or by contacting our technical support team. In this case, the summary receipt
is not displayed and the customer is directly redirected to the retailer‟s site.
If these urls are not managed dynamically (via the PBX_ variables), the addresses used will be
those that have been recorded in our database.
Please note :
- You are strongly advised against using the variable „PBX_EFFECTUE‟ to validate your order
forms : this variable is not secured by Paybox and is not guaranteed to be systematically
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 18 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
launched. Indeed, some purchasers who have made their payments may well not want to go
back to the site or may switch off.
- If the character „ ; „ is present in the URL to be called, it must be replaced by %3B. For
example, if the URL „PBX_EFFECTUE‟ were :
www.commerce.fr/effectue.jsp;id_session=134ERF47, the variable „PBX_EFFECTUE‟ would
need to be documented like this :
www.commerce.fr/effectue.jsp%3Bid_session=134ERF47
This restriction is due to the management of the tag META HTTP-EQUIV for Internet Explorer.
This url is recorded in our database but it can therefore be dynamically managed like the 3
previous urls with the variable “PBX_REPONDRE_A”
The advantage of this url is that it is called up from server to server as soon as customers
validate their payment (whether the payment is authorised or refused).
This means that the order form can be validated automatically even if the customer switches off
or decides not to return to the shop, as this call does not pass through the browser.
There are no restrictions as to the language of your script, whether it is ASP, PHP or PERL etc.
On the other hand, your cgi script must not re-direct and must generate an empty HTML page.
If an error occurs during the call up of your url, a warning mail will be sent to your via the same
e-mail address through which you receive your payments tickets.
http://www.commerce.fr/cgi/verif_pmt.asp?ref=abc12&trans=71256&auto=30258&tarif=2000&abonnement=354
341&pays=FRA&erreur=00000
you‟ll receive the error mail following :
The first digit of the Status-Code defines the class of response. The last two digits do not have
any categorization role. There are 5 values for the first digit :
2xx: Success - The action was successfully received, understood, and accepted,
3xx: Redirection - Further action must be taken in order to complete the request,
4xx: Client Error - The request contains bad syntax or cannot be fulfilled,
5xx: Server Error - The server failed to fulfill an apparently valid request,
The individual values of the numeric status codes defined for HTTP/1.1, and an example set of
corresponding Reason-Phrase's, are presented below. The reason phrases listed here are only
recommendations -- they MAY be replaced by local equivalents without affecting the protocol.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 20 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
22 : HTTP page not retrieved. The requested url was not found or returned
another error with the HTTP error code being 400 or above. This return code only
appears if -f/--fail is sed,
23 : Write error. Curl couldn't write data to a local filesystem or similar,
24 : Malformed user. User name badly specified,
25 : FTP couldn't STOR file. The server denied the STOR operation, used for FTP
uploading,
26 : Read error. Various reading problems,
27 : Out of memory. A memory allocation request failed,
28 : Operation timeout. The specified time-out period was reached according to the
conditions,
29 : FTP couldn't set ASCII. The server returned an unknown reply,
30 : FTP PORT failed. The PORT command failed. Not all FTP servers support the
PORT command, try doing a transfer using PASV instead,
31 : FTP couldn't use REST. The REST command failed. This command is used for
resumed FTP transfers,
32 : FTP couldn't use SIZE. The SIZE command failed. The command is an extension
to the original FTP spec RFC 959.
33 : HTTP range error. The range "command" didn't work,
34 : HTTP post error. Internal post-request generation error,
35 : SSL connect error. The SSL handshaking failed,
36 : FTP bad download resume. Couldn't continue an earlier aborted download,
37 : FILE couldn't read file. Failed to open the file. Permissions?
38 : LDAP cannot bind. LDAP bind operation failed,
39 : LDAP search failed,
40 : Library not found. The LDAP library was not found,
41 : Function not found. A required LDAP function was not found,
42 : Aborted by callback. An application told curl to abort the operation,
43 : Internal error. A function was called with a bad parameter,
44 : Internal error. A function was called in a bad order,
45 : Interface error. A specified outgoing interface could not be used,
46 : Bad password entered. An error was signaled when the password was entered,
47 : Too many redirects. When following redirects, curl hit the maximum amount,
48 : Unknown TELNET option specified,
49 : Malformed telnet option,
51 : The remote peer's SSL certificate wasn't ok,
52 : The server didn't reply anything, which here is considered an error,
53 : SSL crypto engine not found,
54 : Cannot set SSL crypto engine as default,
55 : Failed sending network data,
56 : Failure in receiving network data,
57 : Share is in use (internal error),
58 : Problem with the local certificate,
59 : Couldn't use specified SSL cipher,
60 : Problem with the CA cert (path? permission?),
61 : Unrecognized transfer encoding,
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 21 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
62 : Invalid LDAP URL,
63 : Maximum file size exceeded,
This url has no direct link with the 3 others : it is managed in a totally independent fashion and
on the TCP port 80, 443 (HTTPS), 8080, 8081, 8082, 8083, 8084 or 8085.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 22 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
ok + ko
(The customer does not see the ‘url http’ call: it does not go via his/her browser).
In order to identify and to find out the result of the payment when this url makes a call, you
need to use the variable „PBX_RETOUR‟. It describes the 22 datum that Paybox can send
parameterised following your url :
- the aMount of the transaction (contained in PBX_TOTAL),
- your order Reference (contained in PBX_CMD) : space URL encoded,
- a Transaction identifier (PAYBOX SERVICES sequential call number),
- the Authorization number (number given by the authorisation centre) : URL encoded,
- the subscription (aBonnement in french) number (number given by PAYBOX
SERVICES),
- the type of Payment (CARTE, etc.)
- the type de Card (VISA, EUROCARD_MASTERCARD, AMEX, etc.),
- the number of the tranSaction (sole transaction identifier),
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 23 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
- the countrY code of the issuer (bank of the cardholder) : ISO 3166 norm (alphabetic
code),
- the Error code of the transaction ([see page 25]),
- the expiry Date of the cardholder (Format AAMM) : available on june 2006,
- subscription management with the PAYBOX DIRECT PlUs process ([see page 26]) : URL
encoded,
- The code country of the address IP of the Internet user : ISO 3166 norm (alphabetic code)
: URL encoded,
- K : Signature on the variables of the URL ([see page 26]) : URL encoded,
- N : The first 6 digits (« bin6 ») of the cardholder : URL encoded,
- H : Digest of the card,
- Guaranteed of the payment. O:Yes, N:No
- State of the enrOlment of the cardholder. Y:Authentification available, N:Cardholder not
participating, U:Unable to authenticate,
- Status oF the authenticate. Y:Authentication successful, A:Attempts processing
performed, U:Authentication could not be performed, N:Authentication failed,
- J : Two last digits of the PAN of cardholder,
- W : Date of processing transaction by platform of PAYBOX (Format DDMMYYYY),
- Z : Index for the process gift card with a complement by CB/Visa/MasterCard/Amex,
- Q : Hour of processing of the transaction (Format 24h / HH:MM:SS)
You thus need to detail the required values in this variable in the following manner :
PBX_RETOUR=
montant:M;maref:R;auto:A;trans:T;abonnement:B ;paiement:P;carte:C;idtrans:S;pays:Y;erreur:E ;validity:D;PPPS:U
;IP:I;BIN6:N;sign:K
You may change the name of the variables (montant, maref, auto, trans, abonnement, paiement,
carte, idtrans, erreur, validity, PPPS and sign) to anything you like. When the return urls
(PBX_EFFECTUE, PBX_REFUSE, PBX_ANNULE and „url http directe‟) are called up, these
variables are concatenated at the end of the urls.
If, for example, your „url http‟ and your variable „ PBX_RETOUR „ are :
http://www.commerce.fr/cgi/verif_pmt.asp
PBX_RETOUR =
montant:M;maref:R;auto:A;trans:T;abonnement:B ;paiement:P;carte:C;idtrans:S;pays :Y;erreur:E ;sign:K
When the return urls (PBX_EFFECTUE, PBX_REFUSE, PBX_ANNULE and „l‟url http directe‟ )
are called up, these variables will be concatenated at the end in the following way:
http://www.commerce.fr/cgi/verif_pmt.asp?ref=abc12&trans=71256&auto=30258&tarif=2000&abonnement=354
341&pays=FRA&erreur=00000
It is then essential that you check your authorization number, your error, the amount and the
electronic signature : if the authorization number exists (in the example above it was 30258), the
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 24 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
value of the error code is “00000”, the amount is the same that your amount and the electronic
signature is ok, it means that the payment has been accepted. When a payment has been
refused, the authorization number is inexistent (see example below). You can also use the
variable E.
http://www.commerce.fr/cgi/verif_pmt.asp?ref=abc12&trans=71256&tarif=2000&pays=FRA&erreur=00105
Please note :
- The „url http‟ is called up whatever the result of the payment (acceptance or refusal), which is
why it is so important to check the existence of the authorization number. This number is given
by the authorization centre of your bank : it is in alphanumeric format and of variable size.
- In order to add an extra level of security, for the direct http calls and the url confirmation
returns to the retailer‟s site, the IP addresses of the Paybox payment servers are : 195.101.99.76
and 194.2.122.158. You can therefore check the origin of the replies given by PAYBOX.
The reply codes sent by the variable „PBX_RETOUR‟ correspond to the result of the query
processed by PAYBOX SERVICES :
For example, for a transaction refused on the grounds of „insufficient funds‟, the error code sent
would be 00151.
By using PAYBOX signature in the variables to be turned to your URLs, you can make sure that
:
the returned data aren‟t modified,
the calls of your URLs are made by PAYBOX.
The signature PAYBOX is generated with the SHA-1 algorithm with a RSA key. Before
checking, the signature must be URL decoded but not the datas.
It is important to note that the data K of variable "PBX_RETOUR" must be always to be located
in last position. For example :
PBX_RETOUR=montant:M;auto:A;idtrans:S;sign:K is ok
PBX_RETOUR=montant:M;auto:A;sign:K;idtrans:S is not ok
The public key of PAYBOX is in free downloading from our site “www.paybox.com”. To be in
keeping with safety regulations, PAYBOX may change its pair of public/private key : you will
have to be able to install different keys in your servers.
With the HTTP URL, the electronic signature is only made with regard to the contents of the
variable PBX_RETOUR, while three others URL the signature is calculated on all the variables.
The value U of the variable “PBX_RETOUR” insures an interfacage with the PAYBOX DIRECT
Plus process ([see page 53]). You have to sign with our sales department a license of use of this
process.
Three previous informations are separated by the string “++”. The part of crypted card is
“encoded URL” and you must “decoded URL” in order to use with the PAYBOX DIRECT Plus
process.
It‟s the order reference which will be used as a reference subscribed for PAYBOX Direct Plus.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 26 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
VI – THE VARIOUS OPTIONS AND PERSONALIZATIONS
Paybox System can manage deferred payments; that is, it can keep the transactions for a certain
number of days before sending them to the remote data collection centre to charge the
purchaser and credit the retailer.
This option can be particularly useful when the retailer wishes to be sure that the goods or the
service have been delivered to the customers before they are charged.
On the Paybox System registration form, you will be asked to specify the default number of
days you wish the payment to be deferred (if any) :
The use of the variables „PBX_TXT‟, „ PBX_WAIT‟, „ PBX_BOUTPI‟ and „ PBX_BKGD‟ allow you
to manage the intermediary „Paybox‟ page which is displayed just prior to the „Paybox‟
payment page.
„PBX_T
TXT‟ :
This enables text to be displayed on this page. It should be entered in HTML format. You will
then be able to add tags for line feed, to put text in bold or in italics etc.
<center><b>You are being sent to a Paybox secure payment page</b><br>Once payment has
been made, you will receive an e-mail containing your purchase receipt.<br><i>Please wait a
few seconds…</i><br></center>
„PBX_W
WAIT‟ :
This allows you to manage the delay in displaying the intermediary page. The value is in
milliseconds : if you wish to display the page for 10 seconds before going onto the automatic
payment page, you choose PBX_WAIT = 10000.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 27 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
„PBX_B
BOUTPI‟ :
This enables the removal or the modification of the name of the „paybox‟ button. The value of
this variable must therefore be the new name for this button (for example „payment‟). To
remove this button, the value should be „nul‟.
„PBX_B
BKGD‟ :
This allows you to change the background of the intermediary page, so that it matches, for
example, that used on your site.
The variables PBX_WAIT et PBX_TXT are not usable if you use PBX_OUTPUT with a value of
„B‟, „C‟ or „D‟. The same applies to PBX_BOUTPI, except for the „B‟ mode (in which its use is
accepted).
Should you wish this intermediary page to be as discreet as possible (an invisible page), you
therefore need to put :
- PBX_WAIT to « 0 »,
- PBX_TXT without any text, or even any spaces
- PBX_BOUTPI to « nul »,
- PBX_BKGD to a colour which matches either the final page of your site or the Paybox
payment page.
PBX_O
OUTPUT :
This enables you to manage the final page of the site prior to the system of payment. It is not
obligatory and can have 5 different values („A‟, „B‟, „C‟, „D‟ or „E‟). If this variable is not used or
it has an erroneous value, the „E‟ mode will be chosen by default.
mode „A‟ :
This mode allows you to create the „Paybox‟ intermediary page by default, that is, the text
“connexion en cours sur le serveur de paiement sécurisé…” („connecting to the secure payment
server…‟) and the „Paybox‟ button (on which you need to click to go through to the payment
page).
The call to modulev2.cgi will be made from the final page of your site.
mode „E‟ :
This mode also enables you to display the „Paybox‟ intermediary page by default (as in mode
A). The only difference is that the call to the payment page is made automatically (there is no
need to click on the „Paybox‟ button).
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 28 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
mode „B‟ :
This mode allows you to manage your own intermediary page. The module must be called up
on the penultimate page of your site. The module will only generate a part of the „Paybox‟
intermediary page, that is, the form :
Thus, when creating the last page of your site, you will have (at source) this form which will
enable the call up of the payment page with the variables (PBX_DATA and the other variables).
You can also choose the screen background, the text, the font etc. for this page.
mode „C‟ :
This mode is similar to the mode „B‟, but it removes the „Paybox‟ button and the tag </Form>.
This enables you to modify the name of the button (to call it „payment‟ instead, for example) or
to remove it etc.
mode „D‟ :
The aim of this mode is to display only the variable PBX_DATA. Thus, on the last page of your
site, you will have to manage the button (if you wish to include it), and call up the payment
page with PBX_DATA (which is given to you), PBX_RETOUR and the other non-compulsory
variables.
Managing this mode entails the development of a script on the part of the retailer, which
enables the retrieval of the variable and the generation of the page.
If you wish to manage the description of these errors (represented by Paybox in numerical
form), you can use the variable „PBX_ERREUR‟.
It will contain your url which will be called up instead of the page displaying the text
„PAYBOX INPUT ERROR (code xx) „.
Paybox will add a variable, named « NUMERR », to follow your url : its value will be the code
„xx‟, to enable your script to identify the type of error and to display the corresponding
message.
You will thus be able to redirect you customer towards a url of your choice, which can explain
in more detail the reason for the error.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 29 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
For example, suppose your script reads :
PBX_ERREUR = http://www.commerce.fr/cgi-bin/message_err.cgi
If the customer has made a mistake in typing in his e-mail address sent to Paybox via the
variable „PBX_PORTEUR‟, instead of receiving the following type of message :
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 30 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
You can display your own message, for example :
code signification
-1 error in reading the parameters via stdin (POST method) (error in http reception).
-2 Error in memory allocation. Not enough memory available on the trader‟s server.
-3 Error in reading the parameters QUERY_STRING or CONTENT_LENGTH. (http error).
-4 PBX_RETOUR, PBX_ANNULE, PBX_REFUSE or PBX_EFFECTUE are too long (<150 characters).
-5 Error in opening the file (if PBX_MODE contains 3) : local file non-existent, not found or access error.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 31 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
-6 Error in file format (if PBX_MODE contains 3) : local file badly formed, empty or lines are badly formatted.
A compulsory variable is missing (PBX_SITE, PBX_RANG, PBX_IDENTIFIANT, PBX_TOTAL, PBX_CMD,
-7 etc.)
One of the numerical variables contains a non-numerical character (site, rank, identifier, amount, currency
-8 etc. )
-9 PBX_SITE contains a site number which does not consist of exactly 7 characters.
-10 PBX_RANG contains a rank number which does not consist of exactly 2 characters.
-11 PBX_TOTAL has more than 10 or fewer than 3 numerical characters.
-12 PBX_LANGUE or PBX_DEVISE contains a code which does not contain exactly 3 characters.
-13 PBX_CMD is empty or contains a reference longer than 250 characters.
-14 Not used
-15 Not used
-16 PBX_PORTEUR does not contain a valid e-mail address.
-17 Error of coherence (multi-baskets) : Reserved Future Usage
-18 XSS detection
-20 Bad number of gift cards (1 to 3). See specific documentation about payments with gift cards.
-21 Value of the variable > length maxi of the variable
You need to send us your pictures (logos, banks etc.), the background, the font and the buttons
("validate", "cancel" and “back to shopping”) to the address "support@paybox.com".
It is essential that the buttons "validate", "cancel" and “back to shopping” be sent in "gif" format
in all the required languages (French, English, German, Spanish, Italian etc.) They will be
treated by PAYBOX SERVICES.
You can personalize the payment receipt e-mail sent to the customer. To do this, you just need
to send us an HTML file (by e-mail to support@paybox.com) containing the text and/or a
picture (links towards a site or other pictures are better avoided).
We will need your site number, your rank number and your identifier (PBX_SITE, PBX_RANG
and PBX_IDENTIFIANT). You also need to inform us if you require an insertion at the
beginning or at the end of the mail.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 32 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Heading format of the CARTE BANCAIRE
transaction receipt
The detailed contents of a
payment receipt :
Date and local time of the 25/05/2001 à 17:11 Example of a payment ticket :
transaction
PAYBOX Ref commande : bc.01
Name and address of your
66 PERPIGNAN En cas de réclamation,
company (summarized)
veuillez rappeler ces
Site number 1999888 références auprès du site
commerçant.
xxxxxxxxxxxxx (the first 6 numbers and the last
Customer‟s card number number must be deleted) CARTE BANCAIRE
Card expiry date 0310 27/06/2004 à 17:11
Please note : Both the customer and the seller receive a receipt (as with a standard payment
terminal) with, at the beginning of the receipt, the first 50 characters of the order reference. At
the foot of the receipt is the customer‟s e-mail address.
The documentation of the variable “PBX_PING” only enables you to carry out an availability
test of a PAYBOX SERVICES payment server.
Using this function can be useful to ensure the availability of a payment server for the « Paybox
System » processing, for example before the Internet buyer fills his basket.
To do this, you need to document this variable using the value “1”, and our application
“modulev2.cgi” must be used in command line mode. This will send back 1 if servers are
unavailable and 0 when successful. Moreover, an output is generated to the standard output,
indicating the server that can be used.
The connection attempt to our servers is carried out following the TCP port 443, corresponding
to the default of the variable “PBX_PORT”.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 33 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
When using this function, the compulsory variables must also be documented, and the
variables PBX_PAYBOX and PBX_BACKUPx are taken into account in the search for an
available server.
A pre-selection page concerning the type and the method of payment is displayed before the
payment page only if you are registered with PAYBOX SERVICES for several types of payment
( such as card, PayPal, Cellphone Payment etc.) or for several private cards.
Following the choice of the Internet buyer, the payment page will be displayed differently
depending on his selection. For example, he/she will not be required to type in a visual
cryptogram for a Diners Card, but he will be required to do so for an American Express card, or
for a Cellphone Payment, the page will be adapted to enable the input of a telephone number.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 34 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
On the other hand, if you have not registered this option with PAYBOX SERVICES, Internet
buyer will never see this page. They will be sent directly to the payment page.
Using the variables „PBX_TYPEPAIEMENT‟ and „ PBX_TYPECARTE‟ you can directly favour
one type of payment or type of card over another.
The following table shows the reaction of the pre-selection page to the information that you
supply to these two variables. For card types „CB‟ (Carte Bleue), „VISA‟,
„EUROCARD_MASTERCARD‟ and „E_CARD‟, the pre-selection page behaves in an identical
fashion.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 36 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Option for Subscription
Management
I - PRESENTATION :
The management of payments by subscription enables the retailer to manage periodic payments
or payments in several installments on behalf of customers. Thus, once the initial payment has
been made, the customer will be charged in a cyclical fashion, according to the frequency
chosen in advance by the retailer.
To manage this option, which is only available on the „Paybox System‟ product, you need to
request it from our technical sales service and modify the contents of the variable PBX_CMD
following the instructions below.
II – PARAMETERIZING :
The management of subscriptions is carried out via various „sub-variables‟, which need to be
inserted at the end of your order reference detailed in the variable „PBX_CMD‟.
The size of the variables must be respected and their names are fixed and in capital letters.
day of the month when the withdrawal will be made (0 = the same day as the
IBS_QUAND initial payment.). 2 figures
IBS_DELAIS Number of days to wait before activating the beginning of the subscription. 3 figures
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 37 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
The other information for the payment via the „Paybox System‟ product does not change. The
currency is passed by the variable PBX_DEVISE and the amount of the first payment (which
may differ from the subscription withdrawals) is passed in the variable PBX_TOTAL.
examples of subscriptions :
PBX_SITE = 1999888
PBX_RANG = 99
PBX_IDENTIFIANT = 2
PBX_TOTAL = 1500
PBX_DEVISE = 978
………
PBX_CMD = ma_ref123IBS_2MONT0000000500IBS_NBPAIE00IBS_FREQ01IBS_QUAND28IBS_DELAIS005
………
If the initial payment (15 euros, that is 1500 centimes) is made on November 28 for example, the
first withdrawal will take place on December 03 (as the registration of the subscription is made
5 days later via IBS_DELAIS).
All withdrawals are for an amount of 5 euros (that is, 500 centimes) (IBS_2MONT), carried out
on the 28th (IBS_QUAND) of each month (IBS_FREQ) until a request for cancellation
(IBS_NBPAIE) has been received from you or until the authorisation center issues a rejection (if
the bank card has expired).
PBX_SITE = 1999888
PBX_RANG = 99
PBX_IDENTIFIANT = 2
PBX_TOTAL = 2000
PBX_DEVISE = 978
………
PBX_CMD = ma_ref123IBS_2MONT0000000550IBS_NBPAIE10IBS_FREQ03IBS_QUAND31
………
If the initial payment (20 euros) is made on November 28 for example, the first withdrawal will
take place on November 31 (as the registration of the subscription is immediate via IBS_DELAIS
which is non-existent).
10 withdrawals (IBS_NBPAIE) of 5.50 euros (IBS_2MONT) will be made every 3 months
IBS_FREQ) on the last day of the month (IBS_QUAND).
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 38 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
27.11.2003 3 12 03.01.2004
27.11.2003 31 2 30.11.2003
27.11.2003 3 40 03.02.2004
27.11.2003 6 40 06.01.2004
27.11.2003 10 40 10.01.2004
27.11.2003 0 40 06.01.2004
When a subscription is made, a „payment receipt‟ e-mail is sent to both the retailer and the
customer, detailing the amount and the date of the next withdrawal.
Please note :
- If using „URL http‟, it will be also be called, whether the renewal is successful or not. The
variable ETAT_PBX will be added to the URL with the added information
PBX_RECONDUCTION_ABT. For example :
http://www.commerce.fr/traite.php?ETAT_PBX=PBX_RECONDUCTION_ABT&Mt=1200&Tr
ans=12345678&Ref=MaReference&Autorisation=987654&NumAbonnement=56789"
Cancellations can be made via the Back Office (see page 66) or by e-mail to the address
„abonnev2@paybox.com‟ with the subject marked as „PBX_SITE
PBX_RANG PBX_IDENTIFIANT‟ (see page 68) and containing the following :
PAYBOX-v2004
To:abonnev2@paybox.com
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 39 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Subject:1999888 99 2
PAYBOX-v2004
0000000501
0000012003
or
To:abonnev2@paybox.com
Subject:1999888 99 2
PAYBOX-v2004
R123abcd
R456defg
PAYBOX will then reply to the sender with a mail of the following type :
Subject:reponse resiliation
PAYBOX-v2004
Erreur 0000000501
Resilie 000001203
(„Erreur‟ signifies a problem in cancelling a subscription and „Résilié‟ signifies that the
cancellation has been successfully carried out.
Cancelling a subscription :
Cancellations can be made via le Back Office (see page 66) or by calling the URL
« https://tpeweb.paybox.com/cgi-bin/ResAbon.cgi » or « https://tpeweb1.paybox.com/cgi-
bin/ResAbon.cgi » if the first is not available.
Type of request :
TYPE 3 numbers Mandatory
001 : Cancellation
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 40 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
reference.
Mandatory if
1 to 250 there in not
REFERENCE Order reference to cancel
characters subscription
number.
OK : succesfull 2
ACQ Mandatory
NO : failed characters
Number of error if the cancellation is failed :
1 : technical incident (Configuration), Mandatory if
2 : not coherent data , the
ERREUR 1 number
3 : technical incident (Access to database) cancellation is
4 : Site unknown, failed
9 : Cancellation failed.
1 to 9
IDENTIFIANT Value of the question Mandatory
numbers
Mandatory if
1 to 9 there is not
ABONNEMENT Value of the question
numbers order
reference.
Mandatory if
1 to 250 there in not
REFERENCE Value of the question
characters subscription
number.
Examples :
Please note that the PAYBOX SYSTEM does not send an e-mail to the cardholder when the
cancellation is made by the retailer except when the cancellation is done by the backoffice
solution.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 41 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
The „Batch Processing by File Deposit‟ Product.
I - PRESENTATION :
The product „Batch Processing by file deposit‟ enables you to process a group of transactions via
a coded and signed file which is deposit ob the servers of PAYBOX SERVICES. Once the file has
been processed by us, it will be returned to the sender through a second file called file “status”.
The retailer thus prepares the “Question” XML file, which contains the payments to be made,
cancelled or modified : it must only contain transactions from one, single retailer (a single
site/rank).
The use of these standards and requirements, will allow a better continuity of the solution in the
futur, an independence towards platforms and an increase of the security.
a – Prerequisites :
Requirements for the implementation of this process are described in the document which you
can download since our site :
http://www1.paybox.com/telechargements/tplplus_sftp.pdf
This procedure requires the retailer to connect to one of our servers in order to deposit his/her
files. The main server is ftp2.paybox.com and the backup server is ftp.paybox.com.
This machines in fact play the role of a batch processing interface, in that they carry out the
preliminary verifications before processing the files : each client deposits his files and each
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 42 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
client has his dedicated directory. This means that when the client connects to this machine, he
cannot explore the disk tree structure.
The means of connecting and of depositing files is through sftp (“s” for secure) on the TCP port
5752. Retailer authentication is carried out by a public key which you must give to us. You, in
turn, must keep your private key. It is thus unnecessary to request the input of a password,
enabling the automatic execution of the connection script.
However, the file(s) deposited are still encrypted even though the connection is secured.
Once the file has been processed, it will be made available to you in your dedicated directory
with a particular extension (“.status.xml”) to differentiate it from the original.
c – File Management :
Each program involved in the procedures of deposit and withdrawal must make sure that a file
is not being used by another. To this end, the command “fuser” is able to carry out the test.
The risk of not carrying out this check is that you may not recover the totality of the file.
The files deposited in your directory “/home/in” must have the extension “.xml”,
As soon as you file is taken into account by our processing line, it is copied in the
directory “/home/encours”,
At the end of the processing, the file “Responses” will be in the directory “/home/out”.
Please note that the size of your deposit directory is limited in size and that it is for you to
purge the directory. In addition, all files bearing an extension other than that previously
mentioned will be deleted by our system.
d – Useful commands :
Here the syntax of some commands for LINUX in order to manage your directories of deposits
and recovery : "user" corresponds to your name of user supplied by the technical departments
of PAYBOX :
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 43 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
File transfer from your servers to our servers :
sftp - P5752 your_file.xml user@ftp2.paybox.com:/home/in
Simple connection in ssh (ssh - p5752 user@ftp2.paybox.com) is possible but it will be breaked
by our servers at the end of 5 seconds by indicating as reason that this type of connection is
refused.
e – Scenario :
The signature is made before the encoding of the file in order to strengthen the security and in
application of the principle "Only what is Seen Should be Signed".
In production, any not validated signature has to warn you on the origin of the file and you
have to contact our hot-line.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 44 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
The coding of the file is made for the creation of the file "Question" but not for the file “status”
because there isn‟t data from the cardholder. Coding is made on all the contents of the element
"Merchant". The file « status » is signed by the applications of PAYBOX Services.
Reply code concerning the status of the transactions processed (see page 60).
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 45 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
The „PAYBOX Direct‟ Product
I - PRESENTATION :
The product « Paybox Direct PPPS » (Paiement Paybox Par Socket in french) enables you to
send a transaction to PAYBOX SERVICES via a « question » frame, and to obtain in return a
« réponse » (reply) frame, which informs you of the acceptation or refusal of the request.
II – EXCHANGE PROTOCOL :
The frame stion" will be sended to the servers of PAYBOX SERVICES via the call of the URL
“https://ppps.paybox.com/PPPS.php” or “https://ppps1.paybox.com/PPPS.php” if the first
URL isn‟t available.
If the code of the response is "00001“, “00097” or “00098” it is recommended to call the URL of
the backup servers of PAYBOX SERVICES : “https://ppps1.paybox.com/PPPS.php”.
To obtain an answer on behalf of the servers of PAYBOX SERVICES, the verbs "SITE" and
"RANG" must be informed and coherent.
<html>
<body>
<form action="https://ppps.paybox.com/PPPS.php" method="post" name="Tests PPPS en HTTPS">
<input type="submit">
</form>
</body>
</html>
Field mandatory
Single request identifier which prevents confusion over
replies in the case of multiple and simultaneous
questions (it can be reset to zero each day).
NUMQUESTION 10 figures 0000000001
1 <= NUMQUESTION <= 2147483647
Field mandatory
Membership number supplied by the retailer‟s bank.
SITE 7 figures 1999888 (test site)
Field mandatory. Used for the SQL requests for type 2, 5,
11, 13 and 17
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 47 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Site rank number supplied by the retailer‟s bank.
RANG 2 figures 99 (test site)
Field mandatory. Used for the SQL requests for type 2, 5,
11, 13 and 17
Key activated only with the version 00103 [see below].
CLE 8 characters 1999888I (test site)
Field mandatory for all messages up to version “00103”
Field mandatory for type 2, 5, 13 and 17. Use for the SQL
requests for type 2, 5 et 13
Number of authorization provided by the merchant 10 characters
AUTORISATION 130968
following a phonic call near its bank. maximum
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 48 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Field used for type 1, 3 and 13.
The country code of the issuer (bank of the cardholder)
PAYS
to return in the “response frame”.
Value provided by the merchant to indicate the option of
PRIV_CODETRAITEMENT payment with SOFINCO card (or partner of SOFINCO) 3 figures
or COFINOGA card.
Date of birth of the cardholder for the payment with
DATENAISS 8 figures 08031964
COFINOGA card.
“PAYPAL” : Value provided by the merchant in order to 16 characters
ACQUEREUR
cancel or capture a payment via PayPal. maximum
The type card used for the payment is returned in the
TYPECARTE
« response frame ».
The SHA-1 digest of the card number is returned in the
SHA-1
« response frame ».
Error code to return in the pre-production/tests
PBX_ERRORCODETEST environment. Variable ignored in the production 5 numbers 00005
environment.
For this type of request, the following headings are used in the request by our database :
SITE
RANG
MONTANT
NUMAPPEL
NUMTRANS
That is why their presence and their content must not differ from that which is sent back in the
return frame when the request concerns a simple authorisation.
For this type of request, the following headings are used in the request by our database :
REFERENCE
MONTANT
DATEQ
That is why their presence and their content must have the same values that into our database.
For this type of request, the following headings are used in the request by our database :
SITE
RANG
NUMAPPEL
NUMTRANS
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 49 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
That is why their presence and their content must not differ from that which is sent back in the
return original frame. A new request for authorization will be made near the bank of the
merchant, and the original transaction will be automatically cancelled if the new transaction is
authorized.
Capture of a transaction :
It‟s advised to wait at least 30 seconds between a request of authorization and a capture of this
transaction.
The field CLE (key), which enables more precise identification of the sender, represents extra
security PPPS exchanges.
The value of this field corresponds to the back office password which can be requested from the
technical support team and sent by fax only to the retailer.
Once this key has been used for the first time, the preceding versions (00101 and 00102) will be
inaccessible, with the process refusal represented by reply code 00013.
The bank needs to differentiate the provenance of the various electronic money movements in
order to correctly fill in the fields concerning the ECI (Electronic Commerce Indicator).
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 50 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
site rank number supplied by the
RANG 2 figures 99 (test site)
retailer‟s bank.
membership number supplied by
IDENTIFIANT American Express or Diners Club for the 10 figures
administration of their cards.
authorization number granted by the
10 characters
AUTORISATION authorization centre of the retailer‟s 168753
maximum
bank if the payment is accepted.
reply code concerning the status of the
question treated : operation accepted or
CODEREPONSE 5 figures 00007 (invalid date)
refused [see below the various reply
codes].
COMMENTAIRE Supply messages of information. 100 characters PAYBOX+PPPS
the country code of the issuer (bank of
the cardholder). The value “???” means 3
PAYS an unknown code. alphabeticals FRA
characters
ISO 3166 norm (alphabetic code)
10
TYPECARTE The type card used for the payment. alphabeticals Visa
characters
40
SHA-1 The SHA-1 digest of the card number alphabeticals F8BF2903A1149E682BE599C5C20788788256AA46
characters
Remboursé = refunded,
Annulé = canceled,
Autorisé = Authorized,
Capturé = Ready for sending to the bank,
The state of the transaction. Only for the 16 characters
STATUS Crédit : Credit,
type 17 in the question frame. maximum
Refusé : Refused,
Demande de solde = Balance Inquery (Gift card),
Crédit Annulé = Credit canceled
Rejet support = Reject helpdesk
The ID PAYBOX of the remittance. Only 9 figures
REMISE 509324981
for the type 17 in the question frame. maximum
NUMTRANS=0000436527&NUMAPPEL=0000526489&NUMQUESTION=0000000001&SITE=1999888&RANG=99
&AUTORISATION=462583&CODEREPONSE=00000&COMMENTAIRE=PAYBOX+PPPS&PAYS=FRA
This frame represents the result of a request : the transaction has been accepted by the
authorisation centre.
The field « CODEREPONSE », in the « réponse » frame sends back a code corresponding to the
result of the request handled by PAYBOX SERVICES.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 51 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
When using a version other than 00101, a
reply code of 00001 means that the
connection to the authorization centre
00001 has failed. In this case, you may make 00018 Transaction not found (type of request 11)
another attempt using the backup servers
ppps1.paybox.com and
ppps2.paybox.com.
Payment refused by the authorization
centre [see explanation page 34].
In the case of a payment being refused by the authorization centre (CODEREPONSE 001xx),
the „ xx „ represent the code sent back by the centre. The code enables you to know the exact
reason for the rejection of the transaction.
For example, for a transaction refused for reasons of „insufficient funds‟, the CODEREPONSE
sent back will be 00151.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 52 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
„PAYBOX Direct Plus‟
I - PRESENTATION
The product “PAYBOX Direct Plus” is an extension of the product “PAYBOX Direct”. It enables
the sending of a transaction to PAYBOX SERVICES via a “question” frame, and to receive in
return a “réponse” frame detailing the acceptation or refusal of the request.
La solution chosen is based on the principle of the sharing of sensitive data between the retailer
and PAYBOX SERVICES, so that the data kept by each of the parties may be unitarily
unexploitable.
This development of the “PAYBOX Direct” product provides the perfect answer to the
problematic "one-click" ordering (development of customer loyalty and/or subscriptions).
For each operation, retailers must supply PAYBOX SERVICES with the part of the data in their
possession. PAYBOX SERVICES will complete it with the part of the data that it possesses in
order to process the operation.
3. Recover the « réponse » frame, returned by PAYBOX SERVICES after processing the
transaction.
2. The registration, modification, and the removal of a subscriber remain at the initiative of
the retailer,
3. The activating of a payment operation remains at the initiative of the retailer, whether it
be outside or within the context of a subscription,
4. The characteristics of each subscription (amount, frequency of payments, length etc.) are
managed by the retailer.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 53 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
III - PAYBOX DIRECT Plus (Subscription management option)
a – Possible actions
When a new subscriber is registered, the retailer must supply PAYBOX SERVICES with the
same fields as for the current “PAYBOX Direct” request for authorization, accompanied by the
(unique) subscriber reference.
PAYBOX SERVICES will check the unicity of the subscriber reference and will make the various
validity checks, such as expiry date and black list etc. It will then make a request for simple
authorisation (without debit) and, if the reply from the authorization centre is positive, it will
register this new subscriber on the list of subscribers with a part of the holder‟s number. It will
then send back to the retailer the other part of the holder‟s number so that it can be kept with
the subscriber‟s reference, the expiry date and the CVV.
The same operation will be carried out following the request for the modification of a
subscriber.
For operations of debit, credit, cancellation and removal of a subscriber, the retailer must
supply the subscriber reference, the part of the holder‟s number in his possession, the expiry
date and the CVV, together with the other compulsory fields in the “PAYBOX Direct” exchange
protocol.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 54 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
2. Call a present URL on the servers of PAYBOX SERVICES,
3. Recover the « réponse » frame, returned by PAYBOX SERVICES after processing the
transaction.
c – Exchange protocol
The frame “question" will be sended to the servers of PAYBOX SERVICES via the call of the
URL “https://ppps.paybox.com/PPPS.php” or “https://ppps1.paybox.com/PPPS.php” if the
first URL isn‟t available.
If the code of the response is "00001“, “00097” or “00098” it is recommended to call the URL of
the backup servers of PAYBOX SERVICES : “https://ppps1.paybox.com/PPPS.php”.
To obtain an answer on behalf of the servers of PAYBOX SERVICES, the verbs "SITE" and
"RANG" must be informed and coherent.
<html>
<body>
<form action="https://ppps.paybox.com/PPPS.php" method="post" name="Tests PPPS en HTTPS">
</form>
</body>
</html>
Field mandatory
Date and time of sending the frame (date of the day)
using format jjmmyyyyhhmmss. (day month year hour
minute second).
DATEQ 14 figures 13022003103050
Field mandatory. Used for the SQL requests for type 11
(format JJMMAAAA)
Type of demand concerning the transaction :
1 = Authorization, 2 = Debit, 3 = Authorization + debit,
4 = Credit, 5 = Cancellation, 11 = Checking of the
existence of a transaction, 12 = Transaction without
request for authorization, 13 = Modification of the
amount of a transaction, 14 = Refund, 17 = Consultation.
Field mandatory
Single and sequential request identifier which prevents
confusion over the replies in the case of multiple and
simultaneous questions (it can be reset to zero each day).
NUMQUESTION 10 figures 0000000001
1 <= NUMQUESTION <= 2147483647
Field mandatory
Membership number supplied by the retailer‟s bank.
SITE 7 figures 1999888 (site test)
Field mandatory. Used for the SQL requests for type 2, 5,
11, 13, 17, 52 and 55
Site rank number supplied by the retailer‟s bank.
RANG 2 figures 99 (site test)
Field mandatory. Used for the SQL requests for type 2, 5,
11, 13, 17, 52 and 55
Key activated only with versions after 00103 [see below].
CLE 8 characters 1999888I (site test)
Field mandatory for all messages up to version “00103”
IDENTIFIANT Empty field. 10 figures RFU.
Amount of the transaction in centimes (no commas, no
decimal points).
MONTANT 10 figures 0000002530
Field mandatory except for type 58. Used for the SQL
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 56 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
requests for type 2, 11 and 52
Code of the currency used (978 for the euro).
DEVISE 3 figures 978
Field mandatory except for type 58
Retailer‟s reference which enables the clear identification
of the order corresponding to the transaction.
250 characters
REFERENCE TR364875-lot2a
maximum
Field mandatory except for type 13, 56, 57 and 58. Used
for the SQL requests for type 11
Retailer‟s reference which enables the clear identification
of the subscriber corresponding to the transaction.
250 characters
REFABONNE AZERTY1234567
maximum
Field mandatory for type 51, 52, 53, 54, 55, 56, 57, 58 and
61.
Cardholder (customer) card number, without spaces, left
justified. In cases of registration or of modification, the
holder‟s partial number should be left justified.
PORTEUR 19 characters 1111222233334444
Field mandatory for type 1, 3, 4, 12, 51, 53, 54, 56, 57 and
61. Not checked for type 5, 17 and 55
Expiry date of the cardholder‟s card in format MMYY.
DATEVAL 4 figures 1002
Field mandatory for type 1, 3, 4, 12, 51, 53, 54, 56 and 57
Visual cryptogram located on the back on the bank card.
3 or 4
CVV 123
N.B : AMERICAN EXPRESS cards have a 4-number CIN characters
(Card Identification Number) on the reverse side.
Electronic commerce indicator (ECI) enabling the
ACTIVITE provenance of the various electronic money movements 3 figures 024
to be distinguished [see page 55].
Filing reference given to your bank. It should be unique
12 characters
ARCHIVAGE and can allow to your bank to supply you an AXZ130968CT2
maximum
information in case of chargeback.
A number of days before to send the transaction at your 3 figures
DIFFERE 000
bank in order to credit your bank account. maximum
Number entered by Paybox in the « REPONSE » frame :
this field must be filled in on the next „QUESTION‟
frame if it concerns a request for capture or cancellation.
For other types of request (1, 3 or 4), this field remains
NUMAPPEL 10 figures
empty.
Field mandatory for type 2, 5, 13, 52 and 55. Used for the
SQL requests for type 2, 5, 13, 52 and 55
Number entered by Paybox in the « REPONSE » frame
when handling a payment likely to be sent to the bank :
this field must be filled in on the next „QUESTION‟
frame if it concerns a request for capture or cancellation.
NUMTRANS For other types of request (1, 3 or 4), this field remains 10 figures
empty.
Field mandatory for type 2, 5, 13, 17, 52 and 55. Used for
the SQL requests for type 2, 5, 13, 17, 52 and 55
Number of authorization provided by the merchant
following a phonic call near its bank. 10 characters
AUTORISATION 130968
maximum
Field used for type 1, 3, 13, 51, 56 and 57.
The country code of the issuer (bank of the cardholder)
PAYS
to return in the “reponse frame”.
Value provided by the merchant to indicate the option of
PRIV_CODETRAITEMENT payment with SOFINCO card (or partner of SOFINCO) 3 figures
or COFINOGA card.
Date of birth of the cardholder for the payment with
DATENAISS 8 figures 08031964
COFINOGA card.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 57 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
“PAYPAL” : Value provided by the merchant in order to 16 characters
ACQUEREUR
cancel or capture a payment via PayPal. maximum
The type card use for the payment is returned in the
TYPECARTE
« response frame ».
The SHA-1 digest of the card number is returned in the
SHA-1
« response frame ».
Error code to return in the pre-production/tests
PBX_ERRORCODETEST environment. Variable ignored in the production 5 numbers 00005
environment.
For all requests of type 51, 52, 53, 54, 55, 57 and 58, prior registration of the subscriber is
mandatory. To this end, a frame with operation type 56 must be sent to the PAYBOX SERVICES
server.
The creation of a new subscriber generates an authorization request for the exact amount in the
frame to the bank, in order to ascertain the validity of the card. Only if the bank accepts the
request, will the subscriber will be entered into the PAYBOX SERVICES database.
Following the creation of a subscriber, a type 52 (subscriber debit) frame can be sent directly if
the amount detailed in the creation frame matches the amount to be debited. If the amount is
not the same, an authorization + debit (53) needs to be sent, or a simple authorization frame (51)
followed by a debit frame (52).
For this type of request, the following headings are used in the request by our database :
REFERENCE
MONTANT
DATEQ
That is why their presence and their content must have the same values that into our database.
For this type of request, the following headings are used in the request by our database :
SITE
RANG
NUMAPPEL
NUMTRANS
That is why their presence and their content must not differ from that which is sent back in the
return original frame. A new request for authorization will be made near the bank of the
merchant, and the original transaction will be automatically cancelled if the new transaction is
authorized.
Capture of a transaction :
It‟s advised to wait at least 30 seconds between a request of authorization or the registration of a
new subscriber and a capture of this transaction.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 58 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
The various values of the ACTIVITE field :
The bank needs to differentiate the provenance of the various electronic money movements in
order to correctly fill in the fields concerning the ECI (Electronic Commerce Indicator).
The various parties concerned by this operation must not retain sensitive data (the holder‟s
number). The principle used therefore is to spread the information contained in this data
between the various parties. The data retained by each is thus unexploitable. We give each
party one out of every two characters to keep.
The holder‟s number which is returned by our server is already split into two parts and
encrypted. It is this information that you must keep without the characters CR+LF at the end of
the line.
The field « CODEREPONSE », in the « réponse » frame sends back a code corresponding to the
result of the request handled by PAYBOX SERVICES.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 60 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
from the centre of authorization of the
bank is ok, the code error "00100" will be
replaced directly by "00000".
00002 An error in coherence has occurred. 00019 Reserved.
00003 Paybox error. 00020 CVV not present.
00004 Invalid cardholder number. 00021 Not authorized bin card.
00005 Invalid question number. 00022 Reserved.
00006 Access refused or site/rank incorrect. 00023 Reserved.
00007 Invalid date. 00024 Error loading of the key : Reserved Future Usage.
00008 Incorrect expiry date. 00025 Missing signature : Reserved Future Usage.
Missing key but the signature is present :
00009 Invalid type of operation. 00026 Reserved Future Usage.
Error OpenSSL during the checking of the
00010 Currency unknown 00027 signature : Reserved Future Usage.
00011 Incorrect amount. 00028 Unchecked signature : Reserved Future Usage.
00012 Invalid order reference. 00097 Timeout of connection ended.
00013 This version is no longer upheld. 00098 Error of internal connection.
Incoherence between the question and the answer.
00014 Incoherent frame received. 00099 Retry later.
Error in access to previously referenced
00015 data.
In the case of a payment being refused by the authorization centre (CODEREPONSE 001xx),
the „ xx „ represent the code sent back by the centre. The code enables you to know the exact
reason for the rejection of the transaction.
For example, for a transaction refused for reasons of „insufficient funds‟, the CODEREPONSE
sent back will be 00151.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 61 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Reply codes from the authorization centre
Each time a transaction is processed by the authorization centre, the centre sends a reply code of
acceptation or refusal.
The various reply codes generated during the processing of a bank card are not always
returned, as some are internal to the authorization centre :
signification of the reply code from the centre of signification of the reply code from the centre of
code code
authorization authorization
00 transaction approved or successfully processed. 38 too many attempts at secret code.
02 contact the card issuer. 41 lost card.
03 invalid retailer. 43 stolen card.
04 keep the card. 51 insufficient funds or over credit limit.
05 do not honour. 54 expiry date of the card passed.
07 keep the card, special conditions. 55 error in secret code.
08 approve after holder identification. 56 card absent from file.
12 invalid transaction. 57 transaction not permitted for this holder.
13 invalid amount. 58 transaction forbidden at this terminal.
14 invalid holder number. 59 suspicion of fraud.
15 card issuer unknown. 60 card accepter must contact purchaser.
17 client cancellation. 61 amount of withdrawal past the limit.
19 repeat the transaction later. 63 security regulations not respected.
20 error in reply (error in the server‟s domain). 68 reply not forthcoming or received too late.
24 file update not withstood. 75 too many attempts at secret code.
25 impossible to situate the record in the file. 76 holder already on stop, former record kept.
26 record duplicated, former record replaced. 90 temporary halt of the system.
27 error in „edit‟ in file up-date field. 91 card issuer not accessible.
28 access to file denied. 94 request duplicated.
29 file up-date impossible. 96 system malfunctioning.
30 error in format. 97 time of global surveillance has expired.
31 identifier of purchasing body unknown. 98 server inaccessible (set by the server).
33 expired card. 99 incident in the initiating domain.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 62 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
34 suspicion of fraud.
signification of the reply code from the centre of signification of the reply code from the centre of
code code
authorization authorization
00 Transaction approved or successfully processed. 09 Card/ retailer non-compatible.
01 Retailer‟s number incorrect or unknown. 10 Unknown.
02 Card number incorrect 11 Cancelled.
03 Error in date of birth or secret code. 12 Incorrect currency code.
04 Card non financially viable 13 Transaction reference not recorded.
05 Problem at the CETELEM server centre. 14 Incorrect transaction amount.
06 Card unknown. 15 Terms of payment incorrect.
07 Request for reserve refused. 16 Transaction direction incorrect.
08 Card out of date. 17 Mode of payment incorrect
signification of the reply code from the centre of signification of the reply code from the centre of
code code
authorization authorization
00 Transaction approved or successfully processed. 50 Web site is unreferenced
20 Client non found 51 Web site is unauthorized
21 Client is unauthorized 52 Web site category is unauthorized
Client is unauthorized to request for this web
22 60 Request is not valid
site
30 SMARTCODE not found 61 Money unreferenced
31 SMARTCODE unauthorized 70 Attempt to fraud
32 The SMARTCODE computing fails 80 Server too busy
33 SMARTCODE locked 90 Authorization server may be down
40 EASYCODES not found 100 Internal error
41 Credit of the EASYCODES is insufficient 127 Unknown
Amount of transaction is too high for this
42
EASYCODES
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 63 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Charset PAYBOX
I – CHARSET PAYBOX :
The charset supported by the applications of PAYBOX SERVICES is shown below. All
characters not present in the matrix will deleted or the trame will be rejected : it will depand on
applications :
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 \0 \t \n \r
1
2 ! " # $ % & ( ) * + , - . /
3 0 1 2 3 4 5 6 7 8 9 : ; < = > ?
4 @ A B C D E F G H I J K L M N O
5 P Q R S T U V W X Y Z [ \ ] ^ _
6 ` a b c d e f g h i j k l m n o
7 p q r s t u v w x y z { | } ~
8
9
A ¡ ¦ «
B » ¿
C À Á Â Ã Ä Å Æ Ç È É Ê Ë Ì Í Î Ï
D Ð Ñ Ò Ó Ô Õ Ö × Ø Ù Ú Û Ü Ý Þ ß
E à á â ã ä å æ ç è é ê ë ì í î ï
F ð ñ ò ó ô õ ö ÷ ø ù ú û ü ý þ ÿ
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 64 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Test Parameters
Whatever the product used (PAYBOX SYSTEM, PAYBOX Direct, Subscription option etc.), it is
possible to carry out tests via a PAYBOX shop especially designed for this purpose.
The identifiers to parameter are the site number and the rank number :
SITE : 1999888
RANK : 99
PAYBOX IDENTIFIER: 2
It is also possible to carry out payment tests with a test bank card number :
Please note :
- The PAYBOX SERVICES test shop does not make any request to an authorization centre and
does not send anything to a remote data collection centre. A simple check as to the validity of
the credit card will determine if the payment is accepted or refused.
- The authorization number returned will therefore always be "XXXXXX" if these basic checks
are correct.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 65 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
The Retailer‟s Back Office
All retailers who subscribe to the services of PAYBOX SYSTEM, PAYBOX Direct or Batch
Processing have access to the operating report of their virtual electronic payment terminal.
This operating report, called the „Retailer‟s Back Office‟ consists of a number of protected pages
on the web site of PAYBOX SERVICES. They allow the retailer to carry out, using various tabs,
the following operations described in the document
http://www1.paybox.com/telechargements/GUIDE_UTILISATEUR_BACK_OFFICE_COMM
ERCANT_PAYBOX.pdf
To access the Back Office, you need to connect to the URL https://admin.paybox.com or
https://admin1.paybox.com (backup).
You need to enter the login and the password that you have previously requested from the
technical department of PAYBOX SERVICES. It is advised to call the technical service of
PAYBOX SERVICES to proceed all the quarters to the change of your password of connection.
A password has to mixte of 8 characters, upper and lower letters as well as of special characters
(*! _ - $ etc.). A password does not have to be the same that the last 4 previous passwords.
You can view the Back Office of the PAYBOX SERVICES test using :
Login : 199988899
password : 1999888I (capital i)
URL : https://preprod-admin.paybox.com
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 66 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 67 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
How to subscribe to PAYBOX Services
To subscribe to the Paybox service, you need to contact the Sales Department of PAYBOX
SERVICES on (00 33) (0)1.61.37.05.70 or contact us using the form displayed under the heading
„contact at the URL www.paybox.com, or send an e-mail to contact@paybox.com
You will then be sent a contract detailing the commercial aspects (installation and subscription
costs), together with a registration form to enable PAYBOX SERVICES to record the parameters
needed for the Paybox service.
Prior to this, you should contact your habitual bank to request the opening of a mail
order/distance selling contract on your normal bank account. The terms of these contracts vary
according to the bank.
Your bank will then give you a SITE number (7 figures) and a RANK number (2 or 3 figures) :
these numbers will be used for identification at PAYBOX SERVICES.
If you wish to accept currencies other than the Euro, you need to inform your bank when you
open your mail order /distance selling contract.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 68 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Assistance
I – ASSISTANCE :
For all information and for installation assistance, our sales and technical teams are at your
service.
Sales department :
e-mail : contact@paybox.com
telephone : (00 33) (0)1.61.37.05.70.
fax : (00 33) (0)1.61.38.16.56.
Technical department :
e-mail : support@paybox.com
telephone : (00 33) (0)4.68.85.79.90.
fax : (00 33) (0)4.68.85.79.99.
Every time you contact our services, you MUST have ready your Paybox
identifiers, which are your SITE number (7 figures), your RANK number (2
figures), and your PAYBOX identification number (1 to 9 figures).
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 69 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99
Glossary
I – GLOSSARY :
CGI :
The CGI (Common Gateway Interface) is a standard which defines the rules that enable a
computer programme to interact with a Web server.
URL :
The URL (Uniform Resource Locators) are resource addresses on the Internet. A resource can be
an http server, a file on your disc, a picture etc.
HTTP :
HTTP (HyperText Transport Protocol) is a protocol used to transfer hypertext or hypermedia
documents between a Web server and a Web customer.
SSL :
The SSL (Secure Sockets Layer) protocol enables the secured transmission of forms within the
Web and can therefore be used for on-line financial transactions which necessitate the use of a
credit card.
FTP :
The FTP (File Transfer Protocol) is a protocol of file transfers which enable the downloading of
data selected by the Internet user from one computer to another, as in the customer – server
model.
HTML :
HTML (Hyper Text Markup Language) is a tag language which enables the creation of
hypertext documents that can be displayed by the Web browser.
IP :
The IP (Internet Protocol) is the unique address of a computer connected to the World Wide
Web.
___________________________________________________________________________________________
PAYBOX SERVICES.
Centre Espace Sud – Route d‟Elne - 66200 LATOUR BAS ELNE Version 4.70 Page 70 / 70
Tél : +33 4.68.85.79.90 - Fax : +33 4.68.85.79.99