CentralPay has been designed to meet companies needs that process payment transactions as part of their business or wish to optimize their collection operations. They can use our technology to integrate advanced banking services without regulatory constraints or technology barriers.
Our goal: simplifying the entire processing chain facing banking processes complexities (KYC / AML) and security issues (PCI-DSS).
With CentralPay, you streamline and automate all your payment needs using a single service, a single API.
Create and manage currency accounts
Follow up payments requests thanks to scenarios
Manage wallets with real time transfer
Manage manual or programmed "payout" payments
Friendly use a CB / SEPA tranfer payment solution perfectly adapted for Ecommerce and platforms
Secure third parties funds
Integrate regulatory enrollment and remote subscription to your services as white label
Check full reporting and IT implementation in real time
Secure your transactions with advanced anti-fraud algorithm based on AI
Answering your needs, CentralPay allows you to build innovative offers integrating payment services.
For Platforms, CentralPay can help you with:
- Integrating payment services in order to resell consolidated financial services in an existing offer.
- Offer a centralized and full services payment system to your customers
- Improve their collections thanks to the rich Rest API
- Get the status of Payment Service Agent that allows you to bill financial services on your behalf.
- Simply integrating new customers into your "Platform" without worrying about regulatory constraints (KYC, AML...).
- Start registration processes on your servers and continue the enrollment from our environments, in white label and without redirection.
- Have contracts signed electronically during the enrollment process
- Integrate Single Sign On (SSO) solutions to centralize password management (end 2018).
- Automatically assigning payment values to your customers:
- Define contractual business models with your customers and partners
- Set these data on your points of sale
- CentralPay splits the transactions and sends the correct amounts to the appropriate payment accounts
For large accounts, CentralPay can help you with:
- Optimizing processes related to your points of sale collection (centralizing your acquisition, diversifying your collection means, increasing your conversion…).
- Improving your customers payment experience by integrating payment processes in your services core and meeting specific objectives.
- Automating follow up and reminders of your payment requests by specially designed scenarios.
CentralPay proposes a full services payment platform that allows you to integrate very easily and smoothly complex payment functionalities thanks to a few lines of code.
CentralPay is a Full Services payment platform covering all the needs of clients, platforms or marketplaces wishing to implement complex payment services integrated into their business offers or processes without having to bear the technical or operational constraints.
Depending on the payment functionalities you want to integrate and your technical knowledge, you either choose between those two methods:
- Integrating a payment page hosted by CentralPay and accessible tnaks to an Iframe : POPIN FORM
- Using the API directly to create your own payment forms : CUSTOM FORM
Doing so, you can access to advanced functionalities and create a customized payment experience corresponding to your usage.
As transactions security is crucial part of the process, CentralPay has developed a unique technology that detects fraudulent transactions without taking the risk of losing your sales.
Our platform is composed of the four following elements:
- An API REST composed of objects delivering payment services
- A portal, back office, allowing a complete management of the overall services
- Entities, "users profiles", owning rights on payment accounts or electronic-money
- A subscription service allowing payment account or e-money creation integrating regulatory controls.
1/ Simple transaction including a Token
As a merchant or a platform, if you are not PCI-DSS compliant Level 1, you are not allowed to stock or use any bank data.
You have then to use a token to charge your transaction by credit card without using any sensible data and having the same agility as a PCI-DSS compliant actor.
NB : the client, your "customer", is the consumer executing a payment.
You receive then a cardTokeId that allows you to initiate a transaction object from your servers without manipulating any credit/debit card number.
Infographic regarding a single payment workflow
NB: you also have the possibility to register, from this transaction stage, a customer that contains the card object including all card data. (please refer to the single payment flow infographic). This step would be useful if want to reiterate a transaction with the same card later on.
2/ Recurring transaction with a Customer
Thanks to the customerID generated (containing the sub-object card with payment data), you can proceed to a new transaction without asking for his/her credit/debit card number to your client once again.
There a several ways of using customerID:
- 1 clic payment, 1 clic upsell, 1 clic cross sell
- Subscription payment
- X multi payment - installment
3/ Direct transaction without Token
This case in not recommended as it necessitates from your side the full load of the secure PCI-DSS process.
Nevertheless if, as a merchant or a platform, you are PCI-DSS level compliant, you can send directly the payment cards to the transaction object without using the "token.js" service. It supposes that no "tokenization process" is done by CentralPay.
You send directly the cards to the API in the transaction object. Those cards are stocked and managed from your side. In that specific case, you do not have to create a customer during a new transaction because you already use the payment data stocked in your PCI-DSS environment.
The popin forms, also known as hosted or checkout forms, are easy to manage, fast to integrate and PCI DSS compatible (SAQ A). You can download the SAQ A at this address: https://www.pcisecuritystandards.org/documents/PCI-DSS-v3_2_1-SAQ-A.pdf
CentralPay manages the complex part of the payment process, which includes the HTML form, the users information checking and the credit/debit card data secure process.
Using the pop-in form, you avoid all constraining PCI-DSS requirements.
All sensible data are directly sent from the card owner’s browser to CentralPay PCI-DSS environment. Which means that any sensible data are managed by your servers at any time.
When a transaction is done, you receive a unique virtual token. This token is linked to the credit/debit card data stocked in our secure environment.
To integrate pop-in forms, only a few basic technical skills are required.
Please follow our tutorial to set up a pop-in form in 10 minutes.
Tutorial – integrating a payment page in 10 minutes
3 easy and quick steps to follow:
1Starting with the pop-in form
The first step consists in initializing the POPIN form. This operation can be done thanks to your personal "MerchantPublicKey".
When initializing the form, several attributes are available.
You must at least define those mandatory elements:
2Capturing payment data
Once the POPIN form setting is completed, the cardholder is able to fill the form with his/her sensitive data (card number, expiration date, CVV).
This data will then be sent to the CentralPay API.
This action completed, you receive a CardTokenId that will be usable for a transaction request.
This script has the same effect as adding a cardTokenId to your form and clicking on the "Submit Form" button.
3Create a transaction with a cardtokenID
The last step consists in initializing a transaction by creating the CardTokenID. Replacing the card data, it enables you, with a few lines of code, to send the data to the Transaction object.
The main advantage of using a custom form relies in highly reducing risks related to card data security matters. By integrating the payment process, you keep a full control of the payment page and the checkout process.
You can also process multi-device payments and optimise your customer experience.
By embedding our payment page into your website, you offer a better experience to your customers and increase your conversion ratio.
Custom Form tutorial
Once you get a cardTokenID, you are now able to create a transaction in order to debit your customer card.
1Creating an HTML payment form
Contrary to the POPIN form which is generated by the platform, the CUSTOM form is to be created.
So you need to generate the HTML code at your convenience.
2Sending the debit/ credit card information with the Token.js
At this stage, you have now to send the card data from the client browser to the PCI platform. The platform will send you back a cardTokenId. To get it done you need to add the following script tag in the <body> part at the end of your code.
Then your merchantPublicKey in a separe tag.
The merchantPublicKey identifies your requests to the platform. In the example below, you will have to use the one that has been send to you.
3Getting back the cardTokenID in your system
All card data are now stored in the cardTokenId for a duration of 5 minutes. This value is sent to the API instead of the sensible credit card data.
4Submitting the form from your server
Now that you have a cardTokenID you enable to trigger a transaction.
Unlike the previous steps that take place from the browser, this operation is executed from your servers. For example:
curl -v https://test-api.centralpay.net/v2/rest/transaction \ -u 'DEMOPSC:eUZG&DVD6cCD' \ -d amount= 100 -d currency= EUR -d cardTokenId=d5bc9bec-aec2-4b92-b45c-23d53719a058 \ -d endUserIp=18.104.22.168 \
5Saving the card information in a customer object in order to use it afterwards (1 click, subscription…)
CentralPay's cardTokenId can only be used once, but if you plan to use it afterwards, you need to create a customer object in which you can store all cards details.
Instead of charging the card immediately, you have to create a customer object. CentralPay then stores a cardtoken within this customer object during the process. This precise action allows you to charge the customer at any time in the future.
CentralPay simplifies the PCI-DSS compliance processes, by sweeping away constraints regarding sensitive data management while offering you exclusive control over integrating your services and advanced features.
Its tokenization process has been designed to allow you to determine and limit your security perimeter opting for a SAQ A or SAQ A – EP without degrading your users experience regarding the payment features and processes.
Which means :
- Securising your payment pages using TLS (1.2 min) (Transport Layer Securityto meet HTTPS standards
- Review and validate your service's PCI compliance every year
As mentioned below the required compliance levels based on the modules utilisation:
The POPIN FORM and the SAQ A
With this module, Centralpay manages all exchanges with customer payment cards in a hosted CentralPay IFRAME so that sensitive data never route through your servers. Using this service allows you to access the simplest PCI DSS compliance level known as SAQ A.
You can download the SAQ A at this address:
The CUSTOM FORM and the SAQ A-EP
Thanks to the combination of « Custom + Token.js », you manage yourself your payment forms for an optimized payment experience. This method implies that you initiate the payments on your servers and you must be SAQ A-EP level compliant.
You can download the SAQ A-EP at this address: