Introduction
CentralPay has been designed to meet company needs that process payment transactions as part of their business or wish to optimize their collection operations. They can use our technology to integrate advanced banking services without regulatory constraints or technological barriers.
Our goal : simplifying the entire processing chain facing banking processes complexities (KYC / AML) and security issues (PCI-DSS).
With CentralPay, you streamline and automate all your payment needs using a single service, a single API.
Create and manage currency accounts
Follow up payment
requests thanks to scenarios
Manage wallets with real time transfer
Manage manual or programmed "payout" payments
Friendly use a CB / SEPA transfer payment solution perfectly adapted for Ecommerce and platforms
Secure third parties funds
Integrate regulatory enrollment and remote subscription to your services as white label
Check full reporting and IT implementation in real time
Secure your transactions with advanced anti-fraud algorithm based on AI
How CentralPay answers your needs
Answering your needs, CentralPay allows you to build innovative offers integrating payment services.
For Platforms, CentralPay can help you with:
- Integrating payment services in order to resell consolidated financial services in an existing offer.
- Offer a centralized and full services payment system to your customers
- Improve their collections thanks to the rich Rest API
- Get the status of Payment Service Agent that allows you to bill financial services on your behalf.
- Simply integrating new customers into your "Platform" without worrying about regulatory constraints (KYC, AML...).
- Start registration processes on your servers and continue the enrollment from our environments, in white label and without redirection.
- Have contracts signed electronically during the enrollment process
- Integrate Single Sign On (SSO) solutions to centralize password management (end 2018).
- Automatically assigning payment values to your customers:
- Define contractual business models with your customers and partners
- Set these data on your points of sale
- CentralPay splits the transactions and sends the correct amounts to the appropriate payment accounts
For large accounts, CentralPay can help you with:
- Optimizing processes related to your points of sale collection (centralizing your acquisition, diversifying your collection means, increasing your conversion…).
- Improving your customers payment experience by integrating payment processes in your services core and meeting specific objectives.
- Automating follow up and reminders of your payment requests by specially designed scenarios.
Payment methods
Online planning - Means of payment
| American Express Card |
Online |
| Carte Bancaire Card |
Online |
| Diners Card |
Online |
| Maestro Card |
Online |
| Mastercard Card |
Online |
| Visa Card |
Online |
| Visa Electron Card |
Online |
| Virement bancaire SCT Transfer |
Online |
| Prélèvement bancaire SDD Direct debit |
Online (T2 2021 SmartForm) |
| Google Pay Wallet |
T1 2021 |
| Instant Payment Transfer |
T2 2021 |
| Apple Pay Wallet |
T3 2021 |
| Bancontact Carte |
T4 2021 |
| Chèques vacances ANCV Voucher |
T4 2021 |
| PayPal Wallet |
T4 2021 |
| GiroPay Direct debit |
T1 2022 |
| Ideal Direct debit |
T1 2022 |
| JCB Card |
T1 2022 |
| AliPay / WeChatPay Wallet |
T1 2022 |
Welcome on board
CentralPay services
CentralPay proposes a full services payment platform that allows you to integrate very easily and smoothly complex payment functionalities thanks to a few lines of code.
CentralPay is a Full Services payment platform covering all the needs of clients, platforms or marketplaces wishing to implement complex payment services integrated into their business offers or processes without having to bear the technical or operational constraints.
Depending on the payment functionalities you want to integrate and your technical knowledge, you either choose between those two methods:
- Integrating a payment page hosted by CentralPay and accessible thanks to an Iframe : SMART FORM
Or - Using the API directly to create your own payment forms : CUSTOM FORM
Doing so, you can access to advanced functionalities and create a customized payment experience corresponding to your usage.
As transactions security is a crucial part of the process, CentralPay has developed a unique technology that detects fraudulent transactions without taking the risk of losing your sales.
Our platform is composed of the four following elements :
- An API REST composed of objects delivering payment services
- A portal, back office, allowing a complete management of the overall services
- Entities, "users profiles", owning rights on payment accounts or electronic-money
- A subscription service allowing payment account or e-money creation integrating regulatory controls.
The transaction modes
1/ Simple transaction including a Token
As a merchant or a platform, if you are not PCI-DSS compliant Level 1, you are not allowed to stock or use any bank data.
You have then to use a token to charge your transaction by credit card without using any sensible data and having the same agility as a PCI-DSS compliant actor.
In order to do so, you have at your disposal a javascript called "Token.js". It allows to send, in a very secured manner, the card to be "tokenized" from the client’s browser to CentralPay PCI-DSS level 1 environment.
NB : the client, your "customer", is the consumer executing a payment.
You receive then a cardTokenId that allows you to initiate a transaction object from your servers without manipulating any credit/debit card number.
Infographic regarding a single payment workflow
NB: you also have the possibility to register, from this transaction stage, a customer that contains the card object including all card data. (please refer to the single payment flow infographic). This step would be useful if want to reiterate a transaction with the same card later on.
2/ Recurring transaction with a Customer
Thanks to the customerID generated (containing the sub-object card with payment data), you can proceed to a new transaction without asking for his/her credit/debit card number to your client once again.
There a several ways of using customerID:
- 1 clic payment, 1 clic upsell, 1 clic cross sell
- Subscription payment
- X multi payment - installment
3/ Direct transaction without Token
This case in not recommended as it necessitates from your side the full load of the secure PCI-DSS process.
Nevertheless if, as a merchant or a platform, you are PCI-DSS level compliant, you can send directly the payment cards to the transaction object without using the "token.js" service. It supposes that no "tokenization process" is done by CentralPay.
You send directly the cards to the API in the transaction object. Those cards are stocked and managed from your side. In that specific case, you do not have to create a customer during a new transaction because you already use the payment data stocked in your PCI-DSS environment.
Two ways of integrating
Smart Form
Simple to integrate, Smart Form is a smart payment form accessible by the API via the paymentRequest service. Hosted in CentralPay’s PCI-DSS area, it includes essential features to payment needs.
By using Smart Form, you avoid the most restrictive part of PCI-DSS requirements. All sensitive data is processed directly in CentralPay’s PCI-DSS environment. Therefore, credit card data never passes through your server.
Smart Form is linked to the following services :
- paymentRequest service that initiates payment claims
- “Push & Pay” service that automates and issues notifications
With Smart Form, most complex parts of the process are managed by CentralPay :
- Generating and hosting payment form,
- Verifying users information,
- Managing the various payment methods,
- Securing cards data,
- Generating payment reminders or requests,
- Managing the different payment methods and types.
The service is accessible through :
- CentralPay API integrated with a third party Information System :
- By HTTPS redirect to a website
- By e-mail/SMS notifications
- By displaying or printing a QR Code
- The web console or CentralPay mobile application :
- By e-mail/SMS notifications
- By displaying or printing a QR Code
Example of Smart Form
Available payment methods
CREDIT CARDS
Visa, Mastercard, Amex, Bancontact…
CREDIT CARDS
Payment in installments to stagger your customers payments.
Visa, Mastercard, CB
E-WALLET AND LOCAL PAYMENT SYSTEMS
PayPal, Alpay, WeChat, Ideal…
HOLIDAY VOUCHERS
ANCV
FIDELYPAY
Cashback, discounts, fidelity points
TRANSFER
SCT (SEPA Credit Transfer)
Choice of payment methods :
- Point of sale configuration defines the payment methods that will be accessible to the customer.
- Depending on the desirable interactions between combined payments, some methods may not be available.
Combined with the Push & Pay service, a Smart Form can integrate recurring payment methods :
- Multi-participants payments
- Combined payments on several payment methods
- Automation of requests, reminders and notifications
Custom Form
Custom Form allows you to create your own payment forms and consume API objects in a unitary way in order to create a unique payment experience fully integrated into your services.
Therefore, a Custom Form is created and hosted by you while allowing you to strongly reduce the security risks when handling banking data. By integrating the payment process on your side, you keep control of the payment page and user experience.
Custom Form allows consumption of certain services not supported by Smart Form like subscription payments (subscription) or one-click upsell payment.
Example of Custom Form
PCI-DSS prerequisits
CentralPay simplifies the PCI-DSS compliance processes, by sweeping away constraints regarding sensitive data management while offering you exclusive control over integrating your services and advanced features.
Its tokenization process has been designed to allow you to determine and limit your security perimeter opting for an SAQ A or SAQ A-EP without degrading your users experience regarding the payment features and processes.
You can either use two options : a "Smart form" or a "Custom form" (with token delivery + JavaScript) to collect payment information which sent directly to CentralPay environment without routing through your servers.
Which means :
- Securing your payment pages using TLS (1.2 min) (Transport Layer Security) to meet HTTPS standards
- Review and validate your service's PCI compliance every year
As mentioned below the required compliance levels based on the modules utilisation :
The SMART FORM and the SAQ A
With this module, Centralpay manages all exchanges with customer payment cards in a hosted CentralPay IFRAME so that sensitive data never route through your servers. Using this service allows you to access the simplest PCI-DSS compliance level known as SAQ A.
You can download the SAQ A at this address :
https://www.pcisecuritystandards.org/documents/PCI-DSS-v3_2_1-SAQ-A.pdf
The CUSTOM FORM and the SAQ A-EP
Thanks to the combination of « Custom + Token.js », you manage yourself your payment forms for an optimized payment experience. This method implies that you initiate the payments on your servers and you must be SAQ A-EP level compliant.
You can download the SAQ A-EP at this address :
https://www.pcisecuritystandards.org/documents/PCI-DSS-v3_2-SAQ-A_EP-rev1_1.pdf