Understanding the payment flows for processing transactions with Solidgate is essential for ensuring smooth integration.
Auth + settle
This payment flow involves the merchant obtaining authorization to hold a customer’s funds, Solidgate communicating with the acquirer to process the transaction, and the merchant settling the transaction or using the automatic settling of the transaction upon successful authorization.
auth
+settle
secures transactions by finalizing payments only after confirming delivery, supporting smoother refunds and cancellations.
- The merchant requests
auth
to hold the customer's funds, specifying the hold duration in hours. The merchant either sets asettle_interval
for auto-settlement or intends to manually settle at a later point. - Solidgate receives the request and sends it to the acquirer to decide on the
auth
approval. - Solidgate receives an
auth
response from the acquirer. - Solidgate processes the
auth
response and sends a callback request with the transaction status to the merchant. - The merchant confirms receipt of the
auth
status to Solidgate. - After successful authorization and considering the
settle_interval
, Solidgate requests the acquirer to settle the transaction. The merchant can initiate partial settlement before the time interval expires, which results in the automaticvoid
of the remaining hold amount. - The acquirer returns a
settle
response to Solidgate, confirming the transaction settlement. - Solidgate processes the
settle
response and sends it to the merchant via a callback request. - The merchant confirms receipt of the transaction status to Solidgate.
3DS
3D Secure (3DS) enhances online payment security by adding an extra authentication step for credit and debit card transactions. This protocol protects cardholders by requiring a one-time password (OTP) during payment, which only the cardholder can access. Key specifics include:
- PSD2 compliance
Under PSD2, 3DS and Strong Customer Authentication (SCA) are mandatory for transactions within the European Economic Area (EEA), enhancing transaction security. - Liability shift
It offers merchants protection by shifting liability for fraudulent transactions to the card issuer if proper authentication is used. This minimizes merchants' risk of financial loss due to fraud.
3DS is vital for secure e-commerce transactions, protecting both merchants and cardholders by preventing unauthorized card use. Solidgate supports 3DS verification to strengthen payment processes. Merchants can get 3DS details through API requests or webhook notifications, retrieving information on transaction security level and type of 3DS flow applied.
The latest version of 3DS, 3D Secure 2, introduces two types of authentication flows for enhanced flexibility:
- Frictionless flow
This is the process of authentication achieved without cardholder interaction. It streamlines the transaction process by minimizing customer input, provided the transaction is deemed low-risk or meets certain criteria set by the issuing bank. - Challenge flow
When the Access Control Server (ACS), operating in the issuer domain, determines that extra cardholder input is necessary, the authentication shifts from frictionless to challenge flow. This is typically required for high-risk transactions, those exceeding thresholds, or when stricter authentication is mandated by regulations. Merchants or their acquiring banks must decide whether to proceed with the challenge or terminate the authentication process.
- The merchant collects card details from the cardholder. They send an
auth
request to Solidgate. Concurrently, there is an option to request 3DS authentication by setting theforce3DS: true
parameter in the request. - Upon receipt, Solidgate confirms the request. If the merchant requests 3DS authentication, Solidgate defaults to the 3DS flow.
- Solidgate sends a 3DS request to the acquiring bank. If the transaction is executable, the acquiring bank returns the ACS URL to Solidgate.
- Solidgate forwards a
verify_url
embedded with the ACS URL to the merchant. - Solidgate receives the verification request upon customer interaction.
- The merchant sends a 3DS completion request to Solidgate.
- Solidgate then requests the 3DS check status from the acquiring bank.
- The acquiring bank returns a verification response to Solidgate, indicating whether the transaction is approved or declined.
- Solidgate processes the verification response and initiates a callback request, providing the transaction status to the merchant.
- The merchant takes the necessary steps and confirms to Solidgate the receipt of the transaction status.
Void
The flow involves the merchant obtaining authorization to hold the customer’s funds and initiating a void
operation if needed. Effective communication between Solidgate, the acquirer, and the merchant is crucial in ensuring a successful transaction.
- The merchant requests
auth
to hold the customer's funds. - Solidgate receives the request and sends it to the acquirer to decide on the
auth
approval. - Solidgate receives the
auth
response from the acquirer. - Solidgate processes the
auth
response and sends a callback request with transaction status to the merchant. - The merchant confirms receipt of the
auth
status to Solidgate. - To initiate the
void
operation, the merchant sends avoid
request to Solidgate. - Solidgate acknowledges receipt and forwards the
void
request to the acquirer. - The acquirer returns a
void
response to Solidgate, indicating whether the transaction is declined or approved. - Solidgate processes the
void
response and sends it to the merchant via the callback request. - The merchant confirms receipt of the transaction status to Solidgate.
Refund
The refund involves coordination between the merchant, Solidgate, and the acquirer for successful processing.
Solidgate immediately forwards refund requests to the cardholder’s bank, but the visibility of funds in the cardholder’s account can take 5-10 business days, depending on the bank. Merchants should advise cardholders to contact their bank if refunds are not visible within this period, using the ARN to expedite the process.
- The merchant submits a refund request to Solidgate.
- Solidgate receives the request and sends it to the acquirer to decide on the refund eligibility.
- The acquirer returns a refund response to Solidgate, indicating approval or denial of the refund.
- Solidgate processes the refund response and sends the merchant a callback request with the transaction status.
- The merchant takes necessary actions and confirms receipt of the refund status to Solidgate.