Ebs Integration Guide 3.0.1

User Manual:

Open the PDF directly: View PDF .
Page Count: 37

Download
Open PDF In Browser	View PDF

E Billing Solutions Pvt. Ltd.

EBS Integration Guide 3.0.1

EBS INTEGRATION GUIDE Version
3.0.1

Page 1

EBS Integration Guide 3.0.1

Table of Contents
1. INTRODUCTION ..............................................................................................................

2. PRE-REQUISITE .............................................................................................................

3. ENVIRONMENT DETAILS .............................................................................................

3. SALE PROCESS FLOW .................................................................................................

4. INTERNAL STATUS FLOW ...........................................................................................

5. MERCHANT WEBSITE INTEGRATION ......................................................................

APPENDIX A – SECURE HASH VALIDATION.............................................................

APPENDIX B – SETTLEMENT CYCLE .........................................................................

APPENDIX C – ISO3 COUNTRY NAME .......................................................................

APPENDIX D – PCI DSS COMPLIANCE.......................................................................

Page 2

EBS Integration Guide 3.0.1
1. INTRODUCTION

This document works as a guide for Merchants on understanding the EBS payment
gateway Integration. This integration will allow the Merchant to have the Payment option
Selection. This integration will also allow Credit card details to be captured on the
Merchant website itself, on meeting the following pre-requisites.

2. PRE-REQUISITE
For capturing Credit card details on the Merchant website, the Merchant application should be
in compliance to PCI DSS. For more details on PCI DSS, please refer APPENDIX D.
EBS should enable the Option for Merchant to capture Credit card data.
3. ENVIRONMENT DETAILS

Test card details that can be used for testing purpose are as below
VISA - 4111111111111111 - 07/16(Exp.) - 123(CVV)
Card Holder Name: Test, Issuing Bank - Test
Please Note: No other card number will be supported in test phase.
i. Payment Request URL:

Production – https://secure.ebs.in/pg/ma/payment/request
ii. Integration Kit

Kindly browse the following link to
download Integration Kit/Shopping carts.
http://support .ebs.in/index.php? _m=downloads&_a=view

Page 3

EBS Integration Guide 3.0.1

3. SALE PROCESS FLOW

•

Customer selects to check out on the Merchant Website.

•

Merchant Website will redirect the Customer to EBS Payment Page.

•

Customer Selects Payment Method (Credit Card, Debit Card, Net banking, Cash Card)
and Payment option on the Merchant Website. If the Customer selects Credit or Debit
cards, he will be asked to provide the credit card number or the debit card number
respectively.

Page 4

EBS Integration Guide 3.0.1

• Transaction is screened and Customer is redirected to respective Acquirer for processing.
• Customer is redirected back to Merchant Website with the response.

4. INTERNAL STATUS FLOW

Status Details:
I.
Authorized Payments–Payments which are completed successfully
II.

Flagged Payments – Payments which are completed are successfully and are

flagged by Fraud Screening System. Order will not be processed in
this tate. These payments will be reviewed manually by EBS internal
team and un-flagged or Cancel.
III.

Captured – Payments captured by the Merchant.

IV.

Refund –Payments refunded by the Merchant to the Customer.

Charge Back – Payments which are refunded forcefully by EBS for any

complaints raised by the Customer with the Card provider or Card Brands.
© Copyright E-Billing Solutions Pvt Ltd.

Page 5

EBS Integration Guide 3.0.1

5. MERCHANT WEBSITE INTEGRATION
i. Integration Mode

There are two modes that are provided by the gateway:







Standard mode: In this mode, all the payment
 details would be collected in the EBS
payment page for payment transaction.
Direct mode: In this mode, payment card details would be collected in the merchant 
website and redirected to the appropriate issuing bank to complete the transaction. In

case of net banking using this mode, the merchant should set the channel value to “0”
and pass the payment option parameter to EBS.



ii. Request Parameter Details
Parameter

Description

channel

Type

Min

Max

Mandatory

The payment channel.
numeric
Give ‘0’ for Standard or ‘2’ for
Direct Mode

YES

account_id

Your Account ID

numeric

YES

reference_no

Your Reference Number

char

YES

amount

Total Sale Amount

decimal

14,2

YES

mode

Mode of the LIVE => live, TEST
=> test
char

LIVE or LIVE or
TEST TEST YES

currency

Currency INR

Char

YES

description

Detail description of the sale

char

255

YES

return_url

This is the url you want EBS
to return back after
transaction is successful

char

255

YES

name

Customer billing Name

char

128

YES

address

Customer billing address

char

255

YES

Page 6

EBS Integration Guide 3.0.1

city

Customer billing city

char

YES

state

Customer billing state

char

Customer billing country.
[3 Digit ISO3 country coderefer Appendix C]
Customer billing postal
code

char

YES

char

YES

phone

Customer billing phone

char

YES

Customer billing email

char

100

YES

ship_name

Customer delivery Name

char

255

ship_address

Customer delivery address

char

255

ship_city

Customer delivery city

char

ship_state

Customer delivery state

char

ship_country

Customer delivery
country[3 Digit ISO3
country code- refer
Appendix C]
Customer delivery postal
code

char

ship_phone

Customer delivery phone

char

bank_code

Bank code provided by EBS

char

name_on_card

Name of the card holder.

char

YES

numeric

YES

numeric

YES

country

postal_code

ship_postal_code

Only for Direct mode

card_number

Credit card number. Only
for
Direct mode

card_expiry

Expiry date of the credit
card. [Format: MMYY]
Only for Direct mode.

payment_option

Payment option code
provided by EBS. Only for
standard mode

char

payment_mode

Give 1 for Credit Card , 2 for
Debit Card,3 for Net Banking,
4 for Cash Card, 5 for Credit
Card – EMI, 6 for Credit Card

numeric

Page 7

EBS Integration Guide 3.0.1

card_brand

Give 1 for VISA, 2 for
MasterCard, 3 for Maestro, 4
for Diners Club, 5 for
American Express and 6 for

numeric

char

numeric

YES

char

YES

JCB

emi

EMI period like 3, 6,9,12
etc. for Credit Card.

page_id

The id of the customized
page

card_cvv

CVV number of the credit
card. Only for Direct mode.

secure_hash

Hash value calculated

Page 8

EBS Integration Guide 3.0.1

iii. Sample HTML form For Direct Mode

The link between Merchant website and EBS Payment page has to be maintained on the last
page of the shopping basket on Merchant website.
Below are the parameters to be posted to EBS.

Page 9

EBS Integration Guide 3.0.1

Successful

ResponseMessage

Appropriate message explaining about successful or un
successful payment

DateCreated

payment happened date

PaymentID

For that particular payment a id will be created for our
reference

MerchantRefNo

Merchants reference number

Amount

Payment Amount

Mode

LIVE

Page 23

EBS Integration Guide 3.0.1

BillingName

Customer billing Name

BillingAddress

Customer billing address.

BillingCity

Customer billing city.

BillingState

Customer billing state.

BillingPostalCode

Customer billing postal code.

BillingCountry

Customer billing country.

BillingPhone

Customer billing phone.

BillingEmail

Customer billing email.

DeliveryName

Customer delivery Name

DeliveryAddress

Customer delivery address.

DeliveryCity

Customer delivery city.

DeliveryState

Customer delivery state

DeliveryPostalCode Customer delivery postal code.

DeliveryCountry

Customer delivery country.

DeliveryPhone

Customer delivery phone.

IsFlagged

YES or NO

TransactionID

Authorized Transaction ID of the generated payment ID. Each
Payment ID will have different transaction id for each actions.
For ex: Capture, Cancel, Refund, etc

SecureHash

The hashed value of the response parameters.

AccountID

Your Account ID

Response in case all the validations are failed
S.No

Parameter

Description

SecureHash

The hashed value of the response parameters.

Page 24

EBS Integration Guide 3.0.1

Error

Error Message

ResponseCode

Response Code of the error

Recommended validation in the response file to avoid duplication of records in your
backend

1) Pass your orderid in the reference_no parameter and in response file, check whether
MerchantRefNo and your orderid matches.
2) Check if the amount of the order and the "amount" parameter in the response is equal.

If both the conditions results as true, insert order in your backend, which nullifies the
duplications.
Response Message:
Transaction Successful
Transaction Failed Invalid
parameters:
Invalid Account ID / VPC is not enabled for the account
Invalid Secure Hash
Amount cannot be less than 1
Invalid Payment Option
Invalid payment request
Invalid mode selected
Selected payment method is NOT available now
Invalid Response
Bank Declined Transaction
3D Secure Authentication Failed
Denied By Risk
Insufficient funds

Page 25

EBS Integration Guide 3.0.1
APPENDIX A – SECURE HASH VALIDATION

Secure hash is a technology to check for the authenticity of the parameters posted to EBS. The
secure hash value is posted along with other post parameters. The received parameters are
hashed at EBS and compared against the Secure hash value received from Merchant.

In a Similar way, the merchant can hash the received values and compare it with
secure hash value received from EBS while taking the payment response.

The Hash Algorithm depends on the page_id parameter which you sent while the
payment request is sent to EBS.

In case of non-conformity, the payment is failed and further processing is stopped.
Procedure to implement the Secure Hash:
Step 1 - Implement the code for Secure hash validation

Sample Code using MD5 Hashing Algorithm in PHP
$secret_key = ’ ’; //Provide your EBS Account’s Secret Key
$hashData = $secret_key; // Intialise with Secret Key ksort ($_POST); // Sort the post
parameters in alphabetical order of parameter names.
//Append the posted values to $hashData
foreach($_POST as $key => $value) {
//create the hashing input leaving out any fields that has no value and by concatenating
the values using a ‘|’ symbol.
if (strlen($value) > 0) {
$hashData .=
'|'.$value;
© Copyright E-Billing Solutions Pvt Ltd.

Page 26

EBS Integration Guide 3.0.1
}
}
// Create the secure hash and append it to the Post data
if (strlen($hashData) > 0) {
$hashvalue = strtoupper(md5($hashData));
}
$SecureHash = $hashvalue;
Step 2 – Posting the Hash Value

Merchant need to generate Secure Hash and pass this value along with other
payment request Parameters. Parameter Name for Secure Hash is "secure_hash"

APPENDIX B – SETTLEMENT CYCLE

This is with reference to the RBI Notification RBI/2009-10/231DPSS.CO.PD.No.
1102/02.14.08/2009-10 dated November24, 2009 captioned "Directions for opening and
operation of accounts and settlement of payments for electronic payment transactions
involving intermediaries".
As per the aforementioned notification, EBS has implemented a T+2 Settlement
Cycle. Below mentioned are the details concerning T+2 Settlement process:

Transaction Day – Day on which Merchant completes the Order from his Customer
by capturing it in the EBS Backend.
Settlement Day- Day on which EBS Settles the Transaction Amount to Merchant for the
Transaction done on Transaction Day

Page 27

EBS Integration Guide 3.0.1

Transaction Day

Settlement Day

Monday(this week)

Wednesday(this week)

Tuesday(this week)

Thursday(this week)

Wednesday(this week)

Friday(this week)

Thursday(this week)

Saturday(this week)

Friday (this week)

Monday(next week)

Saturday, Sunday(this week)

Tuesday(next week)

Note - If any Bank Holidays or Unexpected Holidays happen to be on the
Settlement Day, the Settlement is postponed to the next Working Day.
For Example: If Tuesday happens to be Bank Holiday, The Settlement is
postponed to Wednesday. So the transactions done on Saturday, Sunday (this
week) are settled on Wednesday (next week)

Page 28

EBS Integration Guide 3.0.1

APPENDIX C – ISO3 COUNTRY NAME

ISO 3
ABW
AFG
AGO
AIA
ALA
ALB
AND
ANT
ARE
ARM
ASM
ATA
ATF
ATG
AUS
AUT
AZE
BDI
BEL
BGD
BGR
BHR
BHS
BRB
BIH
BLR
BLZ
BEL
BEN
BMU
BTN
BOL
BWA

Country Name
Aruba
Afghanistan
Angola
Anguilla
Aland Islands
Albania
Andorra
Netherlands Antilles
United Arab Emirates
Armenia
American Samoa
Antarctica
French Southern Territories
Antigua and Barbuda
Australia
Austria
Azerbaijan
Burundi
Belgium
Bangladesh
Bulgaria
Bahrain
Bahamas
Barbados
Bosnia and Herzegovina
Belarus
Belize
Belgium
Benin
Bermuda
Bhutan
Bolivia
Botswana

ISO 3
BVT
BRA
BRN
BFA
CAF
CAN
CCK
CHE
CHL
CHN
CIV
CMR
CYM
CYP
CZE
COD
COK
COL
COM
CPV
CRI
CUB
CXR
DEU
DJI
DMA
DNK
DOM
DZA
ECU
ESH
ESP
EST

Country Name
Bouvet Island
Brazil
Brunei Darussalam
Burkina Faso
Central African Republic
Canada
Cocos (Keeling) Islands
Switzerland
Chile
China
Cite d'Ivoire
Cameroon
Cayman Islands
Cyprus
Czech Republic
Democratic Republic of the Congo
Cook Islands
Colombia
Comoros
Cape Verde
Costa Rica
Cuba
Christmas Island
Germany
Djibouti
Dominica
Denmark
Dominican Republic
Algeria
Ecuador
Western Sahara
Spain
Estonia

Page 29

EBS Integration Guide 3.0.1

ISO 3
ETH
FIN
FJI
FLK
EGY
ERI
FRA
FRO
FSM
GAB
GBR
GEO
GUF
GUM
GUY
HUN
IDN
IMN
IND
IOT
IRL
IRN
IRQ
ISL
ISR
ITA
JAM
JEY
JOR
JPN
KHM
KAZ
KEN
KGZ

Country Name
Ethiopia
Finland
Fiji
Falkland Islands (Malvinas)
Egypt
Eritrea
France
Faroe Islands
Federated States of Micronesia
Gabon
United Kingdom
Georgia
French Guiana
Guam
Guyana
Hungary
Indonesia
Isle of Man
India
British Indian Ocean Territory
Ireland
Iran, Islamic Republic of Iran
Iraq
Iceland
Israel
Italy
Jamaica
Jersey
Jordan
Japan
Cambodia
Kazakhstan
Kenya
Kyrgyzstan

ISO 3
KIR
KNA
KOR
KWT
LAO
LBN
LBR
LBY
LCA
LIE
LKA
LSO
LTU
LUX
LVA
MAC
MAF
MAR
MCO
MDA
MDG
MDV
MNP
MOZ
MRT
MSR
MTQ
MUS
MWI
MYS
MYT
NAM
NCL
NER

Country Name
Kiribati
Saint Kitts and Nevis
Korea, Republic of Korea
Kuwait
Lao People`s Democratic Republic
Lebanon
Liberia
Libyan Arab Jamahiriya
Saint Lucia
Liechtenstein LKA
Sri Lanka
Lesotho
Lithuania
Luxembourg
Latvia
Macao
Saint Martin (French part) MAR
Morocco
Monaco
Moldova
Madagascar
Maldives
Northern Mariana Islands MOZ
Mozambique
Mauritania
Montserrat
Martinique
Mauritius
Malawi
Malaysia
Mayotte
Namibia
New Caledonia
Niger

Page 30

EBS Integration Guide 3.0.1

ISO 3
NFK
NGA
NIC
NIU
NLD
NOR
NPL
NRU
NZL
OMN
PAK
PAN
PCN
PER
PHL
PLW
PNG
POL
PRI
PRK
PRT
PRY
PSE
PYF
QAT
REU
ROU
RUS
RWA
SAU
SDN
SEN
SGP
SGS

Country Name
Norfolk Island
Nigeria
Nicaragua
Niue
Netherlands
R Norway
Nepal
Nauru
New Zealand
Oman
Pakistan
Panama
Pitcairn
Peru
Philippines
Palau
Papua New Guinea
Poland
Puerto Rico
Korea, Democratic People`s Republic
Portugal
Paraguay
Palestinian Territory, Occupied
French Polynesia
Qatar
Run ion
Romania
Russian Federation
Rwanda
Saudi Arabia
Sudan
Senegal
Singapore
South Georgia and the South Sandwich
Islands

ISO 3
SHN
SJM
SLB
SLE
SLV
SMR
SOM
SPM
SRB
STP
SUR
SVK
SVN
SWE
SWZ
SYC
SYR
TCA
TCD
TGO
THA
TJK
TKL
TKM
TLS
TON
TTO
TUN
TUR
TUV
TWN
TZA
UGA
UKR

Country Name
Saint Helena
Svalbard and Jan Mayan
Solomon Islands
Sierra Leone
El Salvador
San Marino
Somalia
Saint Pierre and Miquelon
Serbia
Sao Tome and Principe
Suriname
Slovakia
Slovenia
Sweden
Swaziland
Seychelles
Syrian Arab Republic
Turks and Caicos Islands
Chad
Togo
Thailand
Tajikistan TKL
Tokelau
Turkmenistan
Timor
Tonga
Trinidad and Tobago
Tunisia
Turkey
Tuvalu
Taiwan, Province of China
Tanzania, United Republic of
Uganda
Ukraine

Page 31

EBS Integration Guide 3.0.1

ISO 3
UMI
URY
USA
UZB
VAT
VCT
VEN
VGB
VIR
VNM
VUT
WLF
WSM
YEM
ZAF
ZMB
ZWE

Country Name
United States Minor Outlying Islands
Uruguay
United States
Uzbekistan
Holy See (Vatican City State)
Saint Vincent and the Grenadines
Venezuela
Virgin Islands, British
Virgin Islands, U.S.
Viet Nam
Vanuatu
Wallis and Futuna
Samoa
Yemen
South Africa
Zambia
Zimbabwe

APPENDIX D – PCI DSS COMPLIANCE

Compliance Requirements

Control Objectives

PCI DSS Requirements
1.Install and maintain a firewall configuration
to protect cardholder data

Build and Maintain a Secure Network
2. Do not use vendor-supplied defaults for
system passwords and other security parameters

Page 32

EBS Integration Guide 3.0.1

3. Protect stored cardholder data
Protect Cardholder Data
4. Encrypt transmission of cardholder data across open,
public networks

5. Use and regularly update anti-virus software on all
systems commonly affected by malware
Maintain a Vulnerability Management
Program
6. Develop and maintain secure systems and
applications

7. Restrict access to cardholder data by business need
to-know
Implement Strong Access Control
Measures

8. Assign a unique ID to each person with computer
access

9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources
and cardholder data
Regularly Monitor and Test Networks
11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information
security

Page 33

EBS Integration Guide 3.0.1

PCI Self-Assessment Questionnaire (SAQ)

The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to
assist merchants and service providers in self-evaluating their compliance with the Payment
Card Industry Data Security Standard (PCI DSS). All merchants and their service providers are
required to comply with the PCI Data Security Standard in its entirety.

SAQ

C-VT

Description

Card-not-present (e-commerce or mail/telephone-order) merchants, all
cardholder data functions outsourced. This would never apply to face-to-face
merchants.

Imprint-only merchants with no electronic cardholder data storage, or
standalone, dial-out terminal merchants with no electronic cardholder data
storage.

Merchants using only web-based virtual terminals, no electronic cardholder data
storage.

Merchants with payment application systems connected to the Internet, no
electronic cardholder data storage.

All other merchants not included in descriptions for SAQ types A through C
D

above, and all service providers defined by a payment brand as eligible to complete an
SAQ.

Page 34

EBS Integration Guide 3.0.1

Merchant PCI DSS Compliance Criteria and PCI levels

Level 1 Criteria
Merchants with over 6 million transactions a year, or merchants whose data has
previously been compromised
Level 1 Validation Requirements
Annual Onsite Security Audit (reviewed by a QSA or Internal Audit if signed by officer of
merchant company and pre-approved by acquirer) and quarterly network security scan

Level 2 Criteria
Merchants with 1,000,000 to 6 million transactions a year
Level 2 Validation Requirements
Annual Self-Assessment Questionnaire
Quarterly Scan by an Approved Scanning Vendor (ASV)

Level 3 Criteria
Merchants with 20,000 to 1,000,000 transactions a year
Level 3 Validation Requirements
Quarterly Scan by an Approved Scanning Vendor (ASV)
Annual Self-Assessment Questionnaire

Level 4 Criteria
Merchants with less than 20,000 transactions
Level 4 Validation Requirements
Annual Self-Assessment Questionnaire
Quarterly Scan by an Approved Scanning Vendor

Page 35

EBS Integration Guide 3.0.1

Achieving Compliance with PCI DSS

The PCI DSS compliance procedure can take anything from a day to many weeks, depending on
what is uncovered by the vulnerability assessment scan and the self-assessment
questionnaire. Organizations that currently have a good level of information security are likely
to be compliant a lot more quickly than those that don't.

QSAs carry out inspections of PCI DSS implementations and determine a recommendation of
compliance to the various payment brands. Each individual payment brand will separately
determine whether to accept the recommendation of compliance and whether a detailed
review of the report of compliance and compensating controls is warranted.

The starting point for all organizations that need to comply is to download the Payment Card
Industry Self-Assessment Questionnaire and to contact a PCI Approved Scanning
Vendor (ASV).

Page 36

EBS Integration Guide 3.0.1

E-Billing Solutions Pvt. Ltd.,
If Any, Please send suggestions or corrections to:
Email:support@ebs.in

Page 37

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : No
Page Count                      : 37
Language                        : en-US
Tagged PDF                      : Yes
Author                          : vamshi
Creator                         : Microsoft® Word 2010
Create Date                     : 2015:07:09 17:42:18+05:30
Modify Date                     : 2015:07:09 17:42:18+05:30
Producer                        : Microsoft® Word 2010

EXIF Metadata provided by EXIF.tools

Ebs Integration Guide 3.0.1

Navigation menu

Versions of this User Manual:

Views

Navigation