Credit Card Payment

Credit card payment is a payment method provided by credit card companies. You can use your card number and expiration date to pay for products, etc.

Service Diagram

Main Features

The service allows you to accept the five major international credit card brands (VISA, MasterCard, JCB, Diners Club, and American Express).
In addition to normal full payment, it supports installment and revolving payments.
ID verification service (EMV 3-D Secure3D Secure), security code (CVV2) authentication, etc. are provided to prevent unauthorized use of credit cards.

Usage Information for End Users

Please refer to the service website for details on the purchasing procedure.
For end-user usage information, please refer to the FAQ (Payment /System Specifications > Credit Card Payment).

Service Use Condition

The service use terms for end users are as follows.

End users who can use the service	Credic Card *Debit cards and prepaid cards with the VISA, MasterCard, JCB, and other brands can also be used in the same way as regular credit cards.
Credit limit	The credit limit is an amount determined by the contract between the end user and the respective credit card company. The credit limit per use ranges from two yen to the amount approved by the credit card company.
Other	Payment methods include lump sum, revolving payment, and installment payment Application is required if you wish to use revolving payment or installment payments. This payment method may not be available on some merchants. When using the Link Type, revolving and installment payments are available for payment of 10,000 yen or more. *The standard number of installments are: 3, 5, 6, 10, 12, 15, 18, 20, and 24.

Payment Authentication Method

The method of authentication required for end users at payment are as follows.

Authentication method	Description	Remarks
Credit card number/expiration date	The credit card number and expiration date (Month/Year) shown on the credit card. When credit card information is not stored, the credit card number and expiration date need to be entered.	–
ID verification service EMV 3-D Secure	The credit card user is authenticated for most transactions without additional authentication based on his/her payment information through risk-based authentication, and additional authentication, such as a one-time password, is required for high-risk transactions only.	–
Security code (CVV2)	A number that is written on the front or back of the credit card. This code needs to be entered upon payment.	For VISA / MasterCard / JCB / Diners, This is the number printed on the signature panel on the back of the card. For American Express, the card number on the front of the card It's the number printed above.
Image authentication	This is the number that is automatically displayed on the credit card number input screen.	–

<<ID verification service >>

EMV 3-D Secure uses risk-based authentication based on user device information (*5) and card user payment information (*1) to complete the majority of transactions without additional authentication (*2*3), with additional authentication (*4) such as one-time passwords only for transactions deemed high risk. The risk-based authentication significantly improves the problems of conventional 3D Secure, such as time-consuming input and forgotten passwords, and is expected to improve customer convenience and sales by improving the basket drop rate, while realizing safe and speedy online payment.
*1: For information on how to link cardholder Payment information, etc., please refer to the EMV 3-D Secure Authentication System.
*2: Since the credit card company determines whether or not additional authorization is required based on the cardholder payment information provided by the merchant, it is said that if more accurate information is provided, the possibility of no additional authorization will increase.
The card name, phone number, and email address can also be obtained on the SBPS Link Type Payment screen. (↓Please check the screen image)
*3: In the case of no additional certification, this is called frictionless flow.
*4: In the case of additional authentication, it is called a challenge flow.
*5: The following device information is automatically acquired.
Browser Accept Header
IP Address
JAVA Availability
Browser Language Settings
Browser Colors
Browser Height
Browser Width
Browser Time Zone
User Agent

The certification result (ECI value) can be checked in the Payment Administration Tool.

Authentication Result	VISA	MasterCard	JCB	Diners	American Express
Authentication successful *Chargebacks are borne by the card issuer.	ECI05	ECI02	ECI05	ECI05	ECI05
Authentication attempt *Chargebacks are borne by the card issuer.	ECI06	ECI01	ECI06	ECI06	ECI06
Authentication failure *Chargebacks are borne by the merchant.	ECI07	ECI00	ECI07	ECI07	ECI07

The behavior of the ID authentication service varies depending on the settings at the time of application, so please check below.

Description	Description
Use the service (Standard: ECI05/06)	Risk-based authentication is completed without additional authentication (frictionless) based on the card user's payment information, etc., or additional authentication such as a one-time password (challenge flow) is implemented only for transactions deemed to be high risk. (ECI05 or ECI02) * The screen transition is as shown in usage overview (1) or (2). If the card issuer does not support EMV 3-D Secure, or if the card cannot be authenticated due to the card issuer, the purchase can be made without authentication. (ECI06 or ECI01) *The screen transition is shown in the following image (3).
Use the service (Absolute: ECI05 only)	Risk-based authentication is completed without additional authentication (frictionless) based on the card user's payment information, etc., or additional authentication such as a one-time password (challenge flow) is implemented only for transactions deemed to be high risk. (ECI05 or ECI02) * The screen transition is as shown in usage overview (1) or (2). *If you would like to apply for this setting, please contact our sales department.
Not to use the service	Normal credit card payment is made without ID authentication. *The screen transition is shown in the following image (3).

The following shows the usage overview.

The credit card brands available for the ID verification service are as follows:

VISA	MasterCard	JCB	Diners	American Express
○	○	○	○	○

* You can check other credit card issuers which are supported by the service on the following URL.

<VISA>
　http://www.visa.co.jp/personal/security/onlineshopping.shtml

〈MasterCard〉
　http://www.mastercard.co.jp/personal/securecode/sc-issuers.html

<JCB>
　http://www.jcb.co.jp/Jsecure/whats.html

〈American Express〉
　https://www.americanexpress.com/jp/customer-service/safekey-faq.html

〈DinersClub〉
　https://www.diners.co.jp/ja/merchant/protectbuy.html

The following shows the "merchant names" appearing on the respective ID verification service screens:

* The screens may change without prior notice.
* EMV 3-D Secure may not perform additional authentication.

Screen Image

* The screens may change without prior notice.

Displayed fields

No	Field name	Description
1	Security code (CVV2)	The security code is a security feature to verify the actual credit card. Since the security code is written on the credit card, it is effective in preventing unauthorized use by a third party who has obtained the credit card information through skimming or other means. For API type, even if you apply for a security code, linking the security code will be optional. If you do not link your account, payments will be made without authenticating the security code. When using the link type and API type together, some cell phone models may not be available.
2	Name holder (Roman letters)	This is a required field for personal authentication. In addition, other required items must be linked with the Cardholder Payment information token. See EMV 3-D Secure Authentication System.

* The screens may change without prior notice.

Displayed fields

No	Field name	Description
1	Security code (CVV2)	The security code is a security feature to verify the actual credit card. Since the security code is written on the credit card, it is effective in preventing unauthorized use by a third party who has obtained the credit card information through skimming or other means. For API type, even if you apply for a security code, linking the security code will be optional. If you do not link your account, payments will be made without authenticating the security code. When using the link type and API type together, some cell phone models may not be available.
2	Name holder (Roman letters)	This is a required field for personal authentication. In addition, other required items must be linked with the Cardholder Payment information token. See EMV 3-D Secure Authentication System.
3	Image authentication	Image authentication is a feature that ensures that a human is operating the device, not a system. Since it is difficult to automate image reading in a system, this is effective in preventing indiscriminate attacks.

*This screen is provided in the latest version.

* The screens may change without prior notice.

Displayed fields

No	Field name	Description
1	Security code (CVV2)	The security code is a security feature to verify the actual credit card. Since the security code is written on the credit card, it is effective in preventing unauthorized use by a third party who has obtained the credit card information through skimming or other means. For API type, even if you apply for a security code, linking the security code will be optional. If you do not link your account, payments will be made without authenticating the security code. When using the link type and API type together, some cell phone models may not be available.
2	Name holder (Roman letters)	This is a required field for personal authentication.
3	E-mail address	This is a required field for personal authentication. One of the three items is required.
4	Phone number (Billing address)
5	Phone number (Work place)
6	Image authentication	Image authentication is a feature that ensures that a human is operating the device, not a system. Since it is difficult to automate image reading in a system, this is effective in preventing indiscriminate attacks.

*This screen is provided in the latest version.

Service Specifications

Basic Specifications

The available billing systems and billing system-specific basic specifications are as follows. Each period of time for processing settlement, cancellation, and others performed by the payment administration tool is based on the tool.

Billing Methods

One-time charge	○
Recurring charge (simple)	○
Recurring charge (based on term or usage rate)	×

*This service does not support Recurring billing (fixed term/pay-as-you-go), but merchants can use the purchase API at billing timing to perform recurring billing.

Basic Specifications

Billing method	Field		Specifications
One-time charge	Close authorization settlement	Automated sales	○
	Close authorization settlement	Specified sales	○
	Period for settlement		Auto close authorization settlement: settlement is not necessary. Specified close authorization settlement: Until the 45th day (estimate) including the date of purchase request process^※1
	Period for cancellation		Auto close authorization settlement: cancellation function not available. Specified close authorization settlement: Until the 45th day (estimate) including the date of purchase request process^※1
	Period for refund		Until the 6th month including the date of purchase request process
	Period for re-obtained authorization		Within 6 months from the date of source transaction
Recurring Billing (Simplified)	Close authorization settlement	Automated sales	○
	Close authorization settlement	Specified sales	×
	Recurring billing processing (authorization)		First month: Billing processing is performed by the Merchant. Second month onward: Not necessary.
	Date of settlement processing		Billing processing is performed on the first business day of each month
	Date of notification of billing processing not possible		Returned starting from the first business day of each month in order
	Period for refund		Until the 6th month including the date of purchase request process
	Selection function		You can choose the option between paid/free for the first month.

*1: This is only an estimate as the support period varies depending on the credit card company.
In addition, some international brands have a rule that allows the card company to charge back a mail order or electronic transaction as a delayed billing if the sales data exceeds 7 days from the date the credit was obtained to the time the sales data is received by the card company.　However, not all of these sales are eligible for chargeback, but those transactions that fall under the brand rules where some problems have occurred, such as a request from the cardholder to deny use of the card.

Supported devices

The available devices are as follows.

Device	Availability	Remarks
PC	○	–
Smartphone	○	When using image authentication, please note that payment cannot be made with some smartphones that do not support image authentication.
Mobile		–

List of Provided Functions

The following functions are provided. As for the payment administration tool, only the main functions are listed. For details, see the Payment Administration Tool Manual.

Billing method/Close authorization settlement	Provided functions	Link Type	API Type	Payment management tool
One-time billing/Automated sales	Purchase	○	○	–
	Refund	–	○	○
	Payment result reference		○	–
One-time charge/Specified sales	Purchase	○	○	–
	Settlement	–	○	○
	Partial Settlement	–	○	○
	Cancellation	–	○	○
	Refund	–	○	○
	Partial Refund	–	○	○
	Re-obtained authorization	–	○	–
	Payment result reference	–	○	–
Recurring Billing (Simplified)	Purchase	○	○	–
	Refund	–	–	〇
	Payment result reference	–	○^※¹	–
	Cancellation of recurring billing (simplified)	○	○	○
	Recurring billing (simplified) cancellation notification	○	○	–
Other	Credit card information registration	○	○	–
	Credit card information update	○	○	–
	Credit card information delete	○	○	○^※²
	Credit card information reference	–	○	○

*1: Only the payment for the first purchase can be referenced. To use the function, set the tracking ID at the time of the first request.
*2: It can be executed with the disable button.

For credit card payment, the following service functions are also provided in addition to the above listed provided functions.

Service function	Link Type	API Type
Credit card information storage service	○	○
Credit card validation and information update service (automatic validation and information update)	○	○
ID verification service EMV 3-D Secure	○	○
Security code (CVV2)	○	○
Image authentication	○	–
Eikyu token function	–	○
AI Fraud Detection	〇	〇

The details of each service function are as follows.
*For details on the ID verification service (3D Secure), security code (CVV2), and image authentication, see "End User Authentication Methods Used for Payment."

<Credit card information storage service>
This service keeps the credit card number and identity verification items entered by the end user. Note that this service is required for Recurring billing (simplified) and credit card account update services (automatic account update). The following is an example of use.

When you want to encourage end users to pre-register

To improve the convenience of input for returning end users. *Some cards, such as prepaid cards and debit cards, may not be able to be registered.

<<Credit card validation and information update service (automatic validation and information update)>>
A service to verify the validity of credit cards stored at SBPS on a monthly basis. Note that credit card information is also updated by this service for some card companies. As a rough guide, this service should be used when the number of members is 20,000 or more.

<<What is payment using a one-time token?>>
A payment method that allows for making payment after credit card information entered by the end user is converted into a one-time token (a string). Each merchant can make payment without retaining credit card information by incorporating the JavaScript provided by SBPS into its website. Since payment is completed on the merchant's website, it can freely design the payment screens. Note that a one-time token is returned as a string that is totally different from the relevant credit card number.
* After obtaining information through the One-time Token Acquisition API, it is necessary to link and process it using the One-time token. For more information, see One-time token system.

<<Eikyu token function>>
A function that allows for making payment after credit card number entered by the end user is converted into a permanent token (a string). The merchant can make payment without retaining credit card information by using a one-time token and returning the Eikyu token or by using a tablet with the Eikyu token non-retention service. The Eikyu token function allows for using the merchant's system as it is because it converts a credit card number into a number with the same digit as the card number. Note that the Eikyu token function makes an irreversible conversion of the original credit card number into a totally different string.

The process of payment using a one-time token and Eikyu token is as follows.

The process of using the one-time token API is as follows.

Obtain one-time token information with the one-time token acquisition API.
Establish linkage with the one-time token information using the API and perform payment processing (authorization, customer registration, recurring billing, etc.)
Perform the subsequent processing (commit, capture, refund, etc.) with an API for subsequent processing

The process of using the Eikyu token function API is as follows.

Obtain one-time token information with the one-time token acquisition API.
When using a tablet with the Eikyu token non-retention service, obtain the Eikyu token on the tablet.
Perform payment processing (payment request, information registration, etc.) by using a one-time token and the Eikyu token return API.
When the Eikyu token is obtained on a tablet, perform payment processing using the Eikyu token (payment request, information registration, etc.).
Perform the subsequent processing (capture request, settlement request, refund, etc.) with an API for subsequent processing.

<< AI Fraud Detection >>
This service detects fraudulent use using payment information and machine learning.
By creating a model based on machine learning of all kinds of fraud patterns using payment data that exceeds several hundred million transactions per year, it is possible to calculate a score in real time based on similarities with fraud patterns that cannot be distinguished by humans.
The score is automatically calculated when using the link type, while the API type can be used by embedding our JavaScript into the merchant's site.
*Depending on when you start using the link type, you may need to switch to a screen that supports AI fraud detection.

Payment Status Transition

Each of the features that we offer will Transition the status of Payment as follows: For information on how to implement each feature, please refer to the Link Type IF Specification, API type IF Specification, and SBPS Admin portal / Payment management tool Function Manual.

<<One-time billing/Auto close authorization settlement >>

Provided functions	Link Type Process name/Function ID	API Type Process name/Function ID	Payment management tool Screen name/Button name
Purchase	Purchase request A01-1	(one-time token acquisition request/obtain the Eikyu token by using a tablet with the Eikyu token non-retention service) Payment request (One-Time Token Used) ST01-00131-101 (Eikyu token used) ST11-00111-101 (one-time token used/Eikyu token returned) ST11-00131-101 Capture request^※1 ST02-00101-101	–
Refund	–	Cancel/Refund Request ST02-00303-101	Billing Information Screen "Card Refund"
Payment result reference	–	Payment result reference request MG01-00101-101	–

*1: Performed after one of the payment requests is made.

<<One-time billing/Specified close authorization settlement >>

Provided functions	Link Type Process name/Function ID	API Type Process name/Function ID	Payment management tool Screen name/Button name
Purchase	Purchase request A01-1	(one-time token acquisition request/obtain the Eikyu token by using a tablet with the Eikyu token non-retention service) Payment request (one-time token used) ST01-00131-101 (Eikyu token used) ST11-00111-101 (one-time token used/Eikyu token returned) ST11-00131-101 Capture request^※1 ST02-00101-101	–
Settlement	–	Sales request ST02-00201-101	Billing information screen "Sales" or Card collective settlement processing screen "Bulk registration"
Partial Settlement	–	Sales request ST02-00201-101	Billing information screen "Partial Settlement"
Cancellation	–	Cancel/Refund Request ST02-00303-101	Billing Information Screen "Void Authorization”
Refund	–	Cancel/Refund Request ST02-00303-101	Billing Information Screen "Card Refund"
Partial Refund	–	Partial Refund Request ST02-00307-101	Billing Information Screen "Card Partial Refund"
Re-obtained authorization	–	Re-obtained authorization request (one-time token used) ST01-00133-101	–
Payment result reference	–	Payment result reference request MG01-00101-101	–

*1: Performed after one of the payment requests is made.

<<Recurring billing (simplified)>>

Provided functions	Link Type Process name/Function ID	API Type Process name/Function ID	Payment management tool Screen name/Button name
Purchase	Purchase request A01-1	(one-time token acquisition request) Recurring billing (simplified) purchase request (one-time token used) ST01-00132-101 Capture request^※1 ST02-00101-101	–
Payment result reference	–	Payment result reference request MG01-00101-101
Cancellation of recurring billing (simplified)	Purchase request A01-1	Recurring Billing (Simplified) Cancellation Request ST02-00302-101	Recurring billing (simple) User Information Screen "Cancel"
Recurring billing (simplified) cancellation notification	Purchase Result CGI A02-1	Recurring Billing (Simplified) Cancellation Notification NT01-00108-101	–

*1: Performed following recurring billing (simplified) purchase request (one-time token used)

Cautions

Debit Card/Prepaid Card Information

Debit cards and prepaid cards with the VISA, MasterCard, JCB, and other brands can also be used in the same way as regular credit cards.
However, note the following arising from the characteristics of debit cards and prepaid cards:

Since the usage amount is withdrawn at the time of authorization, duplicated billing may occur temporarily due to a change of the amount (re-obtained authorization following cancellation).
If the sales transaction is not processed within a certain period of time (varies depending on the credit card company), the payment will be automatically refunded. Please note that sales processing is possible even after automatic refund, but if there is no balance, an error will occur.

Unauthorized Usage Investigations and Chargebacks

As a result of a complaint from the end user due to defective items or use that he/she is not aware of, or doubts about unauthorized use by a third party, credit card companies may conduct investigation on unauthorized use or a chargeback (refusal of factoring) may be made. Upon receipt of notification from each credit card company, SBPS will promptly report it to the relevant merchant. Then, the merchant is encouraged to take action in accordance with the notification. Note that if the charge back is fixed, the relevant sales amount will be excluded from settlement and be borne by the merchant. For details, see the statement of material importance submitted when applying for the service.

About Recurring Billing (Simplified)

When performing recurring billing (simplified) using an Eikyu token, credit card information registration request (Eikyu token used) needs to be performed in advance.

If an error occurs when requesting a Cancel/Refund Request

If you receive a credit error on a "card cancellation" (Cancel/Refund Request) even though the cancellation is still within the period for cancellation, please contact SBPS merchant support.

Specifications

The credit card payment is provided by incorporating the service provided by credit card company into the Online Payment ASP Service provided by SBPS. Note that if the credit card company makes a change to the specifications or economic requirements, the specifications of credit card payment provided by SBPS may also change.

Service Suspension Due to Maintenance, etc.

Maintenance of the Online Payment ASP Service is performed on an irregular basis. Any service suspension due to maintenance will be notified in advance. As a rule, such a notification is made 1 week before the suspension. However, this may not be the case in the event of emergency maintenance.
If the service is suspended due to maintenance or the failure of credit card company or their partner systems which are not SBPS systems, SBPS will promptly report it to merchants as soon as we become aware of the situation and then find out the cause. Note that although SBPS will report to merchants as soon as we find out the cause, it may take time to determine the cause if the problem is not attributable to us.

Supplementary Information

No supplementary information available.

Introduction

Connection method

Billing method

Payment Services

Payment Services | Options

Payment management tool

Test

Notices

Service Overview