Skrill Payment Gateway Integration Guide

Skrill Payment Gateway Integration Guide For use by Skrill ecommerce merchants This guide describes how to connect to the Skrill Payment Gateway www.skrill.com Version 6.8 Skrill Limited, 25 Canada Square, Canary Wharf, London, E14 5LQ, UK.

Copyright 2014. Skrill Ltd. All rights reserved. The material contained in this guide is copyrighted and owned by Skrill Ltd together with any other intellectual property in such material. Except for personal and non-commercial use, no part of this guide may be copied, republished, performed in public, broadcast, uploaded, transmitted, distributed, modified or dealt with in any manner at all, without the prior written permission of Skrill Ltd, and, then, only in such a way that the source and intellectual property rights are acknowledged. To the maximum extent permitted by law, Skrill Ltd shall not be liable to any person or organisation, in any manner whatsoever from the use, construction or interpretation of, or the reliance upon, all or any of the information or materials contained in this guide. The information in these materials is subject to change without notice and Skrill Ltd. assumes no responsibility for any errors. Skrill Ltd. Registered office: Skrill Limited, 25 Canada Square, Canary Wharf, London, E14 5LQ, UK. Version Control Table Date Version Description 13/09/2013 6.2 New guide template and updated content, including new Gateway pages. 25/10/2013 6.3 Changes to description of Split Gateway and Payment Method Codes appendix. 25/11/2013 6.4 Removal of Latvian currency. 17/12/2013 6.5 Addition of credit card brands with Split Gateway, plus new screenshots. 21/02/2014 6.6 Changes to Skrill 1-tap. 20/05/2014 6.7 Removal of Laser. Addition of Paysafecard. 20/09/2014 6.8 Addition of Trustly codes for Split Gateway. Skrill 2014 Page 1

Contents 1 About this Guide... 4 1.1 Objectives and target audience... 4 1.2 Related documentation... 4 1.3 Conventions used in this guide... 4 2 Introduction... 5 2.1 Connecting to the Payment Gateway... 6 2.1.1 The payment process... 7 2.2 Steps in the payment process... 8 2.2.1 Redirecting customers to the Skrill Gateway (step 1)... 8 2.2.2 Customer completes details on the Skrill payment page (step 2)... 14 2.2.3 Skrill transaction status page (final step)... 15 2.2.4 Skrill status response... 16 2.2.5 Detailed status description... 18 2.2.6 Customers who are registered with Skrill... 19 2.2.7 Customers who are not registered for Skrill... 23 3 Gateway options... 25 3.1 Quick Checkout... 25 3.2 Split Gateway... 27 3.2.1 Fixed Split Gateway... 28 3.2.2 Flexible Split Gateway... 29 3.2.3 Displaying credit/debit card brands... 30 3.3 Gateway Fast Registration (GWFR)... 31 3.4 Skrill payment methods... 33 3.5 Recurring Billing... 34 3.6 Skrill 1-Tap payment... 36 3.7 Secure return_url parameter... 38 3.8 Merchant refunds... 39 3.9 Chargeback notification... 39 3.10 Adding a descriptor... 39 3.11 Iframe target... 40 3.12 Code integration examples... 42 3.12.1 Generating the Session Identifier... 42 3.12.2 Redirecting the customer to Skrill... 42 4 Appendices... 43 Skrill 2014 Page 2

4.1 ISO 4217 currencies... 43 4.2 ISO country codes (3-digit)... 44 4.3 MD5 signature... 46 4.4 SHA2 signature... 47 4.5 Example HTML forms... 47 4.6 Payment method codes... 49 4.7 Failed reason codes... 50 5 Glossary... 52 6 Index... 55 Skrill 2014 Page 3

1 ABOUT THIS GUIDE 1.1 Objectives and target audience This guide provides details on how to connect your website to the Skrill Payment Gateway and use the Skrill ecommerce service. It is intended for users who have a working knowledge of HTML. The guide covers the steps in the payment process and the information that needs to be passed from your web servers to Skrill, to enable Skrill to process payments. Additional gateway integration options are also described. 1.2 Related documentation You should use this guide together with the additional Skrill Payment Gateway documents described below. Guide Automated Payments Interface Guide Description Describes how to connect to Skrill using the Automated Payments Interface (API). This supports functionality such as merchant queries against the system, sending money and processing refunds. 1.3 Conventions used in this guide The table below lists some of the conventions used in this guide. Table 1: List of conventions Convention Reference File path Glossary Description Indicates a reference to another section in this guide. For example, refer to the Introduction on page 5. Used to indicate a file path or folder structure. Glossary term Skrill 2014 Page 4

2 INTRODUCTION The Skrill Payment Gateway is a secure Skrill website, where you redirect customers from your website to make a payment through Skrill. The gateway collects customer payment details using standard HTML forms. After the payment is complete, the customer is returned to your website and you receive a real-time notification of the payment, which includes details of the transaction. Requesting a test account You may need a test account to test your integration to the Skrill Payment Gateway. Test accounts work in a live environment, however funds cannot be sent from a test account to a live account. To set up a test account: 1. Open an additional Skrill Digital Wallet account online via the Skrill website. 2. Inform Skrill of the email address of the new account and request that this be enabled as a test account. Who to contact for queries For all support queries, contact the Merchant Services department: Email: merchantservices@skrill.com Phone: +44 870 383 0762 (Mon-Fri, 9am until 5pm UK time) Skrill 2014 Page 5

2.1 Connecting to the Payment Gateway Connecting to the Skrill Payment Gateway requires adding Skrill as a payment method on your website s checkout or payment page. When your customer selects Skrill, you should ensure that they are redirected to the Skrill Payment Gateway. At the same time you will need to submit information about the payment, such as your account ID, amount to be paid and several other hidden text fields. You can use a standard HTML form to collect and pass payment and customer details to Skrill. An example of an HTML form is shown in section 4.5.Example HTML form on page 47. A simplified illustration of the transaction flow is shown in Figure 1 below. Figure 1. Skrill transaction flow 1. When the customer is ready to pay for goods or services on your website, they select the Skrill payment option on your website. 2. You request a session identifier (SID) by passing customer and transaction details (e.g., amount, currency and language) to the Skrill Payment Gateway. 3. Skrill returns the generated SID. 4. Using a light box or iframe you redirect the customer to the Skrill Payment Gateway and include the session identifier in the redirect URL. Skrill displays the relevant payment page. 5. The customer enters their payment information, plus any other details requested, and confirms the transaction. 6. Skrill requests authorisation for the payment from the customer s bank, third party provider or card issuer. 7. The bank/provider approves or rejects the transaction. 8. Skrill displays the confirmation page, containing the transaction result, on the Skrill Payment Gateway. 9. Skrill provides you with an asynchronous notification, sent to your status URL or IPN (instant Payment Notification), confirming the transaction details and status. Skrill 2014 Page 6

2.1.1 The payment process Figure 2 below provides a more detailed view of the interaction between customer, merchant and Skrill in a typical transaction. Figure 2: Payment flow between customer, merchant and Skrill Skrill 2014 Page 7

2.2 Steps in the payment process Payment details are collected from the customer and you are notified of the results in three steps: Step 1: you redirect the customer to the Skrill Payment Gateway, as described on page 8. Step 2: the customer enters their payment details on the Skrill Payment Gateway, as described on page 14. Step3: the customer confirms payment. Skrill seeks authorisation for the payment. The customer receives a payment confirmation and you receive notification of the status of the payment. See page 15. 2.2.1 Redirecting customers to the Skrill Gateway (step 1) When a customer is on the online checkout or payment page on your website, they should be presented with a Pay by Skrill button. See the example below. You can download a copy of this button in different sizes from the Skrill website at: https://www.skrill.com/en/business/brand-centre How to redirect the customer When the customer selects the Skrill button, your website should post the HTML form containing their transaction details to https://www.moneybookers.com/app/payment.pl. The HTML form should contain the required hidden input fields listed in Table 2 below. (For an example of how to implement this, see the example html form code on page 47.) You should use a secure method of obtaining a session ID before redirecting customers to Skrill, as described in section2.2.1.1 on page 9. Tips for improving the customer experience Any parameters that you pass through in your HTML form, such as customer name, email and address details, will be pre-populated in the relevant fields on the Skrill Payment Gateway, making it easier for the customer to complete the form. You can customise the appearance of the Skrill Payment Gateway and fields displayed to customers, using the Gateway options described in section 3 on page 25. To maximise conversion, Skrill recommends that you redirect customers to the Skrill Payment Gateway in the same browser window or embed the Skrill page in an iframe (see section 3.11 on page 40). Note: When using the standard Skrill Payment Gateway page, the minimum width of the window or frame should be at least 600 pixels. Skrill 2014 Page 8

Skrill Payment Gateway demonstration website If you want a demonstration of the Skrill Payment Gateway, you can access a test form at: https://www.moneybookers.com/app/test_payment.pl. Note: transactions are processed as real payments. To arrange for a test account where test data can be processed, please contact merchantservices@skrill.com. Download payment method logos Skrill logos and payment method icons that can be displayed on your website are available at: https://www.skrill.com/en/business/brand-centre 2.2.1.1 Recommended secure method of redirecting the customer This method can be used to ensure that details of the payment are communicated securely between your server and Skrill. Important! We strongly recommend that you use this method for redirecting your customers to Skrill, as it does not require sending any payment parameters to their browser. This prevents customers from being able to view or modify any hidden parameters in your source code. How to implement 1. Your web server makes a standard POST request with the payment parameters, using the prepare_only=1 parameter (see Table 2 below). 2. The Skrill server prepares a session for the payment and returns a standard HTTP(S) response. 3. Your web server takes the SESSION_ID cookie from the appropriate Set-Cookie HTTP header of the response. 4. Using this SESSION_ID value the customer can be redirected to: https://www.moneybookers.com/app/payment.pl?sid=<session_id> The normal flow of events continues. This redirect must happen within 15 minutes of the original request or the session will expire. For code examples of how to implement this, see section 3.12 on page 42. Skrill 2014 Page 9

Parameters to be posted to the Skrill Gateway Please review the table below for details of the required and optional parameters that need to be included in your form. An example of a simple HTML form is provided in section 4.5 on page 47. Table 2: Skrill Gateway parameters Field name Description Required Merchant Details pay_to_email Email address of your Skrill account. Max length Example value Yes 50 info@merchant.com recipient_description transaction_id return_url return_url_text return_url_target cancel_url cancel_url_target status_url A description to be shown on the Skrill Gateway page. If no value is submitted, the pay_to_email value is shown as the recipient of the payment. (Max 30 characters) Your unique reference or identification number for the transaction. (Must be unique for each payment) URL to which the customer is returned once the payment is made. If this field is not filled, the Skrill Gateway page closes automatically at the end of the transaction and the customer is returned to the page on your website from where they were redirected to Skrill. A secure return URL option is available. (See section 3.7 on page 38.) The text on the button when the customer finishes their payment. Specifies a target in which the return_url value is displayed upon successful payment from the customer. Default value is 1. 1 = '_top' 2 = '_parent' 3 = '_self' 4= '_blank' URL to which the customer is returned if the payment is cancelled. If this field is not filled, the Skrill Gateway page closes automatically when the Cancel button is selected, and customer is returned to the page on your website from where they were redirected to Skrill. Specifies a target in which the cancel_url value is displayed upon cancellation of payment by the customer. Default value is 1. 1 = '_top' 2 = '_parent' 3 = '_self' 4= '_blank' URL to which the transaction details are posted after the payment process is complete. Alternatively, you may No 30 Your Company Name No 100 A205220 No 240 No 35 No 1 3 No 240 No 1 1 No 400 http://www.merchant.com/payment.htm Return to main website http://www.merchant.com/payment_cancel led.htm https://www.merchan t.com/process_payme nt.cqi Skrill 2014 Page 10

Field name Description Required status_url2 specify an email address where the results are sent. If the status_url is omitted, no transaction details are sent. Second URL to which the transaction details are posted after the payment process is complete. Alternatively, you may specify an email address where the results are sent. new_window_redirect You can redirect customers a new window instead of in the same browser window (e.g., for online bank transfer payment methods, such as Sofortueberweisung). The accepted values are 0 (default) and 1 (new window). language 2-letter code of the language used for Skrill s pages. Can be any of EN, DE, ES, FR, IT, PL, GR RO, RU, TR, CN, CZ, NL, DA, SV or FI. confirmation_note This enables you to display a confirmation message or other details at the end of the payment process. Line breaks <br> can be used for longer messages. logo_url The URL of the logo which you would like to appear at the top of the Skrill page. The logo must be accessible via HTTPS or it will not be shown. For best results use logos with dimensions up to 200px in width and 50px in height. prepare_only Forces only the SID to be returned without the actual page. Useful when using the secure method to redirect the customer to the Gateway. For details, see section 2.2.1.1 on page 9. Accepted values are 0 (default) and 1 (prepare only). rid You can pass a unique referral ID or email of an affiliate from which the customer is referred. The rid value must be included within the actual payment request. ext_ref_id You can pass additional identifier in this field in order to track your affiliates. You must inform your account manager about the exact value that will be submitted so that affiliates can be tracked. merchant_fields A comma-separated list of field names that are passed back to your web server when the payment is confirmed (maximum 5 fields). Max length No 400 No 1 1 Yes 2 EN No 240 No 240 No 1 1 Example value No 100 123456 OR mailto: info@merchant.com https://www.merchan t.com/process_payme nt2.cqi OR mailto: info2@merchant.com Sample merchant wishes you pleasure reading your new book! https://www.merchan t.com/logo.jpeg No 100 Affiliate Name No 240 Field1, Field2 Skrill 2014 Page 11

Field name Description Required field 1 An example merchant field Max length Example value No 240 Value 1 field 2 An example merchant field No 240 Value 2 Customer Details pay_from_email Email address of the customer who is making the payment. If left empty, the customer has to enter their email No 100 payer@skrill.com address. title Customer s title. Accepted values: Mr, Mrs or Ms No 3 Mr firstname Customer s first name No 20 John lastname Customer s last name No 50 Payer date_of_birth Date of birth of the customer. The format is ddmmyyyy. Only numeric No 8 01121980 values are accepted address Customer s address (e.g. street) No 100 Payer street address2 Customer s address (e.g. town) No 100 Payer town phone_number Customer s phone number. Only numeric values are accepted No 20 0207123456 postal_code Customer s postal code/zip Code. Only alphanumeric values are accepted No 9 EC45MQ (e.g., no punctuation marks or dashes) city Customer s city No 50 London state Customer s state or region. No 50 Central London country Customer s country in the 3-digit ISO Code (see section 4.2 on page 44). No 3 GBR Payment Details amount currency amount2_description amount2 amount3_description The total amount payable. Note: do not include the trailing zeroes if the amount is a natural number. For example: 23 (not 23.00 ). 3-letter code of the currency of the amount according to ISO 4217 (see section 4.1 on page 43). You can include a calculation for the total amount payable, which is displayed in the More information section in the header of the Skrill page. Note that Skrill does not check the validity of this data. This amount in the currency defined in the field 'currency' will be shown next to amount2_description. See above Yes 19 39.68 OR 39.6 OR 39 Yes 3 EUR No 240 Product price: No 19 29.90 No 240 Handing fees & charges: amount3 See above No 19 3.10 amount4_description See above No 240 VAT (20%): amount4 detail1_description See above You can show up to five additional details about the product in the More information section in the header of No 19 6.60 No 240 Product ID: Skrill 2014 Page 12

Field name Description Required the Skrill Gateway page. Max length Example value detail1_text detail2_description detail2_text detail3_description detail3_text The detail1_text is shown next to the detail1_description. The detail1_text is also shown to the customer in their Skrill Digital Wallet account history. See above See above See above See above No 240 4509334 No 240 Description: No 240 Romeo and Juliet (W. Shakespeare) No 240 Special Conditions: No 240 5-6 days for delivery detail4_description See above No 240 detail4_text See above No 240 detail5_description See above No 240 detail5_text See above No 240 Skrill 2014 Page 13

2.2.2 Customer completes details on the Skrill payment page (step 2) When the customer is redirected to Skrill, they are shown a Skrill page, hosted on the Skrill servers, which displays the payment details submitted to Skrill, as shown in the example below. Figure 3: Example of Payment Page In the above example, all customer data (address, postal code, city and country) has been provided to Skrill by the merchant and the customer only needs to enter their credit card details and email, and select Pay to confirm the payment. At any time before the Pay button is selected, the customer can cancel the payment process and return to your website (to the URL provided in the 'cancel_url' field; see Table 2 on page 10). Notes Figure 3 above shows an implementation based on Skrill s Quick Checkout option, which is the default option enabled for the majority of Skrill ecommerce merchants. For details, see section 3.1 on page 25. Skrill 2014 Page 14

Customers who have an existing Skrill account can log in to their account to make payment, as described in section 2.2.6 on page 19. The Skrill Payment Gateway pages provide responsive design, meaning that the pages will automatically resize to optimise the display for the user device or browser. 2.2.3 Skrill transaction status page (final step) When the payment process is completed the Transaction successful message appears (see Figure 4) and the customer is redirected to your website. Figure 4: Transaction Status page Skrill 2014 Page 15

2.2.4 Skrill status response When the payment process is complete Skrill sends the details of the transaction to the status_url page you provided (see Table 2 on page 10). This is done with a standard HTTP POST request. This is done with a standard HTTP POST request. The Skrill server continues to post the status until a response of HTTP OK (200) is received from your server or the number of posts exceeds 10. Table 3 shows the parameters sent to your status_url page: Table 3: Status URL parameters Field Name Description Required Example value pay_to_email Your email address. Yes info@merchant. com pay_from_email Email address of the customer who is making the payment. Yes payer@skrill.com merchant_id customer_id transaction_id mb_amount mb_currency status failed_reason_code md5sig sha2sig amount currency Unique ID of your Skrill account. ONLY needed for the calculation of the MD5 signature (see section 4.3 on page 46). Unique ID of the customer s Skrill account. A unique reference or identification number provided by you in your HTML form. The total amount of the payment in the currency of your Skrill Digital Wallet account. Currency of mb_amount. Will always be the same as the currency of your Skrill Digital Wallet account. Status of the transaction: -2 failed / 2 processed / 0 pending / -1 cancelled (see detailed explanation below) If the transaction is with status -2 (failed), this field will contain a code detailing the reason for the failure. MD5 signature (see section 4.3 on page 46). SHA2 signature (see section 4.4 on page 47). Amount of the payment as posted in your HTML form. Currency of the payment as posted in your HTML form. Yes 100005 No* 200005 No** A205220 Yes 25.46 / 25.4 / 25 Yes Yes 2 GBP No*** 06 Yes No**** 327638C253A4637199CEB A6642371F20 dbb7101322257a311f08d1 c527053058fc7e464e30bcf b4613f09053c22dd1f8 Yes 39.60 / 39.6 / 39 Yes EUR Skrill 2014 Page 16

Field Name Description Required Example value payment_type merchant_fields The payment method the customer used. You can choose to receive either: Consolidated values (only the method type, e.g. MBD Skrill Direct or WLT - e-wallet) Detailed values (the specific instrument used, e.g. VSA - Visa card, GIR GiroPay) If you submitted a list of values in the merchant_fields parameter, they will be passed back with the status report. No***** No WLT field1=value1 Notes * The customer_id parameter is enabled upon activation. If you don t receive it in the response status, please contact merchant services. **If no transaction_id is submitted, the mb_transaction_id value will be posted in the report. *** The failed_reason_code parameter is enabled upon activation and is part of the response status. For a description of all failed reason codes, see section 4.7 on page 50. **** To enable the sha2sig parameter, contact merchant services. For more information, see section 4.4 on page 47. ***** The payment_type parameter is enabled upon activation. If you don t receive it in the response status, please contact merchant services. Validating the status response We recommend that you validate the transaction details in the status response. This can be done as follows: 1. Create a pending transaction or order for a fixed amount on your website. 2. Redirect the customer to the Skrill Payment Gateway, where they complete the transaction. 3. Skrill will post the transaction confirmation to your status_url page. This will include the 'mb_amount' (amount) parameter. 4. Your website should validate the parameters received by calculating the md5 signature (see section 4.3 on page 46). If successful, it should compare the value in the confirmation post (amount parameter) to the one from the pending transaction or order on your website. You can also compare other parameters such as transaction id and pay_from_email. 5. Once you have validated the transaction data you can process the transaction, for example, by dispatching the goods ordered. Note: if you want to restrict the receipt of status response based on the posting IP address, you should use the full Skrill IP range. Skrill may from time to time change the IP address from which we post the status response. Skrill 2014 Page 17

Using the Merchant Query Interface You can use the Merchant Query Interface to repost a status report or automatically check the status of a transaction. For details, see the Automated Payments Interface Guide. 2.2.5 Detailed status description Table 4: Transaction status # Status Description 2 Processed Sent when the transaction is processed and the funds have been received in your Skrill account. 0 Pending Sent when the customers pays via an offline bank transfer option. Such transactions will auto-process if the bank transfer is received by Skrill. Note: We strongly recommend that you do not process the order or transaction in your system upon receipt of this status from Skrill. -1 Cancelled Pending transactions can either be cancelled manually by the sender in their online Skrill Digital Wallet account history or they will auto-cancel after 14 days if still pending. -2 Failed Sent when the customer tries to pay via Credit Card or Direct Debit but our provider declines the transaction. If you do not accept Credit Card or Direct Debit payments via Skrill, then you will never receive the failed status. -3 Chargeback Whenever a chargeback is received by Skrill, a -3 status is posted in the status_url and Skrill automatically reverses the transaction. Skrill 2014 Page 18

2.2.6 Customers who are registered with Skrill Customers who have already registered for a Skrill digital wallet account can log in to their account in one of the following ways: If no email address or a non-registered email address is supplied and the customer is an existing Skrill customer, they can click the I already have a Skrill Account link at the bottom of the payment page to log in to their account and select a payment method. If no email address is supplied and the customer enters an email address on the Skrill Payment Gateway that is already registered with Skrill, then the following overlay window is shown: Figure 5: Go to login overlay screen When the customer selects Go to login, the Welcome back to Skrill screen is shown (see Figure 6 below). If you pass the customer email address to Skrill, Skrill will automatically identify whether the customer is an existing Skrill customer and display the login page shown in Figure 5 below. Figure 6: Login page for registered user Skrill 2014 Page 19

The customer selects the Login button and is redirected to the next step. If the balance in their Skrill account is sufficient to make the payment, the following page is displayed: Figure 7: Customer click Pay The customer reviews their payment details and clicks Pay. Alternatively, they can select the link Choose another payment option to open a screen with other available payment methods. If they do not have sufficient funds in their Skrill account, the following page is displayed: Skrill 2014 Page 20

Figure 8: Customer selects a payment method and clicks Pay The customer selects a payment method and clicks Pay. Alternatively, the customer can add a new payment method by selecting the link Pay with new payment option at the bottom of the page. The following screen is displayed: Skrill 2014 Page 21

Figure 9: Customer selects a new payment method The customer selects the new payment method and clicks Continue. Skrill 2014 Page 22

2.2.7 Customers who are not registered for Skrill If your account is enabled for ecommerce transactions and you are using the Skrill Quick Checkout option, then new customers do not need to register for a Skrill account and the Pay button will be displayed on the Skrill Payment Gateway payment page (see Figure 3 above). The exception to this is for certain high-risk customers, where the customer is presented with a registration form (see Figure 10 below). The form has two steps and is used to quickly register a customer for a Skrill Digital Wallet account. Step 1 Payment type selection and entry of personal details: Figure 10: Customer enters payment and personal details Step 2 Password submission and acceptance of Terms and Conditions and Privacy Policy: Skrill 2014 Page 23

Figure 11: Customer creates a Skrill Account Skrill 2014 Page 24

3 GATEWAY OPTIONS 3.1 Quick Checkout Skrill s Quick Checkout is an option that speeds up the payment process, by enabling customers who are making their first transaction via Skrill to make a payment without having to register for a Skrill Digital Wallet account and provide a password. The majority of ecommerce customers are now enabled for Quick Checkout by default. To discuss this option, contact merchantservices@skrill.com. To speed up the payment process for the customer, you must supply the following parameters with each transaction: Table 5: Parameters to include with Quick Checkout Field Name Description Max length Example value address Customer s address (e.g. street) 100 Payerstreet postal_code Customer s postal code/zip Code 9 EC45MQ city Customer s city 50 London country Customer s country in the 3-digit ISO Code (see Annex II for a list of allowed codes). 3 GBR If one or more of the above parameters are either not submitted or the value is not valid, these fields will be displayed and customers will need to enter the missing details to complete payment. You can supply additional parameters to make the payment process even faster: Field Name Description Max length Example value firstname lastname date_of_birth pay_from_email First name of the customer. This value will be pre-filled if the Merchant submits it via the `firstname parameter Last name of the customer. This value will be pre-filled if the Merchant submits it via the `lastname parameter Date of birth of the customer. This value will be pre-filled if the Merchant submits it via the `date_of_birth parameter Email of the customer. This value will be pre-filled if the Merchant submits it via the `pay_from_email parameter 20 John 50 Payer 8 01121980 100 payer@example.com Note: Some customers, for example, from a high-risk country, may still be required to register for a Skrill account, even if you are using Quick Checkout. For details, see section 2.2.7 on page 23. Skrill 2014 Page 25

Figure 12 below shows an example of the customer payment page using Quick Checkout combined with Fixed Split Gateway (see section 3.2.1 on page 28). Figure 12: Example of Quick Checkout Skrill 2014 Page 26

3.2 Split Gateway This option allows you to select the payment methods you want to display to the customer when using the Skrill Payment Gateway. For example, you can display Pay via Direct Debit (provided by Skrill) as a payment option on your checkout page instead of just Pay via Skrill. These methods will appear in the Payment method drop-down list and their logos will be displayed at the top of the page. For a list of currently supported alternative payment methods, see section 3.4 on page 32. Available payment methods, based on selected Country. Figure 13: Payment method selection box To select individual payment methods to be presented to the customer on the gateway, the following parameter must be included in the entry form: Table 6: Parameters to include with Split Gateway Parameter payment_methods Description A comma-separated list of payment method codes, indicating the payment methods to be presented to the customer. For a list of codes, see section 4.6 on page 49. Max length 100 DID Example value If the payment_methods parameter is included in the redirection form, the customer is presented with the selected payment methods and their corresponding logos. If there is a discrepancy in the availability of the payment method, for example if a country-specific option like ideal was chosen, but the customer is not a Dutch resident, then the full list of available payment methods will be presented to the customer. Important note Before implementing this option, you should: Confirm which payment methods have been authorised by Skrill Request an updated list of payment methods and their respective values There are two versions of the Split Gateway: Fixed or Flexible If this feature is not activated, please send a request to merchantservices@skrill.com. Skrill 2014 Page 27

3.2.1 Fixed Split Gateway When the Fixed Split Gateway is activated and you submit a fixed payment method using the payment_methods parameter, only this payment method is shown to the customer on the payment page. If the payment method is not supported by the country of the customer, then the page shows all other available payment methods for their country. Figure 14: Fixed Split Gateway Skrill 2014 Page 28

3.2.2 Flexible Split Gateway When the Flexible Split Gateway type is activated and you have submitted a payment method using the payment_methods parameter, this method is pre-selected for the customer. All other payment methods enabled for your account and for the customers country are available. If the payment method is not supported by the country of the customer, then the drop-down list shows all other available payment methods for their country. See the example below. Figure 15: Flexible Split Gateway Skrill 2014 Page 29

3.2.3 Displaying credit/debit card brands By default all card brands are displayed on the Skrill payment page. When including the payment_methods parameter with Split Gateway, the following applies: If no credit/debit card method or all methods are specified, then the default list of credit/debit card brands will be displayed. You can override the default behaviour, by specifying the card brands you want to display on the payment page. See Figure 16 below. <input type="hidden" name="payment_methods" value="vsa,"> Figure 16: Visa-only brand When the customer selects the Credit/Debit card payment option in the Payment method field, and enters their card number in the Card number field, the card type is automatically detected and the card logo is displayed (see Figure 17 below). Figure 17: Card logo displayed under Card number field Skrill 2014 Page 30

3.3 Gateway Fast Registration (GWFR) This option is suitable for merchants who have not been enabled for Quick Checkout (see section 3.1 on page 25). With GWFR the customer must still register for a Skrill account. Similar to Quick Checkout, Gateway Fast Registration reduces the number of fields that customers must complete to make their first payment through Skrill, making it easier and faster to pay. To enable this option, contact merchantservices@skrill.com. When using this service, you must include the following parameters in your HTML form: Table 7: Parameters to include with GWFR Field Name Description Max length Example value address Customer s address (e.g. street) 100 Payerstreet postal_code Customer s postal code/zip Code 9 EC45MQ city Customer s city 50 London country Customer s country in the 3-digit ISO Code (see Annex II for a list of allowed codes). 3 GBR If one or more of the above parameters are either not submitted or the value is not valid, Skrill shows these fields to the customer and they must amend the missing/invalid values to complete registration. If all necessary parameters have been provided with valid values, Skrill shows only the following fields on the Skrill registration: First name pre-filled if the firstname value is submitted Last name pre-filled if the lastname value is submitted Date of birth pre-filled if the date_of_birth is submitted Email pre-filled if the pay_from_email value if submitted Password the customer must enter and confirm their password The customer completes all of the above fields and the payment process continues as normal. Skrill 2014 Page 31

Figure 18: Example of Gateway Fast Registration With GWFR, if not registered, the customer must select the Continue button to register for a Skrill account. Skrill 2014 Page 32

3.4 Skrill payment methods Customers using one of the following methods do not need to log in or register for a Skrill account (Note that customers who trigger any Skrill anti-fraud rules or are coming from a high-risk country will still be asked to log in or create an account): Visa MasterCard Amex JCB Diners Maestro (UK) Carte Bleue Skrill Direct (Online Bank Transfer) German Direct Debit Giropay Sofortueberweisung ideal Przelewy24 Note: To exclude some of the payment options, contact merchantservices@skrill.com. If the customer wants to pay any other payment methods not listed above, or you submit "WLT" (Skrill Digital Wallet) as a value for payment_methods the customer will then be forced to register for a Skrill Digital Wallet or log in to their account. Skrill 2014 Page 33

3.5 Recurring Billing Skrill offers a tool for recurring payments, which is available as a stand-alone product or via the Skrill Payment Gateway. In addition to the standard HTML form parameters (see Table 2 on page 10), you can supply the following parameters to set up a recurring payment: Table 8: Recurring billing parameters Field Name rec_amount rec_start_date rec_end_date Description Amount of the recurring payment (to be taken at each recurring period) Start date of the period in DD/MM/YYY format* Final date of the period in DD/MM/YYYY format Required Yes/ No rec_period Period between payments Yes rec_cycle rec_grace_period rec_status_url rec_status_url2 Time period measure you require day/month/year. If this parameter is not submitted, Skrill assumes that the rec_cycle is days. You can set a period of days during which the customer can still process the transaction if it originally failed. The value submitted is always in days. URL to which Skrill notifies you that the recurring payment is cancelled. Second URL to which Skrill notifies you that the recurring payment is cancelled. No No No No No No Max length 19 10 10 6 Example value 19.90 01/08/2013 31/08/2014 14 5 day 5 7 400 http://www.merchant.c om/rec_payment_cancel led.htm 400 http://www.merchant.c om/rec_payment_cancel led2.htm Notes *The rec_start_date parameter should not be set in the future for recurring credit card payments if rec_amount = 0 (no amount is charged immediately) Recurring billing setup options You can set up a recurring billing payment using one of the following options: Option 1 Take an initial payment, followed by recurring payments for a different amount: Enter a specific amount (e.g., EUR 4.99) as the amount parameter in your HTML form and a specific amount (e.g., EUR 19.90) as a rec_amount Option 2 Do not take an initial payment. Only set up the recurring payments: Leave the amount parameter empty and only enter the rec_amount value. Skrill 2014 Page 34

Payment methods used with recurring billing A recurring billing payment can be set up with one of the following payment methods: Credit/debit card ( Visa and MasterCard) Direct Debit Customers Skrill account balance Example code The code snippet below shows an example of the parameters included for a recurring payment: <input type="hidden" name="rec_amount" value="19.90"> <input type="hidden" name="rec_start_date" value="01/08/2013"> <input type="hidden" name="rec_end_date" value="31/08/2014"> <input type="hidden" name="rec_period" value="14"> <input type="hidden" name="rec_cycle" value="day"> <input type="hidden" name="rec_grace_period" value="7"> <input type="hidden" name="rec_status_url" value="http://www.merchant.com/rec_pay_cancel.htm"> <input type="hidden" name="rec_status_url2" value="http://www.merchant.com/rec_pay_cancel2.htm"> Recurring billing status If a recurring billing has been set up and you have provided a rec_status_url in your HTML form, Skrill posts the transaction details of each payment to your rec_status_url page. The following table shows the parameters to be received on your page: Table 9: Recurring billing status parameters Field Name Description Required Example value merchant_id transaction_id status Unique ID of your Skrill account. ONLY needed for the calculation of the MD5 signature (see section 4.3 on page 46). The reference or identification number you provided. Recurring payment status: 2 processed/ -2 failed Yes 100005 Yes Yes 2 A205220 rec_payment_id Recurring payment ID Yes 200005 rec_payment_type Type of payment: recurring or Skrill 1-Tap Yes recurring md5sig MD5 signature (see section 4.3 on page 46) Yes merchant_fields A comma-separated list of field names that are passed back to your status page when the payment is confirmed (see Table 2). No 327638C253A46371 99CEBA6642371F20 Field1, Field2 Using the Merchant Query Interface You can use the Merchant Query Interface to check the status, cancel or extend the end date of a recurring payment. For details, see the Automated Payments Interface Guide. Skrill 2014 Page 35

3.6 Skrill 1-Tap payment Skrill offers a single-click payment service which enables you to automatically debit transactions from your customer s Skrill account without the customer having to authorise each time. The setup of the Skrill 1-Tap payment service must be made during the regular payment process. The customer is prompted to choose a payment method when Skrill 1-Tap payment is enabled. To enable this service, contact merchantservices@skrill.com. The Skrill 1-Tap payment service is also available through Skrill s Automated Payments Interface (API). For more details, see the Automated Payments Interface Guide. In addition to the standard parameters described in Table 2, you can supply the following parameters to set up a Skrill 1-Tap payment via the Skrill Payment Gateway: Table 10: Skrill 1-tap parameters Field Name ondemand_max_amount ondemand_max_currency ondemand_note ondemand_status_url ondemand_status_url2 Description Maximum amount for future payments that will be debited from the customer s account 3-letter code of the currency of the maximum amount according to ISO 4217 (see section 4.1 on page 43) Text shown to the customer on the confirmation page as the reason for the Skrill 1-Tap payment. URL to which Skrill notifies you that the Skrill 1-Tap payment is cancelled. Second URL to which Skrill notifies you that the Skrill 1- Tap payment is cancelled. Required Max length Yes 9 11.50 Yes/ No 3 EUR Example value Yes 1000 We will debit your account so that you can continue using our services. 400 http://www.mercha No nt.com/od_payment _cancelled.htm 400 http://www.mercha No nt.com/od_payment _cancelled2.htm Notes: If ondemand_max_currency is not provided, the currency value will be the one provided as the currency in the standard HTML form (see Table 2 on page 10). A session identifier (SID) parameter is returned upon success. The Skrill response includes a rec_payment_id. You should store the rec_payment_id field so that you can reference the original 1-tap transaction. You can track the status of any 1-tap transaction and perform refunds using your own unique transaction_id for that transaction. Using the Skrill 1-Tap Payment Interface Once a Skrill 1-Tap payment has been set up, you must use the Skrill 1-Tap Payment Interface to make individual requests to debit the customers Skrill account. For details, see the Automated Payments Interface Guide. If you have provided a status_url value in your HTML form, Skrill will post the transaction details of each payment to that URL. Skrill 2014 Page 36

Using the Merchant Query Interface You can use Merchant Query Interface to execute, check the status or cancel a Skrill 1-Tap payment authorisation. For details, see the Automated Payments Interface Guide. Payment methods supported with Skrill 1-Tap payments Payment methods for Skrill 1-Tap payments include: Credit/debit card ( Visa and MasterCard) Direct Debit Customers Skrill account balance Skrill 1-Tap button The Skrill 1-Tap button must be displayed on your website when setting up Skrill 1-Tap mandates as well as with any subsequent transactions performed through Skrill 1-Tap. This button is available in different sizes. For details, contact merchantservices@skrill.com. Note: You must set up a separate merchant account for taking Skrill 1-Tap payments. Skrill 2014 Page 37

3.7 Secure return_url parameter This option allows you to be certain that the customer has arrived at your return_url page by completing the payment process and not by looking up the return_url value in the page source code and entering it into their browser. However, this function only guarantees that the customer has completed the payment process and not that the payment had been processed. If this feature is not activated, please contact merchantservices@skrill.com. You must submit the following parameters with each transaction: return_url transaction_id secret word (this will be automatically submitted if entered in the Settings > Developer Settings section in your Skrill account). Skrill will then add the following parameters to the return_url: Table 11: Parameters returned with the return URL Parameter Description Example value transaction_id The transaction_id you submitted. A205220 msid The MD5 signature, with the following values: merchant_id e.g. 123456 transaction_id e.g. A205220 uppercase MD5 value of the ASCII equivalent of your secret word, e.g. F76538E261E8009140AF89E001341F17 730743ed4ef7ec631155f5e1 5d2f4fa0 Below are two examples of the secure return_url, using the values above: Example 1 Merchant submits return_url without additional parameters. For example: https://merchant.com/return_url.cgi In this case Skrill will redirect the customer to: https://merchant.com/return_url.cgi?transaction_id=a205220&msid=730743ed4ef7ec631155f5e15 d2f4fa0 Example 2 Merchant submits the return_url with additional parameters. For example: https://merchant.com/return_url.cgi?par1=val1&par2=val2 In this case Skrill will redirect the customer to: https://merchant.com/return_url.cgi?par1=val1&par2=val2&transaction_id=a205220&msid=73074 3ed4ef7ec631155f5e15d2f4fa0 Skrill 2014 Page 38

3.8 Merchant refunds This option enables you to refund a payment back to the customer s Skrill account, credit/debit card or bank account (depending on the original payment method used). If this feature is not activated, please contact merchantservices@skrill.com. Note: If your account is configured to allow refunds you will have an additional action link in the transaction history next to each entry that will trigger a refund to the customer. You can also make refunds through Skrill s Automated Payments Interface (API). For details, see the Automated Payments Interface Guide. 3.9 Chargeback notification When Skrill receives a chargeback request from our provider, we will send a chargeback notification to your status_url page. This is indicated by a status of -3. (For a description of transaction statuses, see Table 4 on page 18.) 3.10 Adding a descriptor When a customer pays through Skrill, Skrill submits a descriptor with the transaction, containing your business trading name/brand name. The descriptor is typically displayed on the bank or credit card statement of the customer. If you want to change this descriptor, please contact merchantservices@skrill.com. This functionality is only available for the following payment methods: Visa MasterCard Online Bank Transfer (OBT) Sofortueberweisung Direct Debit For Sofortuberweisung and Direct Debit, you can also submit an additional parameter which will override the default value stored by Skrill. Skrill 2014 Page 39

3.11 Iframe target This option enables you to display the Skrill Payment Gateway in an iframe on your website. You can define in which frameset the return_url and cancel_url pages should be opened upon a successful payment or cancellation by the customer. Figure 19 shows an example of the Gateway displayed in an iframe. Figure 19: Display the Gateway in an Iframe The Skrill Payment Gateway will automatically resize to fit into the iframe space. However, to avoid the appearance of Scroll bars, the minimum size of the iframe should be 500 x 680 (including the Gateway header and footer). Skrill 2014 Page 40

The iframe option is implemented by submitting two additional parameters in your HTML form: Table 12: Parameters submitted when using an iframe Field Name Description Values return_url_target cancel_url_target Specifies a target in which the return_url value will be called upon successful payment from customer. Specifies a target in which the cancel_url value will be called upon cancellation of payment from customer. 1 = '_top' 2 = '_parent' 3 = '_self' 4= '_blank' 1 = '_top' 2 = '_parent' 3 = '_self' 4= '_blank' Max length Default 1 1 3 1 1 3 Example According to the W3C HTML specification submitting these values has the following result: Table 13: iframe targets Value Equivalent Description 1 '_top' 2 '_parent' 3 '_self' Loads the linked document in the topmost frame - the new page fills the entire window. "_parent" is used in the situation where a frameset file is nested inside another frameset file. A link in one of the inner frameset documents which uses "_parent" will load the new document in the place of the inner frameset. Loads the new document in the same window and frame as the current document. Using "_self" has the same effect as not using iframe target at all. 4 '_blank' Opens the new document in a new window. Skrill 2014 Page 41

3.12 Code integration examples You can use the examples below to generate your session ID from Skrill, which is the recommended method for connecting to the Skrill Payment Gateway, as described in section 2.2.1.1 on page 9. 3.12.1 Generating the Session Identifier Below are examples of how to generate a SID using different programming methods. CURL curl -X POST https://www.moneybookers.com/app/payment.pl -d "pay_to_email=merchant_email@mail.com" -d "amount=10.99" -d "currency=eur" -d "language=en" -d "prepare_only=1" Ruby require 'net/http' require 'net/https' require 'uri' uri = URI('https://www.moneybookers.com/app/payment.pl') http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true req = Net::HTTP::Post.new(uri.path) req.set_form_data({ 'pay_to_email'=>'merchant_email@mail.com', 'amount'=>'10.99', 'currency'=>'eur', 'language'=>'en', 'prepare_only'=>'1' }) res = http.request(req) puts res.body 3.12.2 Redirecting the customer to Skrill Once you have the session identifier (SID), you then have to redirect the customer to Skrill, including the session identifier. https://www.moneybookers.com/app/payment.pl?sid=<generated_sid> Where <generated_sid> is the SID returned by Skrill. You can open the URL with the SID as a light box or in an iframe. Skrill 2014 Page 42

4 APPENDICES 4.1 ISO 4217 currencies Table 14: ISO 4217 Currencies accepted by Skrill EUR Euro TWD Taiwan Dollar USD U.S. Dollar THB Thailand Baht GBP British Pound CZK Czech Koruna HKD Hong Kong Dollar HUF Hungarian Forint SGD Singapore Dollar SKK Slovakian Koruna JPY Japanese Yen EEK Estonian Kroon CAD Canadian Dollar BGN Bulgarian Leva AUD Australian Dollar PLN Polish Zloty CHF Swiss Franc ISK Iceland Krona DKK Danish Krone INR Indian Rupee SEK Swedish Krona KRW South-Korean Won NOK Norwegian Krone ZAR South-African Rand ILS Israeli Shekel RON Romanian Leu New MYR Malaysian Ringgit HRK Croatian Kuna NZD New Zealand Dollar LTL Lithuanian Litas TRY New Turkish Lira JOD Jordanian Dinar AED Utd. Arab Emir. Dirham OMR Omani Rial MAD Moroccan Dirham RSD Serbian dinar QAR Qatari Rial TND Tunisian Dinar SAR Saudi Riyal Skrill 2014 Page 43

4.2 ISO country codes (3-digit) Skrill does not accept customers from the following countries: Afghanistan, Cuba, Myanmar, Nigeria, North Korea, Sudan, Syria, Somalia, and Yemen. Aland Islands ALA Christmas Island CXR Guernsey GGY Albania ALB Cocos (Keeling) CCK Guinea HTI Islands Algeria DZA Congo, the COD Guinea-Bissau HMD Democratic Republic American Samoa ASM Cook Islands COK Guyana VAT Andorra AND Costa Rica CRI Haiti GIN Angola AGO Colombia COL Heard Island and GNB McDonald Islands Anguilla AIA Comoros COM Holy See (Vatican City GUY State) Antarctica ATA Congo, Republic of COG Honduras HND Antigua and Barbuda ATG Cot'e d'ivoire CIV Hong Kong HKG Argentina ARG Croatia HRV Hungary HUN Armenia ARM Cyprus CYP Iceland ISL Aruba ABW Czech Republic CZE India IND Australia AUS Denmark DNK Indonesia IDN Austria AUT Djibouti DJI Iran, Islamic Republic of IRN Azerbaijan AZE Dominica DMA Iraq IRQ Bahamas BHS Dominican Republic DOM Ireland IRL Bahrain BHR Ecuador ECU Isle of Man IMN Bangladesh BGD Egypt EGY Israel ISR Barbados BRB El Salvador SLV Italy ITA Belarus BLR Equatorial Guinea GNQ Jamaica JAM Belgium BEL Eritrea ERI Japan JPN Belize BLZ Estonia EST Jersey JEY Benin BEN Ethiopia ETH Jordan JOR Bermuda BMU Falkland Islands FLK Kazakhstan KAZ (Malvinas) Bhutan BTN Faroe Islands FRO Kenya KEN Bolivia BOL Fiji FJI Kiribati KIR Bosnia and BIH Finland FIN Korea, Republic of KOR Herzegovina Botswana BWA France FRA Kuwait KWT Bouvet Island BVT French Guiana GUF Kyrgyzstan KGZ Brazil BRA French Polynesia PYF Lao People's LAO Democratic Republic Brunei Darussalam BRN French Southern ATF Latvia LVA Territories Bulgaria BGR Gabon GAB Lebanon LBN Burkina Faso BFA Gambia GMB Lesotho LSO Burundi BDI Georgia GEO Liberia LBR Cambodia KHM Germany DEU Libyan Arab Jamahiriya LBY Cameroon CMR Ghana GHA Liechtenstein LIE Canada CAN Gibraltar GIB Lithuania LTU Cape Verde CPV Greece GRC Luxembourg LUX Cayman Islands CYM Greenland GRL Macao MAC Central African CAF Grenada GRD Macedonia MKD Republic Chad TCD Guadeloupe GLP Madagascar MDG Chile CHL Guam GUM Malawi MWI China CHN Guatemala GTM Malaysia MYS Skrill 2014 Page 44

Maldives MDV Peru PER Sweden SWE Mali MLI Philippines PHL Switzerland CHE Malta MLT Pitcairn PCN Taiwan, Province of TWN China Marshall Islands MHL Poland POL Tajikistan TJK Martinique MTQ Portugal PRT Tanzania, United TZA Republic of Mauritania MRT Puerto Rico PRI Thailand THA Mauritius MUS Qatar QAT Timor-Leste TLS Mayotte MYT R union REU Togo TGO Mexico MEX Romania ROU Tokelau TKL Micronesia, Federated FSM Russian Federation RUS Tonga TON States of Moldova MDA Rwanda RWA Trinidad and Tobago TTO Monaco MCO Saint Helena SHN Tunisia TUN Mongolia MNG Saint Kitts and Nevis KNA Turkey TUR Montenegro MNE Saint Lucia LCA Turkmenistan TKM Montserrat MSR Saint Martin (French MAF Turks and Caicos TCA part) Islands Morocco MAR Saint Pierre and SPM Tuvalu TUV Miquelon Mozambique MOZ Saint Vincent and the VCT Uganda UGA Grenadines Namibia NAM Samoa WSM Ukraine UKR Nepal NPL San Marino SMR United Arab Emirates ARE Netherlands NLD Sao Tome and STP United Kingdom GBR Principe Netherlands Antilles ANT Saudi Arabia SAU United States USA New Caledonia NCL Senegal SEN United States Minor UMI Outlying Islands New Zealand NZL Serbia SRB Uruguay URY Nicaragua NIC Seychelles SYC Uzbekistan UZB Niger NER Sierra Leone SLE Vanuatu VUT Niue NIU Singapore SGP Venezuela VEN Norfolk Island NFK Slovakia SVK Viet Nam VNM Northern Mariana MNP Slovenia SVN Virgin Islands, British VGB Islands Norway NOR Solomon Islands SLB Virgin Islands, U.S. VIR Oman OMN South Africa ZAF Wallis and Futuna WLF Pakistan PAK South Georgia and SGS Western Sahara ESH the South Sandwich Islands Palau PLW Spain ESP Zambia ZMB Palestinian Territory, PSE Sri Lanka LKA Zimbabwe ZWE Occupied Panama PAN Suriname SUR Papua New Guinea PNG Svalbard and SJM JanMayen Paraguay PRY Swaziland SWZ Skrill 2014 Page 45

4.3 MD5 signature A hidden text field called md5sig is included in the form submitted to your server. The value of this field is a 128-bit message digest, expressed as a string of thirty-two hexadecimal digits in UPPERCASE. The md5sig is constructed by performing an MD5 calculation on a string built up by concatenating the fields returned to your status_url page. This includes: merchant_id transaction_id the uppercase MD5 value of the ASCII equivalent of the secret word submitted in the Settings > Developer Settings section of your online Skrill account. mb_amount mb_currency status The purpose of the md5sig field is to ensure the integrity of the data posted back to your server. You should always compare the md5sig field's value posted by Skrill s servers with the one you calculated. To calculate the md5sig, you need to take the values of the fields listed above exactly as they were posted back to you, concatenate them and perform a MD5 calculation on this string. Cancelled payment The MD5 hash posted on the 'ondemand_status_url' when a Skrill 1-Tap payment has been cancelled is a concatenation of the following fields: MERCHANT_ID = merchant_id MERCHANT_TRN_ID = transaction_id The uppercase MD5 value of the ASCII equivalent of the secret word submitted in the Settings > Developer Settings section of the Merchant s online Skrill account REC_PMT_STATUS = status TRN_ID = rec_payment_id The MD5 hash for 1-Tap payments, posted on the status_url is calculated in the same way as for normal payments/refunds. Secret word The secret word must be submitted in the Settings > Developer Settings section of your Skrill Digital Wallet account before the md5sig can be used. The following restrictions apply when submitting your secret word: All characters must be in lowercase The length should not exceed 10 characters Special characters are not permitted (e.g. @, %, $, etc.) Note: if the Settings > Developer Settings section is not displayed in your account, contact merchantservices@skrill.com. Skrill 2014 Page 46

4.4 SHA2 signature To improve the security of the status reports, Skrill post an additional parameter with the report called 'sha2sig'. This is constructed in the same way as the md5 signature, but with a different hashing algorithm. This new parameter is not available by default. To enable this option, send a request to merchantservices@skrill.com. 4.5 Example HTML forms Below are two examples of HTML forms that can be submitted to Skrill. The first one is a basic example. The second example uses several additional features currently available with the Skrill Payment Gateway. You can use these forms, ensuring that the values are replaced with your own values. Note: For experimental purposes you can use our test form at https://www.moneybookers.com/app/test_payment.pl. To request a test account and test data, contact merchantservices@skrill.com. Simple HTML form <form action="https://www.moneybookers.com/app/payment.pl" method="post" target="_blank"> <input type="hidden" name="pay_to_email" value="contact@merchant.com"> <input type="hidden" name="status_url" value="contact@merchant.com"> <input type="hidden" name="language" value="en"> <input type="hidden" name="amount" value="39.60"> <input type="hidden" name="currency" value="gbp"> <input type="hidden" name="detail1_description" value="description:"> <input type="hidden" name="detail1_text" value="romeo and Juliet (W. Shakespeare)"> <input type="hidden" name="confirmation_note" value="samplemerchant wishes you pleasure reading your new book!"> <input type="submit" value="pay!"> </form> Skrill 2014 Page 47

Advanced HTML form <form action="https://www.moneybookers.com/app/payment.pl" method="post" target="_blank"> <input type="hidden" name="pay_to_email" value="merchant@skrill.com"> <input type="hidden" name="transaction_id" value="a10005"> <input type="hidden" name="return_url" value="http://www.moneybookers.com/payment_made.html"> <input type="hidden" name="cancel_url" value="http://www. moneybookers.com/payment_cancelled.html"> <input type="hidden" name="status_url" value="https://www. moneybookers.com/process_payment.cgi"> <input type="hidden" name="language" value="en"> <input type="hidden" name="merchant_fields" value="customer_number, session_id"> <input type="hidden" name="customer_number" value="c1234"> <input type="hidden" name="session_id" value="a3dfa2234"> <input type="hidden" name="pay_from_email" value="payer@skrill.com"> <input type="hidden" name="amount2_description" value="product Price:"> <input type="hidden" name="amount2" value="29.90"> <input type="hidden" name="amount3_description" value="handling Fees & Charges:"> <input type="hidden" name="amount3" value="3.10"> <input type="hidden" name="amount4_description" value="vat (20%):"> <input type="hidden" name="amount4" value="6.60"> <input type="hidden" name="amount" value="39.60"> <input type="hidden" name="currency" value="gbp"> <input type="hidden" name="firstname" value="john"> <input type="hidden" name="lastname" value="payer"> <input type="hidden" name="address" value="payerstreet"> <input type="hidden" name="postal_code" value="ec45mq"> <input type="hidden" name="city" value="payertown"> <input type="hidden" name="country" value="gbr"> <input type="hidden" name="detail1_description" value="product ID:"> <input type="hidden" name="detail1_text" value="4509334"> <input type="hidden" name="detail2_description" value="description:"> <input type="hidden" name="detail2_text" value="romeo and Juliet (W. Shakespeare)"> <input type="hidden" name="detail3_description" value="special Conditions:"> <input type="hidden" name="detail3_text" value="5-6 days for delivery"> <input type="hidden" name="confirmation_note" value="sample merchant wishes you pleasure reading your new book!"> <input type="submit" value="pay!"> </form> Skrill 2014 Page 48

4.6 Payment method codes The table below details the codes required for applicable payment methods when using the Split Gateway. Table 15: Payment method codes Payment Method Value Supported Countries Skrill Wallet WLT ALL Credit/Debit Cards All Card Types ACC ALL Visa VSA ALL MasterCard MSC ALL Visa Delta/Debit VSD United Kingdom Visa Electron VSE ALL Maestro MAE United Kingdom, Spain & Austria American Express AMX ALL Diners DIN ALL JCB JCB ALL Paysafecard PSC ALL Carte Bleue GCB France Dankort DNK Denmark PostePay PSP Italy CartaSi CSI Italy Instant Banking Options Skrill Direct (Online Bank Transfer) OBT Germany, United Kingdom, France, Italy, Spain, Hungary and Austria Giropay GIR Germany Direct Debit / ELV DID Germany Sofortueberweisung SFT Germany, Austria, Belgium, Netherlands, Switzerland & United Kingdom enets ENT Singapore Nordea Solo EBT Sweden Nordea Solo SO2 Finland ideal IDL Netherlands EPS (Netpay) NPY Austria POLi PLI Australia All Polish Banks PWY Poland ING Bank Śląski PWY5 Poland PKO BP (PKO Inteligo) PWY6 Poland Multibank (Multitransfer) PWY7 Poland Lukas Bank PWY14 Poland Bank BPH PWY15 Poland InvestBank PWY17 Poland PeKaO S.A. PWY18 Poland Citibank handlowy PWY19 Poland Bank Zachodni WBK (Przelew24) PWY20 Poland BGŻ PWY21 Poland Millenium PWY22 Poland mbank (mtransfer) PWY25 Poland Płacę z Inteligo PWY26 Poland Bank Ochrony Środowiska PWY28 Poland Nordea PWY32 Poland Fortis Bank PWY33 Poland Deutsche Bank PBC S.A. PWY36 Poland epay.bg EPY Bulgaria Trustly GLU Sweden, Finland, Estonia and Poland Skrill 2014 Page 49

4.7 Failed reason codes The table below contains all possible values of the failed_reason_code parameter and their corresponding meanings. Failed reason codes are mapping of both codes Skrill receives from external processors and failures due to internal procedures. Table 16: Failed reason codes Code Description 01 Referred 02 Invalid merchant number 03 Pick-up card 04 Authorisation declined 05 Other error 06 CVV is mandatory, but not set or invalid 07 Approved authorisation, honour with identification 08 Delayed processing 09 Invalid transaction 10 Invalid currency 11 Invalid amount / available limit exceeded / amount too high 12 Invalid credit card or bank account 13 Invalid card Issuer 14 Annulation by client 15 Duplicate transaction 16 Acquirer error 17 Reversal not processed, matching authorisation not found 18 File transfer not available/unsuccessful 19 Reference number error 20 Access denied 21 File transfer failed 22 Format error 23 Unknown acquirer 24 Card expired 25 Fraud suspicion 26 Security code expired 27 Requested function not available 28 Lost/stolen card 29 Stolen card, pick up 30 Duplicate authorisation 31 Limit exceeded 32 Invalid Security Code 33 Unknown or Invalid Card/Bank account 34 Illegal Transaction 35 Transaction Not Permitted 36 Card blocked in local blacklist 37 Restricted card/bank account 38 Security rules violation 39 The transaction amount of the referencing transaction is higher than the transaction amount of the original transaction 40 Transaction frequency limit exceeded, override is possible 41 Incorrect usage count in the Authorisation System exceeded 42 Card blocked 43 Rejected by Credit Card Issuer 44 Card Issuing Bank or Network is not available Skrill 2014 Page 50

Code Description 45 The card type is not processed by the authorisation centre / Authorisation System has determined incorrect routing 47 Processing temporarily not possible 48 Security Breach 49 Date / time not plausible, trace-no. not increasing 50 Error in PAC encryption detected 51 System error 52 MB denied - potential fraud 53 Mobile verification failed 54 Failed due to internal security restrictions 55 Communication or verification problem 56 3D verification failed 57 AVS check failed 58 Invalid bank code 59 Invalid account code 60 Card not authorised 61 No credit worthiness 62 Communication error 63 Transaction not allowed for cardholder 64 Invalid data in request 65 Blocked bank code 66 CVV2/CVC2 failure 99 General error Skrill 2014 Page 51

5 GLOSSARY This section provides a description of key terms used in this guide. Term Automated Payments Interface (API) Browser Chargeback Concatenation Credit card Customer ID Customer services team Debit card Dynamic descriptor Gateway Fast Registration HTML POST iframe Integration Explanation The API is a collection of tools that enables merchants to execute requests to the Skrill Payment Gateway. For example: to send money, make 1-tap payments, make refunds, check the status of transactions and download reports. Application that enables a customer or merchant to access web pages. Examples include: Internet Explorer, Google Chrome and Mozilla Firefox. The return of funds, previously authorised in a transaction, to a customer, which is initiated by their bank. The merchant may incur an administration cost for Skrill processing the dispute, in addition to any amount eventually credited back to the customer. Combining of multiple fields or parameters into a single text string or parameter. A type of payment card that allows customers to pay for goods and services using funds that are loaned. The loan must be paid back within a specified period. Interest is typically charged on the balance after a grace period (typically 20-55 days). Examples: Visa, MasterCard, Diners and Amex. See also Debit card. Unique identifier for the customer or merchant s Skrill digital wallet account. Skrill team responsible for end-customer support queries. Also referred to as the Skrill Help Team. See also Merchant Services team. A type of payment card that provides customers with instant access to funds in their bank account. Unlike credit cards, payments using a debit card are immediately taken from the customer s account, instead of being paid back at a later date. So, the customer must have sufficient funds in their account or an agreed overdraft limit to cover the payment. An option that allows merchants to have their trading or brand name shown on the bank or credit card statement of the customer. The description can be changed on a per transaction basis. This option is only supported for Visa, MasterCard, Online Bank Transfer (OBT), Sofortüberweisung and Direct Debit. Option that enables customers to make a payment and simultaneously register for a Skrill digital wallet account. To support this option, the merchant must submit the necessary customer details, which are used to prepopulate the Skrill account registration fields. The customer is then asked to confirm and enter a password. Integration method where the merchant sends details to the Skrill Payment Gateway using a standard HTML form that posts this information in the HTML header. HTML feature that enables the Skrill Payment Gateway pages to be displayed within a frame on the merchant s website. The customer is not aware that they have been redirected to a third party website. Process undertaken by merchants to ensure that their website or Skrill 2014 Page 52

Term ISO country codes ISO currency codes Merchant Services team My Account Online Bank Transfer Payment option or method Payment page Real-time Reason code Transaction Skrill 1-Tap Skrill Digital Wallet Skrill Quick Checkout Skrill Payment Gateway Slim Gateway Sofort / sofortüberweisung Split Gateway Explanation shopping cart can connect to and communicate with Skrill. 3-digit country code of the International Standards organisation (ISO) that identifies the country. For example, GBR for United Kingdom. ISO country codes also exist in a 2-digit format. 3-digit currency code of the International Standards Organisation (ISO) that identifies the currency. For example, GBP for British Pound. Skrill team responsible for providing technical and service support to merchants. Merchant and customer account administration portal that enables viewing of transactions and transferring funds. A payment method enabling customers to transfer funds from their bank accounts to their Skrill account in real-time. See also Skrill Direct. The payment method used by the customer, such as debit card, credit card and bank transfer. Note that in the payments industry, the terms payment method, payment option and payment type are often used interchangeably. Page used to collected payment method details from the customer during an online transaction. An event that occurs instantly or within a short period, such as seconds or minutes. For a real-time transaction, the customer, merchant or Skrill receive a response to the transaction request while the customer is still online. Every transaction has a reason code, which indicates the status of the transaction. Skrill receives a variety of reason codes from the bank or scheme authorising the transaction and consolidates these before providing them to merchants. Each financial interaction on the system is referred to as a transaction. Skrill product that enables customers to pay online with a single tap or click. It enables merchants to automatically debit transactions from the customer's Skrill account without the customer having to authorise each time. Skrill s Digital Wallet, enabling customers to link cards and pay directly from their wallet account using cards or bank transfer. Up to 4 payment cards and 10 bank accounts can be linked to a wallet account. Skrill option which enables customers to bypass the Skrill registration details page and simply confirm and pay. Skrill s secure page for processing transactions. Merchants connect to the Payment Gateway, which will then process transactions from their website. Option in which the Skrill account Login fields are hidden from the customer, providing a simplified user experience. Note that on the new Gateway payment page we hide the login fields by default. sofortüberweisung is a real-time bank transfer payment method of Sofort AG. Customers can initiate a credit transfer during their online purchase - the transfer order is instantly confirmed to the merchant, allowing an instant delivery of goods and services. Option that allows merchants to define which payment methods they want to display to customers on the payment page. For example, merchants can use display the Split Gateway codes VSA and MSC to display Visa and MasterCard brands. Skrill 2014 Page 53

Term Transaction Transaction ID Transaction status Explanation Each financial interaction with the Skrill Payment Gateway is referred to as a transaction. Transactions are linked to payments. Unique ID assigned to a transaction by the Skrill Payment Gateway. Each transaction on the Skrill Payment Gateway is given a status. This includes: processed, pending, temporary, scheduled, cancelled, failed, chargeback and successful. Skrill 2014 Page 54

6 INDEX Advanced HTML form, 46 Alternative method of redirecting the customer, 9 Chargeback notification, 37 Connect to the Payment Gateway, 6 Contact for queries, 5 Customer is registered with Skrill, 19 Dynamic Descriptor, 37 Example HTML forms, 45 Failed reason codes, 48 Fixed Split Gateway, 27 Flexible Split Gateway, 28 Gateway demonstration, 8, 9 Gateway options, 25 Iframe target, 38 ISO 4217 currencies, 41 ISO country codes (3-digit), 42 MD5 signature, 44 Merchant Query Interface, 18 Merchant refunds, 37 Parameters to be posted to the Skrill Gateway, 10 Payment method codes, 47 Payment process, 7 Steps, 8 Payment process steps Redirect to the Skrill Gateway, 8 Status page, 15 Recurring Billing, 32 Recurring billing status, 33 Secure return_url parameter, 36 SHA2 signature, 45 Simple HTML form, 45 Skrill 1-Tap button, 35 Skrill 1-Tap payment, 34 Skrill payment methods, 31 Skrill Status report, 16 Split Gateway, 27 Status description, 18 Test account, 5 Validating the status report, 17 Skrill 2014 Page 55