Cartes Bancaires

Last updated: August 7, 2024

Cartes Bancaires (CB) is the predominant card scheme in France. The majority of CB cards are co-branded with either Visa or Mastercard, meaning you can process these cards over either CB or the Visa or Mastercard schemes.

If a charge is declined for technical reasons on the CB scheme, we will automatically retry the charge on Visa's or Mastercard’s schemes. To opt out of this, contact your Account Manager.

European regulation (EU IFR Regulation 2015/751 article 8) mandates merchants and acquirers to follow consumers’ card brand choice for payments made with co-badged cards. For example, cards branded with both Visa and Mastercard and a local scheme such as CB.

In practice, this means that merchants must enable consumers to select their preferred brand in a payment form. This expectation comes from CB guidelines directly. Any merchant accepting CB payments should offer this "choix de la marque" during their checkout process.

If you detect a co-badged card, you must present all supported brands for the customer to choose from. You have two options:

Use our front-end iframe solution, Frames
Manage your own front-end solution – contact your Account Manager for a secure file transfer protocol (SFTP) scheme BIN file to identify co-badged cards

To enable scheme choice using Frames, specify schemeChoice: true in the Frames initialization. Once this is configured and Frames detects a co-badged card, it will automatically render the consumer choice of card scheme selection.

Use the following examples as a reference for how to format the configuration:


1Frames.init({
2  publicKey: 'pk_sbox_XXXX',
3  modes: [],
4  frameSelector: '.card-frame',
5  localization: 'EN-GB',
6  debug: false,
7  schemeChoice: true,
8});

Enter 5137210000000018 in the Card number field to demo the scheme choice functionality.

Download sample files (.zip)


1Frames.init({
2  publicKey: 'pk_sbox_XXXX',
3  modes: [],
4  cardNumber: {
5    frameSelector: '.card-number-frame',
6  },
7  expiryDate: {
8    frameSelector: '.expiry-date-frame',
9  },
10  cvv: {
11    frameSelector: '.cvv-frame',
12  },
13  localization: 'EN-GB',
14  debug: false,
15  schemeChoice: true,
16});

Enter 5137210000000018 in the Card number field to demo the scheme choice functionality.

Download sample files (.zip)

Once the customer selects Pay, Frames will tokenize the card, and you will see the preferred_scheme field within the cardTokenized event. The preferred_scheme field honors the selection the user makes on the front end.

If you'd like to render Frames with custom text input, you can specify your own localization settings.

To increase the likelihood of a frictionless transaction, request an exemption in your API request. You can request an exemption for transactions that must be Strong Customer Authentication (SCA) compliant, provided it meets the listed possible exemptions. Read more about exemptions and liability shift.

Use of exemptions must be through authentication for transactions that are in scope for SCA, meaning your payment request must contain the 3ds.enabled field set to true.

If no exemption can be applied, then the challenge_indicator field will be set to no_challenge_requested and liability shift will not be applied.

Information

To simulate different 3D Secure (3DS) authentication flows and results for testing, use the Cartes Bancaires 3DS test cards.

CB does not support the secure_corporate_payment exemption in the authentication flow as they deem it SCA exempt. If this exemption is used in the authentication flow, we'll automatically apply it in the authorization flow instead.

If you are not using Standalone (Sessions) - our standalone Authentication solution - skip to the Request a Payment section.

To select the scheme to process the authentication with, set the source.scheme field to one of the following values: visa, mastercard or cartes_bancaires.

To utilize exemptions, you'll need to submit the corresponding exemption in the challenge_indicator field. If no exemption can be applied, then the value no_challenge_requested will be used instead. If no exemption was applied to the authentication despite a frictionless flow_type, the value none will be returned in the response's exemption.applied field. In this scenario, do not include the 3ds.exemption field when sending the authorization request.

For the full API specification, see the API reference.

post

https://api.checkout.com/sessions

Use the following examples as a reference on how to format the configuration.


1{
2  "source": {
3    "type": "card",
4    "number": "<CARD_NUMBER>",
5    "scheme": "cartes_bancaires",
6    "expiry_month": 3,
7    "expiry_year": 2023,
8    "name": "John Smith",
9    "email": "[email protected]",
10    "billing_address": {
11      "address_line_1": "123 High St.",
12      "address_line_2": "Flat 456",
13      "address_line_3": "",
14      "postcode": "SW1A 1AA",
15      "city": "London",
16      "country": "GB"
17    }
18  },
19  "processing_channel_id": "pc_sbnb4buybxqujn5gqjd5af32wm",
20  "amount": 5,
21  "currency": "USD",
22  "authentication_type": "regular",
23  "authentication_category": "payment",
24  "challenge_indicator": "low_value",
25  "reference": "ORD-5023-4E89",
26  "transaction_type": "goods_service",
27  "channel_data": {
28    "channel": "browser",
29    "accept_header": "Accept:  *.*, q=0.1",
30    "three_ds_method_completion": "U",
31    "java_enabled": true,
32    "language": "FR-fr",
33    "color_depth": "16",
34    "screen_height": "1080",
35    "screen_width": "1920",
36    "timezone": "60",
37    "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
38    "ip_address": "1.12.123.255"
39  },
40  "completion": {
41    "type": "hosted",
42    "success_url": "https://example.com/payments/success",
43    "failure_url": "https://example.com/payments/failure"
44  }
45}


1{
2  "id": "sid_scapyqurerse5fagoqjxuv5bs4",
3  "transaction_id": "42fc8090-2491-4e64-9406-74137a57a197",
4  "amount": 5,
5  "currency": "USD",
6  "authentication_type": "regular",
7  "authentication_category": "payment",
8  "status": "approved",
9  "status_reason": "ares_status",
10  "approved": true,
11  "protocol_version": "2.1.0",
12  "reference": "ORD-5023-4E89",
13  "next_actions": [],
14  "ds": {
15    "reference_number": "3DS_LOA_DIS_GDCB_020100_00137",
16    "transaction_id": "fdb5f954-3fbb-4731-b2e3-f3cbe01c6e05"
17  },
18  "acs": {
19    "reference_number": "3DS_LOA_ACS_EQWO_020200_00280",
20    "transaction_id": "b0a86141-b156-4498-84f5-73f00d45f86a",
21    "operator_id": "ACS-0008P-BPCE-EWL",
22    "challenge_mandated": false
23  },
24  "response_code": "Y",
25  "challenged": false,
26  "cryptogram": "<authentication value>",
27  "transaction_type": "goods_service",
28  "eci": "05",
29  "session_secret": "<secret>",
30  "scheme": "cartes_bancaires",
31  "scheme_info": {
32    "name": "cartes_bancaires",
33    "avalgo": "2"
34  },
35  "exemption": {
36    "requested": "none",
37    "applied": "none",
38    "code": "AAAA"
39  },
40  "authentication_date": "2022-05-20T15:17:30.0893493Z",
41  "xid": "fdb5f954-3fbb-4731-b2e3-f3cbe01c6e05",
42  "card": {
43    "instrument_id": "src_ajshdroelu3u3grxgvhmd7ptmm",
44    "fingerprint": "93206CDE658E580AC8643AD72AC9D6A8FBF6FED4BDF19FF9AC3F32E7BC18D617",
45    "metadata": {
46      "card_type": "DEBIT",
47      "card_category": "CONSUMER",
48      "issuer_name": "Test Bank",
49      "issuer_country": "FR",
50      "product_id": "F",
51      "product_type": "Visa Classic"
52    }
53  },
54  "flow_type": "frictionless",
55  "challenge_indicator": "no_preference",
56  "customer_ip": "1.12.123.255",
57  "_links": {
58    "self": {
59      "href": "https://api.checkout.com/sessions/sid_scapyqurerse5fagoqjxuv5bs4"
60    },
61    "success_url": {
62      "href": "https://example.com/payments/success"
63    },
64    "failure_url": {
65      "href": "https://example.com/payments/failure"
66    }
67  }
68}


1{
2  "id": "sid_3tlg67seotkuhkrw7bicpblcxy",
3  "transaction_id": "7e6fd6dc-7444-43d5-aa36-f850278562be",
4  "amount": 5,
5  "currency": "USD",
6  "authentication_type": "regular",
7  "authentication_category": "payment",
8  "status": "challenged",
9  "status_reason": "ares_status",
10  "protocol_version": "2.1.0",
11  "reference": "ORD-5023-4E89",
12  "next_actions": ["redirect_cardholder"],
13  "ds": {
14    "reference_number": "3DS_LOA_DIS_GDCB_020100_00137",
15    "transaction_id": "64bffd02-9e4a-49e7-8319-cac119ad1adb"
16  },
17  "acs": {
18    "reference_number": "3DS_LOA_ACS_EQWO_020200_00280",
19    "transaction_id": "77c226ef-6166-42a9-a5cf-54201efdc822",
20    "operator_id": "ACS-0008P-BPCE-EWL",
21    "url": "https://natixispaymentsolutions-3ds-vdm.wlp-acs.com/acs-challenge-browser-service/challenge/challengeRequest/browserBase",
22    "challenge_mandated": true,
23    "authentication_type": "01"
24  },
25  "response_code": "C",
26  "challenged": true,
27  "transaction_type": "goods_service",
28  "session_secret": "<secret>",
29  "scheme": "cartes_bancaires",
30  "authentication_date": "2022-05-20T15:13:47.1865419Z",
31  "xid": "64bffd02-9e4a-49e7-8319-cac119ad1adb",
32  "card": {
33    "instrument_id": "src_brtjjnw3ynmebi37dk7kbtbxru",
34    "fingerprint": "93206CDE658E580AC8643AD72AC9D6A8FBF6FED4BDF19FF9AC3F32E7BC18D617",
35    "metadata": {
36      "card_type": "DEBIT",
37      "card_category": "CONSUMER",
38      "issuer_name": "Test Bank",
39      "issuer_country": "FR",
40      "product_id": "F",
41      "product_type": "Visa Classic"
42    }
43  },
44  "flow_type": "challenged",
45  "challenge_indicator": "no_preference",
46  "_links": {
47    "self": {
48      "href": "https://api.checkout.com/sessions/sid_3tlg67seotkuhkrw7bicpblcxy"
49    },
50    "redirect_url": {
51      "href": "https://api.checkout.com/sessions-interceptor/sid_3tlg67seotkuhkrw7bicpblcxy"
52    },
53    "success_url": {
54      "href": "https://example.com/payments/success"
55    },
56    "failure_url": {
57      "href": "https://example.com/payments/failure"
58    }
59  }
60}

If you're using hosted sessions, perform a GET request after the cardholder is redirected to your page. If you're using non-hosted sessions, follow our example integration when performing the GET request.


1curl --location --request GET 'https://api.checkout.com/sessions/sid_3tlg67seotkuhkrw7bicpblcxy' \
2--header 'Content-Type: application/json' \
3--header 'Authorization: Bearer <Token>’


1{
2  "id": "sid_3tlg67seotkuhkrw7bicpblcxy",
3  "transaction_id": "7e6fd6dc-7444-43d5-aa36-f850278562be",
4  "amount": 5,
5  "currency": "USD",
6  "authentication_type": "regular",
7  "authentication_category": "payment",
8  "status": "approved",
9  "status_reason": "rreq_status",
10  "approved": true,
11  "protocol_version": "2.1.0",
12  "reference": "ORD-5023-4E89",
13  "next_actions": [],
14  "ds": {
15    "reference_number": "3DS_LOA_DIS_GDCB_020100_00137",
16    "transaction_id": "64bffd02-9e4a-49e7-8319-cac119ad1adb"
17  },
18  "acs": {
19    "reference_number": "3DS_LOA_ACS_EQWO_020200_00280",
20    "transaction_id": "77c226ef-6166-42a9-a5cf-54201efdc822",
21    "operator_id": "ACS-0008P-BPCE-EWL",
22    "url": "https://natixispaymentsolutions-3ds-vdm.wlp-acs.com/acs-challenge-browser-service/challenge/challengeRequest/browserBase",
23    "challenge_mandated": true,
24    "authentication_type": "03"
25  },
26  "response_code": "Y",
27  "challenged": true,
28  "cryptogram": "<authentication value>",
29  "transaction_type": "goods_service",
30  "eci": "05",
31  "session_secret": "<secret>",
32  "scheme": "cartes_bancaires",
33  "scheme_info": {
34    "name": "cartes_bancaires",
35    "avalgo": "2"
36  },
37  "authentication_date": "2022-05-20T15:13:47.1865419Z",
38  "xid": "64bffd02-9e4a-49e7-8319-cac119ad1adb",
39  "card": {
40    "instrument_id": "src_brtjjnw3ynmebi37dk7kbtbxru",
41    "fingerprint": "93206CDE658E580AC8643AD72AC9D6A8FBF6FED4BDF19FF9AC3F32E7BC18D617",
42    "metadata": {
43      "card_type": "DEBIT",
44      "card_category": "CONSUMER",
45      "issuer_name": "Test Bank",
46      "issuer_country": "FR",
47      "product_id": "F",
48      "product_type": "Visa Classic"
49    }
50  },
51  "flow_type": "challenged",
52  "challenge_indicator": "no_preference",
53  "customer_ip": "1.12.123.255",
54  "_links": {
55    "self": {
56      "href": "https://api.checkout.com/sessions/sid_3tlg67seotkuhkrw7bicpblcxy"
57    },
58    "success_url": {
59      "href": "https://example.com/payments/success"
60    },
61    "failure_url": {
62      "href": "https://example.com/payments/failure"
63    }
64  }
65}

When the customer has chosen their preferred brand, you must include it in the processing.preferred_scheme field in your payment request.

To utilize exemptions, you'll need to submit the corresponding exemption in the 3ds.exemption field.

Information

To simulate a payment for testing, use the Cartes Bancaires test card.

For the full specification, see our API reference.

post

https://api.checkout.com/payments


1{
2  "source": {
3    "type": "card",
4    "number": "4010050999999999904",
5    "expiry_month": 11,
6    "expiry_year": 2024
7  },
8  "3ds": {
9    "enabled": true,
10    "exemption": "low_value"
11  },
12  "amount": 1000,
13  "capture": false,
14  "currency": "EUR",
15  "processing_channel_id": "{{processing_channel_cb}}",
16  "success_url": "https://example.com/payments/success",
17  "failure_url": "https://example.com/payments/failure",
18  "processing": {
19    "preferred_scheme": "cartes_bancaires"
20  }
21}

If you process recurring transactions or merchant-initiated transactions (MITs), the subsequent MITs must be processed using the same scheme as the initial cardholder-initiated transaction (CIT). You must set the processing.preferred_scheme as the customer-chosen scheme from the initial payment.

If you use Standalone (Sessions) for authentication, you can use our simplified integration and authorize payments by setting "enabled": true and using the identifier from the Standalone (Sessions) API response. Using this integration will also allow you to have a consolidated view that links the authentication to the payment in your Dashboard.

If you are authenticating the transaction prior to requesting a payment:

the 3ds.enabled field must be set to true
the processing.preferred_scheme field must be set to the scheme that authenticated the payment

Additional 3DS data is required by CB for authorization, as specified by the field names in the following table. If you are using our Standalone (Sessions) authentication product, refer to the Request authentication section, as well as the table.

The eci value is not required by the CB scheme and it may not be present in the ARes (frictionless flow) or RReq (challenge flow) messages. For compatibility reasons, the access control server (ACS) may send it in the ARes message according to other payment schemes, particularly in the case of co-badged cards.

Field name	Description	Applicable to	Sessions response
`3ds.challenge_indicator` required	The challenge indicator submitted in 3DS authentication.	Mandatory for CB.	`challenge_indicator`
`3ds.cryptogram` required	The authentication value.	All schemes.	`cryptogram`
`3ds.flow_type` required	Indicates whether the 3DS authentication was challenged or frictionless.	Mandatory for CB.	`flow_type`
`3ds.version` required	The protocol version for 3DS.	All schemes.	`protocol_version`
`3ds.xid` required	The DS transaction ID from 3DS.	All schemes.	`xid`
`3ds.authentication_amount` conditional	The authentication amount.	Mandatory for CB.	`amount`
`3ds.authentication_date` conditional	The authentication date and time, in ISO-8601 format.	Mandatory for CB.	`authentication_date`
`3ds.exemption` conditional	The exemption applied during a frictionless Fast'R authentication.	Required for CB when `flow_type` is `frictionless` or `frictionless_delegated`. Not required for CB when `exemption.applied` = "none" in the Standalone (Sessions) response. Do not send the `3ds.exemption` field in this scenario.	`exemption.applied`
`3ds.status` conditional	For 3DS, this is the transaction status of ARes or RReq.	All schemes. Mandatory for CB.	`response_code`
`payment_ip` conditional	The IP address that is collected during authentication must be passed in the authorization message for CB transactions.	CB. Include for best performance.	`customer_ip`
`3ds.cryptogram_algorithm` optional	The algorithm used by the Issuer ACS to calculate the authentication cryptogram. This is the AVALGO data returned in CB authentication.	CB.	`scheme_info.avalgo`
`3ds.eci` optional	The Electronic Commerce Indicator returned from authentication.	All schemes. Optional for CB. However, include `eci` if available.	`eci`
`3ds.score` optional	The risk score calculated by the Fast'R Directory Server (DS).	CB.	`scheme_info.score`
`processing.preferred_scheme` optional	The preferred scheme for co-badged card payment processing. If using third-party authentication before requesting the payment, set the value to the scheme that authenticated the transaction. If left unspecified, this defaults to CB.	CB co-badged card payments.	`source.scheme`


1{
2  "source": {
3    "type": "card",
4    "number": "4010056200000018",
5    "expiry_month": "1",
6    "expiry_year": "2030",
7    "cvv": "123"
8  },
9  "amount": 30,
10  "currency": "EUR",
11  "capture": true,
12  "3ds": {
13    "enabled": true,
14    "eci": "05",
15    "cryptogram": "ABADAhaHNAAAEFgmBYc0AAAAAAA=",
16    "xid": "9cd6ae9a-6123-4dc9-b5ce-a3068de19bed",
17    "version": "2.1.0",
18    "authentication_date": "2022-05-19T09:42:44.2449933Z",
19    "authentication_amount": "30",
20    "challenge_indicator": "no_challenge_requested",
21    "flow_type": "frictionless",
22    "status": "Y",
23    "exemption": "low_value",
24    "score": "90",
25    "cryptogram_algorithm": "1"
26  },
27  "processing": {
28    "preferred_scheme": "cartes_bancaires"
29  },
30  "processing_channel_id": "pc_lpbekttn6uzu3gm6ecfdc3xxie"
31}


1{
2  "id": "pay_dafxh65xirdu7bpigwvumodbzi",
3  "action_id": "act_pyy366dbghaevh7hlsudnexmtm",
4  "amount": 30,
5  "currency": "EUR",
6  "approved": true,
7  "status": "Authorized",
8  "auth_code": "099565",
9  "response_code": "10000",
10  "response_summary": "Approved",
11  "balances": {
12    "total_authorized": 30,
13    "total_voided": 0,
14    "available_to_void": 30,
15    "total_captured": 0,
16    "available_to_capture": 30,
17    "total_refunded": 0,
18    "available_to_refund": 0
19  },
20  "risk": {
21    "flagged": false
22  },
23  "source": {
24    "id": "src_vg6pj2d4bv5e7acl34fri27sjq",
25    "type": "card",
26    "expiry_month": 11,
27    "expiry_year": 2022,
28    "scheme": "Visa",
29    "scheme_local": "cartes_bancaires",
30    "last4": "6225",
31    "fingerprint": "CF8F2166285885F45ECFA069581990B03D135352F91FB33623761715C243955F",
32    "bin": "456100",
33    "card_type": "DEFERRED DEBIT",
34    "card_category": "CONSUMER",
35    "issuer": "Test Bank",
36    "issuer_country": "FR",
37    "product_id": "P",
38    "product_type": "Visa Gold",
39    "avs_check": "U",
40    "cvv_check": "Y"
41  },
42  "processed_on": "2022-05-19T09:42:44.5813445Z",
43  "eci": "05",
44  "processing": {
45    "acquirer_transaction_id": "039232",
46    "retrieval_reference_number": "039232"
47  },
48  "expires_on": "2022-06-18T09:42:44.5813445Z",
49  "_links": {
50    "self": {
51      "href": "https://api.checkout.com/payments/pay_dafxh65xirdu7bpigwvumodbzi"
52    },
53    "actions": {
54      "href": "https://api.checkout.com/payments/pay_dafxh65xirdu7bpigwvumodbzi/actions"
55    },
56    "capture": {
57      "href": "https://api.checkout.com/payments/pay_dafxh65xirdu7bpigwvumodbzi/captures"
58    },
59    "void": {
60      "href": "https://api.checkout.com/payments/pay_dafxh65xirdu7bpigwvumodbzi/voids"
61    }
62  }
63}

Cartes Bancaires

Confirm the card brand choice

Use Frames

Request authentication

Exemptions

Information

Secure corporate payment

Standalone authentication requirements

Endpoints

Request example

Frictionless – response example

Pending challenge completion – response example

Challenge completed

Request example

Response example

Request a payment

Information

Endpoints

Request example

Recurring or merchant-initiated transactions

3D Secure payments with our standalone Authentication product

3D Secure payments with a third-party provider

Request example

Response example