Frequently Asked Questions

You can click for ParamPOS application process: https://param.com.tr/param-sanal-pos

Whether a company will work with Param is determined only after the relevant departments evaluate the application. However, generally, virtual POS services cannot be provided to businesses in the categories of gambling, betting sites, sale of alcoholic beverages, sale of tobacco products, sale of firearms, services/products with erotic and/or pornographic content, sites supporting political views, sites promoting violence and/or crime, sale of live animals, sale of prescription drugs and/or narcotics, firms selling through call centers, sites selling listening devices, forex services, auction sites, sale of replica or counterfeit products, and dating sites.

https://kurumsal.param.com.tr you can reach from the internet branch.

https://kurumsal.param.com.tr/Param_MultiLogin.aspx You can add or delete IPs under "ParamPOS > My Integration Information" submenu.

SSL certificate is mandatory for ParamPos application. You can choose any level of package as SSL certificate.

Customer Satisfaction and Increased Transaction Volume

Virtual POS enables e-commerce companies to convert individual buyers into loyal customers with membership systems and card storage features, instilling trust. In an environment where credit card or bank card information is shared, and high limits and large personal accounts are discussed, customers must primarily feel secure. The more secure they feel about their information and cards, the more frequently they will shop from that e-commerce company, turning it into a habit. Additionally, e-commerce companies without an SSL certificate may be liable to pay substantial damages if customers' card information is maliciously copied and used by third parties.

What is SSL?

SSL (Secure Sockets Layer) is a security protocol that encrypts the transfer of information entered into an internet browser. Data traffic is encrypted, making it unreadable to others, and personal information such as credit card details cannot be intercepted while in transit.

For anyone concerned about data security in the digital world, SSL is essential. With online shopping, the security and protection of personal data such as names, addresses, and emails, along with card information, become even more crucial.

Prevents Malicious Use

E-commerce websites with an SSL certificate can be identified as secure by using https:// instead of http:// in the address bar. This is because a trusted company has verified the SSL certificate, allowing the site to use https://. During transactions on sites with this certificate, credit card information is encrypted and sent to the payment processor, making it extremely difficult to intercept and misuse the encrypted combination of passwords and personal data, thereby preventing sharing or copying with third parties for malicious purposes.

Who Can I Get Support From for SSL Installation?

SSL installation can be easily done. If you have no previous experience with this:
· If you use a ready-made e-commerce infrastructure, you can get support from your infrastructure provider.
· If you have an open-source or custom software website, you can get support from your hosting provider. The hosting company will assist you with SSL installation for your site.
· If you plan to complete the SSL setup on your site yourself, you can find detailed information at https://movingtohttps.com.

Due to the necessity of updating our web services to the latest TLS version, HTTPS connections to our web services must use TLS 1.2.

Changes Required in .NET Environment;

The security protocol should be set to Tls 1.2 before calling the web service as follows:

                          
                            System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
                            st_odeme = ws.TP_Islem_Odeme(st, SanalPOS_ID, ....)
                        
                        
                    

Changes Required in PHP Environment;

The security protocol should be set to Tls 1.2 before calling the web service as follows:

                        $mode = array
                        (
                        'soap_version' => 'SOAP_1_1',
                        'trace' => 1,
                        'stream_context' => stream_context_create(array(
                        'ssl' => array(
                        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT,
                        )
                        ))
                        );
                        $client = new SoapClient($Webservis_WSDL_URL, $mode);   
                    

If you encounter any issues, please send your request to [email protected].

Payment Card Industry Security Standards, established by a council known as the PCI Security Standards Council, which includes members such as Visa, American Express, MasterCard, and Discover Financial Services, refer to the security standard set to ensure data security in payment card systems.

It aims to prevent losses and data breaches (theft and misuse of data) typically occurring in e-commerce transactions conducted through virtual POS providers and banking institutions. It involves processes such as Network Security, Vulnerability Scanning, and Access Control to detect non-compliance with security standards on servers and software where credit card transactions are processed. PCI DSS compliance scanning must be repeated four times a year at three-month intervals, and the scan results must be reported to the relevant financial institution.

Organizations conducting credit card transactions over the Internet are obligated to perform PCI DSS compliance scans to verify that their environments meet PCI standards. Comodo's PCI DSS Scanning service conducts remote security scans for your e-commerce system to check if your application and server, where your e-commerce system operates, comply with the standards set by PCI CSS, and provides reports. In systems where a specific volume of transactions occurs, the financial institution acting as the virtual POS provider often requires PCI DSS scanning.

3D Secure system is a system supported by international card organizations that enables secure e-commerce transactions. With 3D Secure, transaction security is ensured, and merchants are protected from cardholders' claims that transactions are not authorized by them. It is a three-dimensional security protocol that verifies and protects the flow of information between the cardholder, the website (merchant), and the bank using special codes and keys.

With ParamPOS assurance, your payments are credited to your account the next day.

22 banks and 8 card brands Axess-Bonus-Combo-Finans/Advantage-Maximum-Paraf-SağlamKart-World

After logging into your Param panel, you can access the receipt information from the “Finance > Accounting > Report > Receipt Inquiry” screen.

The lower limit varies from bank to bank. We recommend that you make transactions with at least 5 TL in payment transactions.

After logging in to your money panel, you can set the notification option from My Card > Contact tab.

You can access the param logo and images at https://param.com.tr/basin-medya-kiti

Occasionally, during payment transactions with banks, a timeout error may be returned as a response. We return this response from the bank to our member merchants within the Response.

Since a transaction timeout from the bank may or may not be processed by the bank, it is necessary to check the current status of the transaction from the bank and initiate cancellation if needed.

With the auto-cancel feature, we monitor this process on your behalf, and if the transaction is successful, it will be canceled after 180 seconds. This feature is optional, and member merchants suitable for this business model can request its setup from our sales support team.

No, canceled or auto-canceled transactions are not reflected on the statement.

Card storage is the secure process of storing customers' credit or debit card information for future transactions. Card storage allows customers to make recurring payments more quickly and easily.

Pre-authorization in payment transactions (also known as authorization hold or pre-authorization) is the process where a certain amount is temporarily blocked or allocated from the cardholder's account before an actual payment transaction is made using a credit or debit card. This is used to verify the validity of the card and to ensure that there is sufficient balance or credit limit available for the payment to be processed.

1. When integrating a virtual POS (Point of Sale) system, you need to set up the virtual POS system. First and foremost, you need to obtain an SSL security certificate. An SSL security certificate provides encrypted connections and verifies the identity of your website. This certificate is essential for secure transactions.
2. After obtaining the certificate, you need to upload the products you will sell on your e-commerce site.
3. Once you have gathered the digital signature circular, ID card, tax certificate, and other necessary documents, you can proceed with the application.
4. After applying, your documents will be reviewed, and you will receive either a positive or negative response. To complete the integration of your virtual POS system, you need to receive a positive response. Assuming there are no deficiencies in your application form and information, your application will be approved, and you can begin using the virtual POS application. If you receive a negative response and have deficiencies, you have the opportunity to complete them and reapply. When you transition to a virtual POS system, the payment information of customers shopping on your e-commerce site is collected during the transaction and sent to the customer's bank. The payment system verifies all data. If the payment is secure and the information is correct, the bank completes the payment. This transaction is reported to both the customer and the bank. The customer can easily view this transaction in their statement or account activity.

You can perform your tests with the test cards in the https://dev.param.com.tr/tr/test-kartlari tab. Test cards only work in the test environment. You can access the test environment information from the integration document.

After integrating with test environment information, we recommend checking the integration test scenarios. You can access the test scenarios at https://dev.param.com.tr/en/api .

After integrating with test environment information, we recommend checking the integration test scenarios. Then, you can email [email protected] to obtain live information.

The 3D Model method operates with dual-stage verification, while the 3D Secure method verifies in a single step. To ensure a more secure, uninterrupted, and seamless process, we recommend integrating our latest method, 3D Model, for new integrations. For the financialization of transactions in the 3D Model method, TP-WMD-Pay method must be invoked. For detailed information about 3D Model integration, please visit https://dev.param.com.tr/en/api/odeme

You can follow the steps on the "Ortak Ödeme Formu" (Common Payment Form) tab at https://dev.param.com.tr/tr/postman

We have integration with Opencart, Woocommerce, Magento, Prestashop, Nopcommerce. Integration modules are available on the open source page.

We have integration with Wix. You can get detailed information from our integration team.

We have integration with Shopify. You can get detailed information about this from our integration team.

We have integration with Paraşüt. You can get detailed information from our integration team.

You can integrate with iFrame. You can get detailed information from our integration team.

When defining an individual seller in the marketplace business model, name-IBAN control is performed through findeks services. Therefore, date of birth is a mandatory parameter in the production environment.

In the marketplace business model, after receiving payment, first, the commission for Param is deducted from the total amount. Then, using the Tutar_Odenecek parameter in the Pazaryeri_TP_Siparis_Detay_Ekle (Marketplace_TP_Order_Detail_Add) service, the specified amount is transferred to the subcontractor, and the remaining amount is transferred to the marketplace owner. In summary, the commission received by the marketplace owner is not predetermined by a parameter. After all transfers are completed, the remaining amount is transferred to the marketplace owner.

It is an error received after MUV contracted merchants miscalculate the Commission amount to the Product amount according to the commission rates determined by them.

In marketplace operations, during the assignment of payments to subcontractors (using the transaction detail add service), if the amount_Product parameter is greater than or equal to the collected amount, this error message is received. The amount_Product parameter should be calculated based on the remaining net amount after deducting Param's commission.

It is an error received as a result of attempting a transaction after the card registered in the system has been deleted in the system.

When trying to open the 3DS HTML form within an iframe or pop-up, it may appear blank in some browsers. As recommended by banks, we suggest displaying the 3DS HTML in a separate page.

Test Environment: https://test-dmz.param.com.tr/turkpos.ws/service_turkpos_test.asmx
Prod Environment: https://posws.param.com.tr/turkpos.ws/service_turkpos_prod.asmx

TC_VN is a unique parameter that specifies the TCKN information of the customer in the sub member addition service.

Please check the hash formula you are using. You can find the relevant hash formulas in the documentation at https://dev.param.com.tr.

You can make foreign currency transactions with the Foreign Card.

Try again by generating a new Siparis_ID.

If the G object containing credential information (CLIENT_CODE, CLIENT_USERNAME, CLIENT_PASSWORD) and the GUID are incorrectly sent, you may receive this error message. We recommend checking the relevant parameters.

Google Chrome Browser SameSite Update

With the update in Google Chrome browsers, cookies not defined as SameSite=None; Secure will default to SameSite=Lax (first-party cookie). This means that first-party cookies can only be accessed from the defined domain/host. If there is a cross-site request (e.g., a POST request from a different domain), cookie access in the browser will be restricted for security reasons.

Chrome Update Timeline:

• February 17, 2020: Initial rollout of SameSite updates to specific users.
• March 2, 2020: Expanded rollout to more users (browsers).
• March 9, 2020: Significant expansion of the rollout to more users (browsers).

This update will continue gradually to cover all Chrome browsers. While a specific date is not set, Chrome considers feedback and issues during this process. Similar updates are expected from other browsers as well.

Example Scenario for SameSite Issue:

A customer visits the checkout page on a merchant's website (the merchant has set a cookie for the customer). The merchant initiates a 3D Secure (3DS) request and prints the HTML content received to redirect the customer to the bank's page (which changes the domain). The customer completes SMS verification. The bank redirects the customer to param, and param redirects to the merchant's result page. Meanwhile, payment-related information is sent to this address via POST method. At this stage, the merchant's system queries the cookie information to recognize the customer or check the cart. If the cookie is not defined as SameSite=None; Secure, Chrome will not allow these cookies to be read. The merchant cannot process the payment or create the order.

Solution for SameSite Issue:

If your param redirects and completes the process with cookie access at the callbackUrl where the result is POSTed, you need to define the relevant cookie as SameSite=None; Secure.

Example Cookie Definition for ASP.NET 4.7.2+:

                    Response.Cookies.Add(new HttpCookie("key", "value")
                    {
                        SameSite = SameSiteMode.None,
                        Secure = true,
                    });
                    

Example Cookie Definition for ASP.NET Core 2.1+

                    Response.Cookies.Append("Key", "Value", new CookieOptions()
                    {
                        SameSite = SameSiteMode.None,
                        Secure = true,
                    });
                    

Example Cookie Definition for ASP.NET 4.7.2+

                        Response.Cookies.Add(new HttpCookie("key", "value")
                        {
                            SameSite = SameSiteMode.None,
                            Secure = true,
                        });
                    

Example Cookie Definition for PHP 7.3

                    setcookie('same-site-cookie', 'foo', ['samesite' => 'Lax']);
                    setcookie('cross-site-cookie', 'bar', ['samesite' => 'None', 'secure' => true]);
                    

Sample Cookie Definition for Versions Prior to PHP 7.3:

                    header('Set-Cookie: same-site-cookie=foo; SameSite=Lax');
                    header('Set-Cookie: cross-site-cookie=bar; SameSite=None; Secure');