WL SIPS DOCS

Release 25.4

go directly to content

Search by keywords

  1. Release notes
  2. Release note 25.4

Release note 25.4

To search in the page use Ctrl+F on your keyboard

  • CVCO
  • Javascripts
  • CB2A 1.6.2
  • consistency authentication authorisation
  • Acquirer response codes

This document gives you a functional content preview of the Worldline Sips 25R4 release.

It is separated into two parts: :

  • New additions to the Worldline Sips Solution
  • Regulatory changes

If you would like to benefit from those new features, please get in touch with your usual Worldline Sips contact for our current customer else contact to sips@worldline.com.

Deliveries in production: 23/06/25 to 11/07/25.

New features of the Worldline Sips Solution

Chèques-Vacances Connect (CVCO): change in capture methods and modification of the management of the acquirer response code for Time out

Today, CVCO accepts capture modes: IMMEDIATE, VALIDATION, AUTHOR_CAPTURE.

After the 25R4 release, only the IMMEDIATE capture mode will be recognized. If after this change merchants send captures in VALIDATION or AUTHOR_CAPTURE mode, Worldline Sips will change them to IMMEDIATE capture-mode in order to accept transactions.

Regarding the management of the acquirer response code for timeout (Acquirer ResponseCode 60), the status of the transaction will no longer change to the TO_CONFIRM_CAPTURE status but to the PENDING status. This evolution will allow for a faster response from the buyer (CAPTURE or REFUSED).

The online documentation will be updated soon.

Evolution PCI DSS : Addition of INTEGRITY and NONCE parameters in the Javascripts of Paypage and Hosted Field

In accordance with the PCI DSS 4.0 standard, specifically in chapter 6.4.3, which concerns JavaScript security, we implement the use of an “integrity” keyword (SHA-384) for the loading of JavaScript scripts external to our pages and a “nonce” keyword for “inline” JavaScript scripts in our checkout pages.

Keys points:

  • “Integrity” keyword (SHA-384): Each JavaScript script we use will be associated with a SHA-384 hash This will allow browsers to perform an integrity check before running the script. The syntax will be as follows: <script src=" URL_AND_JAVASCRIPT_LIBRARY_NAME " integrity="sha384-HASH_VALUE"></script>

  • “Nonce” keyword: A nonce will be generated for each inline JavaScript entry in each iFrame (card number, validity date, etc.), adding an extra layer of security. Each “nonce” will be unique per iFrame and cannot be reused. The syntax will be as follows: <script nonce="NONCE_VALUE"> // …</script>

For merchants using the SipsHosted Fields feature, in order to ensure your PCI DSS compliance, we recommend you to modify your implementation to ensure the integrity of the library with the keyword “integrity”. In order to provide you with the best possible support, the online documentation will soon be enriched. For merchants using the PayPage feature, no action is required as your payment pages are hosted and managed solely by Worldline Sips.

Provision of authorisation reattempt conditions for CB2A 1.6.2 protocol

The Visa and Mastercard schemes may financially penalize acquirers who allow authorization requests to be replayed on declined transactions in an untimely manner, regardless of the type of refusal.

As a result, the acquirers are setting up information for merchants in the responses to refused authorisation requests, where the conditions under which a replay is possible are specified.

This information are now available for contracts with an acquirer using the CB2A 1.6.2 protocol.

Worldline Sips provides you with this information in the following data:

  • reattemptMode: condition for an attempt following a refused authorisation; can take the values NEVER (never try again), LATER (try again later) or UPDATE (update the information before trying again);

  • reattemptMax: maximum number of attempts to apply for authorisation during the permitted replay period;

  • reattemptStartDateTime: start date of the replay period when a new attempt to request authorisation for a rejected transaction is allowed;

  • reattemptEndDateTime: date of the end of the replay period when a new attempt to request authorisation of a rejected transaction is allowed.

Added a consistency check between authentication and authorisation data

In order to maintain a higher level of security, a consistency check between authentication and authorisation data will be carried out. This check can only be executed if the 3DS authentication and authorisation are managed by the Worldline Sips platform.

Addition of new acquirer response codes for CB2A 1.6.2 and 1.6.3 protocols

Worldline Sips has implemented the support of new acquirer response codes, introduced by CB2A 1.6.2 and 1.6.3 protocols:

These new codes may be returned in the acquirerResponseCode data in response to refused authorisation requests, and aim to specify the type of the refusal.

Regulatory changes

N/A

Back to top Need help?

This site uses trackers to improve your experience, perform analysis and researches on your use of WL Sips documentation website.
You have several options:
Closing this banner you refuse the use of trackers on your device.

Configuration