Help Center

Found 100 out of 200

Chargeback (transaction dispute)

Chargeback comes from the English words «charge» (debit) and «back» (return), which literally means «return of funds back». This term refers to the procedure by which a bank refunds money to the payer after funds were mistakenly or fraudulently withdrawn from their account.

It is a consumer protection mechanism that allows the cancellation of credit or debit transactions and the return of funds if the customer did not authorize the purchase, did not receive the goods or services, or if billing errors occurred.

Participants in a chargeback

The chargeback process involves:

Customer: Initiates the chargeback through the issuing bank (the bank that issued the card).
Issuing bank: Conducts the investigation and, if necessary, refunds the money to the customer. In Israel, the issuing banks can be Isracard, CAL, MAX and few others.
Merchant (seller): Must provide evidence of the legitimacy of the transaction. If the chargeback is justified, the merchant refunds the money to the bank.

Possible reasons for a chargeback

The customer requested a refund because they did not recognize a charge in the bank statement or forgot about an actual payment.
The goods or services were not provided by the merchant.
Fraudulent charges were made on the card without the customer’s knowledge (the card was stolen or compromised).

Chargeback procedure

After the customer files a request, the issuing bank opens a case, determines the reason for the chargeback, and decides whether to return the money to the customer or leave it with the merchant. As part of the investigation, the bank will contact the merchant and request proof of service delivery.

In Israel, according to the Payment Services Law of 2020, if a transaction is considered an «insufficient documentation transaction» (i.e., made without the physical presence of the card, which applies to all online payments), the customer receives a full refund if they contact the issuing bank within 30 days of receiving the charge notification.

Thus, the law provides significant protection for the consumer but can also lead to fraud and cancellations of legitimate transactions where the customer actually received the agreed service. Therefore, merchants are advised to collect and keep evidence of goods or services provided to the customer, especially for large amounts (e.g., contracts, receipts, emails, delivery confirmations).

If the bank establishes that the funds were withdrawn from the customer’s card illegally, they will be returned to the customer and deducted from the merchant’s balance.

Risks for merchants

Frequent chargebacks can have serious consequences for merchants. The main risk is financial loss due to refunds to customers. However, that is not the only risk:

Fines and fees: Banks may impose fines for each chargeback, increasing financial pressure on the business.
Deterioration of banking relationships: Frequent chargebacks can damage relationships with acquiring banks. This can lead to higher fees, worse cooperation terms, or even termination of the contract.
Risk of being blacklisted: A high chargeback rate can result in being added to blacklists of payment systems, making it difficult to work with new acquirers and other financial institutions.
Loss of reputation: Frequent chargebacks can damage the merchant’s reputation, creating distrust among customers and partners.

Tips for prevention

To minimize chargeback risks, merchants should take the following measures:

Use secure payment methods: Activate 3DS for payments — a two-factor authentication method where the bank asks the customer to confirm the payment via the banking app or by entering an SMS code.
Improve communication with customers: Quick and transparent communication helps avoid misunderstandings. It is important to respond to customer inquiries promptly and provide full information about goods and services.
Collect and store evidence: Systematically keep all documents confirming the provision of services or delivery of goods. This will help protect the business in case of a chargeback.
Clear refund policy: A transparent and easy-to-understand return policy can reduce the number of chargebacks, as customers will know how to return a product or cancel a service.

Fees

The average fee charged for handling a chargeback is 50 ILS.

Keep reading

Payouts

Security

3-D Secure

3DS is a technology that adds a layer of security to online payments by requiring the cardholder to confirm the payment in the bank's app or by entering a one-time SMS code.

It is used to protect against fraudulent transactions, helping businesses reduce risks of chargeback requests.

Connecting and configuring

You can activate 3DS and set the minimum payment amount from which it will be applied in the Settings ➙ Modules ➙ 3DS

Commission

An additional fee is charged for each payment processed with 3DS, according to the pricing.

The fee is applied even if the payment is unsuccessful — for example, when the cardholder confirms the payment via 3DS, but the bank declines the transaction.

Keep reading

Security

Payouts

A payout is a transfer of money from your received payments to your bank account, minus fees.

Payouts are made automatically once a month, on the 6th. The payout includes payments that were received in the previous month.

It usually takes up to three business days for the money to appear in your bank account.

The minimum payout amount is 100 ILS, USD, or EUR.

Installment payments are transferred once a month, as money is charged from the customer’s card.

Payment processing time

After a customer makes a payment, it is processed within 3–7 business days. Once processed, the payment is assigned a payout date — the 6th day of the following month.

For example, if a payment is processed on August 25, it will be paid out on September 6. If it is processed on September 2, the payout date will be October 6.

This means there may be cases when a payment is made at the end of one month but processed in the next. In such cases, the payout will be shifted by an additional month. For instance, a payment made on August 30 may be processed on September 2 and therefore will be paid out only on October 6.

You can check the payout date of each payment in its details by clicking the “Details” button.

Fees

If a payout is less than 5,000 ILS, the acquiring bank charges a fee of 17.58 ILS (including VAT).

To avoid this fee, you can set payouts to happen only after the balance reaches 5,000 ILS.

Manual payouts

You can turn off the automatic payout on the 6th. In this case, the payout balance will grow each month, and the money will wait until you request it.

There are three payout options:

Automatic on the 6th. Each month on the 6th, all available funds in the balance are paid out automatically.
Automatic after reaching a set amount. The balance is topped up on the 6th of each month and will be paid out once it reaches the amount you choose. For example, if you set 5,000 ILS, you will not pay the small-payout fee.
Manual payouts. The balance is topped up on the 6th, but you decide when to request the payout.

Notifications

You can get payout notifications by e-mail or in Telegram. They can be set up in Settings ➙ Notifications.

Bank account for payouts

Payouts are sent only to the business bank account you gave during registration. You can check it in the settings.

To change the account, you need to provide a bank document with the details of the new account.

Refunds

If you made refunds to customers during the month, these amounts will be deducted from your next payout.

Breakdown and documents

On the 11th of each month, a record appears in the payout history with two documents:

A breakdown of all payments for the previous month with the fees shown.
A fee receipt, which can be used for accounting.

Weekly payouts

If you want to receive payouts more often than once a month, see the article: “Weekly payouts”.

Keep reading

Payouts

Popular

Why a customer sees two charges after payment

Sometimes customers contact sellers complaining that their card was charged twice for the same purchase. In fact, no double charge occurs.

How the payment process works

Each card payment goes through two stages:

Authorization (pending)
The bank temporarily blocks the amount on the customer’s card. In the banking app or statement this appears as a separate transaction. The funds are not yet charged, only reserved.
Capture (final charge)
After the transaction is confirmed, the funds are charged.

Some banks display these two stages as separate transactions, so it may look like two charges. In reality, the money is taken only once.

Why this happens

The way transactions are displayed depends on the card-issuing bank and the type of card.

In some banks the authorization disappears immediately after the charge, while in others it may remain for several days or even weeks. Later it disappears from the statement or merges with the second entry.

What to tell the customer

Check in your Allpay dashboard that the payment really went through only once.
Explain to the customer that the first entry is a temporary authorization and the second is the actual charge. If the authorization temporarily reduced the balance, the funds will be returned.
If the customer still has doubts, recommend that they contact their bank to verify the status of the transactions.

Keep reading

Payment methods

Errors

Displaying the amount in a different currency (USD, EUR, etc.) instead of shekels

International customers find it easier to view prices in their own currency, while businesses prefer to receive funds in shekels without losing money on conversion. For this, a multi-currency price format is available.

To display the amount on the payment page in dollars (USD) or euros (EUR), go to Settings ➙ Payment links and enable the «Multi-currency price format» toggle. Then select the desired currencies from the dropdown list.

Now, when creating a payment link, a currency toggle will appear below the amount. If you select USD, the amount will be shown in dual format, for example: 100 USD (350 ILS).

This is not the transaction currency, but only the display format of the amount on the payment page. The transaction will be processed in ILS at the current exchange rate, and the receipt will be issued in ILS. The exchange rate source is Google Finance.

The exchange rate is calculated at the moment the customer opens the payment link.

If the customer’s card is in dollars, their bank will automatically convert the amount to ILS at its own exchange rate. You will receive the full payment amount in shekels.

If you need to receive payments in a foreign currency instead of shekels, see the article Accepting payments in USD and EUR.

Missing a currency?

If the currency you need is not listed, please contact support.

Integrations

‍The payment request sent from your website includes two parameters: the currency and the payment amount. For example, if the currency is CAD (Canadian dollar), the payment button will display the amount in both CAD and ILS. The system will convert Canadian dollar to shekels and charge the customer’s card in shekels.

Keep reading

Payment links

Subscriptions (recurring billing)

Subscriptions are recurring charges from the customer’s card without the need to re-enter card details. In Hebrew, this is called "Oraat Keva", which literally means "standing instruction".

Activate the subscriptions module in the Settings → Modules section.

Creating a subscription

1 When creating a payment link, expand the “Additional” section and change the payment type to “Subscription”.

2 Specify when the subscription should start and end, then click the “Create Link” button.

3 Once the customer subscribes using this link, the subscription will appear on the main screen under the “Subs” (Subscriptions) menu.

Subscription start options

Immediately — the first charge will occur at the moment the subscription is created, and then recur on the same day each month.

‍In N days — the first charge will occur after the specified number of days from the subscription start date, and then continue monthly on that same day.“Date” — the first charge will occur on the selected date. If the selected date is in the past, the subscription cannot be created.

‍Day of month — the first charge will occur on the specified day of the month and repeat monthly on that same day. If the selected day matches the subscription start date, the charge will happen immediately. If the 30th or 31st is selected but the month doesn’t have that date, the charge will occur on the last day of the month (e.g., February 28th).

Date — the first charge will occur on the selected date. If the selected date is in the past, the subscription cannot be created.

Subscription end options

No end date — charges will continue until the subscription is manually canceled in the dashboard.

Date — charges will continue until the selected date. For example, if the end date is set to August 15, 2030, and charges occur on the 16th of each month, the last charge will take place on July 15, 2030, and there will be no charge in August.

After N charges — the subscription will end after the specified number of charges. For example, to create a one-year subscription, set it to 12.

Subscription statuses

Active — charges are being processed successfully.

Completed — all scheduled charges have been successfully processed.

Cancelled — you manually cancelled the subscription charges.

Failed — a charge attempt failed; the system will make up to 6 more retry attempts.

Tracking subscriptions

Charges from subscriptions appear in two sections:

On the main payments screen, alongside other payments;
In the “Subs” section, where you can view the full charge schedule for each subscription.

Notifications about subscription charges are sent by email and Telegram — just like regular payments — if the notification option is enabled in Settings ➙ Notifications.

Cancelling a subscription

In the settings of the desired subscription, select “Cancel subscription”. The customer will receive an email notification that their subscription has been cancelled.

It is not possible to resume charges on a cancelled subscription. The customer will need to re-subscribe.

Failed charge

A scheduled subscription charge may fail if the card has insufficient funds, the credit limit is exceeded, the card has expired, or it has been cancelled.

If a charge fails, the system will automatically make up to 6 more attempts — one per day. If all attempts fail, the subscription will remain in “Failed” status, and the charge history will include a note: “Subscription stopped”.

In the subscription management menu, a “Retry charge” option will appear, allowing you to manually initiate a new charge. Before retrying, we recommend checking with the customer to make sure their card is working properly.

Subscriptions vs installments

Since installment payments work only with Israeli credit cards, some businesses use subscriptions to collect payments from international customers in multiple parts.

It’s important to understand the difference: With installments you are guaranteed to receive the full amount — even if the customer’s card has insufficient balance on future dates. With subscriptions, each charge is a separate transaction, and if the card has no funds at the time of billing, the charge will fail.

Keep reading

Payment links

Webhooks

Webhook is an automatic event notification sent by the Allpay system to an external URL.

When a payment is successfully completed, Allpay sends a POST request to the specified address. The request contains full payment details, including the buyer's name, the payment description, and the amount.

Developers and integrators use webhooks to:

automatically trigger actions (e.g. activating an order or sending an email to the customer),
synchronize data between systems,
eliminate the need for manual payment status checks.

Even types

Currently, Allpay supports a webhook for one event only — successful payment.

For subscriptions, the webhook is automatically sent to the specified URL each month after a successful recurring charge.

Where to configure a webhook

A webhook is configured separately for each payment link or API integration:

Payment link — in the settings of that specific link. In this case, the webhook will be sent for every payment made via that link.
API integration — in the settings of a specific integration under the API Integrations section. This allows you to receive webhooks for all payments processed through that integration — for example, from your site on WordPress, or another platform.

Allpay does not have a centralized webhook setting for all payments. This approach gives you flexible control over notifications across different channels.

Webhook request contents

Allpay sends a POST request to the specified URL. The request body is a JSON object containing parameters related to the event.

Example request

POST /tjefkki4vvsvfyhrmudkr571bvjxw5g7 HTTP/2
Host: hook.eu2.make.com
accept: */*
content-type:application/json
content-length: 653

{
    "name": "Test payment",
    "items": "[{\"name\":\"Test payment\",\"price\":10,\"qty\":1}]",
    "amount": "10",
    "status": 1,
    "client_name": "Tanur Mikrogalov",
    "client_email": "test@allpay.co.il",
    "client_tehudat": "",
    "client_phone": "",
    "foreign_card": "0",
    "card_mask": "407517******9285",
    "card_brand": "visa",
    "receipt": "https:\/\/www.allpay.co.il\/receipt.pdf",
    "sign": "2367eefa04752fae489fc233670fce599be9083af8c9a581d4c7684ec33c0114"
}

‍

Each payment for which a webhook was sent is marked with a corresponding label. By clicking on this label, you can view the full contents of the request.

add_field parameter

If you add ?add_field=any-string to the payment link URL, this parameter will be included in the Webhook request body. Learn more.

Webhook security

Allpay supports two methods for verifying the authenticity of webhook requests:

Verification using the Webhook secret key

This method relies on an HMAC signature based on the SHA256 algorithm.

Signature generation algorithm:

Remove the sign parameter from the request.
Exclude all parameters with empty values.
Sort the remaining keys in alphabetical order.
From the sorted list, take the parameter values and join them into a single string using a colon (:) as a separator.
Append your Webhook secret key to the end of the string, preceded by a colon.
Apply the SHA256 algorithm to the resulting string.
Compare the result with the sign parameter received in the request.

Platforms like Zapier support this type of verification using built-in tools, such as a custom script in Code by Zapier.

Example JavaScript for Zapier

const webhookKey = "YOUR WEBHOOK SECRET KEY";

// Parse the input params from JSON string to an object
const params = JSON.parse(inputData.params || '{}');

// Store the original signature from the request
const requestSignature = params.sign || null;

// Remove the 'sign' parameter before calculating the signature
delete params.sign;

function getApiSignature(params, webhookKey) {
    // Filter out empty values and sort keys alphabetically
    const sortedKeys = Object.keys(params)
        .filter((key) => {
            const value = params[key];
            return value !== null && value !== undefined && String(value).trim() !== '';
        })
        .sort();

    // Collect the values in sorted key order, process nested arrays (like "items")
    const chunks = [];
    sortedKeys.forEach(key => {
        const value = params[key];
        if (Array.isArray(value)) {
            value.forEach(item => {
                if (typeof item === 'object' && item !== null) {
                    Object.keys(item).sort().forEach(subKey => {
                        const val = item[subKey];
                        if (val !== null && val !== undefined && String(val).trim() !== '') {
                            chunks.push(String(val).trim());
                        }
                    });
                }
            });
        } else {
            chunks.push(String(value).trim());
        }
    });

    // Build the string to hash
    const baseString = chunks.join(':') + ':' + webhookKey;

    // Generate SHA256 hash
    const crypto = require('crypto');
    const hash = crypto.createHash('sha256').update(baseString).digest('hex');

    return { baseString, verifiedSignature: hash };
}

// Generate the signature
const result = getApiSignature(params, webhookKey);

// Return the original and calculated values
output = {
    requestSignature: requestSignature,
    baseString: result.baseString,
    verifiedSignature: result.verifiedSignature
};

‍

Demo of webhook verification on Zapier

‍

IP address verification‍

A simpler but less secure method is to check that the request comes from Allpay’s server IP address. You can request the current IP address by contacting our support team.

Retries and webhook deactivation

Your service must return a 200 HTTP status code to confirm successful receipt of the webhook. If any other status code is returned, the system will attempt to resend the webhook up to three more times. After that, the request will be considered failed and will not be retried.

If Allpay repeatedly encounters delivery errors when attempting to send webhook requests, the corresponding webhook will be automatically deactivated to prevent further attempts.

Keep reading

API

Integrations

Passing parameters through the payment link URL

This feature allows you to manage the payment amount via URL, pass customer data filled out on your platform to the payment page, and control the customer's path after a successful payment.

First, you need to create a payment link in the Allpay dashboard and set its type to Customer indicates amount.

You can add the parameters amount for the payment amount, client_name, and client_email for customer data to the payment link URL.

For example, https://allpay.to/~pay/dynamic?amount=100&client_name=Jason%20Statham&client_email=jason@go.com

‍
If the values for the parameters client_name and client_email are not specified, we will request them from the customer during payment.

This way, you can use a single payment link for all customers, specifying an individual amount for each of them.

Product name

The product or service name cannot be transmitted this way, as it creates opportunities for manipulation. For example, it could allow an altered or inappropriate product name to be automatically included in the receipt generated after payment.

Parameters lang and client_tehudat

lang — language of the payment page. It is auto-detected by the customer's browser language, but you can control it by passing values AR (Arabic), EN (English), HE (Hebrew), or RU (Russian).

items — name and quantity of the product. If not provided, the name specified when creating the payment link will be displayed. The ability to pass this parameter through the URL is currently under development.

client_tehudat — the Tehudat Zehut (Social ID number). This is included in the payment receipt. To hide this field from the page, pass nine zeros.

Parameter add_field

You can also use the parameter add_field, the value of which will be passed unchanged in the redirect URL after a successful payment (see the article Redirect after payment for how to set up the redirect URL).

For example, https://allpay.to/~pay/dynamic?amount=100&add_field=any_text

In the example above, the parameter add_field=any_text will be passed unchanged in the redirect URL after payment. This allows you to track conversions, direct the customer to the desired stage of your chatbot funnel, and perform other necessary actions after payment.

If needed, you can set the value of add_field to a string with multiple parameters and parse them on your server side. For example, add_field=par1-value1,par2-value2.

If Webhook sending is enabled for the link, the add_field parameter will be included in the request body.

Video tutorial

Creating payment forms

Using this approach and basic web development skills, you can create payment forms for placement on your website. These forms do not replace full capacity of our API but provide a simple and convenient solution for accepting payments.

You can allow customers to select product modifications or quantities, calculate the total based on selected options, and redirect the customer to proceed the payment.