Versions Compared

Old Version 5

changes.mady.by.user Admin

Saved on

compared with

New Version 6

changes.mady.by.user Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space ENWORK and version Documentation

...


Payment page (payssl.aspx)Direct integration (direct.aspx)
Credit card number (PAN) handling
  • Directly handled by payment page.
  • Credit card number, expiry date, CVV, ... are requested by the payment form
  • You will not get in contact with PAN, so much easier PCI DSS compliance.
  • You will receive optional a PseudoCardNumber (PcNr) as a
    Multiexcerpt include
    MultiExcerptNamePlatform-Kurz
    PageWithExcerptWording
    internal token to represent the PAN.
  • Your system handles PAN directly, therefore you have "full control".
  • As your system gets in contact with the credit card number (PAN) your system will be in fully PCI DSS focus.
3-D Secure handling
  • You only need to add KVP "MsgVer=2.0" to indicate that your system is ready for 3-D Secure 2.x
  • The rest (redirect to issuer bank for consumer authentication) is handled by the
    Multiexcerpt include
    MultiExcerptNamePlatform-Kurz
    PageWithExcerptWording
    payment page.
  • You only need to add KVP "MsgVer=2.0" to indicate that your system is ready for 3-D Secure 2.x
  • Your system has to consumer redirect to issuer bankj bank in case of consumer authentication
Additional data
  • Additional data can be provided via additional JSON parameters, e.g.:
    • "credentialOnFile" (for recurring payments)
    • address data (for AVS)
    • 3-D Secure policy data
Shop-/System integration
  • The payment page can be customized (logos, colors, positions, ...) to match your corporate identify using templates which can be prepared by you.
  • The consumer is redirected to the payment page to input credit card details (PAN, expiry date, CVV, ...).
  • Your shop is informed via
    Multiexcerpt include
    MultiExcerptNamePlatform-Kurz
    PageWithExcerptWording
    notify for result of payment process.
  • Your system has full control of the input fields for credit card details
  • The consumer is not redirected and your system gets the result of API call via direct response values
Further actions
  • After initiating the payment process you may start further actions like capture or credit/refund, cancellations, ...
  • These actions refer to a previous payment process identified by a PayId - which is fully out of PCI DSS focus.
Conclusion

Recommended for standard integrations - due to easy integration and simplified compliance.

  • Multiexcerpt include
    MultiExcerptNamePlatform-Name
    PageWithExcerptWording
    takes PAN handling for you → simplified PCI DSS handling.
  • You can customize 
    Multiexcerpt include
    MultiExcerptNamePlatform-Kurz
    PageWithExcerptWording
    payment page using templates.

Recommended if you need full control and you do not want a redirect of the consumer.

  • Your system will be in full PCI DSS scope.

...


3-D Secure 1.x3-D Secure 2.x3-D Secure 2.x Sample
Depend on your integration: Payment Form ./. Server-2-Server
Payment Page / Payment Form

Your existing integration.

Just add API parameter "MsgVer=2.0", the rest is handled automatically by

Multiexcerpt include
MultiExcerptNamePlatform-Name
PageWithExcerptWording

Add parameter "MsgVer=2.0" to your existing API call to start Payment Form.
URL-processingURLFailure and URLSuccess work with http-GETURLFailure and URLSuccess work with http-POST (due to amount of data). So pls. prepare to handle both (GET + POST)

Server-2-Server integration

Use KVP:

CCNrCredit card number (PAN)
CCExpiryExpiry date of the credit card
CCCVCCard verification number
CCBrandCredit card brand.

Use "card"-JSON, e.g.:

Code Block
{
    "securityCode": "569",
    "expiryDate": "202508",
    "cardholderName": "William Thomas",
    "number": "4111111111111111",
    "brand": "VISA"
}



e.g.:

card=ewogICAgInNlY3VyaXR5Q29kZSI6ICI1NjkiLAogICAgImV4cGlyeURhdGUiOiAiMjAyNTA4IiwKICAgICJjYXJkaG9sZGVyTmFtZSI6ICJXaWxsaWFtIFRob21hcyIsCiAgICAibnVtYmVyIjogIjQxMTExMTExMTExMTExMTEiLAogICAgImJyYW5kIjogIlZJU0EiCn0=

For specific use cases
Recurring payments (initial / subsequent)Use parameter "RTF"

Change "RTF" to parameter "credentialOnFile"-JSON

Find specific use cases here: 3DS 2.0 Merchant Use-Cases

e.g.:

credentialOnFile=ewogICAgInR5cGUiOiB7CiAgICAgICAgInVuc2NoZWR1bGVkIjogIkNJVCIKICAgIH0sCiAgICAiaW5pdGlhbFBheW1lbnQiOiB0cnVlCn0=

Address Verification Service (AVS)

(depending on acquirer / processor)

Use parameter

  • AddrStreet
  • AddrStreetNr
  • AddrZip
  • AddrCity
  • ....
Change address data to "address"-JSONe.g.: billingAddress=ewogICAgImNpdHkiOiAiTmV3IFlvcmsiLAogICAgImNvdW50cnkiOiB7CiAgICAgICAgImNvdW50cnlBMyI6ICJVU0EiCiAgICB9LAogICAgImFkZHJlc3NMaW5lMSI6IHsKICAgICAgICAic3RyZWV0IjogIlBhcmsgQXZlbnVlIiwKICAgICAgICAic3RyZWV0TnVtYmVyIjogIjI3MCIKICAgIH0sCiAgICAicG9zdGFsQ29kZSI6ICIxMDAxNy0yMDcwIiwKICAgICJzdGF0ZSI6ICJOWSIKfQ==
Apply for frictionless payment processing
  • not supported by 3-D Secure 1.x
  • each payment will be authenticated

Provide additional data as JSON-KVP: JSON Objects

e.g.:

threeDSPolicy=ewogICAgImNoYWxsZW5nZVByZWZlcmVuY2UgIjogIm1hbmRhdGVDaGFsbGVuZ2UiCn0=

...