Prerequisites
You offer your customers payment by credit card
Customers buy in your shop and you store the credit card data in the form of the pseudo card number
IMPORTANT: The following initial payment is subject to the liability shift for you as a merchant. In the case of the subsequent payment, however, this expires, so that there is no liability shift.
Implementation
Step 1 : Initial payment and Card registration
Axepta Online endpoint
The first payment can be done with :
Credit card form hosted by BNP Paribas - PaySSL.aspx
Credit card form hosted by the merchant - PayNow.aspx - if PCI-DSS compliant
| Info |
|---|
Authentication with 3D Secure is mandatory for the first transaction initiated by the customer (CIT) / card registration |
Request
The following table describes the additional encrypted payment request parameters that needs to be added to the request :
| Key | Format | CND | Description | Example |
|---|---|---|---|---|
| JSON | M | Object specifying type and series of transactions using payment account credentials (e.g. account number or payment token) that is stored by a merchant to process future purchases for a customer. Required if applicable. |
| |
JSON | O | Object specifying authentication policies and excemption handling strategies. Use : Mandate challenge | __ |
Response
Parameters that should be stored by the merchant and will be used for the next transactions
| Key | Format | CND | Description |
|---|---|---|---|
| card | JSON | M | Card response data |
Step 2 : Offer a One-click payment
Axepta Online endpoint
The subsequent payment can be initiated by the merchant through :
Server-to-server - direct.aspx
Credit card form hosted by the merchant - PayNow.aspx
- if the merchant wants to have the CVV filled
no need to be PCI-DSS because use of the PCNr (Pseudo Card Number not real PAN)
| Info |
|---|
Authentication with 3D Secure is not mandatory for these transactions, so exemptions can be requested. CVV is not mandatory for One-click payments. |
Request with direct.aspx
The following table describes the additional encrypted payment request parameters that needs to be added to the request :
| Key | Format | CND | Description | Example |
|---|---|---|---|---|
| card | JSON | M | Card data | -- |
| JSON | M | Object specifying type and series of transactions using payment account credentials (e.g. account number or payment token) that is stored by a merchant to process future purchases for a customer. Required if applicable. |
|
Request with paynow.aspx
Mechant creates a form with the following fields
- Number - Field hidden from user
- securityCode - CVV entered by the buyer - Only "visible" field of the form
- expiryDate - Field visible or hidden to the user
- brand - Field visible or hidden to the user
- cardholder - Field visible or hidden to the user
All details for integration are available here : Silent Order Post (PayNow.aspx)
The following table describes the additional encrypted payment request parameters that needs to be added to the request :
| Key | Format | CND | Description | Example |
|---|---|---|---|---|
| card | JSON | M | Card data | -- |
| JSON | M | Object specifying type and series of transactions using payment account credentials (e.g. account number or payment token) that is stored by a merchant to process future purchases for a customer. Required if applicable. |
| |
| browserInfo | JSON | M | Accurate browser information are needed to deliver an optimized user experience. Required for 3DS 2.0 transactions. | -- |