Payment options
Card tokenization
What is Tokenization?
Integrate with card tokenization
Tokenization or stored card feature is a method to replace sensitive data like credit card details with
non-sensitive data. Whenever card is stored in 2C2P system payment API returns card token to merchant. This card token can be used in subsequent payment request. This allows merchant to build shopping experience where customer don’t need to enter card information every time during checkout.
Using 2C2P Tokenization merchant does not require complex and time consuming PCI-DSS certification process. All the sensitive information is only at 2C2P with most advance security and PCI-DSS compliance.
How does it work?
The merchant initially send a payment token request with indicator to tokenize the card details.
In the payment response message 2C2P sends a random string of alphanumerical characters that represent the card details.
This Token can be stored in merchant database and can be used for later transactions. In subsequent payment request merchant does not require send card number at all. Stored card token presents card number what is sent in payment request.
Card tokenization without authorization
What is Tokenization without authorization?
Integrate with Card tokenization without authorization
Card tokenization without authorization is similar to card tokenization in term of functionally. The difference of card tokenization without authorization, there is no transaction authorization process involved.
Creating a token
When using this option, Merchant should ask for the card holder's consent to store the card details for future payment.
Payment with card token
Using the Token
Integrate with payment with token
A follow-on payment request can use the cardToken as a replacement for the actual card number. You will still need to ask the user to enter the securityCode value as this item cannot be stored.
It is good practice to provide the masked pan (included in the initial response as pan) to the customer and implement a secured data entry to collect the CVV code as it cannot be stored.
The card holder can select the card he wants to use (if more then one) and add the CVC / CVV code in the selection screen. This code cannot be stored and will need to be added for a recurring transaction. You can use the same encrypted card detail setup to collect the CVC only.
It is then submitted with the relevant Token to the 2C2P payment service.
3DS/Non-3DS payment
3DS payment
Integrate with 3DS/Non-3DS payment
What is 3D-Secure
--
3D-Secure is authentication protocol for e-commerce transaction where card is not present on time of the purchase. Initially developed by VISA and known as Verified by VISA. 3D-Secure is adapted by all the major card schemes such as MasterCard, Amex, JCB and Discovery.
3D-Secure Authentication
--
Merchant customers with 3D-Secure enabled credit/debit card will be redirected to bank website to complete authentication. Typically cardholder enter OTP (One-Time-Password) in bank website to authenticate as genuine holder of the card that is being used.
After authentication process is done the user is redirected back to 2C2P payment gateway with authentication result.
Benefits
-
Prevent fraudulent use of credit/debit cards in online payments -
Increase customer confidence in online payments with *3D-Secure* merchant -
Protect merchant on chargeback cases with liability shift when *3D-Secure* authentication is used
process flow of 3D-Secure transactions:
Updated almost 6 years ago