Payment instrument verification

Restriction: Coordinate with your ECommPay Key Account Manager the possibility of a payment instrument verification usage.

This section covers information about the processing of payment instrument verification. General information, which is complementary to the section on payment models and statuses (Payment instrument verification), is applicable to payments by payment cards and payments by using alternative instruments, while the detailed information is only applicable to payments by payment cards. For more information about payments by alternative instruments, see Payments by using alternative methods.

Overview

Payment instrument verification is a payment type in which the customer card or account is validated by either transferring a dummy (zero) amount from customer to merchant or by authorizing a specific amount (non-zero) on the customer card or account and then voiding the transfer or the authorization. The authorization amount can be changed on merchant's request. Normally, the authorized amount is released shortly after the operation, but in some instances the authorized amount can be held up to 45 days.

You can use verification to register any subscriptions without debiting funds for the first (trial) period or you can use it before perform a payout. For more information about COF purchases, see Credential-on-file (COF) purchases.

The payment instrument verification workflow

To perform the payment instrument verification by using Gate the web service is required to do the following:

  1. Send the request by using the POST (HTTP) method to the endpoint /v2/payment/{payment method}/account_verification[/token].
  2. If necessary, complete the additional procedures:
    • 3-D Secure authentication. This authentication is intended to provide security to online payments with payment cards. For more information on the authentication workflow, as well as request and callback formats, see Customer authentication by using the 3‑D Secure 1.
    • Additional payment information submission. This procedure is intended for cases, where the initial request did not contain the information necessary for any payment process stakeholders. For more information on this procedure, see Additional payment information submission.
  3. Receive the callback with verification results from the payment platform.

The following diagram outlines the basic case of verification workflow (without the completion of the additional procedure).



Figure: Payment instrument verification

  1. A customer enters the payment instrument details on the web service side.
  2. The web service sends the payment instrument verification request by using Gate to the payment platform.
  3. The payment platform receives the verification request.
  4. The payment platform performs the initial request processing that includes validation of the required parameters and signature.
  5. The payment platform sends to the web service the response with request receipt confirmation and correctness check result.
  6. The payment platform performs the internal payment request processing and sends it to the payment environment. If you process the payment card verification, the payment environment is a bank service. If you process the alternative payment instrument verification, one is the payment system service.
  7. The payment instrument verification is processed.
  8. The payment platform receives the verification result notification.
  9. The payment platform sends the callback to the web service.

The sections that follow discuss in more details the request format and the parameters to be used in requests for payment card verification, as well as provide information about the format of callbacks the verification results.

Request format

There are several things you need to consider when using payment card verification requests:

  1. You perform payout by sending the request by using POST (HTTP) method to one of the following endpoints:
  2. The following objects and parameters must be specified in the request:
    • Object general—general request identification information:
      • project_id—the project ID obtained from ECommPay
      • payment_id—payment ID unique within the merchant project
      • signature—signature created after you specify all the required parameters. For more information about signature generation, see Signature generation and verification
    • Object customer—customer information:
      • ip_address—IP address
    • Object payment—payment information:
      • amount—payment amount, the value is 0
      • currency—payment currency in the ISO-4217 alpha-3 format
  3. The request must contain the following customer's payment card information:
    • when indicating complete card credentials—the following data in the card object:
      • pan—card number
      • year—year of expiration date
      • month—month of expiration date
      • card_holder—cardholder's first and last name (as indicated on the card)
      • cvv—card verification code (as indicated on the card)
    • when indicating the token—token received from ECommPay in the token parameter and the card verification code in the cvv parameter.
  4. If required, you can also add any other additional parameters and objects Gate supports.
Note: The payment amount must be zero.

Thus, the correct payment card verification request must include project and payment IDs, signature, the customer's payment card details, the ID and IP-address of the customer, as shown in the following example:

Figure: Example of payment card verification request with registration of COF purchase

{
  "general":{
    "project_id":874,
    "payment_id":"15538406111",
    "signature":"1wR1YgD5PxxTIJfQ=="
  },
  "customer":{
    "ip_address":"185.123.193.224"
  },
  "payment":{
    "amount":0,
    "currency":"USD"
  }, 
//when indicating complete card credentials:
   "card":{
    "pan":"4314220000000056",
    "year":2021,
    "month":9,
    "card_holder":"John Smith",
    "cvv": "123"
   }

//when indicating the token of a stored payment card:
    "token": "f365bb1729f9b72fd9c09703a751c979f3becc679f29c3e35c91d18070d15654",
    "cvv": "123"  

//when COF payment registration is made:
  "recurring":{
    "register":true
  }
}

Callback format

The standard format for callbacks is used to deliver payout results. For more information, see Callbacks.

The following is the example of a callback with information about the successful verification of the 431422******0056 card of the customer customer_10 in the 874 project. The card is verified and is registered for COF purchases.

Figure: Example of a callback which contains card verification results and registration of COF purchase

{
  "project_id":874,
  "payment":{
    "id":"15538406111",
    "type":"account_verification",
    "status":"success",
    "date":"2019-09-10T13:45:59+0000",
    "method":"card",
    "sum":{
      "amount":0,
      "currency":"EUR"
    },
    "description":"Add the card"
  },
  "account":{
    "number":"431422******0056",
    "token":"844f84f3bdfaf2ddf006c96ffaddc09394c5d0e158f",
    "type":"visa",
    "card_holder":"JOHN SMITH",
    "id":8861226,
    "expiry_month":"09",
    "expiry_year":"2021"
  },
  "customer":{
    "id":"customer_10"
  },
  "recurring":{
    "id":10505,
    "currency":"EUR",
    "valid_thru":"2022-09-30T00:00:00+0000"
  },
  "operation":{
    "id":42209000002431,
    "type":"account verification",
    "status":"success",
    "date":"2019-09-10T13:45:59+0000",
    "created_date":"2019-09-10T13:45:57+0000",
    "request_id":"5cb898347e62b2c1-52dac6c8c",
    "sum_initial":{
      "amount":0,
      "currency":"EUR"
    },
    "sum_converted":{
      "amount":0,
      "currency":"EUR"
    },
    "provider":{
      "id":120,
      "payment_id":"306449667",
      "date":"2019-09-10T13:45:59+0000",
      "auth_code":"188591",
      "endpoint_id":120
    },
    "code":"0",
    "message":"Success"
  },
  "signature":"P9g0U+eF2QWs2A=="
}

The following example of callback is for a card payment verification that is rejected by the payment system without explanation.

Figure: Example of declined payment card verification callback

{
  "project_id":874,
  "payment":{
    "id":"15538406111",
    "type":"account_verification",
    "status":"decline",
    "date":"2019-09-16T06:06:53+0000",
    "method":"card",
    "sum":{
      "amount":0,
      "currency":"EUR"
    },
    "description":"Add the card"
  },
  "account":{
    "number":"431422******0056",
    "type":"visa",
    "card_holder":"JOHN SMITH",
    "expiry_month":"09",
    "expiry_year":"2021"
  },
  "customer":{
    "id":"customer_10"
  },
  "operation":{
    "id":40975000002863,
    "type":"account verification",
    "status":"decline",
    "date":"2019-09-16T06:06:53+0000",
    "created_date":"2019-09-16T06:06:47+0000",
    "request_id":"9120271eb02-83e0e70fc0a0a3c1b4d",
    "sum_initial":{
      "amount":0,
      "currency":"EUR"
    },
    "sum_converted":{
      "amount":0,
      "currency":"EUR"
    },
    "provider":{
      "id":120,
      "payment_id":"308822001",
      "date":"2019-09-16T06:06:49+0000",
      "auth_code":"",
      "endpoint_id":120
    },
    "code":"10100",
    "message":"Declined by external provider"
  },
  "signature":"P9g0U+eaZ9EeNiWiaQWs2A=="
}