200 likes | 220 Views
Improve your knowledge of payment processing terms, concepts, and alternate payment types. Learn about the end-to-end payment transaction lifecycle and key differences in processing methods.
E N D
Topography of a Payment Transaction Your source for payments education Nick Fredrick, CTO, Rebar Technology (a W. Capra Company) …
Key Takeaways • Better understand common terms and concepts used in transaction processing • Conceptual view of how transactions are passed among ecosystem partners • Learn some of the key differences in processing alternate payment types
Poll • How many years payment experience? • Which area of the business? • Involved in technical architectures? • Experience with APIs or online payment pages?
The End-to-End Payment Transaction This presentation will take a merchant focused view of the payment transaction lifecycle. Payment Capture Merchant CRM Acquirer Card Scheme Network Brick & Mortar Billing Platform Tokenization Service Web Storefront Gateway Issuer Mobile App Fraud Solution Provider A single integration point (vendor) may provide multiple services
Secure Checkout Redirect – Pay Page Merchant website sends a redirect command to the customer’s browser. The customer’s browser then requests a payment form from the PSP. The PSP creates the payment form and sends to the customer’s browser. The customer’s browser displays the PSP’s payment form. The customer enters account data and sends to the PSP. The PSP receives the account data and sends it to the payment system for authorization. Source: PCI Best Practices for Securing E-commerce Apr 2017
Secure Checkout Redirect – iFrames The merchant website creates an iFrame within the current webpage. The customer’s browser requests the payment form from the PSP. The PSP creates a payment form and sends to the customer’s browser within the iFrame The customer’s browser displays the payment form within the iFrame located on the merchant page The customer enters their payment details into the iFrame containing the PSP’s payment form. The PSP receives the account data and sends it to the payment system for authorization. Source: PCI Best Practices for Securing E-commerce Apr 2017
Secure Checkout – Comparison Hosted Payment Pages Simplest to implement Less styling control Integrated Frames/Forms Integration complexity Greater UX control
Transaction Handoff • Handoffs can occur between merchant and: • Acquirer • Gateway • Tokenization Service • Network (Amex) • Any entity • Issuer direct happens, but is far less common
Transaction Data / Metadata { • Typically includes key data elements such as: • Sale or Refund Amount: ‘795’ - $7.95 • Merchant Order ID/Number: 98167502834 • Primary Account Number (PAN): 475682xxxxxxxxx4321 • Expiration Date: ‘0622’ – June 2022 • Security Code: 123 • Billing Address: 123 Holly Street Chicago, IL 60601 • POS Entry Mode (web, phone, terminal (swipe, keyed, EMV): ’09’ – e-commerce • POS Entry Environment: ‘R’ - Recurring • Dates (order date, transaction date, effective date): 2019-08-15 • Soft Bill Descriptors (max 25 char): ABC*website.com8005551212 • L2 & L3 data (for B2B): PO #, Tax Amount, Destination Address, Item SKU, etc. Always consult the vendor’s integration guide for requirements and data formats
Response Data / Metadata { • Responses typically include data elements such as: • Vendor Transaction ID: ‘9278402i937ju19090s’ • Response Code: ‘000’ • Response Message: ‘Approved’ • Authorization Code: ‘84652’ • PAN is typically not returned, token value is if enabled • CVV is never returned (and merchants must not store) • Response codes for other checks • Fraud • AVS • CVV
Stored Credential Framework Rules • Summary: • New rules/guidance on storing payment credentials for future use • Introduced in 2017 and compliance monitoring officially began Oct 2018 • Benefits for merchants and consumers • Lower fees, reduced chargebacks, more transparency for consumers • Non-compliance assessments are TBD • Key Impacts to Merchants: • Merchant disclosure and consumer consent to storage • Perform $0 verification if no immediate charge. Do not store card declined by issuer. • Indicators in transaction submissions which identify CIT (Customer Initiated Transactions) and MIT (Merchant Initiated Transactions) Visa Stored Credential Framework: https://usa.visa.com/dam/VCOM/global/support-legal/documents/stored-credential-transaction-framework-vbs-10-may-17.pdf
External Transaction Environment • Routing • Credit/Sig Debit/Branded Prepaid: Visa, MC, Discover, Amex • PIN and Pinless Debit – NYCE, Star, Pulse • ACH – Operator • In-house (Acquirer = Issuer) • Gift card and proprietary cards • Acquirer optional value-add services • Fraud Screen • Tokenization Vault • Velocity Checks • Duplicate Checks • Bill Descriptors • Account updater services
Clearing and Settlement • Credit card authorizations must be “settled” • Most commonly host-capture in CNP • If merchant-capture: Batch Files • Fixed format file • FTP
Why Transactions Fail Do Not Honor – Check out session on ‘”Decoding the response code”
Summary • Merchant payment ecosystems can vary significantly • Rules and Regs have a major impact on how transactions are processed • Products and offers will dictate different processing rules • Its an API world • Talk to peers and vendors to understand capabilities and fit for your business
Thank you • Don’t forget to submit your session evaluation! • Nick Fredrick, CTO • nfredrick@rebartechnology.com