Evolve Documentation Centre

Stored Card

Overview

You may store a card either when submitting a payment for authorisation, or when verifying that card (no payment is processed). The stored card can then be used when submitting a payment for authorisation.

Card payments may be taken on a continuous or instalment basis. For example, a subscription for goods or services would require continuous payments, whereas paying off a loan would be done with instalments.

The first payment or verify request needs to be flagged as an initial transaction and the subsequent payment requests will need to reference the original transaction.

Continuous and instalment payment types must be initiated and managed by the merchant along with any scheduling logic associated with these types of transactions.

Agreement with the cardholder

Integrators are responsible for ensuring that they establish a clear agreement with cardholders as to when their payment credentials will be stored, and how and when they may be reused.

The Stored Credentials Framework for Visa and Mastercard specifies that when an integrator processes a transaction and stores payment credentials for later use, they must:

  • Establish a clear agreement with the cardholder for the storage and use of these payment credentials.
  • Obtain consent for the storage of payment credentials for reuse.
  • If the integrator is going to initiate transactions using these details without involving the cardholder, confirm the basis on which this will be done.
  • Describe how the cardholder can seek to change the agreement, or how the integrator will contact the cardholder to do so.
  • Indicate when the agreement will expire, if applicable.
  • Indicate (as part of the transaction authorisation) that the payment credentials are being stored for future reuse.
  • Store the scheme reference (also known as the scheme transaction ID or [payment] network transaction ID) for this transaction.
  • When a transaction is processed using stored payment credentials, the transaction authorisation must indicate that existing stored credentials are being reused and provide the scheme reference corresponding to the initial transaction where those credentials were stored.

This applies when the integrator will use the stored payment credentials to process transactions without further cardholder involvement, such as in a continuous or instalment transactions.

The implicit storage of payment credentials to facilitate refunds is not considered “storage” for the purpose of this mandate; a payment credential is considered to be reused only when it is used to process a new payment transaction or account verification.

Pay and store card

Refer to Payment intent – Pay and store card request section.

Payment using a stored card

Please note that currently you may only use stored cards to submit a Merchant Initiated Transaction (MIT); Customer Initiated Transactions (CITs) are not currently supported by Direct Checkout.

Request

curl --location --request POST '/api/v1/merchants/{ISV_ID}/transactions/payments \ 

--header 'jwt: {PAYMENT_ API_KEY}' \ 

--header 'Content-Type: application/json' \ 

--data-raw '{ 

	"remittance": { 

		"merchantId": "{BENEFICIARY_MERCHANT_ID}" 

	}, 

	"paymentMethod": { 

	"provider": "SBS", 

	"methodId": "CARD", 

	"storedMethod": { 

		"token": "{TOKEN}", 

		"verification": "{VERIFICATION}" 

		} 

	}, 

	"transaction": { 

		"amount": "9.87", 

		"capture": true, 

		"submit": true, 

		"recurring": "SUBSEQUENT", 

		"recurringType": "CONTINUOUS" 

	} 

}'
  • If you are processing on behalf of a merchant, please use your isvId in the URL and the merchant's merchantId in the remittance section, in remittance.merchantId
  • For payment using a stored card, paymentMethod.methodId should always be "CARD".
  • storedMethod.token and storedMethod.verification are provided in the initial payment or verify response.
  •  “recurringType” may be either:
    • “CONTINUOUS” which indicates a merchant-initiated transaction (MIT) for a planned schedule of payments without an end date.
    • “INSTALLMENT” which indicates a merchant-initiated transaction (MIT) for a fixed or planned schedule of payments with an end date.

Response

Refer to Payment Intent – Response section.

 

Verify intent

Store only request

You may store a card when verifying that card (no payment is processed). The stored card can then be used when submitting a payment for authorisation.

Refer to the Overview section above for details on how stored cards may be used, and information on integrator responsibilities regarding agreement with cardholders.

Please note that currently you may only use stored cards to submit a Merchant Initiated Transaction (MIT); Customer Initiated Transactions (CITs) are not currently supported by Direct Checkout.

curl --location --request POST '/api/v1/merchants/{ISV_ID}/transactions/verify \ 

--header 'jwt: {PAYMENT_ API_KEY}' \ 

--header 'Content-Type: application/json' \ 

--data-raw '{ 

	"paymentMethod": { 

		"provider": "SBS", 

		"methodId": "GATEWAY", 

		"gateway": { 

		"routing": "API" 

	}, 

	"saveMethod": "YES" 

	}, 

	"transaction": { 

		"capture": true, 

		"submit": false, 

		"recurring": "INITIAL", 

		"recurringType": "CONTINUOUS" 

	} 

}'
  •  “saveMethod” must be set to “YES”, which means that card details will be automatically stored after authorisation, without asking the payer during the Direct Checkout transaction. It's worth noting that this also applied to the other integration methods, Direct Checkout and Mobile SDK
  •  “recurring” must be set to “INITIAL” when storing a card.
  •  “recurringType” may be either:
    •  “CONTINUOUS” which indicates a merchant-initiated transaction (MIT) for a planned schedule of payments without an end date
    • “INSTALLMENT” which indicates a merchant-initiated transaction (MIT) for a fixed or planned schedule of payments with an end date.

Response

The response will contain the following:

  • The request body.
  • Additional data identified based on the payment account.
  • Transaction related data that must be used to integrate into Direct Checkout
    • transaction.sessionId
    • transaction.transactionId

Notes

  • The transaction.sessionId is a JWT token, only valid for processing payments against the transaction.transactionId with a limited expiry.
  • · The transaction.transactionId will be required to perform post-payment actions.
  •  Refer to the API Reference for more information.

Verify processing

The verify processing will take place after the payer clicks on the Verify button. Direct Checkout will submit the data from the browser to the Evolve Payment Service. Based on the validation performed on the payment data, Direct Checkout will return different actions:

  • Payer required to perform 3D Secure.
  • Verify successfully processed without additional actions (3D Secure challenge is not required).
  • Verify processing failed. This can cover many different scenarios such as card scheme not supported, acquirer decline or processing error.

Payer required to perform 3D Secure

If 3D Secure is required, a challenge will be presented to the payer. This will be implicitly handled by Direct Checkout by displaying a full-page iframe with the card issuers challenge page loaded within.

After successfully completing the challenge, Direct Checkout will resume the verify processing.

Handle verify processing response

This covers both Verify successfully processed and Verify processing failed.

Upon verify processing completion by the Evolve Payment Service, a response will be returned to Direct Checkout with a status and a summary of the result.

The response will trigger a JavaScript callback event to the function you defined in the “config” object in your integration (refer to Initialise Direct Checkout section above).

Based on the response received in the callback, you can perform the appropriate action. 

function paymentCallback(status, type, response)

Note that the function can be named anything you wish, we have used “paymentCallback” here as an example.

Parameters

Parameter Description
status This returns the status of the transaction. The possible values are:
  •  “SUCCESS”
  • “FAILED”
type This indicates more information about the transaction status.
The possible values are:
  •  COMPLETE
  •  FAILED
  • UNAVAILABLE
  • TIMED_OUT
response This contains the response of processing the transaction and is based on the status parameter.
The response object will either have:
  •  A “data” attribute if status = SUCCESS.
  • An “error” attribute, if status = FAILED.

Checking Verify Outcome

After Direct Checkout has returned a callback response, you should notify your Integrator Service.

Since the Direct Checkout response has been returned to a public client (browser), you should verify the result by making a server-side call to the Evolve Payment Service.

To do this, make a request to EPS to retrieve the payment status.

Request

curl --location --request POST ' /api/v1/merchants/{ISV_ID}/transactions/verify/{TRANSACTION_ID}/status' \ 

--header 'jwt: {PAYMENT_API_KEY}' \ 

--header 'Content-Type: application/json' \ 

--data-raw '{ 

}'

The “transactionId” in the URL parameter must be the same as the value returned in the verify intent.

Response

The response will contain the following.
  • The response body from the original verify intent.
  • The result of the verification. The key fields are identified in the table below.

 

Field Description
transaction.status Indicates the status of the verification processing:
  •  "COMPLETE" – verification processing complete
  • "FAILED" – verification processing failed.
paymentMethod.providerResponse.result Indicates the result of the verification:
  •  “VERIFIED”
  •  “DECLINED”
  • “FAILED”.
  • TIMED_OUT
paymentMethod.storeMethod.token For a successful verification, the token created to enable subsequent payments to be processed.
paymentMethod.storeMethod.verification For a successful verification, the last four digits of the card used to process the payment. This will be required when processing subsequent payments.
paymentMethod.card.cardScheme For a successful card payment, the card scheme used to process the payment (Visa or MasterCard).
card.expiryMonth For a successful verification, the expiry month of the card. Useful to request future verifications when the card expires.
card.expiryYear For a successful verification, the expiry year of the card. Useful to request future verifications when the card expires.

Polling for an outcome

Since Direct Checkout is a browser-based payment solution, to mitigate against lost verifications caused by network issues, you should implement a polling service to query the verification status. It is advisable to implement this to poll five minutes after the verify intent and then at regular intervals until the transaction.status is returned as either “COMPLETE” or “FAILED”.