Evolve Documentation Centre

Stored Card for Hosted Payment Pages

Overview

You may store a card either when submitting a payment for authorisation, or when verifying that card (no payment is processed). The stored card can then be used when submitting a payment for authorisation.

Card payments may be taken on a continuous or instalment basis. For example, a subscription for goods or services would require continuous payments, whereas paying off a loan would be done with instalments.

The first payment or verify request needs to be flagged as an initial transaction and the subsequent payment requests will need to reference the original transaction.

Continuous and instalment payment types must be initiated and managed by the merchant along with any scheduling logic associated with these types of transactions.

Agreement with the cardholder

Integrators are responsible for ensuring that they establish a clear agreement with cardholders as to when their payment credentials will be stored, and how and when they may be reused.

The Stored Credentials Framework for Visa and Mastercard specifies that when an integrator processes a transaction and stores payment credentials for later use, they must:

  • Establish a clear agreement with the cardholder for the storage and use of these payment credentials.
  • Obtain consent for the storage of payment credentials for reuse.
  • If the integrator is going to initiate transactions using these details without involving the cardholder, confirm the basis on which this will be done.
  • Describe how the cardholder can seek to change the agreement, or how the integrator will contact the cardholder to do so.
  • Indicate when the agreement will expire, if applicable.
  • Indicate (as part of the transaction authorisation) that the payment credentials are being stored for future reuse.
  • Store the scheme reference (also known as the scheme transaction ID or [payment] network transaction ID) for this transaction.
  • When a transaction is processed using stored payment credentials, the transaction authorisation must indicate that existing stored credentials are being reused and provide the scheme reference corresponding to the initial transaction where those credentials were stored.

This applies when the integrator will use the stored payment credentials to process transactions without further cardholder involvement, such as in a continuous or instalment transactions.

The implicit storage of payment credentials to facilitate refunds is not considered “storage” for the purpose of this mandate; a payment credential is considered to be reused only when it is used to process a new payment transaction or account verification.

Pay and store card

Refer to Payment intent – Pay and store card request section.

Payment using a stored card

Please note that currently you may only use stored cards to submit a Merchant Initiated Transaction (MIT)

Request

curl --location --request POST '/api/v1/merchants/{ISV_ID}/transactions/payments \ 

--header 'jwt: {PAYMENT_ API_KEY}' \ 

--header 'Content-Type: application/json' \ 

--data-raw '{ 

	"remittance": { 

		"merchantId": "{BENEFICIARY_MERCHANT_ID}" 

	}, 

	"paymentMethod": { 

	"provider": "SBS", 

	"methodId": "CARD", 

	"storedMethod": { 

		"token": "{TOKEN}", 

		"verification": "{VERIFICATION}" 

		} 

	}, 

	"transaction": { 

		"amount": "9.87", 

		"capture": true, 

		"submit": true, 

		"recurring": "SUBSEQUENT", 

		"recurringType": "CONTINUOUS" 

	} 

}'
  • If you are processing on behalf of a merchant, please use your isvId in the URL and the merchant's merchantId in the remittance section, in remittance.merchantId
  • For payment using a stored card, paymentMethod.methodId should always be "CARD".
  • storedMethod.token and storedMethod.verification are provided in the initial payment or verify response.
  •  “recurringType” may be either:
    • “CONTINUOUS” which indicates a merchant-initiated transaction (MIT) for a planned schedule of payments without an end date.
    • “INSTALLMENT” which indicates a merchant-initiated transaction (MIT) for a fixed or planned schedule of payments with an end date.

Response

Refer to Payment Intent – Response section.

 

Verify intent

Store only request

You may store a card when verifying that card (no payment is processed). The stored card can then be used when submitting a payment for authorisation.

Refer to the Overview section above for details on how stored cards may be used, and information on integrator responsibilities regarding agreement with cardholders.

Please note that currently you may only use stored cards to submit a Merchant Initiated Transaction (MIT); Customer Initiated Transactions (CITs) are not currently supported by Host Payment Pages.

curl --location --request POST '/api/v1/merchants/{ISV_ID}/transactions/verify \ 

--header 'jwt: {PAYMENT_ API_KEY}' \ 

--header 'Content-Type: application/json' \ 

--data-raw '{ 

	"paymentMethod": { 

		"provider": "SBS", 

		"methodId": "GATEWAY", 

		"gateway": {

		“returnUrl”:  “integratersURL” 

	}, 

	"saveMethod": "YES" 

	}, 

	"transaction": { 

		"capture": true, 

		"submit": true, 

		"recurring": "INITIAL", 

		"recurringType": "CONTINUOUS" 

	} 

}'
  •  “saveMethod” must be set to “YES”, which means that card details will be automatically stored after authorisation, without asking the payer during the Host Payment Pages transaction.
  •  “recurring” must be set to “INITIAL” when storing a card.
  •  “recurringType” may be either:
    •  “CONTINUOUS” which indicates a merchant-initiated transaction (MIT) for a planned schedule of payments without an end date
    • “INSTALLMENT” which indicates a merchant-initiated transaction (MIT) for a fixed or planned schedule of payments with an end date.

Response

The Response will have a URL and the Merchange wiill have to redirect to the URL. The rest of the process will be handled - there's no further integration.

Checking Verify Outcome

After Host Payment Pages has returned a callback response, you should notify your Integrator Service.

Since the Host Payment Pages response has been returned to a public client (browser), you should verify the result by making a server-side call to the Evolve Payment Service.

To do this, make a request to EPS to retrieve the payment status.

Request

curl --location --request POST ' /api/v1/merchants/{ISV_ID}/transactions/verify/{TRANSACTION_ID}/status' \ 

--header 'jwt: {PAYMENT_API_KEY}' \ 

--header 'Content-Type: application/json' \ 

--data-raw '{ 

}'

The “transactionId” in the URL parameter must be the same as the value returned in the verify intent.

Response

The response will contain the following.
  • The response body from the original verify intent.
  • The result of the verification. The key fields are identified in the table below.

 

Field Description
transaction.status Indicates the status of the verification processing:
  •  "COMPLETE" – verification processing complete
  • "FAILED" – verification processing failed.
paymentMethod.providerResponse.result Indicates the result of the verification:
  •  “VERIFIED”
  •  “DECLINED”
  • “FAILED”.
  • TIMED_OUT
paymentMethod.storeMethod.token For a successful verification, the token created to enable subsequent payments to be processed.
paymentMethod.storeMethod.verification For a successful verification, the last four digits of the card used to process the payment. This will be required when processing subsequent payments.
paymentMethod.card.cardScheme For a successful card payment, the card scheme used to process the payment (Visa or MasterCard).
card.expiryMonth For a successful verification, the expiry month of the card. Useful to request future verifications when the card expires.
card.expiryYear For a successful verification, the expiry year of the card. Useful to request future verifications when the card expires.

Polling for an outcome

Since Host Payment Pages is a browser-based payment solution, to mitigate against lost verifications caused by network issues, you should implement a polling service to query the verification status. It is advisable to implement this to poll five minutes after the verify intent and then at regular intervals until the transaction.status is returned as either “COMPLETE” or “FAILED”.