Recurring payments and related contract
In case the seller tokenizes a card for automatic, for example monthly, recurring payments, there are certain special terms related to the tokenization and charging of the card:
the cardholder accepts the recurring payments contract between the cardholder and the seller before the tokenization and in this way gives the seller permission to charge the card in certain intervals
the seller sends the cardholder a verification of the contract
before every charge from the card the seller sends the cardholder a confirmation of an upcoming payment beforehand
Phases of the process:
The web store shows the buyer the terms and conditions of recurring payments which the cardholder needs to accept before payment.
The registration of the card is performed:
a. Payment + registration: The cardholder makes a payment with the card and 3DS authentication through for example the bank’s identification service is carried out. The card will also be registered for recurring payments.
b. OR only registration: The cardholder registers the card that also includes 3DS authentication for example through the bank’s identification service.An individual identification tag (token) is created for the successful registration of a card, which Svea Payments then passes on in the response message to the web store.
The web store saves the token information and attaches it to the registered customer’s information.
The web store sends the cardholder a confirmation email. The email needs to include the following information:
- the text ”recurring charging of card”
- the amount to be charged
- how often the card will be charged
- how long the contract for recurring payments is valid
- if the amount to be charged is always the same fixed amount or whether it may varyAlways before charging the card, the web store will send a confirmation to the buyer in advance, through which the web store informs its customer of an upcoming charge (amount and date). In principle, there can be a maximum of one charge on the card per month and the recurring charge can not exceed the amount of the original payment.
The customer shall have the opportunity to cancel an upcoming or already made recurring charge.
Terms & Conditions and contract
Check Svea Payments’ and card companies’ terms and conditions related to recurring payments before taking the service in use. Pay special attention to chapter 5.3 in the document: https://www.bambora.com/globalassets/en/documents/english-version-new-general-terms-and-conditions/euroline---card-not-present-instructions-sv-eng-may-2015.pdf
The tokenization service and recurring payments will be added to the agreement between the web store and Svea Payments.
INTEGRATION OF INTERFACES AND TESTING
Registration of card (zero sum tokenization)
When the card is tokenized for recurring payments without separate approval or participation from the buyer, proceed as follows.
Tokenization happens in the address:
TEST: http://test1.maksuturva.fi/TokenizeExtended.pmt
PRODUCTION: https://www.maksuturva.fi/TokenizeExtended.pmt
Svea Payments’ V4 interface is used so that the buyer enters the payment service in the browser. The web store submits the tokenization information through the browser as FORM parameters in the HTTP POST request. The general instructions for the V4 interface can be found in here.
The version information and pre-selected payment method should have the following values in the interface information:
pmt_version=4504
pmt_paymentmethod=FI50
pmt_action=TOKENIZE
All amount or sum fields should have the value 0,00. For example:
pmt_amount=0,00
pmt_sellercosts=0,00
With the parameters above, Svea Payments will instruct the buyer to perform the tokenization of the card. The card will not be charged at this time.
The response that the web store gets through the browser will include, in addition to the other mandatory payment interface V4 OK-response data, the information pmt_token with which the web store can make additional charges. pmt_token is a part of the hash calculation at the end of the response, after pmt_escrow information:
The response message hash that is transmitted through the browser includes the following data:
pmt_action
pmt_version
pmt_id
pmt_reference
pmt_amount
pmt_currency
pmt_sellercosts
pmt_paymentmethod
pmt_escrow
pmt_token
<secret key>
Payments and card tokenization in connection to payment
NB! For normal card payments without the possibility for recurring payments, please use Svea Payments’ regular V4 interface (version 0004): Svea Payments’ integration guidelines.
When the card is to be charged and tokenized at the same time for a recurring payment without the separate approval or participation from the buyer, proceed as follows.
Payment and tokenization in connection to payment happens in the address:
TEST: http://test1.maksuturva.fi/NewPaymentExtended.pmt
PRODUCTION: https://www.maksuturva.fi/NewPaymentExtended.pmt
Svea Payments’ V4 interface is used so that the buyer enters the payment service in the browser. The web store submits the tokenization information through the browser as FORM parameters in the HTTP POST request.
The general instructions for the V4 interface can be found in Svea Payments’ integration guidelines
The version information and pre-selected payment method should have the following values in the interface information:
pmt_version=4304
pmt_paymentmethod=FI50
With the parameters above, Svea Payments will instruct the buyer to make the card payment and the card number will be tokenized. The card will only be charged if the tokenization is successful.
The response that the web store gets through the browser will include, in addition to the other mandatory payment interface V4 OK-response data, the information pmt_token with which the web store can make additional charges. pmt_token is a part of the hash calculation at the end of the response, after pmt_escrow information:
The response message hash that is transmitted through the browser includes the following data:
pmt_action
pmt_version
pmt_id
pmt_reference
pmt_amount
pmt_currency
pmt_sellercosts
pmt_paymentmethod
pmt_escrow
pmt_token
<secret key>
Using a token to charge the card
REQUEST:
The V4 interface is used in a server-to-server type fashion. The web store transfers the payment data directly as an HTTP POST -request. The web store can choose which http client product to use for this.
TEST: http://test1.maksuturva.fi/NewChargeWithTokenActionExtended.pmt
PRODUCTION: https://payments.maksuturva.fi/NewChargeWithTokenActionExtended.pmt
The general instructions for the V4 payment interface can be found in here.
In the request, the version information and pre-selected payment method should have the following values in the interface information:
pmt_version=4204
pmt_paymentmethod=FI50
pmt_token=<the token that has previously been given to this buyer>
In the payment message hash (pmt_hash), pmt_token comes after the pmt_sellercosts data, before the row specific pmt_row data.
Requests for recurring payments are monitored and requests are blocked if the monthly allowed amount or number of transactions is exceeded.
The amount of an individual recurring payment cannot exceed the amount of the original payment.
When the card is tokenized for recurring payments without separate approval or participation from the buyer, proceed as follows.
NB! For normal card payments without the possibility for recurring payments, please use Svea Payments’ regular V4 interface (version 0004): Svea Payments’ integration guidelines.
There will be fields related to the token in the status query response of a transaction that has included tokenization. In addition, fields related to the card will be found in status queries of card payments in general. Below an example of a situation, where tokenization and payment has been performed, settlement of the transaction has been made to the web store and lastly, a status query has been done:
Code Block | ||
---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8"?> <pmtq> <pmtq_action>PAYMENT_STATUS_QUERY</pmtq_action> <pmtq_amount>568,10</pmtq_amount> <pmtq_card_browser_country>FI</pmtq_card_browser_country> <pmtq_card_category>UNKNOWN</pmtq_card_category> <pmtq_card_funding_type>DEBIT</pmtq_card_funding_type> <pmtq_card_issuer_country>FI</pmtq_card_issuer_country> <pmtq_card_number_masked>0024</pmtq_card_number_masked> <pmtq_card_scheme>VISA</pmtq_card_scheme> <pmtq_certification>N</pmtq_certification> <pmtq_escrow>N</pmtq_escrow> <pmtq_externalcode1>100</pmtq_externalcode1> <pmtq_externaltext>SUCCESS: CARD WAS DEBITED WITH A TOKEN</pmtq_externaltext> <pmtq_hash>***</pmtq_hash> <pmtq_id>1234567</pmtq_id> <pmtq_paymentdate>11.05.2016</pmtq_paymentdate> <pmtq_paymentmethod>FI50</pmtq_paymentmethod> <pmtq_paymentstarttimestamp>11.05.2016 12:45:07</pmtq_paymentstarttimestamp> <pmtq_returncode>40</pmtq_returncode> <pmtq_returntext>Compensated to the seller</pmtq_returntext> <pmtq_sellercosts>5,00</pmtq_sellercosts> <pmtq_sellerid>6234567890ABCDE</pmtq_sellerid> <pmtq_token>57c48209-****-****-****-************</pmtq_token> <pmtq_token_authentication_required>N</pmtq_token_authentication_required> <pmtq_token_debit_limit>1203,51</pmtq_token_debit_limit> <pmtq_token_debit_limit_currency>EUR</pmtq_token_debit_limit_currency> <pmtq_token_debit_limit_monthly>573105,73</pmtq_token_debit_limit_monthly> <pmtq_token_expiration_month>11</pmtq_token_expiration_month> <pmtq_token_expiration_year>2017</pmtq_token_expiration_year> <pmtq_trackingcodes>[ODLVR|Kauppiaan oma toimitus|80]</pmtq_trackingcodes> <pmtq_version>0005</pmtq_version> </pmtq> |