Payment Acceptance and Card Tokenization in JavaScript by Diwa Del Mundo
-
Upload
developers-connect-devcon-philippines -
Category
Technology
-
view
207 -
download
3
Transcript of Payment Acceptance and Card Tokenization in JavaScript by Diwa Del Mundo
PAYMENT ACCEPTANCE AND CARD TOKENIZATION IN JAVASCRIPT
DIWA DEL MUNDO VOYAGER INNOVATIONS
DEVCON SUMMIT 2016 NOV 6, 2016, SMX MOA
Spin-off independent business unit focused on disruptive innovations
i.e. ground-breaking products that create digital life innovations.
PAYMENT
Consumer Merchant
GOODS
A PURCHASE TRANSACTION
Payment acceptance enables merchants to accept payments on a certain channel
REVIEWING THE TERMS IN A CARD TRANSACTION
▸ Card issuer - Entity that creates and issues a card, e.g. issuing bank, PayMaya
▸ Card scheme / network - Network technology provider, e.g. VISA, MasterCard, JCB
▸ Acquirer / payment processor - Financial institution that processes card payments on behalf of a merchant, e.g. PayMaya Business, BDO, BPI
ISO8583
▸ By Wikipedia: “ISO 8583 Financial transaction card originated messages — Interchange message specifications is the International Organization for Standardization standard for systems that exchange electronic transactions made by cardholders using payment cards. “
PAYMENT ACCEPTANCE AND CARD TOKENIZATION IN JAVASCRIPT
GOALS OF THE PAYMAYA PAYMENT GATEWAY
▸ Enable merchants to accept card payments
▸ Make card payment acceptance easy for developers
▸ Deliver business value (accept payments, mitigate fraud, real-time monitoring, next day settlement)
BEFORE THAT, LET’S DISCUSS PCI-DSS
▸ PCI-DSS - Payment Card Industry Data Security Standards
▸ From Wikipedia: “Proprietary information security standards for card schemes like VISA, MasterCard, AMEX, JCB, etc. It was created to increase controls to prevent card fraud”
▸ Validation is performed by Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) via a Report on Compliance (ROC)
▸ For smaller firms: Self-Assessment Questionnaire
TEXT
WHAT DOES IT MEAN?
▸ If you’re a merchant, technically you’re in scope for PCI-DSS
▸ For most merchants, it’s a Self-Assessment Questionnaire (SAQ)
▸ Can I still accept card holder data in my web site or app?
Yes
TEXT
WHAT IS TOKENIZATION?
▸ The tokenization process transforms a card primary account number (PAN) to a surrogate random string called a “token”
▸ Since tokens are not PANs, they’re out of scope from PCI-DSS
▸ As a merchant, you still need to answer a Self-Assessment Questionaire (SAQ A-EP)
PAYMENTS TOKENISATION• Allows merchants to embed
payment form into their web site or mobile app, i.e. better experience
• Reduces merchant’s PCI-DSS scope by providing a one-time use “payment token” as reference to customer’s card details
• Increased level of technical effort compared to PayMaya Checkout (Payment Page)
CARD VAULTING AS A SERVICE
• Provides merchants the ability to store their customer’s card details and charge for payments on-demand
• Superior user experience
• Reduces merchant’s PCI-DSS scope by providing a multi-time use “card token” as reference to customer’s card details
• High-level of technical integration effort
RECURRING PAYMENTS• Provides merchants the ability
to charge for payments periodically: daily, weekly, monthly, etc
• Reduces merchant’s PCI-DSS scope by providing a multi-time use “card token” as reference to customer’s card details
• High-level of technical integration effort
PAYMENT ACCEPTANCE AND CARD TOKENIZATION IN JAVASCRIPT
SUMMARY
▸ We learned that a Payment Gateway provides payment acceptance services
▸ Card tokenization is a technique to provide flexibility, better user experience, while maintaining high-levels of security
▸ We also learned how to use PayMaya Payment Gateway’s APIs and JavaScript SDK
PAYMAYA GITHUBOpen Source SDKs, Sample Apps, project contributions
HTTPS://GITHUB.COM/PAYMAYA
DEVELOPERS PORTALPAYMENT GATEWAY’S STORE FRONT
(DOCUMENTATION, APIS, SDKS, COMMUNITY ENGAGEMENT)HTTPS://DEVELOPERS.PAYMAYA.COM