Payment with integrated authentication
Presentation
The Web Service PCI/Authentication/CreatePayment enables PCI-DSS merchants to make a payment by passing card information in the request.
When necessary, the service authenticates the cardholder and returns the authentication information at the end of the process.
As a reminder, under the PSD2, it is mandatory to authenticate the cardholder via the 3D Secure protocol during e-commerce payments.
General principle
1. Adding , the JavaScript library , to your site : kr-authenticate.umd.js
.
2. Call the Web Service PCI/Authentication/CreatePayment to create an authentication session.
3. , Initialization , of the JavaScript library by passing , the url , : operationUrl
- This url is generated when the authentication session is created.
4. Executing the JavaScript library.
The JavaScript library is responsible for executing all the actions required for authentication. It interacts with the ACS , the cardholder's bank's authentication server.
There are several authentication options, such as :
- 3DS2 - Frictionless Authentication, without the 3DS Method
- 3DS2 - Frictionless authentication, with the 3DS Method
- 3DS2 - Challenge authentication, without the 3DS Method
- 3DS2 - Challenge authentication, with the 3DS Method
More info: Tests and use cases.
5. Analyze the payment result from the notification: Instant Payment Notification (IPN).
- The IPN is a server-to-server notification to get the payment result.
- More info: URL notification at end of payment.
Timeout management :
La durée de la session de paiement est fixée à 10 minutes. Au bout de ce délai, si l'IPN n'a pas été configurée par le marchand, il est recommandé de faire un appel au Web Service "Order/Get" pour obtenir le résultat du paiement.
Specific use cases:
In the following cases, if the merchant is not enrolled in the 3D Secure program or if the payment is not e-commerce (e.g. MOTO ), the call to the Web Service ,PCI/Authentication/CreatePayment, directly returns a Payment.
Detailed flowchart
The following diagram details a generic payment scenario with authentication: initial call to the service, creation of a session identifier, interaction with the ACS, final authentication result and end of payment.
CLIENT
Browser
iFrame
Merchant server
Payment gateway server
Remote server (e.g.: ACS)
See the implementation guide