General information
Stored credential transactions (COF) provides the simple way to make the subsequent operations with the card data that stored during the initial operation.
The initial operation is carried out with the obligatory receipt of the payer's consent to store of card details for subsequent operations.
The initial operation can be:
- financial transaction - with card verification and following payment;
- registration transaction - with card verification without a following payment.
The initial operation is carried out using a conventional bankcard, or using a mobile device tokenization system, for example, Apple Pay or Samsung Pay.
The initial COF operation is carried out with verification by one of the possible ways (CVC2 and 3dS or using a mobile device).
Subsequent operations can be carried out after the successful completion of the primary transaction with the obligatory consent of the payer for the further use of card data. Subsequent operations are carried out without a re-verification procedure, if the processing protocol allows it.
Note. If the initial operation is carried out using a mobile device tokenization system (Apple Pay, Samsung Pay or Google Pay), then the subsequent operations will be similar to the initial ones, without additional features.
CIT COF operations
Subsequent operations can be initiated by the payer. These operations are called «Customer Initialized Transaction» (CIT).
The One Click service is used to implement CIT COF operations in IPS Assist.
By participating in the service, the company maintains its database of customers, giving them an unique number (CustomerNumber), while the Assist system stores the encrypted credit card data corresponding to those merchant customers (CustomerNumber).
While performing of order payment, the customer gets an offer to save the card for future payments using the One Click service.
The One Click service allows a regular customer of a merchant to make new purchases without entering card data. The payment requires only confirmation by the CVC2 code. However, for subsequent operations with a saved card, CVC2 will usually not be requested (except the cases where special settings are made at the request of the merchant).
To start use the COF operations the merchant should send request to support team support@belassist.by. The request should contain the merchant identifier (Merchant_ID).
Since unique numbers in the customer's database of the merchant (CustomerNumber) are generated and stored on the side of the merchant, it should pay special attention to protecting this data from hacking. It is necessary to increase the protection of personal data on the side of the merchant with the help of modern means (two-factor authentication for customers when entering the merchant's personal store, increased requirements for client passwords by security level, periodic updating of client passwords, etc.).
If the customer agrees to save the card, and proceed the successful payment then the IPS Assist generates a token - a unique card identifier that is stored in the system.
After the customer completes the payment for the order, a message with the payment parameters can be sent to the server of the merchant using the HTTP POST or SOAP method (for more details, see section 3.5 of the document «Setting up the technical interaction with IPS Assist») or the merchant can request the payment results by calling the orderresult web service.
