Technically, acceptance of the bank cards for payment always leads to the charging of funds from the Customer account, hereinafter referred to as «payment» or «transaction». A payment may be comprised of a single operation or a chain of operations. Depending on the Merchant business conditions and requirements, payments may have certain peculiarities. For successful payment execution, the Merchant should understand and know in advance how and under what conditions the Customer account will be charged.
In whole, the payment is possible in two variants, having their own peculiarities:
One-step payment consists on a single stage – direct charging of the customer’s card.
In order to carry out the operation it is necessary to send a request to the Payture server with the one-step payment command.
The two-step payment consists of two operations – first, blocking of funds on the account (authorization or blocking), and second, completion of authorization (charging). In the process, the Merchant can initialize the completion in a few days after the successful blocking.
The timescale for performing the completion can vary from 10 up to 30 working days and depends on the rules of the Issuer. If the completion is not initialized within the required time limit, the Issuer can automatically unblock the funds on the Customer account. After that, the completion may become unavailable.
The procedure (location) of card data input
Besides one-step / two-step classification, additional differences occur in the payment procedure depending on where the card data is entered by the customer. In one variant, the customer enters the card data on Merchant’s website, in the other one – on Payture server.
Depending on the selected option, the payment procedure will vary as follows:
Merchant side data input
In this case, the User stays on the Merchant website during the whole payment, entering the data of his/her payment card to make the transaction.
Important! For the security reason the major international payment systems require the party operating the payment cards data, to meet the PCI DSS security standart. In order to confirm the compliance with this standard, the organization (Merchant) needs, as a rule, to fill in the self-evaluating questionnaire (SAQ) type D and pass its verification, the receipt of which may entail additional albeit small financial and organizational outlay.
Payture-side data input
In this case, the user stays on the Merchant website only until the moment of entering the data of his/her payment card, after which, he is automatically redirected to the Payture page. After entering the data and completing the operation, the User will be redirected back to the Merchant website and notified of the results of operation.
Card registration procedure allows the card to be linked to the Customer account in the online store, without having to enter the card number and its expiration date every time. In this case, the following charging variants are possible:
Payments without card registration in Payture
It is the simplest variant, when the User enters the card data during each payment and the Merchant does not assume to use the extended capabilities of Payture on registration of Customer (User) cards.
Payments with card registration
This variant allows the Merchant to save the customers’ card data (with their consent) in Payture to facilitate the future payments. Registration of cards assumes secure processing of information on the cardholder (user, its ID and login) and its card (number and expiration date) in the Payture service. When paying with registered card the User only needs to enter the CVV2/CVC2, if necessary.
- — Card registration before the payment
- — Card registration after the first successful payment
- — Recurring payments (easy to pay user charges, credits or installments, etc.)
In addition to the registered cards, the Merchant can use the recurring payments mechanism that allows charging the money from cards without having to enter the CVV2/CVC2 and without cardholder presence. The cardholder should initially give his consent to such operations.
The bank certified to conduct the acquiring activity. It is authorized to perform the primary processing of the bank card transactions in favor of the Merchant, being the bank’s clients. In addition, the bank transfers to the Merchant accounts the financial means for goods or services, purchased with the cards; accepts, sorts and sends forward the documents registering the transactions with the cards; distributes the stop-lists (lists of card numbers with blocked accounts), etc.
Example of the Acquirer: Alfa-bank.
The bank is certified to issue plastic cards. The Issuer guarantees the execution of all financial commitments regarding the usage of the issued plastic card as a means of payment. The Issuer operates the accounts of cardholders, authorizes and bears liability to the other banks-members of the payment system.
Example of the Issuer: Sberbank, Promsvyazbank.
The Global Payment System is a system of settlement between banks of different countries, using common standards of payment means.
Example of the GPS: Visa, MasterCard.
It is a total number of coordinated actions between the cardholder and the processing center when paying online with the card. The transaction changes the card balance.
Example: transaction 4364879, transaction R756_63538756748.
Covers the whole set of actions that result in changing the transaction status and card account balance.
Example: refund operation; funds unblock operation; payment completion operation.
Software and technical system executing the acceptance, transfer and storage of information. It also authenticates, encrypts/decrypts the notifications received in the process of internet-transactions on bank cards.
Example of the payment gateway: Payture.
Legal entity or its structural subdivision, providing information and technological interaction between the payment system participants. The processing center provides the online processing of authorization requests and (or) card transaction requests received from the acquirers, or directly from the Merchants.
The trading entity that sells the goods or services through the website.
A type of deception in the IT field, particularly, the unauthorized use of the bank cards payment data.
The procedure of disputing the transaction by the cardholder when the amount of payment is charged without acceptance from the recipient and returned to the cardholder. After that, the recipient takes the responsibility to prove the validity of transaction. The chargeback technology is used in the systems of settlement on plastic cards.
Payment Card Industry Data Security Standard — was developed by the Payment Card Industry Security Standards Council, PCI SSC formed by the Visa, MasterCard, American Express, JCB and Discover global payment systems. The standard consists of 12 specified requirements for providing the protection of the cardholder personal data transferred, stored and processed in the information infrastructures of organizations. A set of measures taken to provide the compliance with standard requirements implies a complex approach to ensure the card data information security.
3-D Secure is a protocol used as an additional level of security in the Internet-payments with credit and debit cards.
The basic concept of the protocol is to add the online cardholder authentication to the financial authorization process. The authentication is based on a three domain principle (hence the 3-D in the name):
- — Acquirer Domain (the merchant and the bank to which the money is being transferred)
- — Issuer Domain (the bank that issued the card)
- — Interoperability Domain (the domain provided by the credit organization (MasterCard, Visa, etc.) to support the 3-D Secure protocol)
It was developed by the “Visa” GPS
The client service based on this protocol is called Verified by Visa (VbV).
The services based on this protocol have also been adopted by MasterCard, under the name MasterCard SecureCode (MCC), and JCB International as J/Secure.