Git Product home page Git Product logo

Comments (4)

tblachowicz avatar tblachowicz commented on July 30, 2024

As per SRC API specification [1] the payload containing payment credentials such as listed in the question above is encrypted for the recipient. Therefore, I doubt SRC payment method specification should explicitly define the payload members as Basic Card does.

To me, SRC Card Response dictionary should contain a subset of data received as a response form Checkout API. It is necessary to define the exact shape of the set of data, but among them, there should be encryptedPayload member containing actual credentials such as a token, dynamic data and so on.

[1] https://www.emvco.com/terms-of-use/?u=/wp-content/uploads/documents/EMVCo-Secure-Remote-Commerce-Specifications-API-1.0.pdf

from src.

tblachowicz avatar tblachowicz commented on July 30, 2024

For the sake of clarity below is the content of encrypted payload containing payment credentials:

  1. Card or token data depending on whether the credentials represent regular PAN or tokenized card;
  2. Dynamic data i.e. application cryptogram of another form;
  3. Shipping address as selected by the consumer;
  4. Consumer details (name, email, phone number);
  5. Output data related to tokenization;
  6. Output data related to 3DS;
  7. Billing address.

The Card dictionary contains:

  • primaryAccountNumber
  • panExpirationMonth
  • panExpirationYear
  • cardSecurityCode
  • cardholderFirstname
  • cardholderLastname
  • cardholderFullName
  • billingAddress
  • paymentAccountReference

The PaymentToken dictionary contains:

  • paymentToken
  • tokenExpirationMonth
  • tokenExpirationYear
  • paymentAccountReference

Note, that both W3C Payment Request and SRC System can provide a shipping address and consumer details (name, e-mail and phone number) to the DPA/Merchant. To me, this overlap of functionality should be tabled as a subject for further discussion.

from src.

ianbjacobs avatar ianbjacobs commented on July 30, 2024

@tblachowicz what would you think of this in the payment method response data:

  • paymentDetails ::= ...encrypted blob not specified in the payment method definition...
  • paymentDetailsType ::= card | paymentToken | tokenReference

Ian

from src.

tblachowicz avatar tblachowicz commented on July 30, 2024

Related to my note on shipping addresses and consumer details: w3c/payment-handler#337

from src.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.