Embed Size (px)
Citation preview
PAYMENT ACCEPTANCE AND CARD TOKENIZATION IN JAVASCRIPT
DIWA DEL MUNDO VOYAGER INNOVATIONS
DEVCON SUMMIT 2016 NOV 6, 2016, SMX MOA
Spin-off independent business unit focused on disruptive innovations
i.e. ground-breaking products that create digital life innovations.
Digital financial unit of PLDT and Smart Communications
Inc.
Consumer
Serve the unbanked, unconnected, and uncarded.
Business
Enable everyone to be a merchant.
WHAT’S PAYMENT ACCEPTANCE?
PAYMENT
Consumer Merchant
GOODS
A PURCHASE TRANSACTION
Payment acceptance enables merchants to accept payments on a certain channel
Card Schemes
REVIEWING THE TERMS IN A CARD TRANSACTION
▸ Card issuer - Entity that creates and issues a card, e.g. issuing bank, PayMaya
▸ Card scheme / network - Network technology provider, e.g. VISA, MasterCard, JCB
▸ Acquirer / payment processor - Financial institution that processes card payments on behalf of a merchant, e.g. PayMaya Business, BDO, BPI
HOW DO CARD ISSUERS, ACQUIRERS, AND CARD SCHEMES COMMUNICATE?
ISO8583
▸ By Wikipedia: “ISO 8583 Financial transaction card originated messages — Interchange message specifications is the International Organization for Standardization standard for systems that exchange electronic transactions made by cardholders using payment cards. “
SO DO I NEED TO LEARN ISO8583 TO ACCEPT CARD PAYMENTS?
PAYMENT GATEWAY
PAYMENT GATEWAYS IS AN ABSTRACTION LAYER FOR PAYMENTS
PAYMENT GATEWAYS CAN PROVIDE YOU EASY TO USE APIS AND SDKS
PAYMAYA PAYMENT GATEWAY
CheckoutPayment Vault
SDKs (mobile, web)Developers PortalPayMaya Manager
PAYMENT ACCEPTANCE AND CARD TOKENIZATION IN JAVASCRIPT
GOALS OF THE PAYMAYA PAYMENT GATEWAY
▸ Enable merchants to accept card payments
▸ Make card payment acceptance easy for developers
▸ Deliver business value (accept payments, mitigate fraud, real-time monitoring, next day settlement)
PAYMAYA CHECKOUT DEMO VIDEO
PAYMAYA CHECKOUT redirects to a “payment page”
Card holder data is collected on the payment page
WHAT IF I WANT TO COLLECT CARD HOLDER DATA IN MY WEB SITE OR APP?
BEFORE THAT, LET’S DISCUSS PCI-DSS
▸ PCI-DSS - Payment Card Industry Data Security Standards
▸ From Wikipedia: “Proprietary information security standards for card schemes like VISA, MasterCard, AMEX, JCB, etc. It was created to increase controls to prevent card fraud”
▸ Validation is performed by Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) via a Report on Compliance (ROC)
▸ For smaller firms: Self-Assessment Questionnaire
PCI-DSS APPLIES TO ANY ENTITY THAT STORES, PROCESSES, OR TRANSMIT CARD DATA
TEXT
WHAT DOES IT MEAN?
▸ If you’re a merchant, technically you’re in scope for PCI-DSS
▸ For most merchants, it’s a Self-Assessment Questionnaire (SAQ)
▸ Can I still accept card holder data in my web site or app?
Yes
TOKENIZATION
TEXT
WHAT IS TOKENIZATION?
▸ The tokenization process transforms a card primary account number (PAN) to a surrogate random string called a “token”
▸ Since tokens are not PANs, they’re out of scope from PCI-DSS
▸ As a merchant, you still need to answer a Self-Assessment Questionaire (SAQ A-EP)
PAYMENTS TOKENISATION• Allows merchants to embed
payment form into their web site or mobile app, i.e. better experience
• Reduces merchant’s PCI-DSS scope by providing a one-time use “payment token” as reference to customer’s card details
• Increased level of technical effort compared to PayMaya Checkout (Payment Page)
CARD VAULTING AS A SERVICE
• Provides merchants the ability to store their customer’s card details and charge for payments on-demand
• Superior user experience
• Reduces merchant’s PCI-DSS scope by providing a multi-time use “card token” as reference to customer’s card details
• High-level of technical integration effort
RECURRING PAYMENTS• Provides merchants the ability
to charge for payments periodically: daily, weekly, monthly, etc
• Reduces merchant’s PCI-DSS scope by providing a multi-time use “card token” as reference to customer’s card details
• High-level of technical integration effort
VAULT A CARD
POST /CUSTOMERS/123/CARD/1/PAYMENTSMAKE A PAYMENT
POST /CUSTOMERS/123/CARD
CREATE A CUSTOMERPOST /CUSTOMERS
GET /CUSTOMERS/123GET A CUSTOMER
WHO ARE THE CUSTOMERS PAYMAYA PAYMENT GATEWAY
END-USERS
MERCHANTS
DEVELOPERS
EASY INTEGRATION = HAPPY DEVS
HAPPY DEVS = BETTER APPS
BETTER APPS = BETTER PRODUCTS
PAYMENT ACCEPTANCE AND CARD TOKENIZATION IN JAVASCRIPT
SUMMARY
▸ We learned that a Payment Gateway provides payment acceptance services
▸ Card tokenization is a technique to provide flexibility, better user experience, while maintaining high-levels of security
▸ We also learned how to use PayMaya Payment Gateway’s APIs and JavaScript SDK
PAYMAYA GITHUBOpen Source SDKs, Sample Apps, project contributions
HTTPS://GITHUB.COM/PAYMAYA
COMPLEMENT APIs with SDKs
DEVELOPERS PORTALPAYMENT GATEWAY’S STORE FRONT
(DOCUMENTATION, APIS, SDKS, COMMUNITY ENGAGEMENT)HTTPS://DEVELOPERS.PAYMAYA.COM
THANK YOU
