View
207
Download
3
Embed Size (px)
Citation preview
PAYMENT ACCEPTANCE AND CARD TOKENIZATION IN JAVASCRIPT
DIWA DEL MUNDO VOYAGER INNOVATIONS
DEVCON SUMMIT 2016 NOV 6, 2016, SMX MOA
Spin-off independent business unit focused on disruptive innovations
i.e. ground-breaking products that create digital life innovations.
PAYMENT
Consumer Merchant
GOODS
A PURCHASE TRANSACTION
Payment acceptance enables merchants to accept payments on a certain channel
REVIEWING THE TERMS IN A CARD TRANSACTION
▸ Card issuer - Entity that creates and issues a card, e.g. issuing bank, PayMaya
▸ Card scheme / network - Network technology provider, e.g. VISA, MasterCard, JCB
▸ Acquirer / payment processor - Financial institution that processes card payments on behalf of a merchant, e.g. PayMaya Business, BDO, BPI
ISO8583
▸ By Wikipedia: “ISO 8583 Financial transaction card originated messages — Interchange message specifications is the International Organization for Standardization standard for systems that exchange electronic transactions made by cardholders using payment cards. “
PAYMENT ACCEPTANCE AND CARD TOKENIZATION IN JAVASCRIPT
GOALS OF THE PAYMAYA PAYMENT GATEWAY
▸ Enable merchants to accept card payments
▸ Make card payment acceptance easy for developers
▸ Deliver business value (accept payments, mitigate fraud, real-time monitoring, next day settlement)
BEFORE THAT, LET’S DISCUSS PCI-DSS
▸ PCI-DSS - Payment Card Industry Data Security Standards
▸ From Wikipedia: “Proprietary information security standards for card schemes like VISA, MasterCard, AMEX, JCB, etc. It was created to increase controls to prevent card fraud”
▸ Validation is performed by Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) via a Report on Compliance (ROC)
▸ For smaller firms: Self-Assessment Questionnaire
TEXT
WHAT DOES IT MEAN?
▸ If you’re a merchant, technically you’re in scope for PCI-DSS
▸ For most merchants, it’s a Self-Assessment Questionnaire (SAQ)
▸ Can I still accept card holder data in my web site or app?
Yes
TEXT
WHAT IS TOKENIZATION?
▸ The tokenization process transforms a card primary account number (PAN) to a surrogate random string called a “token”
▸ Since tokens are not PANs, they’re out of scope from PCI-DSS
▸ As a merchant, you still need to answer a Self-Assessment Questionaire (SAQ A-EP)
PAYMENTS TOKENISATION• Allows merchants to embed
payment form into their web site or mobile app, i.e. better experience
• Reduces merchant’s PCI-DSS scope by providing a one-time use “payment token” as reference to customer’s card details
• Increased level of technical effort compared to PayMaya Checkout (Payment Page)
CARD VAULTING AS A SERVICE
• Provides merchants the ability to store their customer’s card details and charge for payments on-demand
• Superior user experience
• Reduces merchant’s PCI-DSS scope by providing a multi-time use “card token” as reference to customer’s card details
• High-level of technical integration effort
RECURRING PAYMENTS• Provides merchants the ability
to charge for payments periodically: daily, weekly, monthly, etc
• Reduces merchant’s PCI-DSS scope by providing a multi-time use “card token” as reference to customer’s card details
• High-level of technical integration effort
PAYMENT ACCEPTANCE AND CARD TOKENIZATION IN JAVASCRIPT
SUMMARY
▸ We learned that a Payment Gateway provides payment acceptance services
▸ Card tokenization is a technique to provide flexibility, better user experience, while maintaining high-levels of security
▸ We also learned how to use PayMaya Payment Gateway’s APIs and JavaScript SDK
PAYMAYA GITHUBOpen Source SDKs, Sample Apps, project contributions
HTTPS://GITHUB.COM/PAYMAYA
DEVELOPERS PORTALPAYMENT GATEWAY’S STORE FRONT
(DOCUMENTATION, APIS, SDKS, COMMUNITY ENGAGEMENT)HTTPS://DEVELOPERS.PAYMAYA.COM