3D Secure v2 and Card Payments

Web or Direct Card Payments Mode?

Lemonway offers API methods for two types of card payment modes. Web and Direct Payments.

Web Payments

Used when the end-user buys a service or good on your website and then is redirected to the PSP (Payment Service Provider) payment page. The benefits of using this mode are:

  • PSPs are PCI-DSS certified

  • PSPs usually support multiple currencies

  • PSPs support multiple payment methods (debit and credit cards, mobile wallets, and more)

👍

Did you know?

Neither Lemonway nor the Partner process the bank card owners' data when this mode is used.


Direct Mode Payments

Used when Partners choose to process payments using their own payment page. This mode is usually preferred when Partners want to avoid their users being redirected to another URL outside their network.

🚧

🛡️ PCI-DSS Certified

Partners using this mode are obliged to maintain a high level of network security and be PCI-DSS certified.

This section outlines Lemonway’s current card payment solutions and how you can implement them on a use case basis.


3D Secure v2 - Impact for Card Payments

The Payment Service Directive, commonly known as PSP2 requires SCA (Strong Customer Authentication) to be implemented as part of a set of new measures to combat fraud and increase security. All CIT (Customer Initiated Transactions) are required to go through the 3-D Secure v2 protocol.

What does this change for you in short term?

Lemonway wants to ensure that card payments are processed smoothly with no declines, we will outline some recommendations and best practices to help you during this transition period.

For Partners using the Web Payment mode:

Payments with a New Card:

  1. Use the MoneyInWebInit (APIv1) or POST /moneyins/card/webinit (APIv2) method. To make future payments on the card, set registerCard=1 (APIv1) or registerCard=true (APIv2). The card owner will be authenticated with 3-D Secure.

Payments with a Registered Card:

  1. Use the GetCard (APIv1) or Get /v2/moneyins/card/{cardId} (APIv2) method to confirm the end-users card is registered.

  2. Use the MoneyInWebInit (APIv1) or POST /moneyins/card/webinit (APIv2) method to make transactions using the end-users cardId. The card owner will be authenticated with 3-D Secure.

Subscriptions with Equal Recurring Amounts:

  1. For the initial subscription payment, use MoneyInWebInit (APIv1) or POST /moneyins/card/webinit (APIv2) and ensure that you set:registerCard=1 (APIv1) or registerCard=true (APIv2).

  2. Use MoneyInWithCardID (APIv1) or POST /moneyins/card/{cardid}/rebill (APIv2) for all subsequent equal amounts payments.

Payments Upon Delivery:

  1. Use MoneyInWebInit (APIv1) or POST /moneyins/card/webinit (APIv2) to pre-authorize the amount you will charge upon delivery. Ensure that you set the delayedDays field between 1 to 6 days.

  2. If you want to guarantee the payment, use MoneyInValidate (APIv1) or PUT /moneyins/{transactionid}/validate(APIv2) or MoneyInWithCardID (APIv1) or POST /moneyins/card/{cardid}/rebill (APIv2) to capture the funds (details on the table below).


For PCI-DSS Partners using Direct Payment mode (no PSP page):

Payments with a New Card:

  1. Use the MoneyIn3DInit (APIv1) or POST /moneyins/card/direct/3dinit (APIv2) method. To make future payments on the card, set registerCard=1 (APIv1) or registerCard=true (APIv2).

  2. The card owner will be authenticated with 3-D Secure. After the end-user has authenticated,you should call MoneyIn3DAuthenticate (APIv1) or POST /moneyins/card/direct/{transactionid}/3dauthenticate (APIv2) to check the status of 3D Secure Authentication after receiving a callback from PSP.

  3. Finally, call MoneyIn3DConfirm (APIv1) or PUT /moneyins/card/direct/{transactionid}/3dconfirm (APIv2) to finalize the payment.

Payments with a Registered Card:

  1. First, call the GetCard (APIv1) or Get /v2/moneyins/card/{cardId} (APIv2) method to ensure that the end-users card is registered. If the end-user's card is registered, then call the MoneyIn3DInit (APIv1) or POST /moneyins/card/direct/3dinit (APIv2) method.

  2. The card owner will be authenticated with 3-D Secure. After the end-user has authenticated, you should call MoneyIn3DAuthenticate (APIv1) or POST /moneyins/card/direct/{transactionid}/3dauthenticate (APIv2) to check the status of 3D Secure Authentication after receiving a callback from PSP.

  3. Finally, call MoneyIn3DConfirm (APIv1) or PUT /moneyins/card/direct/{transactionid}/3dconfirm (APIv2) to finalize the payment.

Subscriptions with Equal Recurring Amounts:

  1. For the initial subscription payment, use the MoneyIn3DInit (APIv1) or POST /moneyins/card/direct/3dinit (APIv2) and then MoneyIn3DAuthenticate(APIv1) or POST /moneyins/card/direct/{transactionid}/3dauthenticate (APIv2)

  2. Use MoneyIn3DConfirm (APIv1) or PUT /moneyins/card/direct/{transactionid}/3dconfirm (APIv2) as explained below.

  3. Use MoneyInWithCardID (APIv1) or POST /moneyins/card/{cardid}/rebill (APIv2) for all subsequent payments.

🚧

⚠️ Not Recommended

Lemonway does not recommend you use the MoneyIn and RegisterCard method from January 2021. Instead, you should use MoneyIn3DInit and MoneyIn3DConfirm only.


Our Current Use Case Solutions

Payment Use CaseWeb PaymentDirect Payment3-D Secure AuthenticationLegacy
PCI-DSS Compliant(No longer recommended)
Payments with a New Card Method: MoneyInWebInit1. Initiate a Direct PaymentYesMoneyIn
Method: MoneyIn3DInit
A payment made by the client that is a one-off (not repeated) transaction.Note: If you want to make future transactions on this card, ensure that you set registerCard=1. You will receive a cardId that is associated with this end-users payment card.
Note: If you want to make future transactions on this card, ensure that you set registerCard=1. You will also receive a cardId that is associated with this end-users payment card.
2. Check 3-D Secure Authentication Status
Method: MoneyIn3DAuthenticate
3. Finalize a Direct Payment
Method: MoneyIn3DConfirm
Payments with a Registered Card 1. Confirm that the end-users card you are using is registered.1. Confirm that the end-users card you are using is registered.
Method: GetCardMethod: GetCard
This is a payment that is made on an exsisting registered card.2. Initaite Web Payment2. Initiate a Direct Payment
Method: MoneyInWebInitMethod: MoneyIn3DInit
Note: When you call the MoneyInWebInit you will be required to add the end-users cardID to make transaction.Note: When you call the MoneyInWebInit you will be required to add the end-users cardID to make transaction.
3. Check 3-D Secure Authentication Status
Method: MoneyIn3DAuthenticate
4. Finalize a Direct Payment
Method: MoneyIn3DConfirm
Deffered Payment with Payment Guarantee Pre-authorization (Preauth)Method: MoneyInWebInit1. Initiate a Direct PaymentYesMoneyIn
Method: MoneyIn3DInitisPreAuth = true & delayedDays
A sum of money that is approved by the client and is captured to make a payment later.Ensure that you set delayedDays between 1- 6 days.
2. Check 3-D Secure Authentication Status
Method: MoneyIn3DAuthenticate
3. Finalize a Direct Payment
Method: MoneyIn3DConfirm
Ensure that you set isPreAuth=1 and delayedDays between 1- 6 days.
CaptureAfter initiating a pre-authorization, funds will be blocked by the Issuing Bank for 6 days maximum.No
If you need to extend this time period, use MoneyInWithCardID and ensure that you set isPreAuth=1 and delayedDays between 1- 6 days. Repeat this action every 6 days if necessary
This is when the funds move from the pending stage, ready for you receive the money.To capture the funds, use MoneyInValidate
SubscriptionInitializationMethod: MoneyInWebInit1. Initiate a Direct PaymentYesRegisterCard
Method: MoneyIn3DInit
Initial transaction for a subscription can be for a predetermined or an undetermined length of time.registerCard=1
2. Check 3-D Secure Authentication Status
Method: MoneyIn3DAuthenticate
3. Finalize a Direct Payment
Method: MoneyIn3DConfirm
Ensure that you set: registerCard=1 (available from April)
Recurring PaymentsMethod: MoneyInWithCardIDNo
Transactions that follow an undetermined subscription period. These transactions are of the same initial amount.Important: Initiate Subscriptions with equal recurring amounts.
Payment Upon DeliveryPurchase DayMethod: MoneyInWebInit1. Initiate a Direct PaymentYes
Method: MoneyIn3DInit
Ensure that you set delayedDays between 1- 6 days.
2. Check 3-D Secure Authentication Status
Method: MoneyIn3DAuthenticate
3. Finalize a Direct Payment
Method: MoneyIn3DConfirm
Ensure that you set isPreAuth=1 and delayedDays between 1- 6 days.
Charge Day1. If you want a Payment Guarantee:No
After initiating a pre authorization, funds will be blocked by the Issuing Bank for 6 days maximum.
- If you need to extend this time period, use MoneyInWithCardID and ensure that you set isPreAuth=1 and delayedDays between 1- 6 days. Repeat this action every 6 days if necessary
- To capture the funds the day of the delivery, use MoneyInValidate
2. If you do not want a Payment Guarantee:
Use MoneyInWithCardID
Important: All transactions need to be the same amount.

Did this page help you?