3D Secure v2 and Card Payments

Web or Direct Card Payments Mode?

Lemonway offers API methods for two types of card payment modes. Web and Direct Payments.

Web Payments

Used when the end-user buys a service or good on your website and then is redirected to the PSP (Payment Service Provider) payment page. The benefits of using this mode are:

  • PSPs are PCI-DSS certified

  • PSPs usually support multiple currencies

  • PSPs support multiple payment methods (debit and credit cards, mobile wallets, and more)

👍

Did you know?

Neither Lemonway nor the Partner process the bank card owners' data when this mode is used.


Direct Mode Payments

Used when Partners choose to process payments using their own payment page. This mode is usually preferred when Partners want to avoid their users being redirected to another URL outside their network.

🚧

PCI-DSS Certified

Partners using this mode are obliged to maintain a high level of network security and be PCI-DSS certified.

This section outlines Lemonway’s current card payment solutions and how you can implement them on a use case basis.


3D Secure v2 - Impact for Card Payments

The Payment Service Directive, commonly known as PSP2 requires SCA (Strong Customer Authentication) to be implemented as part of a set of new measures to combat fraud and increase security. All CIT (Customer Initiated Transactions) are required to go through the 3-D Secure v2 protocol.

What does this change for you in the short term?

Lemonway wants to ensure that card payments are processed smoothly with no declines, we will outline some recommendations and best practices to help you during this transition period.

Partners using the Web Payment mode

Payments with a New Card

  1. Use Initiate a Web Payment API v2 or Initiate a Web Payment API v1.

📘

Register a card

Optional. To make future payments on the card, set registerCard=1 (APIv1) or registerCard=true (APIv2)


Payments with a Registered Card

  1. Use Get Card Information API v2 or Check if Card is Registered API v1 to confirm the end-user's card is registered.

  2. Use Initiate a Web Payment API v2 or Initiate a Web Payment API v1 to make transactions using the end-users cardId.


Subscriptions with Equal Recurring Amounts

  1. For the initial subscription payment, use Initiate a Web Payment API v2 or Initiate a Web Payment API v1 and ensure that you set: registerCard=true (APIv2) or registerCard=1 (APIv1).

  2. Use Charge a Registered Card API v2 or Charge a Registered Card API v2 (APIv1) or for all subsequent equal amounts payments.


Payments Upon Delivery

  1. Use API v2: Initiate a Web Payment or API v1: Initiate a Web Payment to pre-authorize the amount you will charge upon delivery. Ensure that you set the delayedDays field between 1 to 6 days.

  2. To guarantee the payment, use Capture a Deferred Payment API v2 or Capture a Deferred Payment API v2.

  3. To capture funds use Charge a Registered Card API v2 or Charge a Registered Card API v1


For PCI-DSS Partners using Direct Payment mode (no PSP page):

Payments with a New Card:

  1. Use the API v1 moneyin3dinit or APIv2: moneyin3dinit method. To make future payments on the card, set registerCard=1 (APIv1) or registerCard=true (APIv2).

  2. The card owner will be authenticated with 3-D Secure. After the end-user has authenticated, you should call MoneyIn3DAuthenticate (APIv1) or POST /moneyins/card/direct/{transactionid}/3dauthenticate (APIv2) to check the status of 3D Secure Authentication after receiving a callback from PSP.

  3. Finally, call MoneyIn3DConfirm (APIv1) or PUT /moneyins/card/direct/{transactionid}/3dconfirm (APIv2) to finalize the payment.

Payments with a Registered Card:

  1. First, call the GetCard (APIv1) or Get /v2/moneyins/card/{cardId} (APIv2) method to ensure that the end-users card is registered. If the end-user's card is registered, then call the MoneyIn3DInit (APIv1) or POST /moneyins/card/direct/3dinit (APIv2) method.

  2. The card owner will be authenticated with 3-D Secure. After the end-user has authenticated, you should call MoneyIn3DAuthenticate (APIv1) or POST /moneyins/card/direct/{transactionid}/3dauthenticate (APIv2) to check the status of 3D Secure Authentication after receiving a callback from PSP.

  3. Finally, call MoneyIn3DConfirm (APIv1) or PUT /moneyins/card/direct/{transactionid}/3dconfirm (APIv2) to finalize the payment.

Subscriptions with Equal Recurring Amounts:

  1. For the initial subscription payment, use the MoneyIn3DInit (APIv1) or POST /moneyins/card/direct/3dinit (APIv2) and then MoneyIn3DAuthenticate(APIv1) or POST /moneyins/card/direct/{transactionid}/3dauthenticate (APIv2)

  2. Use MoneyIn3DConfirm (APIv1) or PUT /moneyins/card/direct/{transactionid}/3dconfirm (APIv2) as explained below.

  3. Use MoneyInWithCardID (APIv1) or POST /moneyins/card/{cardid}/rebill (APIv2) for all subsequent payments.

🚧

⚠️ Not Recommended

Lemonway does not recommend you use the MoneyIn and RegisterCard method from January 2021. Instead, you should use MoneyIn3DInit and MoneyIn3DConfirm only.


Did this page help you?