4 posts / 0 new
Last post
alexmatchneer16587
Tokenizing Hosted Page / Iframe solution

I maintain a Cordova native app (an ios/android app built with HTML/JS/CSS) and I'd like to use Payeezy to display a hosted payment page in an iframe, have the user enter their CC info, submit the form, and then pass a token back to our server via the redirect. The reason this approach is desirable is that it keeps our PCI scope to the minimum (for reference, this is essentially the minimum PCI API that is offered by Stripe and Braintree and others).

Is this even possible? I feel like I'm so close to the solution: I have a hosted payment page in an iframe that's doing an AUTH_ONLY payment, and I could theoretically capture that on the server later, but the problem is we want to be able to _save_ the payment information for later random use (i.e. the next time the customer uses our app) as opposed to a recurring payment that has to exist ahead of time.

Am I missing anything? What are my options?

Thanks in advance,
Alex


christinespeedy16716
Re: Tokenizing Hosted Page / Iframe solution

Yes, see https://support.payeezy.com/hc/en-us/sections/200927229-Hosted-Checkout


christinespeedy16716
Re: Tokenizing Hosted Page / Iframe solution

Regarding save_ the payment information for later random use. This is called Unscheduled Credential On File (UCOF) under new Visa Stored Credential Framework. Run a transaction or zero dollar auth, get the token and identifier response (record of customer optin to UCOF), then use the identifier in all subsequent transactions etc. Content in the Payeezy Hosted Checkout Payment Pages Integration Manual does not appear to support UCOF framework yet. So, you'll either need to wait or use a different payment gateway.


christopherlord730
Re: Tokenizing Hosted Page / Iframe solution

Transarmor can be enabled in the demo environment. However, in order to charge the Transarmor Token (which replaces the card number/PAN) that's returned in the relay response (must be enabled when using iFrame), you must submit those transactions via API and not through a hosted payment page.