Documentation
WebsiteHelp

Card Payments

Ecentric offers secure and reliable online card payment processing, providing merchants with an easy, convenient and fast way for their customers to pay.

Suggest Edits

Merchants can implement card payments for their customers using either:

  • Hosted Payments Page (HPP) or Lightbox in Ecentric’s secure PCI-certified hosted environment.
  • API integration which provides full control over the payment process and ensures a seamless customer experience without being redirected. However, this requires a PCI certification in order to be able to handle sensitive customer card details.
  • Combination of Hosted AddCard and API integration where cards are added using our secure PCI-certified hosted environment and the payment process is completed via API integration.

Security standards

In order for merchants to safely offer this payment method to their customers, the following security standards apply:

Payment Card Industry - Data Security Standard (PCI-DSS)

PCI enforces a strict set of security requirements for all organisations accepting card payments in order to protect cardholder data. This includes ensuring that sensitive card information (such as the card number) is encrypted using industry standard cryptographic algorithms.

  • HPP: Ecentric’s hosted payment page (HPP) provides a secure PCI-certified method for processing card payments within Ecentric’s environment, thereby excluding merchants using HPP from PCI scope.
  • API: Merchants that capture customers’ card details in their environment are required to hold a PCI certification to ensure the safety of the card data.

3D Secure (3DS)

3DS is a security standard for authenticating customers using online card payments that has significantly reduced the risk of card fraud. When a customer makes an online purchase, they will need to verify their identity by entering a one-time-pin (OTP) or approve the payment via their banking app. See 3D Secure for further information on this process.


Cards supported

The following cards can be accepted: Mastercard, Visa, American Express, Diners Club and RCS.


Messaging systems

Card transactions are sent as either dual-message or single-message transactions. The messaging system used is determined by the merchant's acquiring bank.

  1. Dual-message transactions have 2 stages:

    • Authorization: when a customer makes a payment, the merchant sends an authorization request to reserve the amount on customer’s account.
    • Capture: the merchant confirms the transaction with the bank and funds are transferred from the customer's account to the merchant.


  1. Single-message transactions have a single payment transaction where the amount is immediately transferred from the customer to the merchant.


Card management

Ecentric online payments offers card management where a customer can choose to conveniently and securely save their card details for future use.

Merchants can implement this feature using either:

  • HPP in Ecentric’s secure PCI-compliant environment using the card wallet feature
  • API integration from the merchant’s environment to perform secure card management within the Ecentric secure token vault.

🚧

Caution:

If a merchant is managing clear card data within their environment, then this will place the merchant in PCI scope.

  • API with Hosted AddCard provides a way for merchants to use the API for card payments without the requirement for PCI certification. Ecentric provides a hosted AddCard feature which allows customers to save their card details in Ecentric’s secure PCI-compliant environment.

When a customer saves their card, the card details are encrypted with industry-standard cryptography and stored in Ecentric’s PCI-compliant vault. In this process, stored cards are also tokenised – which is a security technique of associating a unique, random set of characters called a “token” with each stored card. This helps keep payment data safe during transactions, because tokens are used instead of card numbers.

When a saved card is used for a purchase, this transaction is classified as a Card-on-File (CoF) transaction.

The card management feature allows customers to add, delete and list cards. For further information see HPP card wallet and API card management.


Once-off and recurring payments

Customer card payments can be once-off or recurring (either ad-hoc or at predefined intervals). There are different types of recurring transactions. See Recurring Payments for further information.

Updated about 1 month ago