Tokenization
Tokenization significantly reduces the risk associated with handling sensitive customer card data. Instead of storing the actual card details, a unique token is generated and used for future transactions, thus enhancing the security of your payment processes. This feature is currently compatible with MasterCard, Visa, and STC Pay, with further options planned for future inclusion.
What is Tokenization?
Consider tokenization as a powerful security vault where all sensitive data is replaced with a secure code, or token.
Just like a vault secures precious jewels by keeping them out of sight and replacing them with a secure code, tokenization replaces sensitive card data with unique identifiers, protecting it from prying eyes. This process is paramount for securing payments, offering merchants the luxury of securely processing transactions without having to be PCI DSS compliant. For more details, please check here.
With Ottu, we handle this complexity, so you don’t have to! To activate tokenization or for any inquiries, KSA merchants can reach us at [email protected].
How to Add New Card
Ottu provides two distinct methods for merchants to add a new card to a customer's profile, catering to different scenarios and requirements. These methods are:
- Adding a New Card Without Payment: This approach is designed for situations where you want to store a customer's card details for future transactions without charging them at the moment of addition. It's especially useful for streamlining the checkout process for repeat customers, enhancing the user experience by removing the need to enter card details for every purchase. Please check here for more details.
- Adding a New Card With Payment: Conversely, this method allows merchants to add a customer's card details to their profile while simultaneously processing a payment. This is suitable for instances where immediate payment is required, but the customer also prefers to save their card details for future convenience. Please check here for more information.
Tokenization without Payment
It offers a streamlined way for merchants to securely add a new card to a specific customer's profile without conducting an actual payment transaction. This capability is particularly useful for creating a more efficient and user-friendly payment process, allowing for the future use of saved card details without requiring customers to re-enter their information for every transaction.
Requirements
To successfully tokenize a card, merchants must adhere to the following requirements when sending a request to the Ottu Checkout API:
- Payment Type: The payment_type parameter in the request payload must be set to
save_card. This indicates that the transaction is for the purpose of saving the card information. - Amount: The amount should be explicitly set to
0. Settingamountto any other value will lead to an API error, as the intention is to tokenize the card, not process a payment. - Customer ID: Merchants must provide the customer_id parameter.
- Webhook URL: webhook_url should be provided, where the generated token will be saved.
In addition, for the tokenization process to be initiated correctly, all other required parameters for the Ottu Checkout API must be provided, including currency_code, type, and pg_codes.
The merchant must ensure that the selected Payment Gateway pg_codes supports tokenization.
The Process
Tokenization involves a series of steps designed to securely capture and convert card details into a token. Here is a detailed overview of the process:
-
Request Submission:
Merchant initiates the tokenization process by sending a request to the Ottu
Checkout API. This request must specify thecustomer_id,payment_typeassave_card,amountas0, and any other required parameters. Please refer to the Checkout API section for detailed information on the requiredCheckout APIparameters. -
Payment URL Generation:
Upon receiving the tokenization request, Ottu generates a checkout_url.
-
User Payment Process:
Merchant has the two options:
- Redirect to the Checkout Page: Using the checkout_url to redirect the customer to the Checkout page. There, the customer can be redirected to the Save Card page by clicking the Pay button, even though no actual payment is processed at this step.
- Redirect to the Save Card Page: If a redirect_url is provided, the customer can be directly redirected to the Save Card page.
On the Save Card page, the customer enters his card information and completes the process by clicking the Save button.
-
Tokenization:
Upon the successful completion of the card information submission, Ottu proceeds to tokenize the card details.
The tokenized card details are then securely transmitted back to the merchant's system as part of the webhook payload sent by Ottu. Merchants can locate the tokenized card information in the token field of the webhook payload.
This tokenization process ensures that merchants can securely store card details for future transactions without handling sensitive card information directly, thereby enhancing the overall security and efficiency of the payment process.
Implementation
Getting started with simplifying your checkout process through tokenization is straightforward with Ottu. Here's a detailed guide to help you begin:
Create a Payment Link
Request Payload Example:
{
"type": "payment_request",
"pg_codes": ["credit-card"],
"payment_type": "save_card",
"amount": "0",
"customer_id": "Customer Save-Card demo",
"webhook_url": "https://yourwebsite.com/webhook",
"currency_code": "KWD"
}
Tokenization with Payment
It empowers merchants a seamless way not only to process transactions but also to securely save customer card details for future use.
By leveraging the Checkout API, a payment session is created, associated with a customer ID and Merchant Identification Number MID that supports tokenization, thus enhancing the customer experience by providing an option to save card details during the payment process. This can be further streamlined by using the Checkout SDK. It's important to note that the Card Verification Value (CVV) may be required, depending on your Payment Gateway's configuration; this setting can be adjusted by contacting our technical support team.
This method is especially valuable for encouraging repeat business, as it simplifies future transactions by eliminating the need for customers to re-enter their card details.
Requirements
To ensure the successful tokenization of a card, merchants are required to adhere to the following requirements:
- Payment Link: Generate a payment link by utilizing the Checkout API, ensuring all necessary parameters for the
Checkout APIare included, along with the customer_id parameter. - Payment Gateway: Use a Payment Gateway that supports tokenization.
- Save Card: Ensure the Save Card option is enabled and selected by the customer during his initial payment to facilitate token creation.
- Customer ID: For subsequent payments utilizing the same token, the same
customer_idassociated with that token must be provided each time it is used. - Successful Payment: The customer must complete a successful payment.
The Process
This guide outlines the steps for initiating payment sessions and securely saving customer card details, focusing on efficiency and security.
-
Initiate the Payment Session:
Begin by initiating a payment session through the Checkout API, generating a session identified by session_id and associated with customer_id. Ensure this session connects to a Merchant Identification Number (MID) that supports tokenization, allowing for the secure storage of customer card information for later use. -
Enable the Save Card Option:
Utilize the Checkout SDK or manage payments via the Checkout API to enable a Save Card option, offering customers the ability to securely store their payment card information for future transactions.
Key Notes:- Choosing Between Checkout SDK and API: The
Checkout SDKis preferred for its user-friendly UI implementation and essential support for specific payment methods like Apple Pay and Google Pay. Your choice should align with your specific operational needs. - CVV Requirements: The necessity for Card Verification Value (CVV) may differ based on the Payment Gateway configuration. Adjustments can be made by reaching out to technical support.
- Choosing Between Checkout SDK and API: The
-
Save the Card:
When customer elects to save his card details, the information is tokenized and securely stored upon payment completed successfully, enabling easier transactions in the future. -
Utilize Saved Cards:
In future transactions with the samecustomer_id, the system automatically showcases all associated cards, simplifying payment method selection. Security is prioritized by displaying only the last four card digits, with CVV requirements determined by the acquiring bank's policies. -
Navigate Payment Challenges:
TheCheckout SDKis adept at handling various payment processing challenges, such as 3D Secure and One-Time Password (OTP) verifications, ensuring a smooth transaction experience for merchants and customers alike.
By adhering to these streamlined steps, merchants are equipped to offer a superior and secure payment experience, fostering customer loyalty and encouraging repeat business through the ease of saved payment details.
Implementation
Simplifying your checkout process with tokenization is easy with Ottu. Here’s a step-by-step guide on how to get started:
Create a Payment Link
{
"type": "payment_request",
"pg_codes": ["mpgs", "credit-card", "stc-pay"],
"amount": "19.000",
"customer_id": "customer_sample_id",
"order_no": "token_showcase",
"currency_code": "KWD"
}
By following these steps, you can easily streamline your payment process, ensuring that customers have a seamless checkout experience. As mentioned, we’ll be providing visual aids between each step to further guide you in implementing this feature. Remember, at Ottu, we are always here to assist you in navigating the complexities of online transactions, so don’t hesitate to reach out if you need any help.
FAQ
What's Next?
- User Cards — Manage saved cards: list, delete, and display to customers
- Recurring Payments — Use saved tokens for auto-debit and subscription billing