1.25. Mobile Device Sale

Introduction

Mobile device sale transaction can be performed with cardholder data or with card reference, previously made with card verification process or in previous transfer/sale transactions.

See terms definitions in Glossary.

Sale Flow

@startuml
autonumber
title Мобильное Устройство - \nОплата 3DS
skinparam ParticipantPadding 70
participant "Клиент" as client
participant "Мобильное приложение" as mobile
participant "Сервер \nПрисоединяющейся Стороны" as party
participant "Payneteasy" as company
client <-> mobile: Аутентификация
mobile -> party: Запрос \nтокена доступа
mobile <-- party: Ответ с \nтокеном доступа
note right
accessToken
end note
party <- mobile: Запрос \nинициации платежа
party --> mobile: Ответ \nинициации платежа
mobile -> company: Обработка \nзапроса платежа
mobile <-- company: Обработка \nответа платежа
note right
session token
end note
company -> party: Проверка \nзапроса платежа
company <-- party: Проверка \nответа платежа
company -> company: Начало обработки
mobile -> company: Запрос \nстатуса платежа
note left
session token
end note
mobile <-- company: Ответ \nстатуса платежа
note right
state = REDIRECT_REQUEST
redirectUrl
end note
mobile -> mobile: Открытие браузера и \nпредоставлние nredirectUrl \nдля перенаправления \nна страницу 3DS
activate mobile
client <-- mobile: Предоставление \nredirectUrl
client -> mobile: Предоставлние \nдержателем карты \nданных аутентификации
mobile -> company: Обновление статуса 3DS
company --> mobile: Запрос на закрытие браузера
destroy mobile
company -> company: Обработка платежа
    party <- company: Запрос \nуведомления платежа \nсравнения карты
note right
server card id
end note
party --> company: Ответ \nуведомления платежа \nсравнения карты
mobile -> company: Запрос статуса платежа
note left
session token
end note
mobile <-- company: Ответ статуса платежа
note right
bankorder id
state = APPROVED|DECLINED
end note
party <- company: Запрос обратного вызова \nс финальным статусом
party --> company: Ответ обратного вызова \nс финальным статусом
@enduml

(1,2,3) To perform authentication of Consumer in Connecting Party’s app, Connecting Party can use any method which fits best to his needs. As a result, Connecting Party’s server generates {accessToken} and provides it to Connecting Party’s app. This parameter will be used to start and continue session.
(4,5) To initiate sale, Connecting Party’s app sends {accessToken} with transaction amount and other device parameters to Connecting Party’s server, which are used to start a session with unique random {nonce} and encrypted {signature}. To implement initiate sale request see Initiate Sale.
(6,7) On this stage Connecting Party’s app sends cardholder, device, session data and other parameters straight to Payneteasy to perform sale transaction. To implement perform sale request see Perform sale.
(8,9) Check sale is used for security purposes and allows Payneteasy to compare the data sent by Connecting Party’s app with the data stored on Connecting Party’s server. To implement check sale request see Check Sale.
(11,12,21,22) Sale status request is made by Connecting Party’s app to Payneteasy to get the status of sale transaction.To implement sale status request see Sale status.
(19,20) Payneteasy sends Sale card mapping notification request to Connecting Party’s server/proxy with created on its side card reference - {serverCardId}. To implement sale card mapping notification request see Sale card mapping notification.
(23,24) If Connecting Party callback URL is specified on endpoint level, Payment Gateway sends message to this callback URL whenever transaction reaches final status, no matter if the result is approved, declined or has other final status. See more in Callbacks.

Repeat Sale Flow

After successful Card mapping procedure, new sale transactions with the same cardholder data can be done easier for Consumer.
Connecting Party’s app makes new sale requests using {clientCardId} instead of cardholder data. Payneteasy sends this {clientCardId} to Connecting Party’s server in “Check sale request” and gets mapped to it {serverCardId} in “Check sale response” from Connecting Party’s server. This {serverCardId} is used to continue the processing of sale transaction.
Transaction flow remains the same: Initiate Sale -> Perform sale -> Check Sale.
If there is no need to change Consumer’s data (such as address, phone, etc.), “Perform sale request” for Repeat sale may be sent without any optional parameters. If Consumer’s data has to be changed, new source card reference must be created.
If {clientCardId} is used in “Perform sale request”, {serverCardId} must be included in “Check sale response” and signature.
If {clientCardId} was mapped to {serverCardId} in transaction with included {consumer.email} value, new “Perform sale request” and “Check sale response” with this {clientCardId} must also contain the same {consumer.email} value.

For Repeat Sale Flow use the following parameters in Perform Sale request:

  1. {sourceOfFunds.reference.clientCardId}

  2. {sourceOfFunds.reference.securityCode}

Instead of:

  1. {sourceOfFunds.card.expiry.month}

  2. {sourceOfFunds.card.expiry.year}

  3. {sourceOfFunds.card.holder}

  4. {sourceOfFunds.card.holder.firstName}

  5. {sourceOfFunds.card.holder.lastName}

  6. {sourceOfFunds.card.number}

  7. {sourceOfFunds.card.securityCode}

@startuml
autonumber
title Мобильное Устройство - \nСсылки на карту для повторного платежа
participant "Мобильное Устройство" as mobile
participant "Сервер \nПрисоединяющейся Стороны" as party
participant "Платёжный Шлюз" as company
skinparam ParticipantPadding 80
== Последняя стадия предыдущей транзакции ==
party <- company: Запрос на уведомление \nсравнения карты
note right
serverCardId
end note
party --> company: Ответ уведомления \nсравнения карты
party --> party: Создание clientCardId для serverCardId
party -> mobile: Созранение ссылки в приложении или \nотправка Клиенту по запросу
note right
clientCardId
end note
== Новый платёж ==
mobile -> party: Запрос на инициацию \nпроведения платежа
mobile <-- party: Ответ на инициацию \nпроведения платежа
mobile -> company: Обработка запроса \nна проведение оплаты
note left
clientCardId
end note
mobile <-- company: Обработка ответа \nна проведение оплаты
party <- company: Проверка запроса \nна проведение оплаты
note right
clientCardId
end note
party --> company: Проверка ответа \nна проведение оплаты
note left
serverCardId
end note
company -> company: Обработка оплаты
@enduml

(1,2) Payneteasy sends Sale card mapping notification request to Connecting Party’s server/proxy with created on its side card reference - {serverCardId}. To implement sale card mapping notification request see Sale card mapping notification.
(5,6) To initiate sale, Connecting Party’s app sends {accessToken} with transaction amount and other device parameters to Connecting Party’s server, which are used to start a session with unique random {nonce} and encrypted {signature}. To implement initiate sale request see Initiate Sale.
(7,8) On this stage Connecting Party’s app sends cardholder, device, session data and other parameters straight to Payneteasy to perform sale transaction. To implement perform sale request see Perform sale.
(9,10) Check sale is used for security purposes and allows Payneteasy to compare the data sent by Connecting Party’s app with the data stored on Connecting Party’s server. To implement check sale request see Check Sale.