1.24. Mobile Device Sale

Introduction

Mobile device sale transaction can be performed with cardholder data or with card reference, previously made with card verification process or in previous transfer/sale transactions.

See terms definitions in Glossary.

Sale Flow

@startuml autonumber title Мобильное Устройство - \nОплата 3DS skinparam ParticipantPadding 70 participant "Клиент" as client participant "Мобильное приложение" as mobile participant "Сервер \nПрисоединяющейся Стороны" as party participant "Payneteasy" as company client <-> mobile: Аутентификация mobile -> party: Запрос \nтокена доступа mobile <-- party: Ответ с \nтокеном доступа note right accessToken end note party <- mobile: Запрос \nинициации платежа party --> mobile: Ответ \nинициации платежа mobile -> company: Обработка \nзапроса платежа mobile <-- company: Обработка \nответа платежа note right session token end note company -> party: Проверка \nзапроса платежа company <-- party: Проверка \nответа платежа company -> company: Начало обработки mobile -> company: Запрос \nстатуса платежа note left session token end note mobile <-- company: Ответ \nстатуса платежа note right state = REDIRECT_REQUEST redirectUrl end note mobile -> mobile: Открытие браузера и \nпредоставлние nredirectUrl \nдля перенаправления \nна страницу 3DS activate mobile client <-- mobile: Предоставление \nredirectUrl client -> mobile: Предоставлние \nдержателем карты \nданных аутентификации mobile -> company: Обновление статуса 3DS company --> mobile: Запрос на закрытие браузера destroy mobile company -> company: Обработка платежа party <- company: Запрос \nуведомления платежа \nсравнения карты note right server card id end note party --> company: Ответ \nуведомления платежа \nсравнения карты mobile -> company: Запрос статуса платежа note left session token end note mobile <-- company: Ответ статуса платежа note right bankorder id state = APPROVED|DECLINED end note party <- company: Запрос обратного вызова \nс финальным статусом party --> company: Ответ обратного вызова \nс финальным статусом @enduml

(1,2,3) To perform authentication of Consumer in Connecting Party’s app, Connecting Party can use any method which fits best to his needs. As a result, Connecting Party’s server generates {accessToken} and provides it to Connecting Party’s app. This parameter will be used to start and continue session.
(4,5) To initiate sale, Connecting Party’s app sends {accessToken} with transaction amount and other device parameters to Connecting Party’s server, which are used to start a session with unique random {nonce} and encrypted {signature}. To implement initiate sale request see Initiate Sale.
(6,7) On this stage Connecting Party’s app sends cardholder, device, session data and other parameters straight to Payneteasy to perform sale transaction. To implement perform sale request see Perform sale.
(8,9) Check sale is used for security purposes and allows Payneteasy to compare the data sent by Connecting Party’s app with the data stored on Connecting Party’s server. To implement check sale request see Check Sale.
(11,12,21,22) Sale status request is made by Connecting Party’s app to Payneteasy to get the status of sale transaction.To implement sale status request see Sale status.
(19,20) Payneteasy sends Sale card mapping notification request to Connecting Party’s server/proxy with created on its side card reference - {serverCardId}. To implement sale card mapping notification request see Sale card mapping notification.
(23,24) If Connecting Party callback URL is specified on endpoint level, Payment Gateway sends message to this callback URL whenever transaction reaches final status, no matter if the result is approved, declined or has other final status. See more in Callbacks.

Repeat Sale Flow

After successful Card mapping procedure, new sale transactions with the same cardholder data can be done easier for Consumer.
Connecting Party’s app makes new sale requests using {clientCardId} instead of cardholder data. Payneteasy sends this {clientCardId} to Connecting Party’s server in “Check sale request” and gets mapped to it {serverCardId} in “Check sale response” from Connecting Party’s server. This {serverCardId} is used to continue the processing of sale transaction.
Transaction flow remains the same: Initiate Sale -> Perform sale -> Check Sale.
If there is no need to change Consumer’s data (such as address, phone, etc.), “Perform sale request” for Repeat sale may be sent without any optional parameters. If Consumer’s data has to be changed, new source card reference must be created.
If {clientCardId} is used in “Perform sale request”, {serverCardId} must be included in “Check sale response” and signature.
If {clientCardId} was mapped to {serverCardId} in transaction with included {consumer.email} value, new “Perform sale request” and “Check sale response” with this {clientCardId} must also contain the same {consumer.email} value.

For Repeat Sale Flow use the following parameters in Perform Sale request:

  1. {sourceOfFunds.reference.clientCardId}

  2. {sourceOfFunds.reference.securityCode}

Instead of:

  1. {sourceOfFunds.card.expiry.month}

  2. {sourceOfFunds.card.expiry.year}

  3. {sourceOfFunds.card.holder}

  4. {sourceOfFunds.card.holder.firstName}

  5. {sourceOfFunds.card.holder.lastName}

  6. {sourceOfFunds.card.number}

  7. {sourceOfFunds.card.securityCode}

@startuml autonumber title Мобильное Устройство - \nСсылки на карту для повторного платежа participant "Мобильное Устройство" as mobile participant "Сервер \nПрисоединяющейся Стороны" as party participant "Платёжный Шлюз" as company skinparam ParticipantPadding 80 == Последняя стадия предыдущей транзакции == party <- company: Запрос на уведомление \nсравнения карты note right serverCardId end note party --> company: Ответ уведомления \nсравнения карты party --> party: Создание clientCardId для serverCardId party -> mobile: Созранение ссылки в приложении или \nотправка Клиенту по запросу note right clientCardId end note == Новый платёж == mobile -> party: Запрос на инициацию \nпроведения платежа mobile <-- party: Ответ на инициацию \nпроведения платежа mobile -> company: Обработка запроса \nна проведение оплаты note left clientCardId end note mobile <-- company: Обработка ответа \nна проведение оплаты party <- company: Проверка запроса \nна проведение оплаты note right clientCardId end note party --> company: Проверка ответа \nна проведение оплаты note left serverCardId end note company -> company: Обработка оплаты @enduml

(1,2) Payneteasy sends Sale card mapping notification request to Connecting Party’s server/proxy with created on its side card reference - {serverCardId}. To implement sale card mapping notification request see Sale card mapping notification.
(5,6) To initiate sale, Connecting Party’s app sends {accessToken} with transaction amount and other device parameters to Connecting Party’s server, which are used to start a session with unique random {nonce} and encrypted {signature}. To implement initiate sale request see Initiate Sale.
(7,8) On this stage Connecting Party’s app sends cardholder, device, session data and other parameters straight to Payneteasy to perform sale transaction. To implement perform sale request see Perform sale.
(9,10) Check sale is used for security purposes and allows Payneteasy to compare the data sent by Connecting Party’s app with the data stored on Connecting Party’s server. To implement check sale request see Check Sale.