Token based credit card systems vs. traditional gateway
https://stackoverflow.com/questions/1252979
-
12-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to decide between Paypal PayFlow for a transaction processing service or a service like BrainTree.
BrainTree's service intrigues me because they will actually return a token to you for a credit card which can be used in future transactions. This token acts like a GUID for the credit card, but is useless if stolen. BrainTree is the only service I have come across that uses such a system - but I'm not sure if they are unique or not.
I heard some praise for BrainTree on a recent podcast, and had not heard of them before.
I wondered if anyone has any general advice on picking between the two - from the perspective of how much programming I will need to do or PCI concerns.
Solution
I'm based in Europe, and it sounds like you're based in the US? That being so I can only mention that there are certainly service providers on this side of the pond (and I imagine that one too) that offer pretty decent tokenised payment solutions. Tokenisation is fast becoming the standard way for payment service providers (PSP's) to help merchants with their PCI compliance.
If you want to take advantage of a token solution to help with PCI compliance then its inevitable that you'll end up redirecting users to a third party site. Most PSP's allow the payment page to be styled, to look as close to your source site as possible. The redirecting is necessary to ensure that your source site has no involvement at all with the capture and transmission of card number data. It also means you dont have to worry about integration with Verified By Visa, or MasterCard SecureCode.
Once the third party site has completed the transaction you'll be left with a token value, and again - different PSP's allow different things, but I know some here allow for (eg) card capture only, or authorisation only (allowing settlement to take place at a later time).
OTHER TIPS
PayFlowPro will allow you to do this as well. Checkout the DoReferenceTransaction method of their docs. Here is a forum post with some additional info.
Authorize.NET also supports this through their Customer Information Manager (CIM) API. Speficially look at Page 28 of the CIM XML guide (PDF). The <extraOptions> tag contains the transaction key:
<extraOptions><![CDATA[x_customer_ip=100.0.0.1&x_authentication_
indicator=5&x_cardholder_authentication_value=uq3wDbqt8A26rfANAA
AAAP]]></extraOptions>
Have you looked at Amazon Flexible Payment Service? Same low rate as PayPal, but you get the very well done Amazon checkout experience (which as I'm sure you know let's you reuse credit cards and addresses without having to re-enter them for every order.)
You also have the advantage that most people have done business with Amazon before and are comfortable doing it again.
