Mail Phone Order
PCIMail Phone Order (MPO) describes a flow, where the cardholder either calls the merchant, or provides his card details via classical mail. A merchant employee then takes the data and enters it into an application, that then authorizes the card data via a special Mail Phone Order terminal and contract.
Saferpay offers 3 basic ways of covering this need, which will be explained in the following chapter.
The following things are required, if you want to accept MPO Transactions in general:
- A valid Saferpay Account and Login
- At least one Mail Phone Order terminal attached to that account, with corresponding acceptance-contracts for the desired payment methods.
- Since MPO is a concept only known with credit cards, it is limited to these payment methods.
- Access to the Saferpay Payment API (Options #1, if API is used, and #3)
First and foremost, you should consider the other options you have. Mail Phone Order transactions are generally more expensive and offer a higher risk in terms of fraud, which is why we generally recommend considering all your other options instead.
Most noticeably, the Secure PayGate (SPG). In short, the SPG offers a way to present the cardholder with a secure way of executing e-commerce payments via payment-link, either sent through an e-mail, or other means.
This way, you and your customer would benefit from more security, offered by such features like 3D Secure, but also the availability of all the other payment methods, that do not know MPO as a concept.
You would simply capture the customer's e-mail via phone and send them a mail, that contains the payment link. The payment is then carried out on the customers' device.
While it is classically being used via the Saferpay Backoffice, the SPG also offers an API, that allows the integration into any system you like -as long as it allows for such a thing-, for more flexibility.
The Saferpay Backoffice itself offers the possibility of executing Mail Phone Order transactions out of the box. Simply select your MPO-terminal and enter your customer's card details, there is no integration needed on your end.
Are options 1+2 not suited for your needs, then you can always opt for using the Saferpay Payment API in order to execute MPO transactions.
This type of integration requires your system to have at least an SAQ-A EP level PCI certification.
Still: At no point should the card details come in contact with your systems, not even in RAM! Always post the details directly to Saferpay, either through the Hosted Card Entry forms, the Saferpay Fields, or by diectly posting the details from your form, to Saferpay (more below).
The integration simply follows our normal transaction-interface integration rules, with the following additional/important information:
- As 3D Secure and DCC are unknown to MPO transactions, no redirect is required. As stated in the guide, simply execute the Initialize to pass/capture the card-data and then continue with the Authorize.
Naturally, no Liabilityshift through 3D Secure is given for MPO transactions!
- Since an SAQ-A EP certification is needed, you are allowed to use your own card form, though we recommend using the Saferpay Fields.
Last modified 2mo ago