Recurring Payments

Before you start implementing Recurring Payments, please make sure, that you read and understood the PSD2 chapter!

Recurring Payments are a feature sub-set of the Transaction Interface and enable you -the merchant- to trigger subsequent transactions, without card holder presence.

Use-cases are subscription models, installments, "no-show" transactions for hotels and more.

It is important to understand, that each subsequent transaction is triggered by your system! Saferpay does not charge the customer, without you requesting it, which also applies to recurring payments.

Requirements:

  • a valid login access with a username and password for the Saferpay Backoffice.

  • one active Saferpay ecommerce terminal via which payment can be carried out and the associated

  • Saferpay terminal number (TerminalId parameter) and Saferpay customer number (CustomerId parameter).

  • valid acceptance agreement for credit cards or other payment methods, that support recurring payments.

Supported Payment Methods

Recurring Payments with the Referenced Transactions Method

With this method, the initial transaction is performed with either the PaymentPage Interface or with the Transaction Interface leading the cardholder through a normal ecommerce payment process, including entering the CVC and 3DSecure authentication. The first transaction is flagged as initial transaction. The Transaction ID of the initial transaction can then be used for referenced/recurring transactions.

1. Initial Transaction:

The Initial Transaction can be performed with the PaymentPage Interface or via the Transaction Interface, using Transaction Initialize and Transaction Authorize .

This transaction basically captures the credit card details and sets a flag, to mark it as an initial transaction that can be used as a reference for recurring transactions.

To define a transaction as the initial transaction, you need to set a special flag with either the PaymentPage Initialize Request or Transaction Initialize Request by defining the Container Payment.Recurring/Installment.

Here is an example of a PaymentPage Initialize Request with the Container Recurring:

Note, that the Transaction Interface works just in the same way, as the Payment Page.

{ 
"RequestHeader": {
   "SpecVersion": "[CURRENT SPEC-VERSION]",
   "CustomerId": "[your customer id]",
   "RequestId": "[unique request id]",
   "RetryIndicator": 0
 },
 "TerminalId": "[your terminal id]",
 "Payment": {
   "Amount": {
     "Value": "100",
     "CurrencyCode": "CHF"
   },
   "Recurring": {
     "Initial": true
   }
 },
 "Payer": {
   "LanguageCode": "en"
 },
 "ReturnUrls": {
   "Success": "[your shop payment success url]",
   "Fail": "[your shop payment fail url]"
 },
 "Styling": {
   "CssUrl": "[your shop css url]"
 }
}

2. Validating the transaction

Depending on the Interface used to initialize the transaction, you can validate the payment and assess transaction based information with either:

Both request will provide you with information about the Transaction including the 3D Secure response:

Here is an example of a PaymentPage Assert Response:

{
  "ResponseHeader": {
    "SpecVersion": "[CURRENT SPEC-VERSION]",
    "RequestId": "[your request id]"
  },
  "Transaction": {
    "Type": "PAYMENT",
    "Status": "AUTHORIZED",
    "Id": "MUOGAWA9pKr6rAv5dUKIbAjrCGYA",
    "Date": "2017-06-18T09:19:27.078Z",
    "Amount": {
      "Value": "100",
      "CurrencyCode": "CHF"
    },
    "AcquirerName": "AcquirerName",
    "AcquirerReference": "Reference"
  },
  "PaymentMeans": {
    "Brand": {
      "PaymentMethod": "SAFERPAYTEST",
      "Name": "SaferpayTestCard"
    },
    "DisplayText": "9123 45xx xxxx 1234",
    "Card": {
      "MaskedNumber": "912345xxxxxx1234",
      "ExpYear": 2021,
      "ExpMonth": 9,
      "HolderName": "Max Mustermann",
      "CountryCode": "CH"
    }
  },
  "Payer": {
    "IpAddress": "1.2.3.4",
    "IpLocation": "CH"
  },
  "ThreeDs": {
    "Authenticated": true,
    "LiabilityShift": true,
    "Xid": "ARkvCgk5Y1t/BDFFXkUPGX9DUgs=",
    "VerificationValue": "AAABBIIFmAAAAAAAAAAAAAAAAAA="
  }
}

You must save the Transaction.Id - value, returned in the PaymentPage Assert or Transaction Authorize response as this value will be used to reference recurring payments.

We recommend only to proceed, if the parameters Authenticated and LiabilityShift are true. This value indicates that the card holder has performed a full successful authentication (3D Secure process) at his bank. This option provides the highest level of security against fraud.

This initial transaction is saved for 5 years and can be used for the next step -the recurring transaction- within that time-frame.

IMPORTANT: This does not take the validity of the card itself into account! If the bank decides to e.g. block the card, the transaction will fail!

3. Recurring Transaction:

The next step is to perform the actual recurring transaction(s). The API-Function that is required is Authorize Referenced. You have to simply submit the TransactionId from your initial transaction (discussed in step 2) to perform the recurring transaction(s).

  1. Gather the TransactionId from the previous, initial, transaction

  2. Aquire the necessary payment-data e.g. Amount, Currency, OrderId etc.

  3. Initialize and Execute Payment with Transaction Authorize Referenced

    • You will get the authorization-response right away

  4. Validate the request response

  5. Depending on the outcome of step 4 you may

  6. Transaction is finished!

Here is an example of a Authorize Referenced Request:

{
  "RequestHeader": {
    "SpecVersion": "[CURRENT SPEC-VERSION]",
    "CustomerId": "[your customer id]",
    "RequestId": "[unique request id]",
    "RetryIndicator": 0
  },
  "TerminalId": "[your terminal id]",
  "Payment": {
    "Amount": {
      "Value": "100",
      "CurrencyCode": "CHF"
    },
    "Description": "Test123",
    "PayerNote": "Order123_Testshop"
  },
  "TransactionReference": {
    "TransactionId": "MUOGAWA9pKr6rAv5dUKIbAjrCGYA"
  }
}

The Amount is a mandatory value which can vary from the Amount of the initial transaction. A change of amount has to be communicated with the card holder and you must re-do this whole (Initial transaction and then reference to that transaction) process, to start the recurring-chain over again, otherwise, the bank may reject the recurring transaction.

Each Transaction with the Status Authorized has to be captured to initiate the actual money transfer.

Recurring Payments using an alias

A second method is to use the Saferpay Secure Alias Store aka Secure Card Data in conjunction with the AuthorizeDirect Request with previously registered Aliases.

1. Obtaining the Alias

The alias can be obtained in multiple ways, using the Saferpay Secure Card Data store. By using the Payment Page, Transaction Interface, or even a Standalone Registration, with an ONLINE_STRONG check it is possible to do an initial transaction, to validate the card (e.g. through 3D Secure), similar to the referenced transaction-process above!

Amount values that undercut a certain value, can cause problems during the 3D Secure-process, thus we recommend a value of 500 (5,00 €). As mentioned above, this transaction can be discarded. It is only, to prevend the mentioned issues with 3D Secure!

2. Recurring Transaction

Once the alias has been obtained, you can execute the subsequent transactions using AuthorizeDirect Request. The alias has to be filled into the PaymentMeans.Alias container.

  1. Gather the AliasId from the previous, initial, transaction

  2. Aquire the necessary payment-data e.g. Amount, Currency, OrderId etc.

  3. Initialize and Execute Payment with Transaction Authorize Direct

    • You will get the authorization-response right away

  4. Validate the request response

  5. Depending on the outcome of step 4 you may

  6. Transaction is finished!

Each Transaction with the Status Authorized has to be captured to initiate the actual money transfer.

Do not set the "Recurring"-exemption with the Transaction Authorize Direct request, unless you know for sure, that you are allowed to do so!

Requesting any exemption without the consent of your acquirer, can lead to rejections and your account being blocked!

Additional Information for Recurring payments

Recurring payments can be a bit more involved, than it seems on the surface. In order to ensure, that everything goes smooth, here are some tips for you, so everything is processed correctly.

PSD2

As already mentioned above, PSD 2 is an extremely important bit of information for all merchants inside the European Economic Area. When handling recurring payments, please make sure, that you have read this chapter and implemented Saferpay accordingly., specifically in terms of Strong Consumer Authentication through 3D Secure.

Handling rejections

Like any other transaction, a recurring payment can fail, e.g. due to a lack of funds on the side of your customer, the card expiring, or the card being stolen etc.

Handling these scenarios automatically can make things easier for you and your customers.

Depending on the type of the rejection, different actions need to be taken. You can implement a retry-mechanic, that re-attempts the transaction, after a certain amount (recommended are 24 hours) of time.

However, there are cases, where the customer simply has to return to your shop, e.g. in case of a stolen card, or a Soft Decline, making it necessary to re-initialize the recurring process with new/updated payment means.

In these cases, we recommend informing your customer automatically via E-Mail, that maybe includes a link to your website, that allows the user to register his payment details for a new recurring-chain.

More information about rejections and error handling in general, can be found over here.

Automating the Recurring Payments

Automated recurring payments have to be triggered by the merchant's system. There are multiple ways to set up the automated triggering of payments. The easiest way is to set up a Cronjob (Linux) or a Task (Windows). With cronjobs, you can schedule a command or script on your server to run automatically at a specified time and date (e.g. every minute, every 15 Minutes, every hour, or every day at 10pm or even every Sunday.)

The cronjob can be linked with a script (e.g. PHP, or a Bash script) that will be executed, every time the cronjob is triggered to automatically perform transactions. You should decide when and how often the payments have to be triggered, depending on your business model and the prearranged scheduling of payments.

Last updated