Recurring Payments
Before you start implementing Recurring Payments, please make sure, that you read and understood the PSD2 chapter!
Recurring Payments are a feature sub-set of the Transaction Interface and enable you -the merchant- to trigger subsequent transactions, without card holder presence.
Use-cases are subscription models, installments, "no-show" transactions for hotels and more.
It is important to understand, that each subsequent transaction is triggered by your system! Saferpay does not charge the customer, without you requesting it, which also applies to recurring payments.
- one active Saferpay ecommerce terminal via which payment can be carried out and the associated
- Saferpay terminal number (TerminalId parameter) and Saferpay customer number (CustomerId parameter).
- valid acceptance agreement for credit cards or other payment methods, that support recurring payments.
- American Express
- Diners Club International & Discover
- JCB
- Mastercard
- SEPA Direct Debit
- Visa & V PAY
With this method, the initial transaction is performed with either the PaymentPage Interface or with the Transaction Interface leading the cardholder through a normal ecommerce payment process, including entering the CVC and 3DSecure authentication. The first transaction is flagged as initial transaction. The Transaction ID of the initial transaction can then be used for referenced/recurring transactions.
The Initial Transaction can be performed with the PaymentPage Interface or via the Transaction Interface, using Transaction Initialize and Transaction Authorize .
This transaction basically captures the credit card details and sets a flag, to mark it as an initial transaction that can be used as a reference for recurring transactions.
To define a transaction as the initial transaction, you need to set a special flag with either the PaymentPage Initialize Request or Transaction Initialize Request by defining the Container Payment.Recurring/Installment.
If you are within PSD2-scope, the amount MUST NOT change, between the initial and the recurring transaction. If it does change, you'll run into a soft decline.
If you have to change the amount, you have to re-start this process over again and do a new initial-transaction.
{
"RequestHeader": {
"SpecVersion": "[CURRENT SPEC-VERSION]",
"CustomerId": "[your customer id]",
"RequestId": "[unique request id]",
"RetryIndicator": 0
},
"TerminalId": "[your terminal id]",
"Payment": {
"Amount": {
"Value": "100",
"CurrencyCode": "CHF"
},
"Recurring": {
"Initial": true
}
},
"Payer": {
"LanguageCode": "en"
},
"ReturnUrls": {
"Success": "[your shop payment success url]",
"Fail": "[your shop payment fail url]"
},
"Styling": {
"CssUrl": "[your shop css url]"
}
}
Depending on the Interface used to initialize the transaction, you can validate the payment and assess transaction based information with either:
Both request will provide you with information about the Transaction including the 3D Secure response:
Here is an example of a PaymentPage Assert Response:
{
"ResponseHeader": {
"SpecVersion": "[CURRENT SPEC-VERSION]",
"RequestId": "[your request id]"
},
"Transaction": {
"Type": "PAYMENT",
"Status": "AUTHORIZED",
"Id": "MUOGAWA9pKr6rAv5dUKIbAjrCGYA",
"Date": "2017-06-18T09:19:27.078Z",
"Amount": {
"Value": "100",
"CurrencyCode": "CHF"
},
"AcquirerName": "AcquirerName",
"AcquirerReference": "Reference"
},
"PaymentMeans": {
"Brand": {
"PaymentMethod": "SAFERPAYTEST",
"Name": "SaferpayTestCard"
},
"DisplayText": "9123 45xx xxxx 1234",
"Card": {
"MaskedNumber": "912345xxxxxx1234",
"ExpYear": 2021,
"ExpMonth": 9,
"HolderName": "Max Mustermann",
"CountryCode": "CH"
}
},
"Payer": {
"IpAddress": "1.2.3.4",
"IpLocation": "CH"
},
"ThreeDs": {
"Authenticated": true,
"LiabilityShift": true,
"Xid": "ARkvCgk5Y1t/BDFFXkUPGX9DUgs=",
"VerificationValue": "AAABBIIFmAAAAAAAAAAAAAAAAAA="
}
}
You must save the Transaction.Id - value, returned in the PaymentPage Assert or Transaction Authorize response as this value will be used to reference recurring payments.
We recommend only to proceed, if the parameters Authenticated and LiabilityShift are true. This value indicates that the card holder has performed a full successful authentication (3D Secure process) at his bank. This option provides the highest level of security against fraud.
This initial transaction is saved for 5 years and can be used for the next step -the recurring transaction- within that time-frame.
IMPORTANT: This does not take the validity of the card itself into account! If the bank decides to e.g. block the card, the transaction will fail!
The next step is to perform the actual recurring transaction(s). The API-Function that is required is Authorize Referenced. You have to simply submit the TransactionId from your initial transaction (discussed in step 2) to perform the recurring transaction(s).
(click to enlarge)
- 1.Gather the TransactionId from the previous, initial, transaction
- 2.Aquire the necessary payment-data e.g. Amount, Currency, OrderId etc.
- 3.
- You will get the authorization-response right away
- 4.Validate the request response
- 5.Depending on the outcome of step 4 you may
- 6.Transaction is finished!
Here is an example of a Authorize Referenced Request:
{
"RequestHeader": {
"SpecVersion": "[CURRENT SPEC-VERSION]",
"CustomerId": "[your customer id]",
"RequestId": "[unique request id]",
"RetryIndicator": 0
},
"TerminalId": "[your terminal id]",
"Payment": {
"Amount": {
"Value": "100",
"CurrencyCode": "CHF"
},
"Description": "Test123",
"PayerNote": "Order123_Testshop"
},
"TransactionReference": {
"TransactionId": "MUOGAWA9pKr6rAv5dUKIbAjrCGYA"
}
}
The Amount is a mandatory value which can vary from the Amount of the initial transaction. A change of amount has to be communicated with the card holder and you must re-do this whole (Initial transaction and then reference to that transaction) process, to start the recurring-chain over again, otherwise, the bank may reject the recurring transaction.
Each Transaction with the Status Authorized has to be captured to initiate the actual money transfer.
A second method is to use the Saferpay Secure Alias Store aka Secure Card Data in conjunction with the AuthorizeDirect Request with previously registered Aliases.
The alias can be obtained in multiple ways, using the Saferpay Secure Card Data store. By using the Payment Page, Transaction Interface, or even a Standalone Registration, with an ONLINE_STRONG check it is possible to do an initial transaction, to validate the card (e.g. through 3D Secure), similar to the referenced transaction-process above!
Amount values that undercut a certain value, can cause problems during the 3D Secure-process, thus we recommend a value of 500 (5,00 €). As mentioned above, this transaction can be discarded. It is only, to prevend the mentioned issues with 3D Secure!
Once the alias has been obtained, you can execute the subsequent transactions using AuthorizeDirect Request. The alias has to be filled into the PaymentMeans.Alias container.
(click to enlarge)
- 1.Gather the AliasId from the previous, initial, transaction
- 2.Aquire the necessary payment-data e.g. Amount, Currency, OrderId etc.
- 3.
- You will get the authorization-response right away
- 4.Validate the request response
- 5.Depending on the outcome of step 4 you may
- 6.Transaction is finished!
Each Transaction with the Status Authorized has to be captured to initiate the actual money transfer.
Do not set the "Recurring"-exemption with the Transaction Authorize Direct request, unless you know for sure, that you are allowed to do so!
Requesting any exemption without the consent of your acquirer, can lead to rejections and your account being blocked!
Recurring payments can be a bit more involved, than it seems on the surface. In order to ensure, that everything goes smooth, here are some tips for you, so everything is processed correctly.
As already mentioned above, PSD 2 is an extremely important bit of information for all merchants inside the European Economic Area. When handling recurring payments, please make sure, that you have read this chapter and implemented Saferpay accordingly., specifically in terms of Strong Consumer Authentication through 3D Secure.
Like any other transaction, a recurring payment can fail, e.g. due to a lack of funds on the side of your customer, the card expiring, or the card being stolen etc.
Handling these scenarios automatically can make things easier for you and your customers.
Depending on the type of the rejection, different actions need to be taken. You can implement a retry-mechanic, that re-attempts the transaction, after a certain amount (recommended are 24 hours) of time.
However, there are cases, where the customer simply has to return to your shop, e.g. in case of a stolen card, or a Soft Decline, making it necessary to re-initialize the recurring process with new/updated payment means.
In these cases, we recommend informing your customer automatically via E-Mail, that maybe includes a link to your website, that allows the user to register his payment details for a new recurring-chain.
Automated recurring payments have to be triggered by the merchant's system. There are multiple ways to set up the automated triggering of payments. The easiest way is to set up a Cronjob (Linux) or a Task (Windows). With cronjobs, you can schedule a command or script on your server to run automatically at a specified time and date (e.g. every minute, every 15 Minutes, every hour, or every day at 10pm or even every Sunday.)
The cronjob can be linked with a script (e.g. PHP, or a Bash script) that will be executed, every time the cronjob is triggered to automatically perform transactions. You should decide when and how often the payments have to be triggered, depending on your business model and the prearranged scheduling of payments.
Last modified 7d ago