Secure Card Data
(click to enlarge)
Secure Card Data is an extra module, that can be added to your existing contract.
Not all contracts include Secure Card Data, thus this menu may not be available to you.
Furthermore, Secure Card Data only includes the saving of card-data, but not its usage. To use the saved card data, you must have a Saferpay Business License.
Secure Card Data is usually already included in a Saferpay Business contract.
The processing of card data is heavily regulated by the Payment Card Industry Data Security Standard (PCI DSS) council, introduced by Visa and Mastercard. They write the rules, that dictate, how card data has to be processed and, more importantly in this case, saved. In order to be allowed to apply to these rules, certain requirements have to be met, like certain security-levels and more. However that usually also is very expensive as well as time- and resource-intensive, which is why most merchants cannot afford it.
This is where Secure Card Data comes in. It allows you to save card data in the Saferpay Secure Alias Storage, without the need of an expensive certification, giving you a so called card alias, referencing the actual card, on the Saferpay systems. Each alias is only usable on your account, thus limiting the dangers, in case of a data-breach.
While most of this process is happening on API-level, the Backoffice offers some overview about your card data store and the saved data within it.

Search Options

Per default, the Backoffice allows to directly search for an entry, using the card alias itself. However by expanding the advanced search, you can also use the card number, the owner name and more.
In this example, Saferpay will list all your aliases, that correspond to one specific PAN. In General, the Information includes the Alias itself, the Owner Name, the masked card number, the expiration date, the creation date of the entry, the last time the alias has been used for a transaction and its lifetime, going from the last authorization, in days. Furthermore, it also indicates, if this Alias has been fully authenticated through 3D Secure, or not. Something, that is very important under PSD2 law. This will be explained in further detail in the Secure Card Data Details chapter.
There are different ways, Secure Card Data can be used. This is just an example.
For example, it is possible to use Secure Card data in a way, that only one Alias per PAN is permitted.

Adding an entry

While Secure Card Data is usually only used via the API, it is possible to manually add an entry. You can do so, by clicking on Add card, or Add bank account

Add a card

(click to enlarge)
The following values must be set, in order to add a credit card to your secure alias store:
  • Alias: This is the Alias, under which the card will be referenced later. Make sure, that this entry is unique! Saferpay will only use the first entry in its database, should there be another, redundant entry.
  • Lifetime: This is the time in days, this entry will be valid. The default is 1000, the minimum 1 and the maximum 1600 days. The lifetime will always be measured from the last time, a transaction has been made with this alias. For example, if you have an entry, that is valid for 1000 days and no authorization has been made, until the 999th day, the lifetime will then count another 1000 days from that point onwards, or until it has been used again.
  • Owner name: The name of the card owner.
  • Card number: The card, number, or PAN, you want to save.
  • Expiration date: The expiration date of the card. Do not confuse this with Lifetime. Both are separate things.

Add a bank account

While technically not falling under PCI DSS, Saferpay also offers to save SEPA information inside its secure alias store, in the same way, cards are saved, expanding the benefit to SEPA direct debit.
(click to enlarge)
Similar to a credit card, a bank account needs the following data-points:
  • Alias: This is the Alias, under which the card will be referenced later. Make sure, that this entry is unique! Saferpay will only use the first entry in its database, should there be another, redundant entry.
  • Lifetime: This is the time in days, this entry will be valid. The default is 1000, the minimum 1 and the maximum 1600 days. The lifetime will always be measured from the last time, a transaction has been made with this alias. For example, if you have an entry, that is valid for 1000 days and no authorization has been made, until the 999th day, the lifetime will then count another 1000 days from that point onwards, or until it has been used again.
  • Account Holder: The name of the bank account owner.
  • IBAN: The International Bank Account Number, of this bank account.