Comments (3)
My response:
I think you have confirmed the conclusion I have reached. There are three ways a credit card payment can be made:
-
User is redirected and enters all their credit card details. (recurrent = no)
-
User is redirected with a PKN, so only needs to enter their CVV to confirm. (recurrent = no)
-
The back-end system makes a payment for the user. (recurrent = yes, PKN must be set)
I have found that a forth option exists, with a PKN and recurrent = no, but to the "start" endpoint. This causes a user redirect, but they are immediately redirected back with a successful payment having been made, and no user interaction was sought. Is is safe to ignore this forth option? I don't see the need to redirect the user to do nothing, if the server can perform the action server-to-server. UNLESS, it provides some additional security check that may occasionally ask the user for additional details. If so, then I can't ignore it.
When doing a back-end payment with a PKN, it seems to make no different how the recurring flag is set. It can be on or off, and the payment still completes on the test system. Is there any functional different here, or is recurring effectively optional when making a request to the "payment" endpoint with a PKN?
from omnipay-girocheckout.
From GiroSolutions:
Option 4 is the same as 2. If a PKN is set but recurring=0, the start endpoint should always be used because of the CVV entry and also because depending on the bank there might be additional security mechanisms, such as Secure3D, which may need to be executed. So yes, you need to take that into account.
The recurring field is not optional, as explained in my previous mail. The test system may not reflect this correctly, as this is ultimately dependent on the specific contract the merchant has.
from omnipay-girocheckout.
So we have:
- Not recurrent, no PKN, payment page used: user enters full payment details.
- Not recurrent, PKN provided, payment page used: user enters CVV only.
- Is recurrent, PKN provided, payment page used: user enters nothing normally, but with a redirect the gateway can interject additional security checks to interact with the user if it desires to.
- Is recurrent, PKN provided, NO payment page used: offline payment made.
Notes:
- When no payment page is used, the PKN is mandatory.
- When the PKN is recurrent, the PKN is mandatory.
- For (4), it seems to make no difference whether the recurrent flag is set or not. There may not be a difference, but it is safer to set it, or at least default it to
on
, just in case. Unless, this is about single-use vs multiple-use PKNs (I did experiment, and it seemed not to be the case though).
from omnipay-girocheckout.
Related Issues (6)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omnipay-girocheckout.