Online purchases are considered to be way more efficient than the transactions conducted offline due to increased security, lower risk of human errors, and faster processing times. Besides, the clients returning to shop at the same eCommerce store are likely to have an even smoother shopping process. This is due to the fact that their information is already stored on the merchant’s website.
If you’re an online seller who wishes to boost the user experience for your returning clients, this guide is for you. Here, we’ll describe how to store cardholder data safely to balance speed and security in online transactions at your store.
Why Is Storing Cardholder Data Important?
Building a lasting relationship with the customers is vital to any business. That’s why it's important to use the opportunities to improve their shopping experiences at your eCommerce site. One way of doing it is to save card details for the potentially returning clients.
To understand how this process goes from the technical side, let’s first take a look at the milestones of a recurrent payment process.
Recurrent Payment Flow
For the merchant, a recurrent payment process consists of three main steps:
- Initial payment. The consumer initiates the first purchase. That’s when the transaction is verified, and the credit card gets authorized.
- Card registration. The seller gets a card reference ID and ties the customer’s card details to their profile.
- Recurrent payment. This is when a repeated payment occurs, and a business event is triggered for the merchant. The customer doesn’t have to re-enter their card information this time since the merchant will use the previously registered card-ref-id to authorize the payment.
While this process is rather straightforward, you’re probably still wondering what a card reference ID is. Essentially, it’s a unique number associated with a customer’s card payment method and used to store sensitive details in a database securely.
Registering a Customer’s Card
A merchant can register new customers via a
card payment API offered by Payneteasy. It’s an Application Programming Interface that enables you to seamlessly manage payments.
The algorithm to do it is as follows:
- The consumer selects a service from the merchant’s portfolio to register and create a new customer card.
- The merchant shows a recurring payment form during the first payment’s initiation.
- The client fills in the form during the initial payment and submits it to Payneteasy.
- Payneteasy processes the purchase using the applicable bank’s payment gateway.
- Payneteasy then informs the merchant about the successful initial payment execution.
- After that, the merchant requests a card reference id (“card-ref-id”) from Payneteasy.
- Payneteasy forwards the card-ref-id to the merchant.
- The business then proceeds to create a customer card details matching profile. In other words, the merchant assigns the card-ref-id to a consumer’s profile.
- Payneteasy redirects the consumer to the seller’s website.
- Finally, the merchant shows the client a page stating that the card registration was completed successfully and the initial payment was approved.
This process takes seconds to be completed, thanks to Payneteasy’s advanced software.
Additional Tips on Saving Client’s Card Data
Now you know the general steps of the customer card information storing process. However, there are some additional nuances to keep in mind:
- To register the client’s card and get a card-ref-id, you should process the initial payment with Payneteasy via the
Sale Transactions or
Preauth/Capture Transactions API. This way, you’ll ensure that it was conducted in the most secure way possible and guarantee that there’s a real cardholder behind the transaction.
- For the same reason, you should use one of the following identification approaches or their combination:
Verified by Visa, random amount withdrawal verification, or anti-fraud systems like
- You should get a card-ref-id that will be applied to future recurring payments to avoid falling under the stricter level of
Remember that the card registration ID is entirely secure and can’t be used by fraudsters even if they gained access to it. This enables you to securely store the card-ref-id in your customers’ profiles.
You can learn even more information about the technical side of this process from our
payment API guidelines page or reach out to us directly via
this contact form.