Secured white labelled card vault to safeguard customers card data
With the growing presence of online retailers and an average customer’s intent to transact online more often, the number of transactions done per card has increased considerably. The customer has to enter the card number, expiry and CVV – which requires the customer to either memorize these or take the card with him all the time and take it out to enter data. Entering the same set of numbers every single time is a tedious experience for the customer who has already invested some efforts in selecting the right product and going through the merchant website.
To overcome this, PayUbiz offers its merchants a comprehensive card vault feature. It is a robust, secure and easy-to-use solution using which the merchant can save the customer card details in PayUbiz Database (on customer’s approval) and allows the customer to complete the recurring transactions using just the CVV number and 3-D bank authentication. Also, due to lesser customer input, it helps decrease the overall transaction time. We have observed that for certain merchants using this solution, as high as 50% of the transactions are done through previously saved cards. It also gives the customer freedom to save more than 1 card at a time (approximately 1.2 cards per user). Also, a direct impact of 5-6% has been measured in the success rate for merchants when opting for saved card feature against when not using this feature. This metric directly proves the importance of this feature in more ways than one.
Simple to implement
This solution involves 2 major steps
a) Helping the customer save his card details in PayUbiz Vault.
b) Helping the customer pay using his saved card details during the subsequent transactions. These are discussed in detail in below sections.
Helping the customer save card details in PayUbiz Vault
1) Customer needs to enter his card details on merchant portal and give his consent to the merchant for saving them.
2) Merchant needs to make an API request with card details to PayUbiz. Once done, the card number, expiry month, expiry year and name on card values get saved in PayUbiz Database. Please note that CVV number can’t be saved due to PCI-DSS Compliance.
3) PayUbiz generates a unique card token for this saved card and returns it back to the merchant. This card token is a unique string which is used to identify the particular card in PayUbiz Database and is generated using an internal secured logic.
Figure 1: When customer chooses to save his card details
Helping the customer pay using saved card details during the subsequent transactions
1) For subsequent attempts, merchant needs to identify the customer (could be based upon a login), ask him to select the correct card and retrieve the corresponding card token from Database
2) The merchant then needs to ask the customer to enter the CVV number and pass on the complete transaction request to PayUbiz with card token and CVV number. PayUbiz will receive the card token and extract the card details (Card number and Expiry Date) from our secured Database and take it forward to the bank.
Below diagrams show a step by step example of how merchant can handle the user interface at its end. This is just a sample format. It’s up to the merchant to create a suitable front-end and mould the complete interface as per its choice.
Figure 2: Customer chooses to transact using previously saved card
An internal API fetches all the cards (3 for this customer) present in the vault. Merchant is allowed to display a partially masked card number (showing only first 6 and last 4 digits) for the customer to identify the correct card. PayUbiz also shares the card type (Credit or Debit), card brand (Visa/Master etc) and card issuing bank in the API response. Hence, the merchant can display this additional information to ease customer experience further.
Figure 3: Customer selects the desired saved card
As soon as the customer selects the desired card, the user prompt asks for CVV number input. The customer inputs the CVV and clicks on ‘Pay Now’ to move forward to bank’s domain for completion.
Figure 4: Customer inputs the CVV number and clicks on Pay Now option
The beauty of this solution is that while the complete technology for this feature is provided and maintained by PayUbiz, it’s the merchant who gets to control the entire front end design, user handling and back-end API flow. PayUbiz strongly believes that the end customer belongs to merchant and the merchant portal should be allowed to handle all customer interactions and actions thereby keeping PayUbiz only as a technology provider. Also, this way, interacting with merchant website for using saved card feature gives the customer an assurance for the security of his card details and merchant the freedom to design the payment user interface in sync with rest of the website. The idea remains to have a seamless flow which eases customer’s payment experience and seems like a merchant-owned solution – thereby giving it the name white-label.
Note: Similar to saving cards, PayUbiz has exposed simple APIs to update and delete card information, if the customer wishes so at any moment.