Checkout is a script which is added to your website, collects the card data from the specified form, and creates a cryptogram of this data for payments through our API.
The cryptogram is done by using RSA algorithm with 2048 bit key length, and is compliant with the industry standards for card data protection. If you follow the requirements below, you will not receive the card data, but your server will still influence data safety.
- Must work via HTTPS protocol with a valid SSL certificate.
- Fields must not contain a "name" attribute – this will ensure that any card data will not be sent to your server when form is submited.
- Must be generated only by the original checkout script, loaded from our system URLs.
- Cryptogram cannot be stored after the payment and used for any other payment.
PCI DSS sees this method of payment as "E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises."
- data-cp="cardNumber" — card number field
- data-cp="name" — cardholder name field
- data-cp="expDateMonthYear" — expiry date field in MMYY format
- data-cp="expDateMonth" — month expiry date field
- data-cp="expDateYear" — year expiry date field
- data-cp="cvv" — CVV code field
To fill out the form, use test card number 4925 0000 0000 0087, other data can be random.