Checkout script

Checkout is a script which is added to your website, collects the card data from the specified form, and creates a cryptogram of this data for payments through our API.


The cryptogram is done by using RSA algorithm with 2048 bit key length, and is compliant with the industry standards for card data protection. If you follow the requirements below, you will not receive the card data, but your server will still influence data safety.

Requirements
Form requirements:
  • Must work via HTTPS protocol with a valid SSL certificate.
  • Fields must not contain a "name" attribute – this will ensure that any card data will not be sent to your server when form is submited.
Cryptogram requirements:
  • Must be generated only by the original checkout script, loaded from our system URLs.
  • Cryptogram cannot be stored after the payment and used for any other payment.
PCI DSS security requirements:

PCI DSS sees this method of payment as "E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises."

  • Until 1 January 2015, SAQ-A self-assessment form must be filled out
  • From 1 January 2015, SAQ-EP self-assessment form must be filled out, with quarterly ASV scans and yearly penetration tests.
Embedding
To create a cryptogram you must add a checkout script to your website
Then create a card data input form
Card data input fields must contain the following attributes:
  • data-cp="cardNumber" — card number field
  • data-cp="name" — cardholder name field
  • data-cp="expDateMonthYear" — expiry date field in MMYY format
  • data-cp="expDateMonth" — month expiry date field
  • data-cp="expDateYear" — year expiry date field
  • data-cp="cvv" — CVV code field
Add a script for cryptogram creation

Send the cryptogram and card holder name to server and call payment method via API
Sample payment form

To fill out the form, use test card number 4925 0000 0000 0087, other data can be random.