Contents

Tokenization

 

You can use our JavaScript Library to allow returning customers to process payments on your checkout without the need to re-enter all of their card details. Not only does this lead to faster and easier payments for your customers, your business also benefits from not needing to store sensitive card numbers (this can simplify your PCI accreditation process).

 


 

Process overview

1
Every transaction can be identified by their transactionreference, a unique identifier assigned by Trust Payments. When a new customer orders from your website, you will need to ensure your own system keeps a record of the transactionreference returned.
2
Your checkout request can include the transactionreference from the customer’s previous purchase to inherit the card number and expiry date for a new purchase (we explain how to do this, below).
3
The customer will be prompted to enter the security code that is normally found on the back of their card (because we are unable to store this value on our records for security reasons). The customer will need to enter this in order for additional security checks to be performed by the card issuer.
4
We will then process the transaction, which in all other regards will follow the same process as a standard payment. Ensure your system checks the response JWT to confirm the new payment was processed successfully.
PAYMENT Apple Pay
Apple Pay does not support tokenization in this manner.

 


 

Configuration for tokenized payment

Update your payment form

First, you will need to update your payment form to include the additional field fieldsToSubmit.
fieldsToSubmit requires a list containing the value “securitycode”.

Info
Because the customer only needs to be prompted for their security code, the JavaScript will automatically hide the PAN (st-card-number) and expiry date (st-expiration-date) divs. These will not be displayed to the customer.

 

We have provided an example below as a reference:


<html>
<head>
</head>
<body>
  <div id="st-notification-frame"></div>
  <form id="st-form" action="https://www.example.com" method="POST">
    <div id="st-security-code" class="st-security-code"></div>
    <button type="submit" id="st-form__submit" class="st-form__submit">
      Pay securely
    </button>
  </form>
 <script src=<DOMAIN>/js/v2/st.js></script>
 <script> 
  (function() {
   var st = SecureTrading({  
    jwt: 'INSERT YOUR JWT HERE',
    fieldsToSubmit: [‘securitycode’]
    });  
   st.Components(); 
  })(); 
 </script>
</body>
</html>

 

Update the JWT

Then you will need to update the payload within the JWT to contain the additional field parenttransactionreference. This must include the value of the transactionreference associated with the previous request (i.e. the token) from which the card details will be inherited:


{"payload":{"accounttypedescription":"ECOM","baseamount":"1050","currencyiso3a":"GBP","sitereference":"test_site12345","parenttransactionreference":"10-20-34"},"iat":1559033849,"iss":"jwt.user"}

 

Field specification

  Field Format Description
parenttransactionreference Alphanumeric
& hyphens (25)
Submit the transaction reference of the previous request from which the card details will be inherited.