Overview

This topic was removed in 2020 and should not appear in the TOC.

This topic explains what happens behind the scenes when a customer does a checkout using a credit card in a webstore.

Credit Card Checkout Life Cycle

This flow covers the system interactions that occur for the standard, happy-path credit card use case:

  • Customer enters his/her credit card information
  • Token is generated based on the credit card data
  • Credit Card authentication request is sent, including Token, Credit Card and Transaction amount
  • Order is approved after Credit Card authentication response is received

Detailed Explanation

  1. After the customer enters his/her credit card information and hits the "Continue Checkout" button, the Webstore sends a ProtectPanRequest(PAN) to Payment Service containing the raw credit card number. Payment Service then responds by returning a Token for the credit card number.
  2. The Webstore then sends a TenderTypeLookupRequest message containing the PAN/Token, currency code and store information to Payment Service in order to retrieve the correct tender type for the credit card. The Payment Service then validates PAN/Token, currency code and store information provided and then returns with TenderTypeLookupResponse. Depending on the TenderTypeLookupResponse, the Webstore will either prompt the customer for new payment details, send the order without attempting an authentication, or continue on to the 3D secure call and the authentication call. If a TenderTypeLookupResponse is received and the "matched" element is true, the Webstore handles the 3D secure calls to Cardinal Commerce (not shown in the diagram) and moves the customer over to the Order Review page in the webstore.

    Note: For 3d secure integration, the webstore must integrate with Cardinal Commerce or some other third- party 3d secure authorization provider, and the result of the authorization should be passed in the SecureVerificationData element in the authorization API.

  3. Customer hits the "Submit Order" button on the Order Review page. A CreditCardAuthRequest message with Token,PAN, Exp Date, CSC, Amount etc. is sent to the Payment Service. Payment Service transforms and routes this auth request to the appropriate payment gateway internally (fdms/amex through isd, global collect, digital check etc) and returns a CreditCardAuthReply. After the CreditCardAuth call is made, the Webstore will either submit the order to Order Management System, show the customer a decline message, or ask the customer to correct the invalid address or Card Security Code (CSC) data.
  4. Otherwise, the Webstore determines whether to send the order and what page to display based on the response code. Non-timeout CreditCardAuth responses (APPROVED, DECL, DECLF, DECLR, AVS, CSC, or AVSCSC) are handled by the webstore:
    Response CodeResult
    APPROVEDThe order is sent to Order Management System and the customer is shown the Order Receipt page
    DECL
    DECLF
    The customer is taken back to the Order Review page and a "credit card declined" error message is displayed. A link back to the payment page is also displayed.
    DECLRFraud - the order sent to Order Management System goes through a fraud check but the customer is still shown the Order Receipt page.
    AVS
    CSC
    AVSCSC
    The customer is taken back to the Order Review page and asked to correct billing address and/or CSC details. After correction, the CreditCardAuth request will be submitted with the "isRequestToCorrectCVVOrAVSError" element set to true