This method lets you create a PCI Booking Card Entry form for capturing credit card data within an e-commerce site. Apply the method from the user's browser, typically in an iFrame "src" tag.
We recommend that you first review the guide for this method.
The response of calling this method is the HTML content of the Card Capture Form itself (Click here for an example of the content). You can use the request URL either as the page URL that a customer is directed to or as the source URL of an iframe element on your page.
3D Secure challenge timeout
Please note that if you enable 3DS processing during card capture, the 3DS challenge window will have a 5 minute timeout period. If the card owner does not submit the response to the 3DS challenge within that timeframe, their authentication will be rejected.
Access Token Vs. Session Token
Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.
Multiple Authentication Methods allowed
This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.
All URLs should be https.
Please note to urlEncode all components!
CVV Retention Policy
Remember to set the CVV Retention Policy for this token.
Custom Merchant Information
Please do not use the
merchantName
parameter in the request unless you have followed our guide on managing merchant information for 3D Secure authentication as this may cause problems in your 3DS processing.If you plan to use the PCI Booking merchant information for 3DS Authentication, please set "ThreeDs" as
True
and "merchantName" blank.
Please note that the PCI Booking merchant can only be used to perform 3D Secure authentication on Visa and Mastercard cards.
Complying with Visa 3DS Authentication requirements
As of August 12th 2024, Visa requires all merchants performing 3D Secure authentication to send additional information for the purpose of the authentication. Many of these additional details are sent automatically, in the background, by our system, but there are some parameters that you will need to provide PCI Booking in your request - you would need to provide either the email address or the phone number of the person you are authenticating.
You will find two new additional parameters in this request to provide these values.
If you are using 3DS authentication, you MUST provide at least one of these values.