For Credit Card Payments we offer a solution where user submits the card data directly to the dialog from MakeCommerce (Maksekeskus)
The dialog is implemented as semi-transparent iFrame window on top of the shop’s checkout page.
The user perceives he/she has not left the checkout-page though in fact the dialog is from maksekeskus.ee domain

This approach is recognized by card networks as IFRAME solution that set the lowest PCI DSS compliance requirements on Merchant.
(VISA guide to security and PCI DSS requirements).

VISA Europe validation requirements on Merchant:

  • Use a service provider that has certified their PCI DSS compliance (certified providers are listed on Visa Europe’s website: www.visaeurope.com)
    OR
  • Have certified their own PCI DSS compliance to the acquirer (who must, on request, be able to validate that compliance to Visa Europe) (SAQ)

Maksekeskus AS is listed as VISA Merchant Agent and MasterCard Payment Facilitator

This approach ensures that credit cad data do not pass through the Merchant systems and PCI DSS V3 SAQ-A attestation for the Merchant is not strictly required.
(read more on payments security: Best Practices for Securing E-commerce, by PCI Security Standards Council )

 

 

Integrating with the Credit Card Dialog

Overview of the card payment flow

  1. Through the payment method selection dialog the buyer has selected to pay with credit card
  2. The shop registers a new transaction over the MK API  (create transaction)
  3. The shop invokes MK javascript (checkout.js) that will launch the credit card dialog on top of the shop page
  4. The buyer fills in credit card data and submits the data directly to MK server
  5. MK backend will process the payment through respective card networks, if required the buyer is redirected through the 3DS authentication dialog
  6. MK will complete the payment in the card network and will pass back the result to shop via browser (‘token_return’ message)
  7. MK server sends asynchronously an additional message about the payment directly to the shop server (notification_url, ‘payment_return’ message)

For further integration details see our api-explorer.

 

3-D Secure payments

3DSecure is an additional security measure that involves user authorisation at card issuer bank during the online card payment process.
See more on Wikipedia 3-D_Secure page.

3DS protects merchants better against chargebacks of  “unauthorised transactions” – the user can not simply claim that he has not done payment.
The downside is additional steps on the purchase flow, the exact flow depends on the specific implementation of the authentication dialog at the home bank.
3DS is an optional feature that Merchant can decide upon. By default 3DS is switched on. Should you want to change this please contact support@maksekeskus.ee

One Click Payments (OCP)

With One Click Payments activated for your shop, a credit card can be ‘remembered’ in MK systems so that the buyer does not have to fill the card data form again at next purchase. The user virtually needs just one click to pay. Read more about it on OCP page.

Recurring Payments

We offer a solution for merchants to take recurring payments from credit cards. Read more about it on recurring payments page.

Foreign Currency payments

Merchants who run shops oriented to UK or USA markets and would like to service buyers in their domestic currency can take credit card payments in USD and GBP. Settlement between MK and merchant still is done in euros but the buyer credit card is debited in his/her familiar domestic currency. Read more on non Euro payments page.

Demo and testing

You can try yourself the Credit Card Dialog in our demo shops, using the test cards.

Example of card dialog:
Card dialog