Card-on-File

Home    Online Payments    REST 2.0 (Beta Version)    Features    Card Operations    Card-on-File

On this page:

Overview

Card-on-File (also known as Stored Credentials) allows a customer to authorize a merchant to store card details for use in future transactions. As you might know, any organization seeking to store sensitive card details must comply with the rigorous Payment Card Industry (PCI) Certification process and very strict legal requirements.

Nuvei has the required PCI certification that allows us to store and manage customer card credentials. Merchants with the required level of PCI certification can store and manage customer card credentials on their own systems, and choose not to use Nuvei’s payment token management.

PCI Certification

The PCI Data Security Standards (DSS) regulate the storage and management of card details issued by the major card schemes. Each PCI DSS level has its own set of requirements.

Certification for most of these PCI levels involves submitting a self-assessment questionnaire (SAQ) to evaluate the company’s compliance to the various PCI DSS standards. Other factors taken into account include the company’s card transaction volume; card acceptance channels used; security posture and practices; business complexity; and so on.

Each Nuvei integration method defines the merchant’s involvement in collecting customer card details, as well as the merchant’s PCI reporting responsibilities. For the Nuvei REST API 2.0 integration method:

Nuvei Integration MethodWho Collects Card Details

Merchant PCI Responsibilities
Server-to-Server REST API 2.0 The merchant
Collects from their checkout or payment page.
  • Submit the Detailed SAQ-D form.
  • Agree to conform to the required security standards.
  • Perform quarterly scans.

Tokenization

With REST API 2.0, when a customer makes a card payment for the first time, in the /payments request, the merchant provides:

  • Card details – For example: card number, expiration date, CVV.
  • buyerId – Unique identifier for the consumer in the merchant’s system.

Upon a successful payment transaction, Nuvei automatically stores the card details, creates a payment token to represent it, and provides the paymentTokenId in the response. The next time a customer wants to use the card for a transaction, the merchant does not need to collect the details again. Instead, the merchant includes buyerId and paymentTokenId in the request. For information about how to use payment tokens in payments, see Using Payment Tokens in Payments. Nuvei also provides the REST 2.0 endpoints to manage payment tokens.

Merchant Stored Credentials

Merchants with the required level of PCI certification can choose not to use Nuvei’s payment token management. They can store and manage customer card credentials on their own systems. To conform to the card schemes’ Stored Credentials requirements, the merchants need to indicate that stored credentials are being used in payment transactions.

In the /payments request, include paymentOption.store with one of these values:

  • initial – First time the merchant is providing stored card credentials in a payment transaction.
  • subsequent – Merchant is providing stored card credentials previously used in a payment transaction.
Example /payments Request with store
{
    "processingEntityId": "<your processingEntityId>",
    "amount": 10.5,
    "currency": "USD",
    "transactionType": "Auth",
    "paymentOption": {
        "store": "initial",
        "card": {
            "cardNumber": "5101081046006034",
            "cardHolderName": "John Smith",
            "expirationMonth": "10",
            "expirationYear": "2026",
            "cvv": "345"
        }
    },
    "custom": {
        "description": "Some description"
    },
    "deviceDetails": {
        "browser": {
            "acceptHeader": "Y",
            "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36",
            "javaEnabled": "true",
            "language": "en-US",
            "colorDepth": "24",
            "screenHeight": "1080",
            "screenWidth": "1920",
            "timeZone": "0",
            "javaScriptEnabled": "true"
        }
    },
    "buyerDetails": {
        "firstName": "John",
        "lastName": "Smith",
        "companyName": "Nuvei Corp",        
        "dateOfBirth": "1978-01-01",
        "email": "[email protected]",
        "phone": "6175551414",
        "billingAddress": {
            "address": "22 Main Street",
            "zip": "02460",
            "city": "Boston",
            "countryCode": "US",
            "phone": "6175551414",
            "addressMatch": "true"
        },
        "shippingAddress": {
            "sameAsBilling": "true",
            "address": "22 Main Street",
            "zip": "02460",
            "city": "Boston",
            "countryCode": "US",
            "phone": "6175551414"
        }
    }
}
Last update iconLast modified November 2024