Overview

This document provides high level description of functionalities offered by Token Payment Service. Token Payment Service supports e-commerce transactions by card payment token received from Google Pay™ thus eliminating the need to use real card details during transactions. As a registered PSP in Google Pay™, Verestro will decrypt the card payment token and perform the transaction on behalf of the Customer. The solution is very easy to integrate - Customer must integrate two API methods: tokenPayment and deposit. There is also a third method getTransacionDetails which is optional to integrate. The solution can be supported by various Acquirers.

Verestro recommends using the getTransacionDetails method. For example in situations when there were any problems with the connection between the Customer and Verestro. This method allow Customer to get current status of the ordered transaction.

If the Customer requires the settlement of the transaction by a new Acquirer – to which Verestro is not integrated – there will be required new integration between Verestro and the new Acquirer. The specification of the new Acquirer should be provided by the Customer.

Abbreviation

This section shortly describes abbreviations and acronyms used in the document.

Abbreviation	Description
ACQ	Acquiring Institution / Acquirer
ACS	Access Control Server
OS	Operative System
Mid	Merchant Identifier identifying the Customer in the Acquirer system
PCI DSS	Payment Card Industry Data Security Standard
PAN	Permanent Account Number
CVC	Card Verification Code
3DS	3-D Secure
PSP	Payment Service Provider

Terminology

This section explains a meaning of key terms and concepts used in this document.

Name	Description
Customer/Merchant	Institution which uses Verestro products. This institution decides which solution should be used depending on the business requirements and how transaction should be processed.
User	End-User which uses Customer application and pays for Customer's goods using Google Pay™ solution. This is the root of the entity tree. User is an owner of the card stored in Google Pay™ system.
Card Payment Token	Card Payment Token is an entity created by Google Pay™ and returned to the Customer. This token is created when the Customera application user selects the card he wants to pay with Google Pay. Card Token Payment is encrypted and does not contain valid card details. This token is decrypted on the Verestro side and then Verestro orders the payment to the Customer's Acquirer.
Authorization Method	The way of the authentication of the card transaction. Verestro supports followed authorization methods: `PAN_ONLY` and `CRYPTOGRAM_3DS` if Customer's country belongs to the European Union. Authorization method is always provided in the Google Pay™ encrypted payload as `authMethod` parameter.
Gateway Id	Phrase/value that identifies a given Payment Service Provider in the Google Pay™ system. The Merchant provides gateway Id to Google Pay™ to obtain a card payment token. By provided gateway Id, Google Pay™ encrypts the card payment token with the appropriate public key. Verestro is defined by a gateway Id with the value `verestro`
Gateway Merchant Id	Unique Customer identifier assigned by Verestro during the onboarding process. This identifier is in the form of a `UUID`. Verestro understands and uses this to verify that the message was for the Customer that made the request. Customer passes it to Google Pay™. More information about the Gateway Merchant Id can be found in Google Pay™ documentation.
Payment Service Provider	Payment Service Provider is an entity that helps Merchants transfer sensitive data to Acquirer during the transaction. Payment Service Provider should be PCI DSS compilent. In the Token Payment Service solution, Verestro has the role of PSP.
Acquirer	External Institution resposible for processing transaction and 3ds requests ordered by the by Verestro Token Payment Service solution in Customer context. Acquirer connects with banks / card issuers and returns an information whether the ordered action on a given card payment token is possible.
MID	Merchant identifier. This entity is represending Customer / Merchant in Acquirer's system. Customer has to provide the mid information to enable mid configuration in the Verestro system. Required to process transactions and 3DS via Verestro system.
Card Network	This is the type of card that allows you to make payments using a card payment token. Verestro allows to use `MASTERCARD`, `VISA` and `MAESTRO` cards.
PAN	It is 7-16 digits of the credit / debit card number. These digits contain the Permanent Account Number assigned by the bank to uniquely identify the account holder. It is necessary to provide it when User wants to pay with a card for purchases on the internet.
CVC	It is a type of security code protecting against fraud in remote payments. Card Verification Code is necessary to provide it when User wants to pay with a card for purchases on the internet.
Expiration Date	It is a date of the card validity ending and contains two values – month/year. Card will be valid to the last day of the month of the year showed on it. It is necessary to provide it when User wants to pay with a card for purchases on the internet.
3DS	3-D Secure is a method of authorization of transaction made without the physical use of a card, used by payment organization. The 3DS process in the Merchant Paytool solution is performed internally in the Verestro system.
PCI DSS	It is a security standard used in environments where the data of payment cardholders is processed. The standard covers meticulous data processing control and protection of users against violations.

Token Payment Service key components

Token Payment Service is a solution that has been created to provide the functionality that allows Customer to process payments using Google Pay™. An additional assumption was that the payment process should be performed outside the Customer's system, which frees him from the need to handle with sensitive data or the transaction itself. The Customer only receives information that the transaction was successful or not. Customer can also follow the most actual transaction status. This section provides introduction to technologies which are supported by Token Payment Service. High level architecture diagram is presented to show the place and usage of the each entity in the solution.

Component	Description
Token Payment Service API	Component stores the configuration data of a given Customer such Merchant Name or Merchant Id and also communicates with various Acquirers, collect transaction data and statuses. This component also triggers notifications to the Customer and the end user (depending on the Customer requirements) about successful or unsuccessful transaction.
Notification Service	Component responsible for sending information to the Customer about the transaction status. It is also responsible for sending email to the end user about the transaction. Notification Service is triggered by Token Payment Service API.

The diagram below shows each step of the card payment token transaction process

@startuml
skinparam ParticipantPadding 30
skinparam BoxPadding 30
skinparam noteFontColor #FFFFFF
skinparam noteBackgroundColor #1C1E3F
skinparam noteBorderColor #1C1E3F
skinparam noteBorderThickness 1
skinparam sequence {
ArrowColor #1C1E3F
ArrowFontColor #1C1E3F
ActorBorderColor #1C1E3F
ActorBackgroundColor #FFFFFF
ActorFontStyle bold
ParticipantBorderColor #1C1E3F
ParticipantBackgroundColor #1C1E3F
ParticipantFontColor #FFFFFF
ParticipantFontStyle bold
LifeLineBackgroundColor #1C1E3F
LifeLineBorderColor #1C1E3F
}
participant "User" as user
participant "Customer Application" as app
participant "Google Pay" as gp
participant "Verestro Token Payment Service" as tps
participant "Acquirer" as acq
note right of user: User wants to pay with Google Pay
user->app: 1. Pay with Google Pay and choose card
app->gp: 2. Requests for card token
gp->gp: 3. Encrypts card token with Verestro pub key
app<-gp: 4. Returns encrypted card token
app->tps: 5. Requests token payment "/payment/token.google-pay"
tps->tps: 6. Decrypts card token
tps->acq: 7. Orders transaction
tps<-acq: 8. Transaction status
note left of acq: 3DSecure authentication may be required
app<-tps: 9. Transaction status
user<-app: 10. Transaction status
user<--tps: 11. Sends email notification - optional
@enduml

Allowed card networks

Listed below are the types of cards supported in transactions using the Token Payment Service and Google Pay™ solution:

Card type

MASTERCARD

VISA

MAESTRO

Implementation models

Verestro provides REST API implementation model in Token Payment Service Solution. In this model Customer has his own application which should be integrated with Token Payment Service API. Verestro provides all necessary backend methods. Customer is responsible for integrate provided methods with his own application. Technical information about the integration can be found here. Below diagram shows high level architecture of the solution: