You’ve set up your environment and access secrets. How do you collect your customers’ payment information? And how do you do this securely and with the most PCI compliance?
Payment Method Tokens
When you vault your customers’ payment method with Spreedly, that information becomes stored as a payment method token. This way, you capture that sensitive data without ever letting this touch your servers.
You can create payment method tokens via the API for testing purposes. Our API reference provides the request structure for creating a credit card payment method. You will want to use test card data to create this payment method for testing purposes.
Once you have your payment method token, you can use this to transact against whichever gateway or receiver you intend to use. But how do you get this payment method token?
For the most flexible way to capture payment methods and vault with Spreedly, we recommend implementing the iFrame. This allows for a custom checkout experience that securely passes the cardholder information from your checkout to our vault.
To add iFrame to your checkout page, you’ll want to follow our Spreedly iFrame Payment Form guide.
To tokenize payment methods, you will need your environment key and access secret. Please note that the environment key used will indicate which environment your payments will be vaulted in. Those payment method tokens can only be used in that environment.
Tokenizing a payment method does not verify or authorize the payment. You’ll need to invoke a purchase or authorization from your secure, server-side environment after the tokenization is successful. (More on this later.)
Other Ways to Tokenize
If the iFrame solution does not work for your needs, there are other ways to tokenize payment information; however, note that these approaches may increase your PCI compliance burden. If you need an alternative collection method, please review this guide.
Collecting Payments as a Merchant Aggregator
If your business uses the merchant aggregator model (discussed in the previous module), you may want to segment payment data in a multitude of environments. If this is the case, please ensure that your iFrame is configured to vault using the appropriate environment keys and access secrets to accomplish this. Remember, one environment cannot share payment method tokens with another, so it is possible that you will want to use only one production environment as a merchant aggregator. This will, of course, depend on your use case.
Migrating Payment Data to Spreedly
You may have payment data vaulted with another provider that you wish to move to Spreedly. Our Support team can assist you in migrating to Spreedly’s vault. Please review this guide to learn how.
Additionally, you can migrate the payment data yourself via API requests. This guide explains how to perform this self-managed migration process.
One of the most important components of your payment method lifecycle is ensuring that your vault contains the most up-to-date information possible.
Spreedly’s Advanced Vault is a product that regularly updates your vaulted payment methods. This means that you are always sending the most accurate versions of your cardholders’ credit card data, improving your success rates on transactions. This is especially important for merchants who deal with recurring payments, subscriptions, or card-on-file transactions.
Additionally, this service leverages other state-of-the-art features like Network Tokenization to improve authorization rates, BIN metadata to provide deeper insight into your payment methods, and lifecycle management to assist you in maintaining usable cards.
If you want to take advantage of this valuable feature, please reach out to firstname.lastname@example.org.
You have completed Module 2 if you have:
Created a payment method via API
Created a payment method via iFrame