How to Integrate a Mobile Payment Service
We’ve compared the top mobile payments for online retail stores and discussed security and compliance. Now, let’s dig into how to integrate a mobile payment service. According to David Shuford of Blue Acorn iCi, “One of the top frustrations retailers have with online payments is being able to roll out additional payment methods on a tight budget.” Luckily, the integration is similar for most mobile payments.
Before the boom of mobile payments, you would only need one tunnel for debit and credit cards; now you need to accept all types, such as mobile wallets and ACH. Realistically, you probably don’t have the time or resources to integrate all payment types. Once you’ve figured out which mobile payment option is the best fit for the majority of your target audience, then you can focus on the integration of the service that meets your customer needs.
How a Mobile Payment Service Works with Your Payment Platform
Your ecommerce site likely has a payment gateway processor, a third-party cartridge or plug-in connected to your ecommerce platform, which authorizes customer information and captures funds. At checkout, the gateway intercepts the cardholder data and sends it to the bank that issued the card to validate the request. The bank then sends a message back to the retailer to either approve or decline the payment. If the bank rejects the request, the shopper will see an error message as to why they got declined.
The process is essentially the same as when you integrate a mobile payment service. For example, if you integrated Apple Pay with the Stripe payment platform, Apple “authorizes the payment, and essentially uses a secure handshake to give the OK to Stripe to verify the payment and capture the funds,” says Dedric Guest, Director of Engineering at Blue Acorn iCi. Stripe never sees the actual cardholder data or saves the tokenized information when the customer pays with a mobile wallet.
Whether your payment gateway authorizes customer information and captures funds or only authorizes the payment, most mobile payments will work with your business model. For example, if you’re selling high-priced furniture, you would want to capture the funds before you deliver the item to the customer. Or, if your product is digitized, like music streaming, you would want the payment gateway to authorize and capture funds. However, some retailers, especially clothing, will wait to capture funds until the order ships. Mobile payments will support a majority of these scenarios.
If your business has a subscription model, the retailer will need to have a long-term payment agreement in place with the payment gateway. A long-term agreement allows extended authorization with periodic captures. In other words, the payment gateway has the ability to take funds from the customer’s account on a recurring basis without requiring the customer to authorize the transaction every single time. In this scenario, the payment gateway, not the mobile payment provider, saves the cardholder data, but it’s encrypted and tokenized.
Integration
Most of the top mobile payments—Apple Pay, Google Pay, Samsung Pay, PayPal—will integrate with common payment gateway platforms (we’ve compared mobile payment partners here(LINK)). When integrating a new payment solution, the top two considerations are typically security and how it integrates to your bank account or payment platform. Mobile payment solutions have their own security measures, and most never save cardholder data in its entirety—the information is either tokenized or encrypted. You can choose to either integrate the mobile payment solution directly to your site or integrate using your payment platform.
Payment Platform
Each payment platform will have its own process for integrating a mobile payment service, but they are typically very similar from one another. Most platforms will recommend connecting a mobile payment service via a JavaScript SDK (software development kit). These are common steps:
- Get the SDK from the payment platform
- Check browser and device capabilities (Apple Pay only works on Safari, Samsung Pay only works on Samsung devices)
- Set up the payment button
- Integrate the JavaScript component
- Create a payment request instance or session
- Create the payment request object
If the customer doesn’t have an active mobile payment method, make sure you display the traditional checkout form. Payment platforms, like Braintree and Stripe, support in-app purchases as well. For Apple Pay, you would use the iOS SDK rather than the JavaScript SDK to enable customers to buy items or services on your mobile app. For Google Pay (formerly Android Pay), you would use the Android SDK.
Guest recommends integrating your mobile payment service through a payment platform. Braintree, Stripe, PayPal, and other popular payment platforms comply with the Payment Card Industry Data Security Standards (PCI DSS). As long as you never see or have access to debit or credit card data and accept mobile payments in a PCI compliant manner, risks related to PCI compliance will be reduced.
Directly to Your Site
To add a new payment solution directly to your site, you need to build a framework tunnel (gateway) between the payment provider and the website. The quickest way to do this is by using the API provided by the mobile payment service. Most will have prerequisites before you use the mobile payment on your site, such as setting up your server for secure communications, complying with PCI standards, and verifying your domain.
Once you’ve covered all of the prerequisites, the mobile payment service provides the correct JavaScript for your site. It’s a similar process as if you were integrating the service with your payment platform. You will need to set up your payment button and implement the JavaScript API and payment request API.
Keep in mind, mobile payment services and payment platforms are not fraud servicers. You’ll likely need an additional fraud solution like Kount or Listify. Payment gateways only check that the data the cardholder provides matches the information the bank issuer has on file.
Also, consider integrating a backup payment option. It doesn’t happen often, but once or twice a year, we’ll hear about a payment service going down. Having a backup solution will avoid losing revenue and customers because they were unable to check out.
Quick Payment Buttons
If you’d like another option outside of mobile payment services to improve the mobile checkout experience, consider a quick payment button. Customers can use a quick payment button if they provide you their credit card, billing, and shipping information prior to checking out. All of the cardholder data is tokenized—this is the only thing you would save to the customer’s account. When the customer chooses quick payment at checkout, they will be required to provide the three-digit security code on the back of their debit or credit card. At this point, the retailer is matching the security code hash with the tokenized credit card information.
Quick payment is the same process on the backend as a standard payment process. All it’s doing is taking a few steps out of the checkout funnel for the shopper.
Whether you’re integrating a mobile payment service with your site or mobile app, don’t forget about the interests of your customers. In the era of peer-to-peer payments, online shopping, and mobile wallets, it’s prevalent to have a mobile payment option that allows shoppers to complete an online transaction with only a couple of clicks.
To learn more about mobile payments, listen to The Funnel podcast episode, “UI for Mobile Payments,” here. Or reach out to a member of the Blue Acorn iCi team here.