1

I am integrating with apple pay on web using Vantiv littleOnlineRequest v9.14 https://developer.vantiv.com/docs/DOC-1755

Apple pay authorization will expire in 7 days. If the product was not shipped within 7 days and authorization is expired, how to re-authorize same apple pay transaction? Because PKPaymentToken is one-time use only, I can't re-use token.

Consider following two scenarios:

  1. If I call Vantiv Authorization using "Submitting the Apple Pay PKPaymentToken in cnpAPI" approach. The response is as follows :

     <litleTxnId>403355311854678794</litleTxnId>

 <orderId>testId</orderId>

 <response>000</response>

 <responseTime>2018-08-27T21:43:48.465</responseTime>

 <message>Approved</message>

 <authCode>45625</authCode>

 <applepayResponse>

       <applicationPrimaryAccountNumber>App PAN</applicationPrimaryAccountNumber>

       <applicationExpirationDate>App PAN Exp Date</applicationExpirationDate>

       <currencyCode>Currency Code</currencyCode>

       <transactionAmount>Amount of Transaction</transactionAmount>

       <cardholderName>Name of cardholder</cardholderName>

       <deviceManufacturerIdentifier>Id of Device Mfr</deviceManufacturerIdentifier>

       <paymentDataType>Type of Payment Data</paymentDataType>

       <onlinePaymentCryptogram>Payment Cryptogram</onlinePaymentCryptogram>

       <eciIndicator>eCommerece Indicator</eciIndicator>

 </applepayResponse>

After transaction is expired, how can I authorize same transaction again using above values?

  1. If I decrypt PKPaymentToken, vantiv request would be

    <card>
    <type>VI</type>
    <number>4242424242424242</number>
    <expDate>0421</expDate>
</card>
<cardholderAuthentication>
    <authenticationValue>Ad7XsdfgrtNDaA6V6MAACAAA=</authenticationValue>
</cardholderAuthentication>

authenticationValue is cryptogram from PKPaymentToken which is one-time use.

I don't want to use recurring or installment. Is there any way to re-authorize apple pay?

Apologies if this is not the correct place. I have asked Vantiv also but did not get any reply yet. Would like to know if anybody has done Apple pay re-auth before.

Priyanka Jadhav
  • 11
  • 5
  • Did you look at this answer? It seems to be in the same area - https://stackoverflow.com/questions/26538745/split-deferred-payments-through-apple-pay?rq=1 – matt freake Sep 07 '18 at 13:00
  • @mattfreake Yes I checked that answer. Actually I am not using Stripe. I wonder how even stripe can store the Apple pay information. Because Apple uses tokenization and it doesn't give actual card number. During authorization the token would be de-tokenized into the real PAN before passing on to the Issuer using one-time use cryptogram. So how does even Stripe charges card later without cryptogram? – Priyanka Jadhav Sep 13 '18 at 05:43

1 Answers1

2

I recently finished implementing Apple Pay and discovered that the payment token doesn't have an expiration.

It's simply a hash of the card number, expiration date and CVV.

Once you register it with a payment gateway (e.g. Stripe), who then validate the hash with Visa, MasterCard etc., the card can then be saved and repeatedly charged ad infinitum!

You can also delay the initial charge - when the user authorises their face or fingerprint, no payment is taken until you coordinate with your merchant.

Nabil Freeman
  • 376
  • 2
  • 12