Skip to content

Instantly share code, notes, and snippets.

@janogarcia

janogarcia/paymill_cc_validation.md

Created December 7, 2012 11:47
Show Gist options
  • Save janogarcia/4232790 to your computer and use it in GitHub Desktop.
Save janogarcia/4232790 to your computer and use it in GitHub Desktop.
Download ZIP
Paymill Credit Card Validation
Raw
paymill_cc_validation.md

Paymill ideal scenario (for our webapp)

  1. A user goes to the Profile area of my webapp.
  2. The user then selects the tab Payment.
  3. A form for collecting credit card data is shown in the user's Profile > Payment area.

The Profile > Payment form doesn't involve any transaction, it is just to "save" their credit card data (on Paymill servers, not ours) for later use, on future purchases on our webapp.

That way the user doesn't need to re-enter over and over his credit card deatils each time he wants to make a purchase, smoothing as much as possible the checkout process.

We want to validate the credit card details that the user is entering on the Profile > Payment form, without charging any fee.

The questions are:

  • How can we validate the user's credit card data? Doing a preauthorization of a small amount (let's say $1) and then checking the preauthorization "status" property via the Paymill API?
  • Does this method of credit card data validation work for any of the Paymill supported cards, including those which are 3-D Secure?
  • In that case how can we avoid eventualy charging that preauthorization small amount ($1 in my example) to the client? Can the preauthorization be voided http://en.wikipedia.org/wiki/Authorization_hold#Voided_transactions via the Paymill API? Or is it a better approach to charge $1 the client, with no preauthorization, and then perform a full refund?
  • Is there any other way of validating credit card data, prior to any transaction, with the Paymill API?

Many, many thanks!

@janogarcia
Copy link
Author

Thank you Juraci for all these explanations.

Taking all into account, I would follow the "create a transaction and refund it" path instead of the "preauthorization" one for credit card data validation, as there is no guarantee that the "preauthorization" will work in all scenarios, for the following reasons:

Regarding the syntax validation, I'm more interested in real data validation, not just the syntax. The reason is that we'd like to have a checkout process with the least resistance possible, as in the Apple Store, where your credit card data is securely stored on a remote server and you only need to press Purchase and then enter your user password to confirm the purchase. That's the workflow we are aiming for.

@adamlc
Copy link

adamlc commented Jul 9, 2013

Hi Alejandro,

We are wanting to do basically the same as you. Someone stores their credit card details and then we can bill them random amounts at a later date.

How did you go about implementing this in the end? Is the PreAuth with a small amount the way to go?

Unfortunately we just found out the hard way, as transactions have started to fail because the amount we passed over for the Bridge and the first transaction are different. I just assumed that once a payment object was created we could bill it for any amount, clearly this is the case after the first transaction.

Thanks

Adam

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment