Direct Authorization

PCI Compliance Requirement

Direct authorization integration requires PCI DSS compliance as it involves handling sensitive card data directly. Merchants must:

1. Maintain a valid PCI DSS certification
2. Securely collect and transmit cardholder data
3. Never store sensitive authentication data (e.g., CVV codes)
4. Implement proper encryption and security measures

If you do not have PCI certification, please use the Checkout Authorization or SDK Authorization options instead.

API Request Parameters

POST

Key Parameters for Authorization

When integrating authorization payments, you need to adjust one key parameter compared to regular Direct Payment:

1. txnType: Must be set to AUTH for authorization transactions.

Note

• All JSON fields must be stringified before submission
• Nested objects must be serialized to JSON string format
• JSON fields must not contain unescaped special characters
• Arrays in JSON should be properly formatted
• Example of JSON string field:

{
    "object": "{\"obj-key1\":\"v1\",\"obj-key2\":\"v2\"}",
    "complex": "{\"k1\":\"v1\",\"array\":\"[{\\\"obj-key3\\\":\\\"v3\\\",\\\"obj-key4\\\":\\\"v4\\\"}]\"}"
}

Parameter	Type	Length	Required	Signed	Description
billingInformation	String	/	Yes	Yes	Billing information in JSON string format. See TransactionAddress
cardInfo	String	/	Conditional	Yes	Card payment information in JSON string format. See TxnCardInfo
merchantNo	String	20	Yes	Yes	Merchant number assigned by Onerway, obtained from Onerway dashboard
merchantTxnId	String	64	Yes	Yes	Unique transaction identifier for each customer payment. Must be unique for each transaction request.
merchantTxnOriginalId	String	128	No	Yes	Master transaction ID generated by merchant. IDs can be duplicate but only one transaction with the same ID can succeed
merchantTxnTime	String	/	No	Yes	Transaction timestamp (Format: yyyy-MM-dd HH:mm:ss)
merchantTxnTimeZone	String	64	No	Yes	Transaction timezone
mpiInfo	String	/	Conditional	Yes	3DS verification result information in JSON string format. See MpiInfo
orderAmount	String	19	Yes	Yes	Order amount in units of currency with max 2 decimal places
orderCurrency	String	8	Yes	Yes	Order currency code. See ISO 4217
osType	String	16	Conditional	Yes	Operating system type. See OsTypeEnum
productType	String	16	Yes	Yes	See ProductTypeEnum
risk3dsStrategy	String	16	Conditional	Yes	3DS risk control strategy. See Risk3dsStrategyEnum
shippingInformation	String	/	Yes	Yes	Shipping information in JSON string format. See TransactionAddress
sign	String	/	Yes	No	Digital signature string for request verification. Please refer to Signature for signature generation method.
subProductType	String	16	Yes	Yes	See SubProductTypeEnum
txnOrderMsg	String	/	Yes	Yes	Transaction business information in JSON string format. See TxnOrderMsg
txnType	String	16	Yes	Yes	Transaction type. See TxnTypeEnum

TransactionAddress

Name	Type	Length	Required	Signature	Description
firstName	String	64	No	No	First name
lastName	String	64	No	No	Last name
jpFirstName	String	64	No	No	(Japanese Katakana) First name
jpLastName	String	64	No	No	(Japanese Katakana) Last name
phone	String	32	No	No	Phone number
email	String	256	Yes	No	Email address
postalCode	String	32	No	No	Postal code
address	String	256	No	No	Address
country	String	64	Yes	No	Country. Please refer to ISO_3166.
province	String	64	Conditional	No	Province/State. Required when country is US or CA. Please refer to ISO_3166.
city	String	64	No	No	City
street	String	64	No	No	Street
number	String	64	No	No	House/Building number
identityNumber	String	64	No	No	ID number
birthDate	String	64	No	No	Birth date, format is yyyy-MM-dd

TxnCardInfo

Name	Type	Length	Required	Description
holderName	String	48	Yes	Cardholder name
cardNumber	String	128	Yes	Card number
month	String	64	Yes	Expiry month
year	String	64	Yes	Expiry year
cvv	String	64	Yes	Card CVV

MpiInfo

Name	Type	Length	Required	Signature	Description
eci	String	2	Yes	No	Electronic Commerce Indicator (ECI).
cavv	String	128	Yes	No	Cardholder Authentication Verification Value (CAVV).
xid	String	128	No	No	3D-Secure v1 transaction identifier.
dsTransID	String	128	No	No	3D-Secure v2 transaction identifier.

TxnOrderMsg

Name	Type	Length	Required	Signature	Description
returnUrl	String	256	Yes	No	Synchronous return address. After the customer completes payment, the Onerway hosted page will redirect back to the merchant's specified page through this address
products	String	1024	Yes	No	List of product information purchased by the customer, please refer to the Products object
transactionIp	String	64	Conditional	No	Cardholder transaction IP
appId	String	20	Yes	No	Store ID. When a merchant registers a website/application with Onerway, a unique ID is generated for that website/application. This ID can be obtained from the Onerway dashboard.
javaEnabled	Boolean	/	Conditional	No	Whether the cardholder's browser has java enabled, retrieved via: window.navigator.javaEnabled()
colorDepth	String	64	Conditional	No	Cardholder screen color depth, retrieved via: window.screen.colorDepth
screenHeight	String	64	Conditional	No	Cardholder's screen resolution, retrieved via: window.screen.height
screenWidth	String	64	Conditional	No	Cardholder's screen resolution, retrieved via: window.screen.width
timeZoneOffset	String	64	Conditional	No	Cardholder browser's time zone, retrieved via: ((new Date()).getTimezoneOffset()).toString()
accept	String	2048	Conditional	No	Cardholder browser's Accept request header
userAgent	String	2048	Conditional	No	Cardholder's browser type, retrieved via: window.navigator.userAgent
contentLength	String	64	Conditional	No	Content length of the cardholder's browser content beyond the headers
language	String	64	Conditional	No	Cardholder's browser language, retrieved via: window.navigator.language
periodValue	String	/	Conditional	No	Installment payment period.
notifyUrl	String	256	Yes	No	Notification URL. See Notifications

Products

Name	Type	Length	Required	Description
name	String	256	Yes	Product name
price	String	1024	Yes	Product unit price
num	String	20	Yes	Product quantity
desc	String	1024	No	Product description
currency	String	256	Yes	Currency code following ISO 4217 standard
type	String	256	No	Product classification. See StoreProductTypeEnum

products must be in JSON string format

Examples:

If type is discount, the discount amount should be passed as a negative number

General case

\"[{\\\"name\\\":\\\"Pro1\\\",\\\"price\\\":\\\"50.00\\\",\\\"num\\\":\\\"2\\\",\\\"currency\\\":\\\"USD\\\"},{\\\"name\\\":\\\"Pro2\\\",\\\"price\\\":\\\"100\\\",\\\"num\\\":\\\"1\\\",\\\"currency\\\":\\\"USD\\\"}]\"

With discount

\"[{\\\"name\\\":\\\"Pro1\\\",\\\"price\\\":\\\"50.00\\\",\\\"num\\\":\\\"2\\\",\\\"currency\\\":\\\"USD\\\"},{\\\"name\\\":\\\"Pro2\\\",\\\"price\\\":\\\"100\\\",\\\"num\\\":\\\"1\\\",\\\"currency\\\":\\\"USD\\\"},{\\\"name\\\":\\\"discount\\\",\\\"price\\\":\\\"-10\\\",\\\"num\\\":\\\"1\\\",\\\"currency\\\":\\\"USD\\\",\\\"type\\\":\\\"discount\\\"}]\"

With shipping fee

\"[{\\\"name\\\":\\\"Pro1\\\",\\\"price\\\":\\\"50.00\\\",\\\"num\\\":\\\"2\\\",\\\"currency\\\":\\\"USD\\\"},{\\\"name\\\":\\\"Pro2\\\",\\\"price\\\":\\\"100\\\",\\\"num\\\":\\\"1\\\",\\\"currency\\\":\\\"USD\\\"},{\\\"name\\\":\\\"shipping fee\\\",\\\"price\\\":\\\"10\\\",\\\"num\\\":\\\"1\\\",\\\"currency\\\":\\\"USD\\\",\\\"type\\\":\\\"shipping_fee\\\"}]\"

With discount and shipping fee

\"[{\\\"name\\\":\\\"Pro1\\\",\\\"price\\\":\\\"50.00\\\",\\\"num\\\":\\\"2\\\",\\\"currency\\\":\\\"USD\\\"},{\\\"name\\\":\\\"Pro2\\\",\\\"price\\\":\\\"100\\\",\\\"num\\\":\\\"1\\\",\\\"currency\\\":\\\"USD\\\"},{\\\"name\\\":\\\"shipping fee\\\",\\\"price\\\":\\\"10\\\",\\\"num\\\":\\\"1\\\",\\\"currency\\\":\\\"USD\\\",\\\"type\\\":\\\"shipping_fee\\\"},{\\\"name\\\":\\\"discount\\\",\\\"price\\\":\\\"-10\\\",\\\"num\\\":\\\"1\\\",\\\"currency\\\":\\\"USD\\\",\\\"type\\\":\\\"discount\\\"}]\"

Note that price * num (product amount) + price * num (discount amount) - price * num (shipping fee) = orderAmount (order transaction amount)

Response

Name	Type	Description
respCode	String	Response code from Onerway
respMsg	String	Response message from Onerway
data	Object	Response data. Refer to object data

data

Name	Type	Description
transactionId	String	Transaction order number created by Onerway
responseTime	String	Interface response time Format: yyyy-MM-dd HH:mm:ss
txnTime	String	Transaction completion time Format: yyyy-MM-dd HH:mm:ss
txnTimeZone	String	Transaction time zone Format: +/-HH:mm
orderAmount	String	Order amount
orderCurrency	String	Transaction order currency Refer to ISO 4217 currency codes
txnAmount	String	Order amount after conversion to settlement currency
txnCurrency	String	Settlement currency Refer to ISO 4217 currency codes
status	String	Transaction processing result Refer to TxnStatusEnum
redirectUrl	String	Redirection URL for 3D Secure verification
contractId	String	Subscription contract number
tokenId	String	Payment token
eci	String	Electronic Commerce Indicator
periodValue	String	Installment payment number of periods
codeForm	String	Code form for specific payment methods See CodeFormEnum
presentContext	String	Context information for presentation layer
actionType	String	Action type for the transaction See ActionTypeEnum
subscriptionManageUrl	String	Subscription management URL
sign	String	Signature string Refer to the Signature interface

Direct Authorization Integration Process

The Direct Authorization integration process consists of four main phases as illustrated below:

1. Authorization Initiation

In this phase:

• Customer enters payment information on the merchant's website/application (custom UI)
• Merchant system securely collects and transmits the payment data to Onerway with txnType=AUTH
• The payment request includes sensitive card data in the cardInfo parameter
• Authorization does not immediately capture funds, only reserves them
• Merchant is responsible for designing a secure, user-friendly payment form

2. Authorization Processing

In this phase:

• Onerway processes the authorization request and determines if 3DS verification is required
• If 3DS is not required, Onerway returns the authorization result immediately
• If 3DS is required:
  • Onerway returns status=R with a redirectUrl to the 3DS verification page
  • Merchant must redirect the customer to complete the 3DS verification
  • After verification, Onerway sends the final authorization result via webhook

3. Authorization Result Notification

In this phase:

• Onerway sends detailed authorization result data to the notifyUrl via HTTP POST
• The webhook contains complete transaction information including transactionId, status, paymentMethod, and signature for verification
• Merchant system must respond with transactionId to acknowledge receipt of the webhook
• If no successful response is received, Onerway will retry sending the webhook up to 3 times at 30-minute intervals

4. Capture Process

In this phase:

• Authorization holds funds but does not transfer them
• To complete the payment, merchant must send a separate capture request
• The capture request references the original authorization using originTransactionId
• Funds are transferred only after a successful capture
• Authorizations expire if not captured within the specified time period (typically 7 days)

3DS Handling

3DS Authentication Flow

When the response contains status=R and actionType=RedirectURL, merchants must redirect the customer to complete 3DS verification:

{
    "respCode": "20000",
    "respMsg": "Success",
    "data": {
        "transactionId": "1919781070732402688", 
        "status": "R", // 3DS verification required
        "redirectUrl": "https://sandbox-gw-dmz.onerway.com/3dsSecure/direct/RDT_3DS_DDC_8002091919781076595769344", // 3DS verification URL
        "actionType": "RedirectURL", // Indicates a redirect is required
        // other fields...
    }
}

Upon receiving this response:

1. Store the transactionId for tracking
2. Redirect the customer to the redirectUrl for 3DS authentication
3. Wait for the webhook notification with the final transaction result
4. The customer will return to your site via the returnUrl specified in your request

Important

The returnUrl parameter in txnOrderMsg is critical for 3DS flows:

• It must be a valid URL on your website that can handle returning customers
• After 3DS verification completes, the customer's browser will be redirected to this URL
• Transaction status parameters will be appended to the URL as query parameters
• Your return page should be prepared to handle both successful and failed 3DS
  verifications

Best Practice

Implement a transaction status tracking mechanism to handle asynchronous payment completion after 3DS verification. Your returnUrl endpoint should:

• Extract the transaction ID and status from the URL parameters
• Show an appropriate message to the customer
• Update the transaction status in your system when the webhook notification is received

Example 3DS Return URL

When a customer completes 3DS verification, they will be redirected to your returnUrl with parameters:

https://your-return-url.com/?transactionId=1919652057678479360&status=S&...

Your return page should handle this redirect appropriately.

API Usage Examples

Standard Authorization Request (No 3DS)

Request

{
    "billingInformation": "{\"address\":\"2255 Zena Mountains\",\"city\":\"Lake Gracieport\",\"country\":\"US\",\"email\":\"Gladys_Gottlieb@gmail.com\",\"firstName\":\"Genoveva\",\"identityNumber\":\"56951146147\",\"lastName\":\"Hodkiewicz\",\"phone\":\"14160644208\",\"postalCode\":\"11439\",\"province\":\"CO\"}",
    "cardInfo": "{\"holderName\":\"CL BRW2\",\"cardNumber\":\"4000000000002701\",\"month\":\"05\",\"year\":\"26\",\"cvv\":\"123\"}", 
    "merchantCustId": "CustId-X35O-PS87",
    "merchantNo": "800209",
    "merchantTxnId": "f6af8703-2374-435d-95d5-ec13c6b72c6f",
    "merchantTxnTime": "2025-05-09 17:00:23",
    "orderAmount": "2",
    "orderCurrency": "USD",
    "productType": "CARD",
    "shippingInformation": "{\"address\":\"563 Rashad Track\",\"city\":\"Paradise\",\"country\":\"US\",\"email\":\"Jackie31@hotmail.com\",\"firstName\":\"Wilhelmine\",\"identityNumber\":\"90516673347\",\"lastName\":\"Robel\",\"phone\":\"19588613942\",\"postalCode\":\"57255\",\"province\":\"CO\"}",
    "sign": "ce713863d0e392d24f82991aaf58f6bc15d511fe9459d192315768f77efc6a38",
    "subProductType": "DIRECT",
    "txnOrderMsg": "{\"accept\":\"*/*\",\"appId\":\"1727880846378401792\",\"colorDepth\":\"32\",\"contentLength\":\"4096\",\"javaEnabled\":true,\"language\":\"en-US\",\"products\":\"[{\\\"currency\\\":\\\"USD\\\",\\\"name\\\":\\\"cherry\\\",\\\"num\\\":\\\"20\\\",\\\"price\\\":\\\"610.45\\\",\\\"type\\\":\\\"fugiat consequat dolore in qui\\\"}]\",\"returnUrl\":\"https://docs.onerway.com/\",\"notifyUrl\":\"https://docs.onerway.com/apis\",\"screenHeight\":\"568\",\"screenWidth\":\"768\",\"timeZoneOffset\":\"-300\",\"transactionIp\":\"254.181.21.171\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36\"}",
    "txnType": "AUTH" // Set to AUTH for authorization transaction
}

Response

{
    "respCode": "20000",
    "respMsg": "Success",
    "data": {
        "transactionId": "1920765847828561920", // Required as originTransactionId for capture
        "responseTime": "2025-05-09 17:00:47",
        "txnTime": "2025-05-09 17:00:38",
        "txnTimeZone": "+08:00",
        "orderAmount": "2.00",
        "orderCurrency": "USD",
        "txnAmount": null,
        "txnCurrency": null,
        "status": "S", // Immediate success, no 3DS required
        "redirectUrl": null,
        "contractId": null,
        "tokenId": null,
        "eci": null,
        "periodValue": null,
        "codeForm": null,
        "presentContext": null,
        "actionType": null,
        "subscriptionManageUrl": null,
        "sign": "98409787db6bd9e8b840a4413e7219107875d3c20516f56988a2707d61a30de6"
    }
}

Webhook (notifyUrl)

{
    "notifyType": "TXN",
    "transactionId": "1919652333131005952", // Required as originTransactionId for capture
    "txnType": "AUTH", 
    "merchantNo": "800209",
    "merchantTxnId": "2ce8fca1-f380-4c60-85ef-68a3a0c76ece",
    "responseTime": "2025-05-06 15:16:00",
    "txnTime": "2025-05-06 15:15:56",
    "txnTimeZone": "+08:00",
    "orderAmount": "5.00",
    "orderCurrency": "USD",
    "status": "S", 
    "cardBinCountry": "US",
    "reason": "{\"respCode\":\"20000\",\"respMsg\":\"Success\"}",
    "sign": "ff999833f72c5a5875af7fa797020cfb83f9ca1f7408b2a4c85c039f835e6c62",
    "paymentMethod": "VISA", 
    "channelRequestId": "8002091919652333131005952"
}

3DS Authorization Request

Request

{
    "billingInformation": "{\"address\":\"132 Quarry Lane\",\"city\":\"South Cassidy\",\"country\":\"US\",\"email\":\"Wilfrid5@yahoo.com\",\"firstName\":\"Emmett\",\"identityNumber\":\"64179745575\",\"lastName\":\"Bahringer\",\"phone\":\"15715127985\",\"postalCode\":\"49777\",\"province\":\"CO\"}",
    "cardInfo": "{\"holderName\":\"CL BRW2\",\"cardNumber\":\"4000000000002701\",\"month\":\"05\",\"year\":\"26\",\"cvv\":\"123\"}", 
    "merchantCustId": "CustId-40NC-6FM8",
    "merchantNo": "800209",
    "merchantTxnId": "fd48f5b0-ec80-4eee-ba46-d134592b5843",
    "merchantTxnTime": "2025-05-09 16:32:57",
    "orderAmount": "552", // Higher amount typically triggers 3DS
    "orderCurrency": "USD",
    "productType": "CARD",
    "shippingInformation": "{\"address\":\"76190 Sylvester Plaza\",\"city\":\"Buena Park\",\"country\":\"US\",\"email\":\"Winona.Kuhic65@gmail.com\",\"firstName\":\"Willa\",\"identityNumber\":\"47362312369\",\"lastName\":\"Crist\",\"phone\":\"13461421862\",\"postalCode\":\"06018-8244\",\"province\":\"CO\"}",
    "sign": "49b66a8aafddcd2c74b9537f3591861d86e0149c78eb13f1767e5e8739dfaff8",
    "subProductType": "DIRECT",
    "txnOrderMsg": "{\"accept\":\"*/*\",\"appId\":\"1727880846378401792\",\"colorDepth\":\"32\",\"contentLength\":\"0\",\"javaEnabled\":false,\"language\":\"en-US\",\"products\":\"[{\\\"currency\\\":\\\"USD\\\",\\\"name\\\":\\\"kiwiberry\\\",\\\"num\\\":\\\"57\\\",\\\"price\\\":\\\"596.15\\\",\\\"type\\\":\\\"laborum\\\"},{\\\"currency\\\":\\\"USD\\\",\\\"name\\\":\\\"jarrahdale pumpkin\\\",\\\"num\\\":\\\"97\\\",\\\"price\\\":\\\"29.79\\\",\\\"type\\\":\\\"ad\\\"},{\\\"currency\\\":\\\"USD\\\",\\\"name\\\":\\\"loquat\\\",\\\"num\\\":\\\"6\\\",\\\"price\\\":\\\"765.49\\\",\\\"type\\\":\\\"sed et ex ut velit\\\"}]\",\"returnUrl\":\"https://docs.onerway.com/\",\"notifyUrl\":\"https://docs.onerway.com/apis\",\"screenHeight\":\"640\",\"screenWidth\":\"1536\",\"timeZoneOffset\":\"540\",\"transactionIp\":\"85.142.247.255\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36\"}",
    "txnType": "AUTH" // Set to AUTH for authorization transaction
}

Initial Response

{
    "respCode": "20000",
    "respMsg": "Success",
    "data": {
        "transactionId": "1920758913570308096", // Required as originTransactionId for capture
        "responseTime": "2025-05-09 16:33:12",
        "txnTime": "2025-05-09 16:33:05",
        "txnTimeZone": "+08:00",
        "orderAmount": "552.00",
        "orderCurrency": "USD",
        "txnAmount": null,
        "txnCurrency": null,
        "status": "R", // 3DS verification required
        "redirectUrl": "https://sandbox-gw-dmz.onerway.com/3dsSecure/direct/RDT_3DS_DDC_8002091920758927843270657", // 3DS verification URL
        "contractId": null,
        "tokenId": null,
        "eci": null,
        "periodValue": null,
        "codeForm": null,
        "presentContext": null,
        "actionType": "RedirectURL", // Indicates a redirect is required
        "subscriptionManageUrl": null,
        "sign": "05aa60e8afb48d1b6235f74c9578be46d765375b817e96a8d834465df75797f6"
    }
}

Webhook After 3DS Completion

{
    "notifyType": "TXN",
    "transactionId": "1920758913570308096", // Required as originTransactionId for capture
    "txnType": "AUTH", 
    "merchantNo": "800209",
    "merchantTxnId": "fd48f5b0-ec80-4eee-ba46-d134592b5843",
    "responseTime": "2025-05-09 16:33:27",
    "txnTime": "2025-05-09 16:33:07",
    "txnTimeZone": "+08:00",
    "orderAmount": "552.00",
    "orderCurrency": "USD",
    "status": "S", // Final status after 3DS verification
    "eci": "05", // ECI value indicates 3DS authentication result
    "cardBinCountry": "US",
    "reason": "{\"respCode\":\"20000\",\"respMsg\":\"Success\"}",
    "sign": "d1bfac7b2b64bbd56bff8acd4cac675973b1bccf20366eca95defd813d0ff447",
    "paymentMethod": "VISA",
    "channelRequestId": "8002091920758927843270657"
}

Implementation Best Practices

Direct Authorization Best Practices

1. Transaction Configuration:

   • Always set txnType: 'AUTH' for authorization transactions
   • For security purposes, ensure all sensitive card information is properly encrypted
   • Use a consistent format for merchantTxnId to facilitate tracking and reconciliation

2. Authorization Management:

   • Securely store the transactionId from successful authorization responses for subsequent capture
   • Capture authorized transactions within the validity period (typically 7 days)
   • Track authorization expiration dates to avoid expired authorizations

3. 3DS Handling:

   • Implement a proper 3DS redirect mechanism when receiving status: 'R' with actionType: 'RedirectURL'
   • Ensure your return URL page can properly handle both successful and failed 3DS verifications
   • Configure your systems to process both synchronous responses and asynchronous webhook notifications

4. Webhook Processing:

   • Implement webhook verification using the provided signature
   • Process webhooks asynchronously to avoid timeout issues
   • Implement idempotent webhook processing to handle potential duplicate notifications
   • Always respond with the transaction ID upon successful webhook processing to prevent retries

5. Capture Handling:

   • Implement proper logic to determine when to capture the authorization
   • Use the original transactionId in the capture request as originTransactionId
   • Note that only full capture is supported; the entire authorized amount must be captured
   • Implement appropriate error handling for capture failures

6. Security Considerations:

   • Maintain PCI DSS compliance as required for direct card processing
   • Never log or store sensitive authentication data like CVV codes
   • Implement proper encryption for transmission of card data
   • Use strong customer authentication (SCA) through 3DS where required

7. User Experience:

   • Clearly communicate to customers that funds will be authorized but not captured immediately
   • Provide clear status updates when the authorization and subsequent capture are completed
   • Implement proper error handling with user-friendly messages
   • Design the return URL page to provide clear information about the transaction status

8. Reconciliation:

   • Maintain proper records of authorization and capture transactions for reconciliation
   • Reconcile authorization and capture transactions on a regular basis
   • Implement monitoring for authorizations that remain uncaptured

PCI Compliance Considerations

1. Secure Card Data Handling:

   • Follow PCI DSS requirements for collection and transmission of card data
   • Implement proper data encryption for all sensitive information
   • Ensure that card security codes (CVV) are never stored after authorization
   • Conduct regular security assessments and penetration testing

2. Employee Training:

   • Provide regular security training for all personnel handling cardholder data
   • Implement and document access control policies
   • Enforce least privilege principle for systems handling payment data

3. Monitoring and Logging:

   • Implement comprehensive logging of all authorization and capture activities
   • Regularly monitor for suspicious transaction patterns
   • Conduct periodic audits of authorization and capture processes

By following these best practices, merchants can effectively implement direct authorization transactions while maintaining security and providing a positive customer experience.

Merchant Integration Checklist

Before going live with Direct Authorization integration, ensure you have:

• Valid PCI DSS certification
• Secure card data collection form
• Proper error handling mechanisms
• 3DS redirect handling implementation
• Webhook handling and verification
• Transaction status tracking system
• Capture process implementation
• Authorization expiration tracking
• Thorough testing in sandbox environment