Collecting Payment Card Information

There is a variety of methods to submit payment card information to Finix, all with different benefits and levels of risk.

For the lowest amount of risk, the Finix Payments iFrame provides hosted fields for collecting the payment card number and CVV (Card Verification Value) code; the two in-scope PCI data fields when collecting payment card information. While an invalid card number will prevent the iFrame from returning a payment method token, an invalid CVV will not. The CVV iFrame field may be hidden if you do not require the CVV to process payments through your gateway.

The iFrame approach provides the least amount of PCI scope for the collection of payment card information. To support tokenizing payment cards using a mobile device, the Finix iFrame tokenization form can be enabled in an iOS app via `UI Web-View`. However, if you would like to make a cleaner payment card information collection UI using iOS Swift, this approach will keep you outside of PCI scope so long as payment card information is not persistent in application memory. Secondly, Finix will require the client’s iOS app to undergo a mobile-application pen test before the app can connect to Finix’s tokenization endpoint.

There may be situations where you need to submit customers’ payment card information to Finix Payments using a more direct method or from a non-web source. If you are willing to take on greater PCI scope, you may consider the following various methods to submit payment card information to Finix Payments.