There is a variety of methods to submit payment card information to Finix, all with different benefits and levels of risk.
For the lowest amount of risk, the Finix Payments iFrame provides hosted fields for collecting the payment card number and CVV (Card Verification Value) code; the two in-scope PCI data fields when collecting payment card information. While an invalid card number will prevent the iFrame from returning a payment method token, an invalid CVV will not. The CVV iFrame field may be hidden if you do not require the CVV to process payments through your gateway.
The iFrame approach provides the least amount of PCI scope for the collection of payment card information. To support tokenizing payment cards using a mobile device, the Finix iFrame tokenization form can be enabled in an iOS app via `UI Web-View`. However, if you would like to make a cleaner payment card information collection UI using iOS Swift, this approach will keep you outside of PCI scope so long as payment card information is not persistent in application memory. Secondly, Finix will require the client’s iOS app to undergo a mobile-application pen test before the app can connect to Finix’s tokenization endpoint.
There may be situations where you need to submit customers’ payment card information to Finix Payments using a more direct method or from a non-web source. If you are willing to take on greater PCI scope, you may consider the following various methods to submit payment card information to Finix Payments.
If you want to... |
Then please use... |
Which... |
While incurring... |
Have your customer enter his or her payment card information directly into an HTML web form |
the Finix Payments embedded iFrame form |
lets you create a custom UX |
the least amount of PCI scope |
Have your customer submit payment card information from the browser using Javascript |
the Javascript API to collect and submit the request to Finix Payments |
lets you asynchronously submit payment card information directly to Finix Payments. |
an increased amount of PCI scope |
Have your customer submit payment card information from a non-browser environment |
the direct API |
lets you use the programming language of your choice, or submit payment cards you already have on file |
the greatest amount of PCI scope |
Comments
0 comments
Article is closed for comments.