Card payments

Learn about card payments as payment method in the context of Accounting as a Service.

Card payments refer to the traditional payment system issued by financial institutions, such as a bank. The payment method is based on a physical card. The card enables the owner (i.e. the cardholder) to access the funds in the cardholder's designated (bank) account, to make payments by electronic funds transfer.

When working with Accounting as a Service, the following card payment methods are supported:

Debit Card

Instead of using cash when making purchases, a debit card (also known as bank card or check card) can be used. This type of payment card is similar to a credit card, but unlike a credit card, the money is directly debited from the cardholders bank account when performing a transaction. Some cards may store a value that is used to make a payment, while most cards forward a message to the cardholder's bank to withdraw money from a specific payer bank account. Sometimes the primary account number is assigned exclusively for use on the Internet and there is no physical card. In many countries, the use of debit cards is widespread enough that their volume has overtaken or completely replaced checks and, to some extent, cash transactions. Unlike credit cards and charge cards, the development of debit cards has generally been country-specific, resulting in several different systems around the world, often incompatible with each other.

Credit Card

A credit card is a payment card issued to a cardholder to enable them to pay a merchant for goods and services based on the commitment of the cardholder to the card issuer to pay the amounts paid plus other agreed fees. The card issuer (usually a bank) establishes a revolving account and grants the cardholder a line of credit from which the cardholder can borrow money to make payments to a merchant or for cash advances.

Prepaid Credit Card

In this context, a prepaid credit card can also be used. The prepaid credit card, unlike the normal credit card, cannot be used if there is not enough money on it (the reference account). These cards can be used for payments only if the cardholder has sufficient money on their card. In that case, the cardholder can perform the same actions as with a normal credit card, until funds are depleted.

3D Secure

Accounting as a Service provides a full-fledged 3D Secure solution which is seamlessly integrated and part of the pre-built UI solution. Therefore, for using 3D Secure, you have nothing to do in addition to the pre-built UI integration. This section explains the background of 3D secure.

3D Secure Definition:

The term 3DS stands for 3 Domain Server. The technology is named this way because every 3D Secure transaction involves three parties: • The acquirer domain – the merchant’s bank accepting card payments • The issuer domain – the organization that issues the card being used in the online transaction • The interoperability domain – payment systems that act as connectors between an acquirer domain and the issuer domain (card scheme)

3D Secure in a nutshell

A high-level overview of the 3D Secure. 3D Secure ...

  • ... is a payment standard that has been introduced by VISA in 2001 to enable secure authentication and processing of online card payments. In the meantime, it has also been adapted by other card brands.
  • ... is a protocol designed to provide an additional layer of security for online credit and debit card transactions.
  • ... protects merchants from fraudulent losses by enabling liability shifting after successful cardholder authentication
  • ... affects 3 domains: the merchant (i.e. acquirer), the cardholder (i.e. issuer), and the card scheme.

Since the introduction of 3D Secure 1 nearly two decades ago, e-commerce has changed dramatically. Mobile and in-app payments are booming, a seamless shopping experience is more important than ever, and security requirements are increasing. For this reason, EMVCo, the global technical body that facilitates worldwide interoperability and acceptance of secure payment transactions, has developed a new standard authentication method for payment card transactions, 3D Secure 2 (3DS2).

This protocol meets the requirements of the second EU Payment Services Directive (PSD 2) for strong Customer Authentication (SCA) for online payments in the European Economic Area (EEA). The 3D Secure 2 workflow remains identical to the 3D Secure 1 workflow. However, 3DS2 introduces the opportunity for frictionless authentication. Thus, 3DS2 transactions can follow either a frictionless or a challenge flow. Based on the data, the issuing bank decides which flow is triggered:

  • Frictionless flow: The customer is authenticated passively. No further interaction is required.
  • Challenge flow: An authentication challenge is triggered. The customer is prompted to provide further information.

If the issuer does not support 3D Secure 2, an automatic fallback to 3D Secure 1 is initiated.

PSD 2 in a nutshell

A high-level overview of the PSD 2. PSD2 ...

  • ... is a new Regulation: EU’s Second Payment Services Directive (PSD 2) for online payments within the European Economic Area (EEA).
  • ... requires strong customer authentication (SCA).
  • ... is a measure to combat fraud in card-not-present transactions.
  • ... affects issuers, acquirers, and merchants in the EEA.

PSD 2 comes along with the following main changes:

  • It requires banks to open bank data to 3rd parties. 2 new types of 3rd party providers (TPPs) were introduced, Payment Initiation Service Providers (PISP) and Account Information Service Providers (AISP).
  • It introduces an increased security requirement on electronic payments using Strong Customer Authentication (SCA).

PSD 2 comes along with the following main goals:

  • To increase the general security of the payment landscape within the EU (on both sides of the payment process: the merchant and the customer).
  • To make the payments market more efficient and integrated.

SCA is a security measure relying on two-factor authentication (2FA) to verify the identity of the consumer during a payment transaction. SCA can combine two of the following 3 factors, which must be strictly independent of each other:

  • Knowledge: This factor relies on the consumer's unique knowledge of a password or a PIN. Knowledge must not be easily accessible by unauthorized parties. The European Banking Authority (EBA) has determined that credit card number, CVV and expiry date are not valid knowledge, as these are printed on the credit card.
  • Possession: This factor relies on the consumer's possession to verify a payment. For example, hardware, such as smartphones and tablets registered to the consumer, can be used as a second verification instance.
  • Inherence: This factor uses biometrics to verify the consumer's identity, for example, a fingerprint or a facial scan.

SCA needs to be applied where the payer ...

  • ... accesses its payment account online.
  • ... initiates an electronic payment transaction.
  • ... carries out any action through a remote channel which may imply a risk of payment fraud or other forms of abuses.

The 2FA shall result in the generation of an Authentication Code (AC). The Authentication Code shall be only accepted once by the PSP when the payer uses the AC to access its payment account online, to initiate an electronic payment transaction or to carry out any action through a remote channel which may imply a risk of payment fraud.

Why adopt 3D Secure 2?

First, as with 3D Secure 1, 3D Secure 2 also protects the merchant from liability in cases of fraud. 3D Secure 2 is the premier authentication method for online card payments, thanks to a series of updates that improve not only the security but also the usability of 3D Secure 1 (3DS1).

  • No more static passwords: The days of people digging through their drawers for their 3D Secure password are over. Customers no longer must search for their passwords and are more likely to complete their purchases.
  • Two-factor Authentication: 3DS2 implements two-factor authentication. To make the experience more convenient for customers, authentication can be completed with a token and a simple thumbprint, for example.
  • Fewer False Declines: The new protocol provides issuers with ten times more information, which helps to drastically reduce the number of false rejections. Customers will retain their trust in 3DS2-secured transactions.
  • Mobile-Enabled Security: Customers will no longer be redirected to potentially non-mobile-ready authorization pages.
  • Less Card Abandonment: Overall increased convenience, a faster checkout process, and a seamless shopping experience will reduce abandoned purchases by 70%.
  • Merchant Opt-Out: If you decide to use 3DS2 as a merchant, you again have the freedom to choose which transactions to send via the protocol and which not. However, please keep in mind that issuers may have to reject the transaction because SCA is required on their side.
Supported Card Brands

3D Secure 2 has been developed, and is supported, by Mastercard, VISA, American Express, UPI, Diners Club, Discover, and JCB.

See also