Credit and Debit Cards
Credit and debit cards are the most common card payment method. For a list of card schemes supported on the Mastercard Gateway, see the possible values for the sourceOfFunds.provided.card.brand field in the API Reference.
To identify whether the card used to make a payment is a credit, debit, or charge card, send the RETRIEVE TRANSACTION request and check the funding method (sourceOfFunds.provided.card.fundingMethod) returned in the response. You can use the card type details to support your surcharging decisions.
Supported for
Integration methods | Transactions |
---|---|
All | All |
For limitations on the transactions you can use with specific integration methods, see Hosted Checkout, Hosted Session, Direct Payment, and Hosted Batch.
About the payment method
Credit cards offer a line of credit to cardholders, allowing them to make purchases and pay later with interest, while debit cards deduct funds directly from the cardholder's bank account.
Credit cards
Credit card transactions form the majority of payment transactions in the eCommerce space. The card details typically include payer name, card number, card expiry, and card security code.
During the payment process,
- Depending on the integration method, either the merchant web site or app collects the card details and sends them to the Mastercard Gateway, or the payer provides the details directly to the gateway through hosted fields or a hosted payment page.
- Based on the card number, the gateway identifies the card scheme and validates both the card number and the CSC (Card Security Code).
- If the validation succeeds, the payment proceeds to the acquiring bank.
For example, the gateway validates the CSC for the format. On Visa and Mastercard credit cards, the CSC is the three-digit value printed on the signature panel on the back.
For American Express, the number is the 4-digit value printed on the front above the credit card account number.
Debit cards
Debit card payments are handled similarly to credit cards. The debit card details typically include the payer name, card number, card expiry, and CSC.
Pay attention to the following card details:
- Maestro cards - With Maestro debit cards, all Internet transactions must at least attempt to perform a 3DS authentication before performing a financial transaction. The gateway processes the transaction if the authentication is attempted and an authentication response other than Authentication Failed is received. If no authentication is attempted, the gateway blocks the transaction.
If your merchant-acquirer link is configured for "Process Maestro Refunds as Payments" functionality, all REFUND transactions with the INTERNET transaction source and INR transaction currency are submitted to the acquirer as payment transactions.
- MADA cards - MADA is supported in Saudi Arabia as a co-branded card with Mastercard and Visa, as well as Mada-only single-branded cards. Payments processed with Mada co-branded cards return MADA_MASTERCARD or MADA_VISA in the localBrand field of transaction response, whereas payments processed with Mada-only single-branded cards return MADA_ONLY. All cardholder-initiated transactions using MADA cards require 3DS authentication.
- ITMX cards - ITMX is supported as a co-branded card with Mastercard and Visa in Thailand. Payments processed using ITMX debit cards return MASTERCARD_ITMX or VISA_ITMX in the localBrand field in the transaction response. All cardholder-initiated transactions using ITMX cards require 3DS authentication.
- EFTPOS cards - EFTPOS is supported as a co-branded card with Mastercard and VISA in Australia. Payments processed using EFTPOS debit cards return EFTPOS in the localBrand field in the transaction response.
Main supported features
When using credit and debit cards as a payment method, you can:
- Perform payments using a single-action pay or the two-step authorization and capture transactions.
- Make refunds, voids, and disbursements.
- Inquire and use various payment options (such as payment plans and dynamic currency conversion).
- Add supplementary data to your requests to make the payment more user-friendly for the payer or ease its processing in the payment system.
Required payment details
When using credit or debit cards, you need to provide the following payment details to the gateway. Depending on your used integration, the gateway gathers the details through a hosted payment page, from hosted fields within a session, or from a transaction request.
At least the following details are needed:
- Payment method (card)
- Card number
- Card expiry month and year
- CSC
In a transaction request, these details are provided as follows:
"sourceOfFunds": { "type": "CARD", "provided": { "card": { "number": "1000100010001000", "expiry": { "month": "10", "year": "26" }, "securityCode" : "123" } } }
Prerequisites
To use credit and debit cards as a payment method:
- Your acquirer must be capable of processing debit and credit payments.
- You must agree with your acquirer which card schemes you are allowed to accept.
- Your payment service provider must configure the merchant-acquirer link in your merchant profile accordingly.
Adding the method to your integration
No additional customizations are required to add credit and debit cards to your integration AFTER implementing your generic selected integration. For examples of credit or debit card transaction requests, download the Postman collection.
Testing the method
For details on testing your integration with credit and debit cards, see Test Cards and the testing instructions within each applicable integration method.