0

Is it legal and possible to: 1. Get PKPaymentToken in iOS app 2. Send this token to server side 3. Decrypt this PKPaymentToken (ex. based on many available GitHub libraries) 4. I have now: 

{
    "applicationExpirationDate": "190131",
    "applicationPrimaryAccountNumber": "370295XXXXX5435",
    "currencyCode": "840",
    "deviceManufacturerIdentifier": "XXXXXXXXXX",
    "paymentData": {
        "emvData": "nycBgJ82AgDCnyYIG2vuQydGkMafEAcGhgEDoLABXzQBAJUFgAABAACCAhzAnwMGAAAAAAAAnxoCCECaAxQQBJwBAJ83BLnvab4="
    },
    "paymentDataType": "EMV",
    "transactionAmount": 100
}

5. Use this data to make transaction in such way:

Here I have doubt! To make transaction I can use only this EMV or 3DS cryptogram in paymentData -> emvData (or 3dsecure) Or I can use applicationPrimaryAccountNumber as casual Card Number (or maybe this is different from Card Number printed on physical plastic Card?)

Why I am asking? On the server, I have integration with another external system that handles transactions. And there is a library that takes credit card information (card number, expiry date, cardholder) to make the transaction.

Will I be able to use this decrypted data to pass raw card number, exp date, cardholder to this library to make transaction payment happen. Or this library must be able to handle this EMV, 3DSecure cryptograms only?

Thanks for the clarification.

Nilesh R Patel
  • 697
  • 7
  • 17
Michał Ziobro
  • 10,759
  • 11
  • 88
  • 143
  • By "I have integration with another external system that handles transactions", simply are you trying to intercept an ONUS transaction and thereby not sending to payment schemes to save interchange ? or by external system you meant payment schemes only ? – Adarsh Nanu Mar 15 '19 at 09:57
  • It is POS system that doesn't support Apple Pay PKPaymentToken, and as I can see doesn't support DPAN (digital card number) + cryptogram. It only supports Card Non Present transactions with card number, cvv2, expiry data. So I think that as DPAN is not PAN, I cannot use it with POS system. the only way I think will be to try 3rd party transactions by gateway like Stripe, and then only send 3rd party finalized transaction to POS if it is possible. So to handle PKPaymentToken it needs payment processor that handles DPAN + crypthogram EMV or 3DS as I think. It is called Network Tokenization, – Michał Ziobro Mar 15 '19 at 11:27

0 Answers0