search

Save Card Vault

The Save Card Vault stores customer card data and allows repeat payment processing without collecting card number and expiry from the customers again on your app/website. The card data flows through encrypted channels and payment processing is managed with a token. This enables a quick and compliant checkout experience for your business where you don't have to store card data on your servers. Its benefits include reduced or no PCI compliance scope, and full payment provider flexibility.

Overview

  1. Use the Card Vault to save card data for each of your customers. 
  2. The Card Vault returns a Card ID( token) for each card and customer combination. 
  3. This Card ID is used to fetch encrypted Card Data from the Save Card Vault for future payments. 
  4. The Card ID can be stored locally in your server and is the key to perform fetch, update, or delete card data operations.

Pre-requisites

Before you begin the integration, make sure you follow the steps below:

  1. Create an account on Paytm as a merchant. Click how to create an account.

    Note: Save the MID and merchant key generated in the above step.
  2. Contact Paytm’s onboarding team or your KAM to place the Paytm Save Card Vault activation request.

  3. Upon onboarding, merchant keys for Card Vault will be shared to enable integration.

Integration Steps

This section explains the steps required to save a New Card during the payment and fetch an existing Saved Card from Paytm Save Card Vault on the merchant's app/website.

 

STEP 1: Save New Card

  1. User enters card details such as Card Number, Expiry, and CVV and then gives permission to save the card for future payments on the merchant's app/website.
  2. Your back-end passes card number and expiry for a Customer ID to Paytm using the Save Card API.
    Note: It is recommended that merchants should call Save Card API post successful authorization of card transactions to ensure that only valid card details are saved in the Card Vault.
  3. Paytm forwards the sensitive card data to the Card Vault in an encrypted format.
  4. Card Vault encrypts and stores sensitive card data and returns a unique Card ID as a token for future reference.
  5. Paytm only stores the mapping of the Card ID with your Customer ID.
  6. Paytm notifies you when the card is saved and returns the Card ID in response.
  7. This Card ID can be used for future card operations such as Fetch Card Details, Update Card, or Delete Card.
    Note: If you have opted for Paytm Checkout products for payment processing then the card details will be saved by Paytm without merchant intervention.

 

STEP 2: Fetch Saved Card

  1. User adds goods/services into the shopping cart on your app/website.
  2. Your backend server calls the Fetch Cards for User API. This API returns the mapped Card ID and corresponding masked card details (First 6, Last 4 card digits) for a given Customer ID.
  3. You can render the cards saved for a user and the corresponding card attributes such as Card Type, Card Scheme, Issuer Name, etc. on your APP/website.
  4. Customer selects a saved card, enters CVV, and then clicks the Pay button.
  5. Your backend fetches the card details (Card Number and Card Expiry) from the Card Vault using the Fetch Card API.
  6. You can now forward the fetched saved card details to your preferred Payment Gateway for payment processing. 
Note: If you have opted for Paytm Checkout products for payment processing then the card details will be fetched by Paytm without your intervention.

 

STEP 3: Delete Saved Card

  1. User deletes a saved card from his user's profile on your app/website.
  2. Your backed server calls our Delete Card API requesting to delete the user's card by providing the Card ID and Customer ID.
  3. Paytm deletes the card saved for your user and sends a successful response.

 

STEP 4: Update Saved Card

  1. User card expires post saving it in the Card Vault.
  2. Your backend server calls our Update Card API requesting an update of the user's card by providing the Card ID, Customer ID, and the new expiry collected from the user.
  3. Paytm updates the card saved for your user and sends a successful response.

 

STEP 5: Migrate Existing Cards

  1. Paytm extends bulk support to migrate card data stored with merchants locally to Paytm Saved Card Vault. 
  2. Your backend sends customer card data and customer ID along with a unique item ID for each card using the Save Card Bulk API.
  3. This unique item ID needs to be generated by merchants for each item within a card list and is required to match the item response list. The rest of the process remains the same as in Step 1.

Post Integration Steps

Post completion of integration on your staging environment, do a complete transaction from the order summary page on your website or mobile app.

  1. Save a test card for your customer using Save Card API and Test Paymodes Credentials.
  2. Attempt a test transaction using the Paytm test transaction utility available on staging.
  3. Ensure you re-verify transaction response with Transaction Status API via server to server call in payment flow and not separately as a one-time activity.
  4. See the transaction details in the "Test Data" mode on your dashboard.

 

Once the test transaction is complete, move your code to a live environment with production account details, which you would have received from Paytm.

 

Lastly, it's recommended that you read about Custom Checkout and Managing Refunds.

 

In case of any issues with integration, please get in touch.