• Integration Guidelines
• Payment Methods
• Secure Remote Commerce

Secure Remote Commerce

Secure Remote Commerce (SRC) is an intelligent, password-free online checkout option that provides a quick and easy checkout experience for payers. SRC provides a single checkout button (also referred to as 'Click to Pay') and a standardized checkout flow for all participating card schemes, including Mastercard, Visa, American Express, Discover and others. SRC is built off EMVCo's SRC specification and replaces Masterpass, Visa Checkout and Amex Express Checkout.

A payer can create an SRC profile using their email address. During checkout, the payer must then provide this email address and perform an additional verification step with a one time code. They can also choose the "Remember me" option to subsequently skip the verification when using the same browser.

The payer can store multiple credit, debit or prepaid cards, the associated billing addresses, and multiple shipping addresses in their SRC profile. Card details are securely stored, and additional security is provided by offering network tokenization.

SRC allows your payer to select the payment details to be used for the payment; however, the payment itself is processed using the acquirer configured for your merchant profile in the gateway.

SRC is supported on the gateway's payment page (Hosted Checkout), or through a JavaScript SDK if you are using your own payment page.

Key Benefits

SRC offers the following benefits:

• Fast, easy-to-use checkout option for your payers with reduced risk of checkout abandonment
• Higher authorization approval rates if you use network tokens
• Decreased payer fraud
• Secure exchange of payment data including card details, billing and shipping address details

Prerequisites

If you want to offer SRC as a checkout option to your payers:

• Contact tyro to ensure that SRC is available to you.
• From the Admin menu in Merchant Administration, click SRC Configuration and follow the instructions to onboard to SRC and activate SRC for your merchant profile. You must have the required privilege to update your SRC configuration.

SRC as a Checkout Option in Hosted Checkout

If you are using the gateway's payment page (Hosted Checkout), SRC will automatically be offered as a checkout option to your payers if you have activated SRC for your merchant profile, and are using Web Services Integration version 57 or higher when submitting the Create Checkout Session request to initiate the Hosted Checkout interaction.

While your payer's SRC profile itself can contain cards for any supported card schemes, for a given transaction your payer can only use SRC for those cards where:

• the card scheme has been activated for SRC on your merchant profile, and
• your merchant profile is configured to process cards with this scheme and the transaction currency.

Shipping Address: Payers will not be able to select a shipping address during the SRC interaction, as shipping address collection is not currently supported via Hosted Checkout.

Billing Address: A billing address will always be collected during the SRC interaction.

3-D Secure Authentication: If you are configured for 3-D Secure (3DS) Authentication, Hosted Checkout will automatically perform the 3DS authentication after the SRC interaction.

<html>
    <head>
      <script src="https://tyro.gateway.mastercard.com/static/srci/1.2.0/srci.min.js"
        data-error="errorCallback"
        data-cancel="cancelCallback"></script>
      <script type="text/javascript">
        function errorCallback(error) {
          console.log(JSON.stringify(error));
        }
        function cancelCallback() {
          console.log('Payment cancelled');
        }
   
        Checkout.configure({
          merchant: "<gateway_merchant_ID>",
          session: {
            id: "<session_ID>",
          },
          customer: {
            email: "<payer_email_address>"
          },
          order: {
            amount: "60",
            currency: "USD",
            description: "High level description of the goods contained in the order",
            id: "<your_unique_order_ID>",
          },
          interaction: {
            country: "USA",
            locale: "en_US",
            operation: "AUTHORIZE",
            merchant: {
              name: "<merchant_name>",
              url: "<website_URL>",
              address: {
                line1: "200 Sample St",
                line2: "1234 Example Town"
              }
            }
          }
        });
      </script>
    </head>
    <body>
      ...
      <input
        type="button"
        value="Pay with Lightbox"
        onclick="Checkout.showLightbox();"
      />
      <input
        type="button"
        value="Pay with Payment Page"
        onclick="Checkout.showPaymentPage();"
      />
      ...
    </body>
  </html>

SRC as a Checkout Option on your Payment Page

If you are using your own payment page and want to offer SRC as a checkout option to your payers, use the SRCI JavaScript SDK (srci.js) provided by the gateway.

This is a client-side JavaScript integration that allows you to initiate the SRC interaction directly from the payer's browser, and it ensures that the payment details selected by the payer during the SRC interaction are directly submitted from the payer's browser to the gateway.

To use the SRCI JavaScript SDK, follow the steps below.

Step 1: Create a Session

Create a session by submitting a Create Session request from your server-side application. The response returns a session ID that you must use in the subsequent steps to reference this session.

Step 2: Update the Session with the Order Amount and Currency

Update the session with the amount and currency for the order by submitting a Update Session request from your server-side application. This step is required to subsequently inquire about SRC being available for payments with this currency.

   
 {
   "order":{
      "amount":100.00,
      "currency":"USD"
   }
}

Step 3: Include the SRCI JavaScript SDK in your Payment Page

Include the SRCI JavaScript SDK (srci.js) provided by the gateway in your payment page by adding a script element within the head element. This places an SRCi object into the window namespace.

<script type="text/javascript" src="https://tyro.gateway.mastercard.com/static/srci/1.2.0/srci.min.js"></script>

Step 4: Configure the SRC Interaction

When loading your payment page, initiate the SRC interaction by invoking the SRCi.configure() method.

<html>
    <head>
        <script type="text/javascript" src="https://tyro.gateway.mastercard.com/static/srci/1.2.0/srci.min.js"></script>
        <script type="text/javascript">
          var callback = function (response) {
            if(response.result === "SUCCESS") {
              console.log("Response from SDK: %s", response.restApiResponse);
            } else if(response.result === "ERROR") {
              console.log("An error occurred");
            }
          } 
 
          SRCi.configure(
            "<your_gateway_merchant_ID>",
            "<your_merchant_name>",
            "<your_merchant_URL>",
            "<your_session_ID>", 
            { wsVersion: 57 },
            callback     
          );
        </script>
    </head>
    <body>
     ...
    </body>
</html>

Merchant Details

The merchantId is required so that the gateway can correctly determine your payment options.

The merchantName and merchantUrl fields are submitted to the SRC Server. These details may be displayed to the payer during the SRC interaction.

Provide your trading name, i.e., the name known to your payer and the URL of your website that the payer is using.

Version

Set this value to 57. This is the version you used when submitting the Create Session request.

Callback

Use the callback parameter to define the actions to be invoked after SRCi.configure() has completed. For example, you may want to log if the method was successful:

var srciConfigCallback = function (resp) {
	var response = resp.restApiResponse;
	if (response.result === "ERROR") {
		console.error("SRC could not successfully be configured");
	} else if (response.result === "SUCCESS") {
		console.log("SRC was successfully configured");
	}
}

  

The SRCi.configure() call might return the following error responses:

Where an error is returned, do not proceed to the next step. Offer the payer another payment method.

Advanced Configuration

The SDK retrieves details about your merchant profile configuration for SRC (including, for example, the list of all schemes for which SRC is available) using the Payment Options Inquiry operation. However, if you have already submitted a Payment Options Inquiry request earlier during the payer's session, you can pass these details in by adding the configuration element to the request.

In this case, the SDK does not perform the Payment Options Inquiry request again. The wsVersion parameter indicates the Web Services Integration version you have used to submit the Payment Options Inquiry request.

<html>
    <head>
        <script type="text/javascript" src="https://tyro.gateway.mastercard.com/static/srci/1.2.0/srci.min.js"></script>
            // Response from the Payment Options Inquiry call. This value to SRCi.configure() is optional. If it is not passed in, a call will be made from the SDK to the API to retrieve it.
          var paymentOptionsInquiryResponse = {
            merchant: "<gateway_merchant_ID>",
            paymentTypes: {
              card: {
                cardTypes: [{
                  cardType: "MASTERCARD",
                  schemeTokenTypes: "CRYPTOGRAM_3DSECURE"
                }, {
                  cardType: "VISA",
                  schemeTokenTypes: "CRYPTOGRAM_3DSECURE"
                }, {
                  cardType: "AMEX",
                  schemeTokenTypes: "DYNAMIC_CSC_AND_EXPIRY"
                }],
                walletProviders: [{
                  secureRemoteCommerce: {
                    defaultPayerCountry: "USA",
                    shippingAddressCountries : "USA,CAN"
                    scheme: [{
                      dpaId: "<DPA_ID>", // As configured for this scheme on your merchant profile.
                      name: "MASTERCARD"
                    }, {
                      dpaId: "<DPA_ID>", // As configured for this scheme on your merchant profile.
                      name: "VISA"
                    }, {
                      name: "AMERICAN_EXPRESS"
                    }]
                  },
                  walletProvider: "SECURE_REMOTE_COMMERCE"
                }]
              }
            },
            result: "SUCCESS"
          }
 
          SRCi.configure({
              "<gateway_merchant_ID>",
               "<merchant_name>",
               "<merchant_URL>",
               "<session_ID>",
               configuration: {
                 wsVersion: 57,
                 paymentOptions: paymentOptionsInquiryResponse
               }, 
               callback: function (response) {
                 if(response.result === "SUCCESS") {
                   console.log("Response from SDK: %s", response.restApiResponse);
                 } else if(response.result === "ERROR") {
                   console.log("An error occurred");
                 }
               }      
            });
        </script>
    </head>
    <body>
     ...
    </body>
</html>

Example SRCi.configure() Response

The following example shows a successful SRCi.configure() call.

{
    result: "SUCCESS"
    restApiResponse: <Payments Options Inquiry response>
   }  

The response contains the Payments Options Inquiry response in the restApiResponse field, which is informational only. However, you may want to use this information later during the payer's session rather than using the PAYMENT_OPTIONS_INQUIRY request to retrieve it.

The following example shows an unsuccessful SRCi.configure() call.

{
    result: "ERROR"
    cause: <cause>
    explanation: <explanation>
   }  

In this case, request the payer to select another checkout option.

Step 5: Display SRC as a Checkout Option

If SRCi.configure() was successful, display SRC as a checkout option on your payment page. For the branding requirements, see SRC User Interface Guidelines.

Use the SRC configuration details returned in the Payment Options Inquiry response to determine what scheme logos to display within the button. For each supported scheme, the Payment Options Inquiry response contains the name of the scheme in the paymentTypes.card.walletProviders[n].secureRemoteCommerce.scheme[n].name field.

Step 6: Launch the SRC UI

When the payer selects SRC as a checkout option, launch the SRC UI by invoking the SRCi.launchUI() method.

var payloadCallback = function (correlationId, scheme) {
      console.log("Payload callback complete with correlation id %s and scheme %s", correlationId, scheme);
    };
     
    var errorCallback = function (error) {
      console.log("Error callback triggered with error: %s", error);
    };
     
    var cancelCallback = function () {
      console.log("Cancel callback triggered");
    };
     
    SRCi.launchUI({
        orderAmount: "100.00",
        orderCurrency: "USD"
      },
      payloadCallback,
      errorCallback,
      cancelCallback
    );

In addition to the mandatory fields, you can also provide a number of optional fields:

SRCi.launchUI(
   {
      "orderAmount":"60"
	  "orderCurrency":"USD",
      "customerEmail":"<payer_email_address>",
      "collectShippingAddress":true,
      "interactionCountry":"CAN"
      "interactionLocale":"fr"
   }
);    

Payer Email Address Collection

The payer's email address will always be collected during the SRC interaction. If you already know the payer's email address, add the customerEmail field to the SRCi.launchUI() method to allow the payer to bypass entering their email address during the SRC interaction.

Billing Address Collection

A billing address will always be collected during the SRC interaction.

Shipping Address Collection

By default, SRC will not collect the payer's shipping address. If you want SRC to collect the payer's shipping address, add collectShippingAddress:true to the SRCi.launchUI() method.

By default, the payer can select any shipping address country. To restrict the list of country that you ship goods to, you must configure your merchant profile for SRC via Merchant Administration with either a list of allowed countries or a list of excepted countries. Where you have defined any restrictions, the payer will only be able to select an allowed shipping address country.

You cannot override the supported shipping address countries for a specific request.

Interaction Country

The interaction country determines country-specific content presented to the payer during the SRC interaction such as Terms and Conditions. The value you have configured against your merchant profile in the gateway is used by default. Add the interactionCountry field to the SRCi.launchUI() method, if you want to override this value for this interaction.

Interaction Locale

The interaction locale determines the language used during the SRC interaction. By default, the language configured in the payer's browser is used. If the payer's language cannot be determined or is not supported, en_US is used. Add the interactionLocale field to the SRCi.launchUI() method, if you want to override this value. Currently, the supported languages are English (UK) (en_UK), Spanish (Spain) (es_ES), French (Canada) (fr_CA), Portuguese (Brazil) (pt_BR), and Chinese (Hong Kong) (zh_HK).

Callback

You must define the actions to be invoked after SRCi.launchUI() has completed as follows:

Step 7: Update Session with SRC Payment Details

After your payer has successfully completed the SRC interaction, you must request the gateway to retrieve the payment details for the SRC interaction and store them in the session.

Submit an Update Session From Wallet request with:

• the session ID in the request URL, and
• the correlationId and scheme as returned in the payloadCallback

{
   "apiOperation":"UPDATE_SESSION_FROM_WALLET",
   "order":{
      "walletProvider":"SECURE_REMOTE_COMMERCE"
   },
   "wallet":{
      "secureRemoteCommerce":{
         "srcCorrelationId":"<correlationId_provided_in_payloadCallback>",
         "scheme":"<scheme_provided_in_payloadCallback>"
      }
   }
}    

If the session has successfully been updated with the payment details from the SRC interaction, you can proceed. If the session has not been successfully updated, ask your payer to select another checkout option.

Step 8: Perform 3-D Secure Authentication (Optional)

If you want to authenticate the payer, perform 3-D Secure Authentication using the session. See Implementing a 3DS Integration using the 3DS JavaScript API for details.

Step 9: Perform Payment Operation

If the session has successfully been updated with the payment details from the SRC interaction (and the 3-D Secure Authentication, if performed in step 8), use the session to submit the payment for processing from your server-side application. For example, you can submit an Authorize request. The payment details stored in the session from the SRC interaction are used to process the payment. You can use the session for a number of API operations; see Use a Session for more information.

          
{
   "session":{
      "id":"<session_ID>"
   }   "..."
}

<html>
    <head>
        <script type="text/javascript" src="https://tyro.gateway.mastercard.com/static/srci/1.2.0/srci.min.js"></script>
         
        <script type="text/javascript">
            var configured = false;
 
            //SRCi global object is initialized by srci script
            SRCi.configure(
                "<gateway_merchant_ID>",
                "<merchant_name>",
                "<merchant_URL>",
                "<session_ID>", 
                { wsVersion: 57 },
              function (response) {
                if(response.result === "SUCCESS") {
                  configured = true;
                  console.log("Response from SDK: %s", response.restApiResponse);
                } else if(response.result === "ERROR") {
                  console.log("An error occurred");
                }
              }      
            );
 
            var payloadCallback = function (correlationId, scheme) {
              console.log("Payload callback complete with correlation id %s and scheme %s", correlationId, scheme);
              enablePayButton();
            };
  
            var errorCallback = function (error) {
              console.log("Error callback triggered with error %s",  error);
              enablePayButton();
            };
  
            var cancelCallback = function () {
              console.log("Cancel callback triggered");
              enablePayButton();
            };
  
            function enablePayButton() {
              document.getElementById("payButton").disabled = false;
            }
 
            function disablePayButton() {
              document.getElementById("payButton").disabled = true;
            }
 
            function pay() {
              if (configured) {
                // ensure only one payment window is launched
                disablePayButton();
 
                SRCi.launchUI({
                    orderAmount: "100.00",
                    orderCurrency: "USD"
                  },
                  payloadCallback,
                  errorCallback,
                  cancelCallback
                );
              } else {
                console.error("SRCi is not configured");
              }
            }
            </script>
    </head>
    <body>
        <button id="payButton" type="button" onclick="pay();">Pay</button>
    </body>
</html>    

SRC Payment Details

This section describes the payment details returned for SRC interactions.

Type of Payment Details Returned for SRC Interactions

SRC supports returning different types of payment details for processing. The payment details returned by the SRC system depend on the type requested by the gateway, your configuration in the SRC system, and the card scheme. SRC typically returns a network token, token expiry, and full cryptogram (where supported by the card scheme).

However, where the gateway is unable to send a network token with full cryptogram to your acquirer, SRC must instead provide a network token, token expiry and dynamic Card Security Code (CSC). The gateway will automatically ensure that the correct type of payment detail is requested.

If a card does not support network tokenization (for example, where the the issuer is not participating), SRC returns the card details (card number and card expiry) instead of network token details (network token, token expiry and cryptogram or dynamic CSC).

If you are a U.S. merchant and have indicated that you want to make use of your rights under the Durbin amendment, SRC provides the card details (card number and card expiry) for debit cards.

SRC Payment Details in API Transaction Response

The payment details selected by the payer during the SRC interaction are stored in the session and returned in the transaction response for API requests performed using the session. When SRC provides the network token details, both the network token details and the (masked) card details are provided.

Depending on the type of payment details returned by the SRC system, you receive the following details in the API response.

Payer Details

The payer's name and phone number are provided in the transaction response in the customer parameter group.

The payer's email address is provided in the transaction response in the customer.email field, if you have set consumerEmailAddressRequested to true.

Billing Address Details

The billing address details associated with the card are provided in the transaction response in the billing.address parameter group.

Shipping Address Details

If you have set collectShippingAddress to true, the shipping address details are provided in the transaction response in the shipping.address parameter group.

Merchant-Initiated Transactions

You must not offer SRC as a checkout option to your payers if you want to subsequently use those payment details to initiate payments in a series, such as recurring or installment payments. This will be supported in a future release.

Testing your Integration

When you have completed your integration with the gateway for SRC, you can test it by using your test merchant profile (your merchant ID prefixed with TEST). When using the test merchant profile the gateway provides a simulator for the SRC interaction. The SRC simulator uses a set of pre-defined payment details that cannot be modified. Based on the pre-defined payment details, you can trigger and test different scenarios, as described below.

The second column in the tables below indicates the last 4 digits of FPAN selected by the payer during the SRC interaction. To trigger a scenario, select the corresponding FPAN on the simulator during the payer's SRC interaction.

Testing SRC with 3-D Secure Authentication

If your merchant profile is enabled for EMV 3-D Secure Authentication (3DS2) you can use the SRC test details shown in the table below to trigger either a frictionless flow or a challenge flow.