diff --git a/PaymentFlows/Card/MerchantHosted-CardPayment-Current.pml b/PaymentFlows/Card/MerchantHosted-CardPayment-Current.pml index c7dc9c7..7eadf36 100644 --- a/PaymentFlows/Card/MerchantHosted-CardPayment-Current.pml +++ b/PaymentFlows/Card/MerchantHosted-CardPayment-Current.pml @@ -11,7 +11,7 @@ note over Payee, Payer: HTTPS title Legacy Merchant Hosted Card Payment (Current) -== Establish Payment Obligation == +== Negotiation of Payment Terms & Selection of Payment Instrument == Payee->UA: Present Check-out page Payer<-[#green]>UA: Select Checkout with Card @@ -19,7 +19,7 @@ Payer<-[#green]>UA: Select Card Brand Payer<-[#green]>UA: Payer Fills Form (PAN, Expiry, [Issue Number | Start Date], [CVV], [Billing Address]) Note right: May be auto-filled from browser -== Card Payment Initiation == +== Payment Processing == Alt UA->Payee: payload @@ -44,7 +44,7 @@ MPSP-/Payee: Authorisation Result Payee->UA: Result Page -== Request for Settlement process (could be immediate, batch (e.g. daily) or after some days) == +== Payment Processing Continued: Request for Settlement process (could be immediate, batch (e.g. daily) or after some days) == Alt Payee -> MPSP : Capture @@ -55,7 +55,7 @@ End MPSP->CPSP: Capture -== Fulfilment == +== Delivery of Product == Payee->Payer: Provide products or services diff --git a/PaymentFlows/Card/MerchantHosted-CardPaymentwith3DS-Current.pml b/PaymentFlows/Card/MerchantHosted-CardPaymentwith3DS-Current.pml index 84ea16d..9e583b6 100644 --- a/PaymentFlows/Card/MerchantHosted-CardPaymentwith3DS-Current.pml +++ b/PaymentFlows/Card/MerchantHosted-CardPaymentwith3DS-Current.pml @@ -3,8 +3,8 @@ Participant "Payee (Merchant) PSP [Acquirer]" as MPSP Participant "Payee (Merchant) [Acceptor] Site " as Payee -Actor "Payer (Shopper) [Cardholder] Browser" as Payer -participant "Browser Form Filler" as UA +participant "Payer's (Shopper's) Browser" as UA +Actor "Payer [Cardholder]" as Payer participant "Card Scheme Directory" as CSD participant "Issuing Bank [Issuer] Website" as CPSPW participant "Issuing Bank [Issuer]" as CPSP @@ -17,21 +17,18 @@ title 3DS is used to add confidence that the payer is who they say they are and importantly in the event of a dispute liability shift to the Issuer. end title -== Establish Payment Obligation == +== Negotiation of Payment Terms & Selection of Payment Instrument == -Payee->Payer: Present Check-out page with Pay Button -Payer->Payer: Select Card Payment Method +Payee->UA: Present Check-out page +Payer<-[#green]>UA: Select Checkout with Card +Payer<-[#green]>UA: Select Card Brand +Payer<-[#green]>UA: Payer Fills Form (PAN, Expiry, [CVV], [Billing Address]) +Note right: May be auto-filled from browser -alt - UA->Payer: Form Fill - Note right: fields are PAN & Expiry Date with optional CVV, & Address, Also Card Valid Date and Issue Number are required for some Schemes -else - Payer->Payer: User Fills Form -End -== Card Payment Initiation == +== Payment Processing == -Payer->Payee: Payment Initiation +UA->Payee: Payment Initiation Note right: Custom code on merchant webpage can encrypt payload to reduce PCI burden from SAQ D to SAQ A-EP opt @@ -42,9 +39,9 @@ end Payee-\MPSP: Authorise -== 3DS part of flow == +== 3D Secure == -Note over MPSP, Payee: At this point, the Merchant or Merchant's PSP can decide if it wishes to invoke 3DS. This might be based on transaction value (i.e. low value -> low risk) or other factors, e.g. if the Shopper is a repeat purchaser. +Note over UA: At this point, the Merchant or Merchant's PSP can decide if it wishes to invoke 3DS. This is often based upon dynamic factors, e.g. if the card has been used before or if shipping address different from billing address MPSP –> CSD: BIN to URL lookup (VAReq message) CSD -> CSD: Lookup URL from BIN @@ -54,29 +51,30 @@ Note over MPSP, Payee: At this point, the Merchant or Merchant's PSP can decide CSD –> MPSP: URL MPSP-/Payee: 3DS redirect (PAReq message) - Payee->Payer: 3DS redirect (PAReq message) - Payer->CPSPW: 3DS invoke - CPSPW-\Payer: 3DS challenge - Payer-/CPSPW: 3DS response (PARes message) - CPSPW->Payer: 3DS response (PARes message) - Payer->Payee: 3DS response (PARes message) - Payee-\MPSP: 3DS response (PARes message) + Payee->UA: 3DS redirect (PAReq message) + UA->CPSPW: 3DS invoke + CPSPW-\UA: 3DS challenge + Payer<-[#green]>UA: Enter 3D Secure credentials + UA-/CPSPW: 3DS response (PARes message) + CPSPW->UA: 3DS response (PARes message) + UA->Payee: 3DS response (PARes message) + UA-\MPSP: 3DS response (PARes message) MPSP->MPSP: Verification of PARes signature -== End of 3DS == +== End of 3D Secure == MPSP-\CPSP: Authorisation Request CPSP-/MPSP: Authorisation Response -MPSP-/Payee: Authorisation Response +MPSP-/Payee: Authorisation Result == Notification == -Payee->Payer: Result Page +Payee->UA: Result Page -== Request for Settlement process (could be immediate, batch (e.g. daily) or after some days) == +== Payment Processing Continued: Request for Settlement process (could be immediate, batch (e.g. daily) or after some days) == Alt Payee -> MPSP : Capture @@ -87,7 +85,7 @@ End MPSP->CPSP: Capture -== Fulfilment == +== Delivery of Product == Payee->Payer: Provide products or services