Device Payments Integration

Device Payments

Device payments refer to transactions authenticated using a device (e.g., smartphone, tablet). Typically, device payments are secure purchases made using a credit/debit card associated with the device.

A credit/debit card added to the payer's device is tokenized and assigned a device-specific identifier called a DPAN (Device PAN). The DPAN is converted into the corresponding FPAN (Funding PAN) by the payment processor.

FPAN is the Primary Account Number (PAN) of the payer's card. This is the actual card number that is registered against the DPAN and is used to process the transaction. An FPAN may be associated with multiple DPANs.

The Mastercard Payment Gateway supports device payments using:

Apple Pay (API >=v40)
Google Pay (API >=v47)
Samsung Pay (API >=v44)

Contact your payment service provider to check if device payments functionality is supported for your acquirer.

The Mastercard Payment Gateway does not support merchant-initiated transactions where the corresponding cardholder-initiated transaction was processed using a device payment token. The Mastercard Payment Gateway does not presently support 3DS Transaction Filtering for device payments.

Device Payments Flow

The payment flow for a device payment is as shown below.

Device Payments Flow

A payer indicates to pay using a device and verifies the payment, for example, may enter PIN, use Touch ID, etc.
Get the encrypted payment token. This encrypted payment token contains all the data elements required to process the payment including:
- transaction details (currency, amount)
- payment method details (DPAN, expiry date, cardholder name)
- the cryptogram that you used to authenticate the payer
Send the encrypted payment token to the gateway. The gateway will decrypt the payment token and process the payment for you.

Support for payment token decryption by the gateway is currently only available for Apple Pay and Google Pay.

Alternatively, you could decrypt the payment token on your server. In this case, you will need to take responsibility for storing the encryption credentials, executing the decryption, and sending the decrypted payment details in a transaction request to the gateway.
Depending on the acquirer, the payment gateway sends the transaction to the acquirer/processor or to the issuer via the scheme network for authorization.
The issuer validates the cryptogram and authorizes/declines the payment and sends a transaction response to the gateway.
The gateway sends the authorization response to you.
You present the order confirmation to the payer.

Subsequent Payments

On the Authorize/Pay transactions for subsequent merchant-initiated payments, you must provide the cryptogram format and it must be the same as the initial payment.

If a cryptogram is available, always provide it in the transaction request for subsequent payments. The gateway will pass the data as required to the acquirer. If the acquirer requires a cryptogram and if it's not present, then the transaction will fail.

Partial Shipments

Contact your payment service provider if you need to split shipments and provide multiple Authorize/Pay transactions across an order.

Visa mandates that you provide the cryptogram on each Authorize/Pay request for partial shipments.

Transaction Response

If the DPAN to FPAN mapping is successful, the RETRIEVE_TRANSACTION response for a device payment will return:

0.4 masked FPAN, where available from the acquirer, in sourceOfFunds.provided.card.number field.
FPAN expiry, where available from the acquirer, in sourceOfFunds.provided.card.expiry field.
6.4 masked DPAN in sourceOfFunds.provided.card.deviceSpecificNumber field.
DPAN expiry in sourceOfFunds.provided.card.deviceSpecificExpiry field.

If you request for an unmasked PAN to be returned in the transaction response, the gateway will return an unmasked DPAN and FPAN (depending on the acquirer support).

The gateway does not support tokenized DPANs in the transaction request.