Purchase Protection Integration

Indemnity Purchase Protection Integration for Card Processing

Audience

Prime Trust clients integrating Indemnity as part of their card processing solution.

Overview

Indemnity offers purchase protection for integrators using the Prime Trust card widget through front-end JavaScript and the 3 Domain Secure (3DS) flow. 3DS purchase protection enables additional fraud prevention for merchants by presenting a validation check within the card purchase flow.

Purchase Protection is required for all cryptocurrency purchase integrations.

For Prime Trust card integrations, the 3DS validation can occur within two steps of the flow:

  • Card linking, when adding a card for payment
  • Purchase processing

During the card linking flow, the issuing bank of the card being linked can request a 3DS challenge/verification on the transaction. In that case, the script launches the 3DS popup to validate the card holder’s authority to add and use the card.

This integration guide provides instructions on how to integrate 3DS validation into your front-end application.

Pre-requisites

  • You have implemented and are using the Prime Trust card widget (see https://developers.primetrust.com/docs/credit-card-integration).
  • You have provided the Prime Trust Sales Engineering team with your Organization id's that you are using in the sandbox and production environments.
  • Prime Trust provided you with an id value for the production version of the Purchase Protection script.
  • Your crypto purchase flow is a “two-click” process; one to load the Prime Trust account, and a separate step to purchase the crypto. A one-click front end that executes two backend transactions will not be sufficient for indemnity.
    • The user first selects a linked card for use and clicks a button to confirm.
    • A second screen is then displayed for the user to complete the purchase after clicking a purchase button.
  • You embed the purchase protection JavaScript snippet into your front-end application.

Two week analysis period

Please note that purchase protection will not be available for up to two weeks after implementing the Purchase Protection flow, during which time the system will analyze patterns before activating purchase protection.

Using the Purchase Protection script

note

Your organization must first be enabled to use these scripts. Contact your sales engineer if you have not yet discussed this.

Sandbox script

<script type="text/javascript"
src="https://sandbox.bootstrapper.primetrust-cdn.com/purchaseProtection.js"
id="d5a2c18b661d" defer></script>

Production script

<script type="text/javascript"
src="https://bootstrapper.primetrust-cdn.com/purchaseProtection.js"
id="<ask-your-sales-engineer>" defer></script>

Place the script tag in your <head> or before your </body> tag. It's preferable to use the defer or async tag to make sure that it will not impact the loading of your code.

Contribution / purchase flow

High level steps

  1. Retrieve the Credit Card Resource ID linked to the CC Funds Transfer Method.
  2. Generate a new token using POST /v2/credit-card-resources/:id/token.
  3. Collect CVV and submit contribution: Use that token to launch the CC embeddable / widget, using the amount of the contribution as a parameter.

Retrieve the Credit Card Resource ID linked to the CC Funds Transfer Method

Request

GET /v2/funds-transfer-methods/:id?include=credit-card-resource

Response:

{
"data": {
"type": "funds-transfer-methods",
"id": "FUNDS_TRANSFER_METHOD_ID",
"attributes": {
...
},
"relationships": {
...
"credit-card-resource": {
"data": {
"type": "credit-card-resources",
"id": "CREDIT_CARD_RESOURCE_ID"
}
},
...
}
},
"included": [
{
"type": "credit-card-resources",
"id": "CREDIT_CARD_RESOURCE_ID",
"attributes": {
...
},
"links": {
}
}
]
}

Refresh the credit card resource token

Request

POST /v2/credit-card-resources/:id/token

Response:

{
"data": {
"type": "credit-card-resources",
"id": "CREDIT_CARD_RESOURCE_ID",
"attributes": {
"resource-token-hash": "TOKEN"
}
}
}

Collect CVV and submit contribution

Optional Parameters:

  • hideAmount: Amount shows by default. Set to true to hide the amount of the contribution above the CVV field

Launch the CC embeddable/widget

pt.launchCreditCard({
amount: amount,
target: document.getElementById("contribution"),
resourceTokenHash: <TOKEN>,
hideAmount: true, // this hides the contribution amount on the CVV form
events:{
onContribution: function (contributionId, fundsTransferMethodId){
//contribution was successful
console.log("[primetrust] Contribution created with ID:", contributionId);
console.log("[primetrust] Contribution using FTM ID:", fundsTransferMethodId);
},
onContributionError: function (error){
//contribution failed
console.log("[primetrust] Error:", error.name);
console.log("[primetrust] Error:", error.message);
}
}
});

Screenshot of the iFrame/embeddable that collects the CVV and submits the contribution: cvv

For sandbox testing, use the following test card numbers and secrets:

Card TypeCard NumberSecret
MasterCard5111330000000006123456
Visa4457000100000009secret

CSP Considerations

In case your website enforces a Content Security Policy (CSP) please do the following:

If the site CSP restricts inline JS tags (required by Prime Trust) - please ask your Account Manager for the hash you can use to whitelist the integration tag in the CSP script-src directive.

Last updated on