Stripe

Tokenized Credit Card Support for Smart Payments

The Stripe payment processor is now integrated as part of Aria’s smart payments with this release for the Tokenized Credit Card payment method (pay method 13). The following transactions are supported with this integration: capture, payment, and create/query token.

The following card types are supported:

• American Express
• Diners Club International
• Discover
• Japan Credit Bureau (JCB)
• Mastercard
• UnionPay
• Visa

For tokens created in Aria, the token/agreement_id is stored in the format “payment_method_id:customer_id” in Aria. For tokens created outside of Aria, you should create both the payment method ID and customer ID and combine them (payment_method_id:customer_id) in the “bill_agreement_id” field. If either the ID is missing or the token is not in a valid format when attempting to process a payment, Aria will generate an error saying "Invalid token. The valid token format is payment_method_id:customer_id."

Additional Stripe Smart Payments Features

Aria introduces the new Smart Payments adapter for the Stripe payment gateway. The following features are included in Phase 1:

• Tokenization
• Authorization and Capture
• Refunds
• Cancel/Reverse Authorizations
• Fraud Scoring
• Soft Descriptor

This ticket includes the integration of the Authorization and Capture into the Stripe Payment Processor.

Supported Cards:

• American Express
• Discover
• Japan Credit Bureau (JCB)
• Mastercard
• Visa

Limitations:

Since Stripe allows only the token based integration, Aria uses the “payment_method_id” and “customer_id” for making initial/recurring payments; card information is not used for payments. For this reason, we have implemented Tokenized credit card support for Stripe integration. For the token created by Aria, we are creating and storing the token/agreement_id in a format of "payment_method_id:customer_id" in Aria.

Refunds are also supported for the listed card types. At this time, Stripe only supports tokenized credit card refunds.

Stripe supports cancelling/reversing transactions via the UI or APIs using the <auth_no> of the authorized transaction. This applies to any amount greater than 0.

Since Stripe fraud scoring returns both “review” and “failure” statuses, the following existing settings in the Stripe UI are utilized for fraud scoring (for the payment gateway and collection group levels):

• Send Fraud Scoring Request
• Change Status on Fraud Scoring Failure
• Status of Fraud Scoring Failure
• Change Status on Fraud Scoring Review
• Status on Fraud Scoring Review

Once the “Send Fraud Scoring Request” option is enabled, we will be returning the fraud score and result are returned in <proc_fraud_score> and <proc_fraud_score_result> output of the validate_acct_fraud_scoring(_m) APIs. The possible values in <proc_fraud_score_result> are:

• Authorized: Successful (normal or no fraud risk transaction)
• Manual_Review: Review (elevated risk transaction - increased chance of being fraudulent)
• Blocked: Failure (transaction getting blocked or failing due to high risk, fraudulent transaction)

Stripe Smart Payments also includes soft descriptor support, which can be used by merchants to provide more detailed transaction information. Soft descriptor support is provided at various levels within Aria. The priority is as follows:

• API
• Collection Group
• Payment Gateway

When a transaction occurs using a credit/debit card, the description is displayed under the statement_descriptor_suffix in the Payment Intent of the specific transaction. If the received soft descriptor value is more than 22 characters long, it is truncated to 22 characters before it is sent to the payment processor.

3DS Support

Stripe 3DS versions 1.0 and 2.0 support is now added for Stripe using Aria APIs and Direct Post. To use 3DS, the appropriate URL must be included in the Payer Authentication Settings field in the Payment Gateway and/or Collection Groups UI screens (Configuration > Payments > Payment Gateways/Collection Groups). Otherwise, the transaction will not complete, generating a validation error.

For the 3DS Termination URL, you must specify the Merchant website URL in the Payment Gateway/Collection Group UI Screens (which will be invoked when the shopper challenge is complete). For direct posts, the value should be 'https://secure.<environment>.ariasystems.net/api/auth_3ds2_notification_receiver.php,” where the environment will be different for QU, stage, and production.

Stripe 3DS is a three-step process as shown below:

Step 1: Execute the authorize_electronic_payment_m or update_payment_method_m API with credit card details, billing address details, and <attemt_3d_secure> as 'true' to perform client authentication, and then the API will return the <proc_payment_id> (as the outer level output field) and 'redirect_issuer_url' (value in the proc_3dsecure_data/proc_3dsecure_auth_data array) in the response.

Step 2: Use the 'redirect_issuer_url' directly in the browser and execute it. A challenge/redirect window pops up based on the 3DS 2.0 or 3DS 1.0 transaction details, and Aria submits the challenge/redirect form to end step 2.

Step 3: Execute authorize_3dsecure_m with the <proc_pymnt_id> value (from step 1), perform the authorization, and verify the API result to complete the 3ds authentication-based authorization.

Impacted APIs for this functionality include authorize_3dsecure_m, update_payment_method_m, and authorize_electronic_payment_m.

Additional Webhook Notifications

As part of Aria’s Smart Payments integration with the Stripe payment processor, the chargeback Stripe IPN (Instant Payment Notification) charge.dispute.closed event is now supported; for this notification, Aria will update the failure status on the payment and void the transaction records. Additionally, five new webhook notification event types have been added with this release to track payment status. They are:

Event	Description
charge.succeeded	The payment succeeded event
charge.refund.updated	Refund event
payment_intent.cancelled	Authorization Reversal success case
charge.failed	The payment failed event
charge.captured	Successful payment capture

Added Array for Micro Deposit Verification URL

Aria continues to enhance its Smart Payments integration with Stripe by adding the <proc_payment_response_field_list> array for all Aria regular and one-time collection APIs in order to return the micro deposit verification URL for ACH payments (at the <proc_payment_response_field_value> parameter of the array).

The array contains the following fields:

Field Value	Description
<proc_payment_response_field_list>	Payment response fields returned by the processor for further actions if any.
<proc_payment_response_field_name>	Field name of various response returned by the processor, example: micro_deposit_verify_url.
<proc_payment_response_field_value>	Field value for the corresponding payment response field, example: Actual URL to be used for the micro deposit verification.
</proc_payment_response_field_list>	End of array

This output array has been added to the following APIs:

• assign_acct_plan_m
• collect_from_account_m
• create_acct_billing_group_m
• create_acct_complete_m
• create_order_m
• create_order_with_plan_m
• edit_acct_plan_queued_changes_m
• gen_rb_m
• manage_pending_invoice_m
• modify_acct_plan_unit_instances_m
• replace_acct_plan_m
• settle_account_balance_m
• update_acct_billing_group_m
• update_acct_complete_m
• update_acct_plan_m
• update_acct_plan_multi_m
• update_acct_plan_unit_instance_m
• update_order_m

 

The following enhancements for Aria Smart Payments are included in this release:

Webhook Notifications

A new REST API handles the following Webhook notifications triggered by the Stripe payment notification service:

• charge.refunded.updated (for a successfully processed failed refund)
• charge.succeeded
• charge.captured
• charge.failed
• payment_intent.canceled

Account Updater

Aria also now supports the Stripe Account Updater for the following notification events (for credit cards requiring an update or reaching expiration):

https://payment-notification-service-idaho-dev-dev0.devfarm.ariasystems.net/api/v1/webhook/account-updater/stripe/client/<client_no>/group/< group_no>

Mandate UI/API Control

The Mandate Collection Method field has also been introduced in support ACH, SEPA and BACS Direct Debit payments. This can be configured at the Payment Gateway or Collection Group (Configuration > Payments > Payment Gateways/Collection Groups > Processing Options) levels (Collection Group takes precedence). This field specifies how you will authorize the mandate for direct debit collection. Select from the following:

• Online
• Offline

If the mandate is collected online, the following must be collected and passed in the collection API:

If offline, you must collect and maintain the authorization in your records.

Webhook Secret Payment Notification

Also, as part of Stripe’s Smart Payments notification support, a field has been added at the Payment Gateway and Collection Group levels in order to populate a separate webhook key (Configuration > Payments > Payment Gateways/Collection Groups > Merchant Account Details > Payment Events Webhook Key). This field accepts the same alphanumeric values as Account Updater Webhook Key field.

SEPA Direct Debit Payments

Stripe now supports SEPA Direct Debit payments, allowing your customers to make recurring payments by providing their SEPA bank account (IBAN) or token to make recurring payments with pay_method = 37 (for the create_acct_complete_m and update_payment_method_m APIs).

For outside tokens, you should set up both the payment method and customer for future usage off-session and combine them (payment_method_id:customer_id) in the field. If either the ID is missing or the token is not in the valid format, the following error is generated: “Invalid token. The valid token format is payment_method_id:customer_id.”

Additionally SEPA direct debit in Stripe requires a “mandate collection method” to be passed in the initial payment request with IBAN.

The mandate collection method supports two different inputs:

• Online
• Offline (Default)

If online is chosen, the client needs to pass IP Address and User Agent in the <proc_field_override> array.

• IP Address: The IP address from which the Mandate was accepted by the customer.
• User Agent: The user agent of the browser from which the Mandate was accepted by the customer.

These fields can be sent in the array for API overrides, as shown:

Chargeback Support: Aria will handle the chargeback using a Stripe event received from Stripe when a SEPA Payment is disputed.

Refund Support: Aria supports both partial and full refund functionality for SEPA Direct Debit payments.

Aria introduces Recurring Process Model (RPM) support for Stripe for the following card types (for pay_method 13 – Tokenized Credit Card):

• American Express
• Diners Club International
• Discover
• Japan Credit Bureau (JCB)
• Mastercard
• Union Pay
• VISA

Field mapping for the <rpm_ind> input parameter appears below (for the authorize_electronic_payment_m API):

<rpm_ind>	initial/subsequent	create_payment_intent* field	create_payment_intent* field	**CIT/MIT
		<setup_future_usage>	<off_session>
0,1,2,3	Initial transaction (successful collection count = 0)	off_session	N/A	Both CIT and MIT
2,3	Subsequent transactions (successful collection count > 0)	N/A	true	MIT

*-create_payment_intent is an API specific to Stripe.

**-Cardholder-Initiated Transactions/Merchant-Initiated Transactions

BACS Direct Debit

Stripe integration now also includes BACS Direct Debit support (for pay method = 37 – Tokenized Direct Debit). BACS is responsible for the clearing and settlement of U.K. automated payment methods.

For this, Aria accepts the webhooks below to get payment status as BACS is an asynchronous payment method:

• payment_intent.succeeded
• payment_intent.payment_failed

Mandate:Customer mandate is required. This can be done via offline/online mode. If the mandate is done online, you need to pass the end_user_ip_address and end_user_browser_agent details.

ACH Direct Debit

Additionally, Aria’s Stripe integration now includes ACH Direct Debit support (for pay method = 48 – Tokenized ACH).

For this, Aria accepts the webhooks below to get payment status:

• payment_intent.succeeded
• payment_intent.payment_failed

Mandate:Customer mandate is required. This can be done via offline/online mode. If the mandate is done online, you need to pass the end_user_ip_address and end_user_browser_agent details.

After an initial payment and Aria receives the micro_deposit_url upon successful microdeposit verification, the payment will be successful.

Refund Support: Aria is supporting both partial and full refund functionality for ACH Direct Debit payments and the “charge.refunded.updated” event is received from Stripe.

Chargeback Support: Aria will handle the chargeback using the Stripe event “charge.dispute.closed” which Aria receives from Stripe when an ACH Payment is disputed.

Learn more about Stripe's Smart Payments integration from here.

3DS Termination URL API Enhancement

For Stripe, the following enhancement has been added. For the authorize_electronic_payment_m API, the “pa_3ds_termination_url” value in the input parameter <proc_field_override> now overrides the 3DS Termination URL field value (Configuration > Payments > Payment Gateways\Collection Groups > Processing Options tab).