Uniqueness of registered payment methods

By default, the gateway authorizes the buyer to register their payment method several times on the merchant website.

However, if the merchant wants to, they can enable an option via their Expert Back Office that will allow them to detect when a token is created, if the payment method has been previously registered.

IMPORTANT
It is not recommended to enable the uniqueness check of the registered payment method if you do not control its impact on your implementation.

Operating principle

Once the option is activated, the gateway verifies the validity of the payment method with the issuer each time a token is created, and then proceeds to verify the uniqueness of the payment method.

If the payment method has never been registered, then a new token associated with this payment method is created and its identifier is returned to the merchant website upon the end of payment notification.

If the payment method has already been registered (same number and expiration date), then an existing token is used and its identifier is returned to the merchant website upon the end of payment notification.

The returned buyer’s data is the same as the data transmitted by the merchant, and not the same as the details of the previously registered token.

The field vads_identifier_status is set to CREATED, even if in this case no token is created.

The notification then contains an additional field set to true:
  • vads_identifier_previously_registered for the notification in the Hosted Payment Form format.
  • paymentMethodTokenPreviouslyRegistered for the notification in the REST API format.

Notes

  • There is no detection of payment method uniqueness during the token update.
  • If the payment method is already associated with several tokens, the end of payment notification contains the identifier of the most recent token.
  • The creation of a token via Expert Back Office is refused if the payment method is already associated with another token.
  • The vads_identifier_previously_registered field is not returned upon return to shop.
  • The vads_identifier_previously_registered field is never returned in the end of payment notification if no duplicate payment methods are detected. Therefore, the false value is never sent to the merchant website.

What should I do if a duplicate payment method is detected?

It depends on your business requirements.

  • You can decide to do nothing and provide the service or deliver the goods to the buyer.
  • You can check whether the customer code associated with the existing token matches the buyer’s customer code. If this is not the case, you can search if a family tie between the two customers explains why the same payment method is used by two different customers.
  • You can check if the person requesting the registration of the payment method is the same person who has already registered this payment method (e.g. by checking their contact details, e-mail address, country etc.).
  • If all the controls put in place fail, that means that you might be a victim of fraud and can then decide to cancel the payment.

Activation of the payment method uniqueness detection

  1. Via the Expert Back Office, go to Settings > Company, then click on the Subscription and alias parameters tab.
  2. In the Alias parameter section, check the Check alias uniqueness box.
  3. Click the Save button to save the changes.