Accept payments for all the popular payment & card brands via our smart checkouts you can embed and configure for your user journey designs.Visa, Mastercard, Amex, Diners, and all local cards; credit & debit cards, ACH or EFT payments, mobile money, wallet, and bank account payments are all available via our APIs.
Customers are able to store their favorite payment methods through business-branded wallets within the Coral Payserver system. These wallets can be accessed to manage, create, delete, and consume stored payment tokens during checkouts or at will.
Businesses are able to brand the entire wallet flow to ensure customers are at ease when paying for goods.:
Within the platform there are multiple stored checkout templates that represent different stages of a user journey for customers. This includes the confirmation of the shopping cart content and charges, known as the checkout preview, the rendering of specific payment checkout forms dependent on the payment type selected by the customer, the ability to store that payment type or create a whole new wallet for different payment types, and a business-branded web front for all the checkout templates that have been designed to ensure the customer feels comfortable to make a payment, which greatly reduces churn at checkout for the business.
The Payserver API has the ability to integrate quite tightly with a business app to enable customers to pay via mobile apps. The API enables messages to be sent to CoralCommerce’s Payserver interface and responses received that can pass customer IDs and wallet IDs between them to enable SSO enabled merchants to give direct wallet access to verified customers for fast checkout modes during purchases. Customers can checkout with only their security code and bank verification check needed, or even only the latter for known customers where the banks have approved the flow.
CoralCommerce uses a bank verification flow called 3DSecure V2.x, a cardholder verification and authentication check that is SCA ready, allowing businesses a feature whereby they can check the customer's card details prior to a payment request, and if a successful authentication occurs, will see the payment liability shift to the customer's bank, the issuing bank as it is called. Consumers experience this authentication flow by receiving either a bank-originated SMS or email with an OTP they are required to type into a bank hosted authentication page (for 3DSecure V1.x authentications), or a bank-initiated in-app message to use their bank app to authenticate the payment request (for 3DSecure V2.x authentications).
Whilst customer information is required during a payment flow, regardless the API type used, CoralCommerce must adhere to the Payment Card Industry's (PCI) Data Security Standard (DSS), and we are audited every year to ensure we remain compliant to this security standard. This standard ensures that customer data is not held if not required, and when required that cardholder data provided by the customer is stored encrypted and secure. CoralCommerce stores no cardholder data other than what is needed for businesses to support their customers after sales. All data is fully encrypted and only available for review via the admin portals by authorized users only, whilst maintaining PCI DSS compliance.