Overview

Version 1.0

Hosted field integrations offer customizable checkout experiences with low levels of PCI compliance overhead. Using hosted fields, sensitive information is placed within an isolated iFrame supplied by Smartpay Fuse. All data is processed by Smartpay Fuse, so no cardholder data is included in your servers or service.

Flex Microform is Smartpay Fuse’s hosted field solution that allows you to securely tokenize card data for immediate and future payments. When a customer submits their card details, the information is replaced by a card token to use for API requests instead of the actual card number.

When Flex Microform is integrated in your system:

  • Server-side request: Your server sends a request to Smartpay Fuse. This creates a time limited, signed JWT (the “capture context”) that encodes key parameters of the transaction, including transaction details, target origin and one-time use public keys. You can safely pass this JWT to your front-end application.
  • Client-side implementation: Embed the Flex Microform JavaScript library in your page and initialise it with the “capture context” generated by your server-side request. The library renders the necessary iFrames within designated containers on your page. When the customer submits the form, the library generates a PCI-compliant transient token representing the cardholder details, which is valid for 15 minutes.
  • Validate and use the transient token: Use this transient token in your service to make API calls and progress the transaction.

For more information and guidance on integrating Flex Microform, review the Key Information and Getting Started sections in this guide.

Flex Microform provides these benefits:

  • Minimal PCI overhead
  • Accepts a wide range of card types such as American Express, Mastercard, and Visa
  • Card capture page customization
  • An integration process that is not as complex as the REST API integration process
  • Back-end APIs for control of payment processes using card tokenization

The Flex Microform integration is one of several methods to accept payments on your site. Smartpay Fuse offers additional methods that provide different features. Before you start your integration, make sure you choose the right method for your needs. If the capability you need is not supported with the REST API, consider using one of the alternate integration methods.

For more information about these integration options, refer to these quick start guides:

  • E-commerce Plugins: provides an easy integration for supported e-commerce platforms.
  • Virtual Terminal: no integration is required because servicing agents take payments using our back-office portal, Smartpay Fuse Portal.
  • REST API: back end integration using our REST API.
  • Hosted Payment Page: requires minimal integration because you initiate the payment page, which handles the entire payment flow.

Contact us if you have questions about Flex Microforms.

This table provides a comparison of the features that are available in the different integration methods.

Integration Methods
Features Virtual Terminal 1  E-Commerce Plugins Hosted Payment Page   Direct REST API  Hosted Fields
 PCI overhead SAQ C-VT Mixed2 SAQ A SAQ D SAQ A3
 Transaction Types

Authorization only

Yes Yes (all) Yes Yes Yes7

Authorization and capture

Yes Yes (all) Yes Yes Yes7

Tokenise card (COF) 

Yes Yes Yes4 Yes Yes7

CIT (initial/subsequent)

Yes Yes Yes4 Yes Yes7

MIT (continuous authority)

No Some6 No Yes Yes7

Refund (standalone)

Yes8 Some6 REST API & Smartpay Fuse Portal1 Yes Yes7

Refund (existing transaction)

Yes Yes (all) REST API & Smartpay Fuse Portal1 Yes Yes7

Reversal

Yes Yes (all) REST API & Smartpay Fuse Portal1 Yes Yes7

Capture of standalone authorization

No Yes (all) REST API & Smartpay Fuse Portal1 Yes Yes7
 3-D Secure (v2)  N/A Yes (all) Yes Yes Yes7
 Account validation N/A Some6 Yes Yes Yes7
 Basic fraud rules5 Yes Yes (all) Yes Yes Yes7
 Low value exemptions N/A No Yes Yes Yes7
AVS/CSC Auto Reversal/Blocking Yes8 Yes6, 8 Yes8 Yes8 Yes7, 8
Digital Wallets

Apple Pay

N/A Some6 No Yes No7

Google Pay

N/A Some6 No Yes No7
Card Types

Visa

Yes Yes Yes Yes Yes

Mastercard

Yes Yes Yes Yes Yes

American Express

Yes8 Yes8 Yes8 Yes8 Yes8
 Channels

E-Commerce

No Yes Yes Yes Yes7

Moto

Yes Some6 Yes8 Yes Yes7

Notes:

1: The Smartpay Fuse Portal is our back-office servicing portal.
2: Different plugins use different integration methods. Refer to the applicable quick start guide listed and linked above for details about the PCI implications of those integration methods. Contact support if you have concerns or questions about PCI implications.
3: SAQ A applies when Flex Microforms is used to tokenize from web applications.
4: Secure Acceptance Hosted Checkout creates tokens from initial CIT transactions that can be used for subsequent CIT transactions.
5: Basic velocity rules using Decision Manager are only available for SME clients. Advanced fraud check and TRA are handled on a case-by-case basis.
6: These features are only available on some of our plugins (refer to the individual plugin solution pages for more information).
7: Flex Microform allows card numbers to be safely tokenized in compliance with PC standards. The resulting transient token is used to process or manage the transaction using the direct integration REST API.
8: These features are not enabled out of the box and need further configuration by our support team.

Using Flex Microform to take payments requires a combination of front-end and back-end integration. You need to collect the cardholder's details in your front-end application, send these details through the JavaScript library to tokenize card details, and then complete the transaction using the token with our back-end APIs.

 

The figure below shows the stages of the payment flow using Flex Microform.

  1. The customer processes their order on the merchant website.
  2. The merchant website requests Smartpay Fuse to generate the capture context JWT.
  3. Smartpay Fuse creates a payment capture context JWT.
  4. The merchant serves the payment page to the customer.
  5. Microform JavaScript intitializes with capture context and the customer enters their card details.
  6. The Microform JavaScript library tokenizes the payment card.
  7. Smartpay Fuse returns the token.
  8. The client-side code sends the token to the merchant server.
  9. The merchant server uses the token to process the payment..
file

This integration option uses a PCI SAQ A level of compliance when used to host payment form frames on a web page.

 

Card details are entered on a customer browser and are sent directly to Smartpay Fuse. Flex Microform hosted fields are rendered in secure iFrames that are hosted by Smartpay Fuse. When the form is submitted, payment data is submitted directly to Barclaycard, and never touches your systems.

 

If you have any questions or concerns about the PCI implications of using Flex Microform, contact us.

Getting Started

Further Information

Code Samples

Testing Resources

Developer Guides

Flex Microform Developer Guide: provides complete information about integrating Flex Microform into your payment system.

If you have questions about Flex Microform or need guidance for your integration, contact us.