Aptify supports credit card processing using PayPal reference transactions. Using this approach, an organization can simplify PCI compliance because Aptify does not store credit card numbers in the database. During an initial transaction, Aptify transmits the credit card number to PayPal and receives a PayPal reference transaction number in return.
To enable reference transactions on your system, create one or more Payment Types using the new Credit Card Reference Transaction base type (see Managing Payment Types) and associate them with an active Merchant Account that has the Use Reference Transactions option selected (See Integrating with ePayment Providers for information on enabling integration with a third-party credit card processor and the payment capture process).
Once enabled, an end user should not notice a functional difference between using a standard credit card payment type and a reference transaction payment type. Aptify then stores this reference transaction, and subsequent transactions can be processed against it for a period of one year, and any subsequent transaction resets the expiration period to one year from that new transaction.
A user should notice no changes in processing reference transaction-based credit card payments from processing standard credit card payments with the exception of a new Reference Transaction Expiration Date field in the Payment Information area. Aptify continues to store and populate the CC Partial field so users have access to the first digit and last four of credit card numbers. From a database perspective, the CCAccountNumber field is still encrypted but for reference transactions, Aptify encrypts a generic string ("Ref Transaction") rather than an actual credit card number.
Note that certain features that hold a card number prior to conducting a transaction (such as a standing order, saved payment method, or quotation order) may require the system to perform a zero-dollar authorization (ZDA) to obtain a reference transaction number, in which case PayPal may charge you for that ZDA.
Aptify Recommendation for Reference Transaction Renewal
Aptify highly recommends using Saved Payment Methods for all reference transactions used for recurring payments. That is payments that will be used, and likely renewed in the future. Below are some reasons why:
- When a standing order is fulfilled, a new order is created (that is not through the renewal process described above, but with a fulfillment), a new token is generated, and the expiration date becomes the current date (as shown on the order). However, the Standing Order payment information does not get updated to reflect this, even though a new token is created.
- Running the process above DOES update the expiration date. However, keep in mind, if you are renewing the token from the Standing Order and you originally used a saved payment method (SPM), the SPM will be out of sync as these are all individual PaymentInformation records, there is no way currently in Aptify to link these records.