Плащане

Вградено плащане

Вграденото плащане на Cardflo безпроблемно интегрира обработката на плащания директно във вашия уебсайт или приложение. Това решение предоставя сигурна, PCI-съвместима форма за плащане, която се показва на вашата съществуваща страница, елиминирайки пренасочванията и поддържайки последователно потребителско изживяване.

То е предназначено за търговци, търсещи лесна интеграция, без да жертват контрола или присъствието на марката.

Категория
Плащане
Възможности
10
Налично на
Всички планове
Кандидатствайте сега

Общ преглед

Embedded checkout functions as a client-side integration method where payment input fields are hosted by the Service Provider (PSP) but rendered within the merchant's existing web architecture.

Unlike hosted payment pages that require a browser redirect to an external domain, this model utilises iFrames or hosted fields to maintain the user's presence on the primary site.

The data flow ensures that sensitive Primary Account Number (PAN) data never touches the merchant's server, as the input fields communicate directly with the acquirer's gateway.

This mechanism significantly reduces the scope of PCI-DSS compliance, typically allowing merchants to qualify for the simpler SAQ A or SAQ A-EP assessments.

By retaining control over the DOM around the secure fields, businesses can manage the visual layout and user journey while delegating the cryptographic security and tokenisation processes to the infrastructure layer of the payment stack.

This approach balances branding requirements with robust risk management and technical security.

Как работи

  1. Client-side Script Initialisation

    The integration begins by loading a JavaScript library from the payment provider onto the merchant's checkout page.

    This script creates secure containers within specific DIV elements, ensuring that the critical payment inputs remain isolated from the rest of the page's code to prevent cross-site scripting vulnerabilities or data interference.

  2. Secure Field Rendering

    The provider renders individual iFrames for the card number, expiry date, and CVV. These fields are hosted on a PCI-compliant environment but appear as part of the merchant's form.

    This separation ensures that the merchant handles only non-sensitive metadata, while the actual cardholder data is transmitted directly to the gateway.

  3. Tokenisation and Validation

    When the customer enters their details, the system performs real-time validation for LUHN checks and BIN identification. Upon submission, the sensitive data is exchanged for a secure vault token.

    This token represents the payment instrument and is the only credential passed to the merchant's backend for the authorisation request.

  4. Transaction Authorisation

    The merchant sends the token to their server, which then initiates an authorisation call to the acquirer. The acquirer forwards this to the card schemes and the issuer.

    The issuer returns a response, such as an approval or a decline code, which the merchant then displays to the user.

Защо е важно

Conversion Rate Optimisation

Redirects often introduce friction and latency, which are primary drivers of basket abandonment. By keeping the customer within the merchant's domain throughout the entire transaction, the payment process feels like a continuous part of the user journey.

This consistency helps maintain trust, particularly during high-value transactions where a sudden change in URL might cause users to suspect a phishing attempt or a technical fault.

Security and Compliance Burden

Managing raw card data requires extensive security protocols and rigorous yearly audits under PCI-DSS Level 1 criteria. An embedded model bypasses these requirements by ensuring the merchant server never sees, processes, or stores sensitive PAN data.

This shift reduces the operational overhead and liability associated with data breaches, as the security burden is transferred to the service provider whose systems are purpose-built for data protection.

Приложения

SaaS Platform Subscriptions

Software providers use embedded fields to collect payment details during account setup. This allows them to capture a payment method and store it as a network token for recurring billing without disrupting the onboarding flow or introducing external site redirects.

High-Volume E-commerce Sites

Retailers with high traffic levels use embedded checkouts to maintain brand integrity and minimise the steps to completion. This is particularly effective for mobile commerce, where redirecting between apps and browsers can lead to session timeouts or loading errors.

Enterprise Marketplaces

Marketplaces involving multiple vendors use embedded fields to standardise the payment experience across their platform. This ensures that regardless of the specific vendor, the payment infrastructure remains secure and consistent, facilitating complex split-settlement workflows at the backend.

В числа

20-30%
Checkout Abandonment Reduction

Industry research suggests that removing redirects can lead to a significant decrease in cart abandonment, as customers are less likely to encounter technical friction or trust issues during the payment phase.

80%
PCI Compliance Efficiency

Using hosted fields can reduce the number of security controls a merchant must audit annually by a substantial margin compared to handling raw card data, according to standard PCI-DSS assessment benchmarks.

<45s
Mobile Transaction Speed

Optimised embedded fields that trigger native keyboards and provide real-time validation typically facilitate faster completion times for mobile users compared to traditional non-responsive form layouts.

Ready to route with Вградено плащане?

Talk to our team about a live rollout on your acquiring stack.

Кандидатствайте сега

What you get with Вградено плащане

  • Сигурни, PCI-съвместими полета за плащане, вградени директно във вашия сайт.
  • Без пренасочвания, задържащи клиентите във вашия домейн по време на плащането.
  • Възможност за персонализиране на стила, за да съответства на естетиката на вашата марка.
  • Намалени усилия за разработка в сравнение с пълна персонализация.
  • Оптимизиран за отзивчивост на мобилни устройства и настолни компютри.
  • Повишено доверие на клиентите чрез поддържане на постоянен потребителски интерфейс.
  • Support for 3-D Secure authentication directly within the embedded flow for SCA compliance.
  • Automatic BIN detection to identify card type and apply relevant processing logic immediately.
  • Compatibility with modern JavaScript frameworks including React, Vue, and Angular for structured integration.
  • Localised language support for checkout fields to cater to a global customer base.
See Вградено плащане on your acquiring stack.

A short scoping call, then a written plan for your MIDs.

Кандидатствайте сега

Questions about Вградено плащане

Каква е разликата между вградено и персонализирано плащане?

Вграденото плащане предоставя предварително изградени, сигурни полета за плащане, които можете да стилизирате и поставите на вашия сайт. Персонализираното плащане предлага пълен контрол върху всеки елемент на формата и потока на плащане, изискващи повече разработка.

Вграденото е по-бързо за внедряване, докато персонализираното предлага максимална гъвкавост за индивидуални нужди.

PCI-съвместимо ли е вграденото плащане?

Да, вграденото плащане на Cardflo е проектирано да бъде PCI-съвместимо. Чувствителните данни за карти се обработват директно от сигурната инфраструктура на Cardflo, намалявайки вашето PCI натоварване.

Търговците, интегриращи вграденото решение, могат да постигнат съответствие по-лесно в сравнение с директното обработване на необработени данни за карти.

Мога ли все още да използвам интелигентно маршрутизиране и възстановяване при отказ с вградено плащане?

Да, основните функции за оркестрация на Cardflo като интелигентно маршрутизиране, възстановяване при отказ и оптимизация на 3DS работят безпроблемно във фонов режим с вградено плащане.

Вграденото решение обработва заснемането на плащания от предния край, докато нашата платформа управлява логиката за обработка на транзакции, за да увеличи максимално процента на одобрение.

What happens if a customer’s card requires 3-D Secure authentication?

When 3-D Secure is required for Strong Customer Authentication (SCA), the embedded library will typically trigger a modal or an overlay. The customer completes the challenge within this window, and once authorised, the focus returns to the merchant's checkout page.

This process happens without a full page redirect, maintaining the session and reducing the risk of the customer closing the tab during the authentication process.

Is the embedded checkout optimised for mobile devices?

Industry-standard embedded checkout components are designed to be responsive. They utilise media queries to adjust the size and layout of input fields based on the device's screen dimensions.

Furthermore, they are configured to trigger the correct numeric keypads on mobile operating systems, which improves the speed and accuracy of data entry for the customer, leading to higher completion rates on handheld devices.

Does the embedded checkout support alternative payment methods like digital wallets?

Embedded checkouts can often be configured to display digital wallet buttons, such as Apple Pay or Google Pay, alongside traditional card inputs. These methods often bypass the card entry fields entirely, using the wallet's stored credentials to authorise the transaction via a secure token.

This multi-modal approach ensures that the checkout remains flexible for various consumer preferences while maintaining a singular integration point.

Започнете

Готови ли сте за скорост?

Разкажете ни за вашия бизнес. Ние ще ви свържем с правилните банки акцептанти и правилния маршрут, обикновено в рамките на една седмица.

Кандидатствайте сега
Кандидатствайте сега