POST
/
v3
/
{id}
/
encryptcardpaymentinfo

This is a web service designed to give the card payment information needed for doing e-commerce payments, meaning full PAN, cvc2/cvv2, expiry date. The payload will be encrypted with an asymmetric public key, to enable end-to-end encryption to the card holder device. Only fields listed in the request ‘fields’ object will be returned. The caller is responsible of validating the integrity of the public key.

PCI DSS compliance

Processing payment information (PAN, expiry, CVC2/CVV2) is controlled with strict compliance regulations by the card schemes. There are multiple ways to access the card payment information in Enfuce’s APIs depending on the client solution, and whether the client is a card schema member themselves and therefore responsible for compliance.

The least complex way to take this functionality into use and keep your own systems outside the PCI DSS scope is to use the Initiate card data retrieval ( see /v4/card//controlToken below in this document). With that endpoint, the sensitive data is transported end-to-end between Enfuce’s service and the card-holder device, which keeps the client’s back-end systems outside of PCI DSS scope.

The alternative shown here (Get Card Payment Info) relies on that the client is responsible for PCI DSS compliance themselves to the card schema.

Example

// ...

import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import javax.crypto.Cipher;

// ...

// Example of how to decrypt an encrypted field
private String decrypt(String data, String privKeyPEM) throws Exception {
    // Prepare the key
    String privKeyString = privKeyPEM.replaceAll(\"\\\\n\", \"\").replace(\"-----BEGIN PRIVATE KEY-----\", \"\").replace(\"-----END PRIVATE KEY-----\", \"\");
    byte[] encodedKey = Base64.getDecoder().decode(privKeyString);
    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(encodedKey);
    KeyFactory kf = KeyFactory.getInstance(\"RSA\");
    PrivateKey privateKey = kf.generatePrivate(spec);

    // Prepare the decryption
    Cipher cipher = Cipher.getInstance(\"RSA/ECB/OAEPWithSHA-256AndMGF1Padding\");
    cipher.init(Cipher.DECRYPT_MODE, privateKey);

    // Prepare the data
    byte[] cryptogram = Base64.getDecoder().decode(data);
    
    // Decrypt
    byte[] decryptedBytes = cipher.doFinal(cryptogram);
    return new String(decryptedBytes);
}

Path Parameters

id
string
required

The card id for given card

Query Parameters

auditUser
string
required

The audit user to log the request

Body

application/json
encryptionKey
string
required

Public key used to encrypt the fields in the result.

encryptionMethod
enum<string>

In this field the encryption method is selected. This is to prepare for future use since only one method is supported.

  • RSA_ECB_OAEP_SHA256_MGF1_2048 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding. Public key length 2048.
Available options:
RSA_ECB_OAEP_SHA256_MGF1_2048
fields
enum<string>[]

In this field you can list which fields the service should encrypt and return. If a field is not listed, it will be left out from the response. Note that only fullCardNumber and cvv2 will be encrypted.

  • fullCardNumber - PAN number (card number) for the card
  • expirationDate - The expiration date of the card, in format MM/YY
  • cvv2 - The CVV2 (if Visa), or CVC2 (if Mastercard) value
Available options:
fullCardNumber,
expirationDate,
cvv2

Response

200 - application/json
cvv2
string

The encrypted CVV2 (if Visa), or CVC2 (if Mastercard) value. Base64 encoded

expirationDate
string

The expiration date of the card, in format MMYY

fullCardNumber
string

The enrypted full card number (PAN). Base64 encoded

Get cards given accountIdInitiate card data retrieval