You can now use Carbon for the sale of your own digital assets. While we have an ever-growing list of tokens we offer for sale, it is not all encompassing. If your project uses a cryptocurrency or NFT that is not available through our standard Credit/Debit Purchases API, Carbon is still right for you thanks to our payment gateway.
You can also use the payment gateway to sell tokens we already offer
For partners that would like to control their own liquidity
With the payment gateway, Carbon processes payments by the user, before you, the integrator, fulfills the delivery of the asset. We thus act as a more traditional payments processor or gateway.
The general integration flow is as follows :
- The user enters their payment card information.*
- The card is verified as 3D Secure enrolled. The user completes 3DS authentication with their bank's ACS (Access Control Server).. Carbon completes processing the charge and authorizes the payment on the card to complete checkout. We may employ a proprietary card verification process for certain high-risk transactions.
- Carbon sends a response to the integrating server to indicate whether completing the charge was successful or not.
- The integrator delivers the digital assets to the user and indicates to Carbon's server whether the purchase has been filled confirming or cancelling the charge as needed.
- Carbon pays out the processed funds to the payment gateway integrator at determined settlement times.
*For complete PCI compliance, we strongly recommend integrating our payment gateway widget to isolate collecting, transmitting, and storing sensitive cardholder and payment data to us. Namely the payment gateway widget offers a card form to isolate collecting and tokenizing sensitive payment card information in addition to an ACS form to isolate initiating 3DS authentication and handling sensitive 3DS payment data.
If you are not integrating our payment gateway widget, make sure to reference our credit/debit card API for information on how to add payment cards, begin charge of payment cards, complete 3DS authentication, and complete charge of payment cards on your side. In particular, make sure to distinguish between payment gateway v non payment gateway config. In either case, please consult this section for information on how to confirm and cancel payments in addition to (optionally) setting up your own custom termination URL for reviewing orders before completing authorization of payments.**
**For now custom termination URL config is not set up. Please set your
customTermUrl to undefined to avoid breaking code.
While digital assets are our speciality, you can use our payment gateway to sell almost anything so long as our compliance team approves.
Tokenization & PCI Compliance Aside
While we do offer the option to render your own payment card form, add/charge payment cards without tokenization, and/or render the 3DS authentication ACS form on your side. handling any of this functionality on your own will significantly increase your PCI exposure and burden. Integrating our checkout widget will isolate dealing with raw cardholder data and 3DS payment data to our side. You as the partner only have to concern yourself with tokenized payment card data leading to the minimal level of PCI compliance requirements: PCI SAQ-A. For all other types of integrations, you will likely fall under PCI SAQ-EP. For more on PCI SAQ (Self-Assessment Questionnaire) security standards, please refer to this: https://www.pcisecuritystandards.org/pci_security/completing_self_assessment.
Tokenization involves exchanging sensitive data for a non-sensitive identifier that is internally mapped in a system (in this case our credit/debit card vault) to payment card information. Note that we never store unencrypted card numbers or cvc's on our servers in any circumstance. Instead we map tokens to payment card information stored with a PCI Level I compliant third-party security provider and then utilize our credentials with this provider to add cards and authorize payments with our network of processors. By only dealing with tokenized cardholder data, you by and large isolate PCI liability to us.
To learn more about PCI and our security practices, please go here.
Before deciding if the payment gateway is right for you
Read about our legal requirements.
If you would like it integrate Carbon's payment gateway widget and API, please continue to review the docs and contact [email protected] for approval.
For any user support questions regarding our payment gateway, please refer users to [email protected]
Updated 28 days ago