Fri. Jul 15th, 2022

Current article will cover end to end picture of BNPL card transaction journey. Refer to Last article, to get end to end picture of BNPL card’s onboarding journey.

Authorisation & Authentication are two important concepts to understand the end to end transaction workflow.

  • Authentication: Is the act / process of establishing something as genuine or authoritative. In simple terms, whether your card number is valid, mentioned expiry date is accurate.
  • Authorisation: Is the action of authorising. In simple terms, customer is authorising transaction using OTP (One Time Password) / PIN.
title Transaction workflow Customer->Merchant: Initiate Payment \n(via Card) Merchant->Bank: Authenticate Payment Bank->Customer: OTP (Authorise Payment) Customer->Merchant: OTP Merchant->Bank: Authorize Payment Merchant->Customer: Payment Response

The above diagram depicts the payment experience at 50,000 ft level. Customer initiate the transaction by sharing the Card details (Card Number, Expiry date, cvv) with Merchant/Payment Gateway solution. These details are authenticated with the issuer bank. Post successful authentication, Issuer Bank will share the OTP with customer. Customer shares this OTP with Merchant / Payment Gateway provider, which is shared with Bank for authorisation.

This completes the Authentication & Authorisation calls. A transaction will be successful considering, Both the response of authentication & authorisation are successful, and fails if any of the response fails. In case of E-Commerce transaction customer needs to share the OTP, whereas in case of offline store transactions, customer needs to share the PIN.

Let’s deep dive, and look into at 10,000 ft level, to understand where BNPL sits in the entire picture.

title Transaction workflow Customer->Merchant: Initiate Payment \n(via Card) Merchant->Payment Gateway: Initiate Payment Payment Gateway->Bank: Authenticate Payment Bank->BNPL: Authenticate Payment BNPL->Customer: OTP (Authorise Payment) Customer->Payment Gateway: OTP Payment Gateway->Bank: Authorize Payment Bank->BNPL: Authorize Payment BNPL->Bank: Payment Response Bank->Payment Gateway: Payment Response Payment Gateway->Merchant: Payment Response Merchant->Customer: Payment Response

Payment Gateway interacts with Bank, which internally interacts with BNPL player for authorisation & authentication calls. Storing of card number comes with lot of compliances & data leak. Now the question comes whether BNPL Player store the card number? If not then how BNPL with authenticate payment without storing card details. Who will take legal liabilities in case of compliance / fraud? Is Bank or BNPL Player?

Whether BNPL Player store the card number? No. Storing the card details requires handful of compliance. Hence BNPL Players rely on external vendor to store the card details. As this information needs to be validated during payment processing. Vendor stores the mapping of Reference number to card number, and return the reference number to BNPL for future references.

In next article will look at transaction workflow at 5,000 feet level.

Leave a Reply

Your email address will not be published.