Skip to main content
...MyDebitOverviewMyDebit Secure Remote Commerce

MyDebit Secure Remote Commerce (SRC)

Introduction

Secure Remote Commerce (SRC), commonly referred to as ‘Click to Pay’, is a SRC system with consistent framework and interfaces across the remote commerce environment where participants in the payments ecosystem facilitate a streamlined and secure checkout process.

The digital payment solution based on the EMV® Secure Remote Commerce (SRC) industry standard, provides online shoppers with a fast, simple, and secure way to pay online which replaces the need to manually key-in personal and card information on multiple eCommerce sites and works across multiple devices. An easier and frictionless checkout process enhances the online shoppers experience and helps merchants reduce cart abandonment.

The EMV® Secure Remote Commerce (SRC) Specifications enable a common consumer e-checkout that promotes simplicity, familiarity, interoperability, convenience, and trust. The specification defines a number of roles and functions to facilitate this secure and seamless experience by which consumers access their card and personal information. The click to pay experience has been adopted by the global payment networks to provide consumers with a more seamless and consistent checkout experience.

1. PayNet SRC Program Overview

MyDebit SRC is an “Add-on” application to MyDebit Tokenisation to promote the adoption of network/payment tokens driven from scheme perspective.

Built on EMVCo standards, MyDebit SRC gives consumers that are shopping online an easy, secure, and consistent way to checkout and thereby speeding up checkout time and reducing cart abandonment

1.1 SRC Participants

Example banner

RolesResponsibilities Parties
SRC System Orchestrates all technical activities and facilitates the interactions between SRC participants.
  • MyDebit SRC
SRCI

Integrate and interact with the DPA and MyDebit SRC system.

  • Manages the registration of DPA(s)
  • Interacts with the DPA and SRC System to initiate and complete checkout
  • Enables discovery and selection of payment cards
  • PSPs
  • Gateways
  • Merchants
  • eCommerce Service/Technology Providers
  • Acquirers
DPA

Any website, mobile application or IoT devices that enabled customers to purchase goods or services.

  • Integrate with SRCI to provide customers the option to pay via MyDebit SRC.
  • Display MyDebit SRC branding guide with Click To Pay icon.
  • Merchants
DCF

Provides access to customer data such as payment card information, shipping address and others.

  • Provide the UI to display selected card details, capture and display address details and contact information.
  • Payment Networks
  • Digital Wallets
SRCPI

Enable the enrollment of it’s cardholders and their related PANs to MyDebit SRC system.

  • Notify cardholders
  • Issuers

1.3 Abbreviations and Key Term

For abbreviations and key term, you can click this link : Abbreviations and key terms

2. Benefits

  • Simplify and expedite your online Customer’s checkout process as MyDebit SRC allows Customer’s to seamlessly make payments without the hassle of manually key in the Debit Card details or delivery address.
  • Merchants get to minimize card abandonment and increase sales through seamless payment process.
  • Leads to higher approval rates and lower fraud risk.
  • Works seamlessly with your existing 3DS solution.

3. Overview of MyDebit SRC Architecture and Process Flow

Example banner

  1. Consumers initiate checkout on the platform provided by DPA.
  2. Upon consumers’ selection of MyDebit SRC as the checkout method, SRCI connects to MyDebit SRC system on behalf of DPA. The consumers are required to perform registration/login to MyDebit SRC account.
  3. SRCI must provide consumers the option to add/select card based on their preference. Upon card selection from the SRC candidate list, SRCI invokes DCF.
  4. DCF displays the selected card’s details. May also capture and display address details, contact information and cardholder authentication as required.
  5. All the information gathered is sent to MyDebit SRC system. MyDebit SRC system in turn returns the checkout payload to DCF.
  6. DCF passes the checkout payload to SRCI.
  7. SRCI returns the checkout payload to DPA to be reviewed and confirmed by the consumers.
  8. Upon confirmation of the checkout information, SRCI is invoked to process the transaction.
  9. PayNet TSP detokenises and verifies the Token PAN and returns the PAN to MyDebit NET.
  10. MyDebit NET sends PAN information to the Issuer for Authorization including certain checkout data. SRCPI returns an Approval response to MyDebit NET.
  11. MyDebit NET routes back the Approval response with the Token PAN.

4. Use Case

Upon using SRC for the first time, consumers are required to enroll their payment card and shipping address to sign up with the service. Subsequent purchases allow consumers to easily sign in to their SRC profile using their registered email address, accessing profile data for quick checkout, Consequently, consumers are categorized into distinct scenarios based on their interactions with SRC.

USE CASEDESCRIPTION
New UserConsumers who have not registered with SRC and are using SRC for the first time need to enter their payment card and shipping address before checkout. An one-time-passcode (OTP) to an email for a verification
Existing User On Unrecognised DeviceConsumers who have a SRC profile, will need to enter the email address associated with their SRC payment profile. Consumers need to verify their identity with a one-time-passcode (OTP) sent to their email address.
Existing User On Recognised DeviceConsumers who have enrolled in SRC and are checking out using a recognized device will have the fastest checkout experience. In this case, (user verification) OTP step is not required , consumers just need to insert email address and confirm the payment card and shipping address they wish to use for the transaction.

4.1. First Time User

No.Consumer journeySample Picture
1Upon consumers’ selection to checkout via MyDebit SRC. DPA invokes SRCI.Example banner
2SRCI invokes SRC system enabling consumers to register with MyDebit SRCExample banner Example banner
3Consumers may register their desired MyDebit cardExample banner
4SRCI will send security code to the registered email for an authenticationExample banner
5SRCI will invoke 3DS procedure for a card enrollmentExample banner
6
  • Based upon the registered card’s information, SRCI determines which DCF to be invoked and passes the collected checkout and card information to DCF.
  • DCF captures the email address, phone number, shipping and billing address and relevant consumer consent.
  • DCF may perform cardholder authentication when required.
  • DCF will present the “Review and Confirm” screen to consumers.
Example banner
7Upon confirmation, the checkout information will be passed back to DPA to display.Example banner
8The following process will not be within the MyDebit SRC framework as SRCI proceeds to invoke the normal payment process which may include the 3DS procedure.Example banner
9SRC checkout are complete.Example banner

4.2. Returning User On Unrecognised Device

No.Consumer journeySample Picture
1Upon consumers’ selection to checkout via MyDebit SRC. DPA invokes SRCI.Example banner
2SRCI invokes SRC system enabling consumers to login to MyDebit SRC via consumer identity.Example banner
3MyDebit SRC system will verify the consumer’s identity (Email).Example banner
4SRCI displays the consumer profile from MyDebit SRC.Example banner
5
  • Based upon the registered card’s information, SRCI determines which DCF to be invoked and passes the collected checkout and card information to DCF.
  • DCF captures the email address, phone number, shipping and billing address and relevant consumer consent.
  • DCF may perform cardholder authentication when required.
  • DCF will present the “Review and Confirm” screen to consumers.
Example banner
6Upon confirmation, the checkout information will be passed back to DPA to display.Example banner
7The following process will not be within the MyDebit SRC framework as SRCI proceeds to invoke the normal payment process which may include the 3DS procedure.Example banner
8SRC checkout are complete.Example banner

4.3. Returning User On Recognised Device

No.Consumer journeySample Picture
1Upon consumers’ selection to checkout via MyDebit SRC. DPA invokes SRCI.Example banner
2SRCI invokes SRC system enabling consumers to login to MyDebit SRC via consumer identity.Example banner
4
  • MyDebit SRC system recognised the device, so it will not verify the consumer’s identity (Email).
  • SRCI displays the consumer profile from MyDebit SRC.
Example banner
5
  • Based upon the registered card’s information, SRCI determines which DCF to be invoked and passes the collected checkout and card information to DCF.
  • DCF captures the email address, phone number, shipping and billing address and relevant consumer consent.
  • DCF may perform cardholder authentication when required.
  • DCF will present the “Review and Confirm” screen to consumers.
Example banner
6Upon confirmation, the checkout information will be passed back to DPA to display.Example banner
7The following process will not be within the MyDebit SRC framework as SRCI proceeds to invoke the normal payment process which may include the 3DS procedure.Example banner
8SRC checkout are complete.Example banner

5. SRCI Onboarding to SRC

5.1. SRCI Onboarding process

5.1.1. Register with MyDebit SRC

SRCI must enroll and adhere to MyDebit SRC Program requirements. Upon successful registration, the following items to be obtained from PayNet:

  • Login credentials for SRCI Portal will be provided by PayNet.
  • There are 2 integration models provided: Hosted Checkout and SDK model.
    • It is recommended to integrate with MyDebit SRC using the Hosted Checkout model.
    • For detail integration specification, please refer document: MyDebit SRC JavaScript SDK.
    • To integrate using the SDK model, kindly contact PayNet for more information

SRC Initiator (SRCI) Portal is a self-service web portal that allows SRCI’s users to view and monitor resources that are related to them only.

High level overview of modules in SRCI Portal includes:

  • Login Screen
  • Dashboard
  • Checkout Management
  • SRC Client Profile
  • Merchant Management

5.1.2. Onboarding Merchants and DPAs

Upon the completion of SRCI registration, SRCI is responsible to register their respective merchants and DPAs who wish to support MyDebit SRC checkout method.

Registration can be done via the SRCI portal that is provided.

  • SRCI needs to create a merchant account in the SRCI Portal.
  • Subsequently, SRCI can create the DPA account(s) for the merchant.
  • A merchant can have more than 1 DPA account.

6 Client Side Integration

6.1 Hosted Checkout

The hosted checkout model is best fit for merchants who wish to focus on their business logic instead of developing their own checkout interface and maintain the complexity of the integration. With this model, a standard interface will be shown to consumers, and all the functionalities that are required by the SRC system will be taken care of.

6.1.1 Integrate via Hosted Checkout

To start integrating Hosted Checkout, merchants need to import the sdk into their website. 

<script src='SRC_SDK_URL'></script>
info

The SRC_SDK_URL will be given to participant after onboarding.

Initialise the SDK with the data provided by the SRCI. 

window.SRCSDK_MYDEBIT.init({ 

  srcInitiatorId, 
  serviceId, 
  srcDpaId, 
  srciTransactionId, 
  dpaTransactionOptions: { 
    transactionAmount: { 
      transactionAmount: 199.99, 
        transactionCurrencyCode: 'MYR' 
      }, 
      transactionType: 'PURCHASE', 
      merchantOrderId: 'ORD-2022030001', 
      threeDsPreference: 'ONBEHALF', 
      threeDsInputData: { 
        returnUrl: 'https://merchant.com/3ds-return-url' 
      } 
    } 
  })

Prepare the button for calling Click To Pay action. 

<button type="button" class="btn btn-primary" onClick='window.SRCSDK_MYDEBIT.clickToPay()'> 
    <img src="/images/mydebit-src-logo.svg" width="100" height="26" /> 
</button>

6.1.2 Handle Response from Hosted Checkout

To handle the response from the hosted checkout, merchants need to use an event listener. 

window.addEventListener('message', function(event) { 

   if(event.origin == SRC_CHECKOUT_DOMAIN) { 

     //code to receive response data from hosted checkout 
     const data = event.data 
     console.log(data.checkoutResponse) 
     console.log(data.srcCorrelationId) 

     //code to decrypt checkoutResponseJws 
     .. 

   } 

 });

The response data is a signed JWS with nested encrypted JWE. Only the SRCI can decrypt the JWE to retrieve payment authorization data. In cases where the merchant needs the payment information such as recipient name, shipping address or masked card number, SRCI should provide the API for the merchant.

info

You can also find our sample hosted checkout in resources section.