PAYONE Platform Frontend supports the automatic triggering of a payment without the customer having to re-confirm the payment on the Frontend. This can be useful in payment methods where you already have obtained all relevant customer data (e.g. prepayment, invoice). This function also allows you to ask for the payment data already on your site and then simply transfer them to the Frontend. In this case the Frontend executes the payment automatically. If the payment was successful the customer is forwarded directly. In case of an error the customer is shown the Frontend and given the option to correct his data.
Payment data should not come into contact with your system. This is very important with credit card data. Certification according to the PCI standard is not necessary only if the card data does not come into contact with your systems. To prevent your systems from coming into contact with sensitive payment data, the payment data from your form should be sent directly to the Frontend and not be forwarded through your systems (see below). Any other data can be queried in preceding steps.
To be PCI DSS SAQ A compliant feature "autosubmit" must not be used with PAYONE Frontend and credit card payments.
To utilise this function you must use the hash method in this documentation (2.x). The hash method from the documentation of version 1.x is not permitted.
<form action="https://frontend.pay1.de/frontend/v2/" method="POST">
Please use either:
- URL to PAYONE Frontend hosted-iFrame:
- or URL to Frontend Classic:
To be SAQ A compliant PAYONE recommends implementation of the PAYONE hosted-iFrame-solution when processing the full original creditcard number (PAN).
To be SAQ A compliant feature "auto-submit" must not be used with credit card data.