FAQ
Frequently Asked Questions for Masking Customer Information over less-secure Channels Change:
I'm using one of your ready plugins. Is there any change required from my side upon these mandates ?
Our plugins handle the responses as POST Method with https URLs, you just need to check your Technical Settings configurations in your Test and Production accounts to ensure that the Return_Url Type option is set as "POST" and the Direct Feedback URL [which is your host to host URL] configured is https. There will be no Impact on the payment processing at your shop upon this change.
I'm using Shopify e-commerce platform, Is there any change required from my side upon these mandates ?
Our Integration with Shopify supports returning the response as POST Method with https URLs, you just need to check your Technical Settings configurations in your Test and Production accounts to ensure that the Return_Url Type option is set as "POST" and the URLs configured under this tab are https. There will be no Impact on the payment processing at your shop upon this change.
I'm using your PHP / .NET SDK, Is there any change required from my side upon these mandates ?
Our PHP and .NET SDKs handle the responses over POST Method with https URLs, you just need to check your Technical Settings configurations in your Test and Production accounts to ensure that the Return_Url Type option is set as "POST" and the URLs configured under this tab are https. There will be no Impact on the payment processing at your shop upon this change.
I'm using your Android / IOS SDKs , Is there any change required from my side upon these mandates ?
If you are handling the responses received from Amazon Payment Services through the Direct or Notification Feedback URLs configured in your Account under Technical Settings, you need to ensure that these URLs configured are https, Otherwise, we won't require any further changes. No Impact on the payment processing at your shop upon this change.
Will the response signature calculations be impacted after masking the critical data received in the response ?
The signature calculation process will remain the same, you will include the masked parameters in the signature calculation as they are. If you face any signature calculation issue, please refer to the signature API reference here or contact our Integration Team at : integration-ps@amazon.com.
Is this mandate applicable for the Tokenization API Response received from Amazon Payment Services or it's only applicable for the Payment Operations Responses ?
This mandate is applicable for all APIs that require you to handle the response from the return_url, Redirection_ur, Direct Feedback and Notification Feedback Urls.
I'm using your Transactions Reports to extract the transactions data, will these critical data be masked in the Reports as well.
No, they won't be masked in the Reports.
I'm using Data Mine [Reporting API] to extract the transactions data, will these critical data be masked in the Reports as well.
No, they won't be masked in the Reporting APIs.
I'm displaying the card_number, expiry date and card_holder_name received from Amazon Payment Services for the registered customers who saved their card in my application, does this mandate impact my current implementation for the registered customers ?
If you are handling the response received from Amazon Payment Services as GET Method or through http URL, you will get the card_number, the expiry_date and the card_holder_name as fully masked values, and this will impact the current flow that you have implemented, to not impact your current implementation, please make sure to migrate to the POST and use https URLs to handle the response, in this case, you will get these details without masking. There will be no Impact on the payment processing at your shop upon this change.
I'm depending on the card_bin received from Amazon Payment Services to apply discounts on some certain bins, does this mandate impact my current banks discount implementation ?
If you are handling the response received from Amazon Payment Services as GET Method or through http URL, you will get the card_number which contain the card bin [first 6 digits] as fully masked value, this will impact the current flow that you have implemented, to not impact your current implementation, please make sure to change the Return_Url Type to POST and use https URLs to handle the response, in this case, you will get card_number response without masking. There will be no Impact on the payment processing at your shop upon this change.