Ensuring trust and safety while using our Payments APIs

Payment cards are so embedded in our daily lives that it’s hard to remember a time before their existence. Think about how easy it is to grab a pack of gum at your local grocery store with a credit card and how fast that transaction happens today. Contrast that with the early days of credit cards when the store had to verify all card information by phone. Not only was it slow and inefficient, but there were very few security measures in place. As this payment method gained popularity and credit card usage increased, so did the need to protect sensitive information.

Evolution in securing payments

As the internet and e-commerce swooped onto the scene in the late 1990s, new security challenges started to emerge. Businesses and consumers both were losing money from fraud through malicious software targeting sensitive card data. This prompted industry regulators to create the Payment Card Industry Data Security Standard (PCI DSS). This standard continues to evolve today, addressing new threats in an effort to safeguard cardholder data.

As digital payments continue to grow, so does the complexity of keeping them secure. Encrypted communication channels such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS), as well as other security protocols like two-factor authentication (2FA), have become important in protecting sensitive data traveling across the internet.

At J.P. Morgan, we understand the importance of security when it comes to payments. We securely move $10 trillion a day, and 50% of all US commerce transactions pass through our platform. Our comprehensive suite of APIs provides everything you need to securely accept, manage, and send payments at any scale.

What we offer

You get access to a collection of secure payments APIs, developer resources, and payment enhancements designed to ensure trust and safety for both software developers and businesses. Our solutions are purpose-built to help protect sensitive data and prevent fraud.

3-D Secure

3-D Secure (3DS) adds an extra layer of authentication during online transactions, requiring cardholders to verify their identity. This extra identity verification step can include additional security measures like a password or biometric data.

Our Online Payments API directly supports 3DS and handles the authentication flow for you, letting you use our 3DS authentication server as part of your payment authorization or verification request. If you already have your own independent 3DS provider, the Online Payments API also supports pass-through 3DS. With this method, you perform the full authentication flow through your provider and then pass those 3DS results back into our Online Payments API.

Tokenization

Tokenization replaces sensitive payment data with unique, non-sensitive tokens. This process helps to secure sensitive payment data by ensuring that sensitive payment details are not stored or transmitted. Not only does this reduce the impact of data breaches, but it also makes for a much faster checkout experience.

Our Online Payments API utilizes tokenization to help increase the security of the payment process. To request a token, provide the card number and expiration date performing a POST call to the /tokens endpoint, along with other fields required by the payment card brands. This token is then used throughout the transaction—including subsequent actions related to the initial payment like clearing, settlement, refunds, and dispute processing—all without exposing sensitive card details.

Fraud detection and prevention

Safetech Fraud Tools is J.P. Morgan’s solution for preventing fraudulent transactions while retaining legitimate purchases. This proactive approach evaluates whether an account holder poses a fraud risk before completing a transaction. Real-time, data-driven, informed decisions are a game-changer for stopping fraud before it happens.

Our Online Payments API can be used in conjunction with the fraud scoring system, allowing you to route a fraud-analysis-only transaction to the /fraudcheck endpoint. Normally, this requires sending the transaction directly to the issuer. After the payment and consumer transaction information is analyzed, the fraud scoring system returns a response containing a fraud score and the factors that contributed to that score.

You can customize your fraud analysis request by passing in specific attributes and data values you wish to evaluate. The response is dynamic, based on the information provided to be scored in the request. Merchants can use this response to improve their current fraud prevention strategies.  A developer could also leverage the fraud check results to improve fraud detection and automate decision-making in their application.

Encryption

Page encryption is a method for safeguarding sensitive payment information during online transactions. By encrypting card data within the browser, this security measure helps keep data secure as it moves through your application and into payment authorization requests.

Our Online Payments API relies on the HTML code of your application to include two JavaScript files to encrypt cardholder payment data within the browser session. Once encrypted, these values are securely sent as part of your payment request to the Online Payments API, ensuring sensitive information remains protected throughout the transaction.

Learn more about safety and security enhancements for payments

J.P. Morgan’s Online Payments API goes beyond basic payments to offer a comprehensive set of features designed to elevate the trust and safety of your transactions. Ready to explore these capabilities and other payment enhancements? Dive into the full range of features that can help you build a more secure payment experience. Register for the Payments Developer Portal today and gain access to a wealth of resources, including documentation and how-to guides for implementing these capabilities.