Introduction to Checkout.com
Checkout.com is a global payment service provider offering a unified platform for accepting and processing online payments. As one of the leading payment solutions, it enables businesses to accept multiple payment methods across various regions with robust fraud prevention capabilities and comprehensive reporting tools. Checkout.com’s importance lies in its ability to provide businesses with a flexible, scalable payment infrastructure that optimizes conversion rates and enhances customer experience.
Core Concepts & Terminology
| Term | Definition |
|---|---|
| Unified API | Checkout.com’s single integration point for all payment methods and services |
| Payment Gateway | The service that authorizes and processes card payments |
| Payment Service Provider (PSP) | Entity that enables merchants to accept payments (Checkout.com is a PSP) |
| Merchant Account | Your business account with Checkout.com for processing payments |
| Processing | The movement of funds from customer to merchant |
| Authorization | Initial step that verifies if the customer has sufficient funds |
| Capture | The process of collecting funds after authorization |
| Settlement | The transfer of funds from Checkout.com to the merchant’s bank account |
| Tokenization | Process of securely storing payment details as reusable tokens |
| 3D Secure (3DS) | Security protocol that adds an authentication layer for online transactions |
Integration Methods
1. Hosted Payment Page
- Description: Checkout.com-hosted payment form requiring minimal integration
- Best for: Quick deployment, reduced PCI compliance scope
- Setup Steps:
- Configure in the Checkout.com Hub
- Customize appearance and payment methods
- Implement redirect or iframe implementation
- Set up webhook notifications
2. Frames Integration
- Description: Embedded payment form with iframes for sensitive fields
- Best for: Custom checkout experience with reduced PCI compliance
- Setup Steps:
- Include Frames.js library
- Create container elements for card fields
- Initialize Frames with your public key
- Handle form submission and tokenization
3. Direct API Integration
- Description: Full API integration with complete control
- Best for: Complex payment flows, maximum customization
- Setup Steps:
- Obtain API keys from the Hub
- Implement full PCI compliance measures
- Build secure payment form
- Make direct API calls to Checkout.com endpoints
Key API Endpoints & Operations
| Operation | Endpoint | Method | Description |
|---|---|---|---|
| Payment | /payments | POST | Create a new payment |
| Payment Details | /payments/{id} | GET | Retrieve payment details |
| Capture | /payments/{id}/captures | POST | Capture an authorized payment |
| Refund | /payments/{id}/refunds | POST | Refund a payment |
| Void | /payments/{id}/voids | POST | Void an authorization |
| Tokenization | /tokens | POST | Create a payment token |
| Instruments | /instruments | POST | Create a payment instrument |
| Webhooks | /webhooks | POST | Configure webhook notifications |
Payment Workflow
Initialization
- Collect payment details from customer
- Implement client-side validation
Tokenization
- Convert sensitive payment data to secure token
- Send token instead of raw card data
Authorization
- Request payment authorization with token
- Receive approval/decline from issuing bank
Authentication (if required)
- Implement 3D Secure authentication
- Process authentication response
Capture
- Immediate capture for instant payment processing
- Delayed capture for services/goods delivered later
Settlement
- Funds transferred to merchant account
- Typically 1-3 business days (varies by region)
Supported Payment Methods
Card Payments
- Visa
- Mastercard
- American Express
- Discover
- Diners Club
- JCB
Alternative Payment Methods
- Digital Wallets: Apple Pay, Google Pay, PayPal
- Bank Transfers: SEPA, ACH, Faster Payments
- Buy Now Pay Later: Klarna, Afterpay/Clearpay
- Local Methods: iDEAL, Sofort, Giropay, Alipay, WeChat Pay
Error Handling & Response Codes
| Code Range | Category | Action |
|---|---|---|
| 10000-10999 | Request Validation Errors | Fix request format or parameters |
| 20000-20999 | Processing Errors | Check payment details or retry |
| 30000-30999 | Gateway Errors | Contact Checkout.com support |
| 40000-40999 | Card Issuer Errors | Suggest alternative payment method |
Common Error Scenarios
- Card Declined: Insufficient funds or issuer decline
- Authentication Failed: Customer failed 3DS authentication
- Invalid Card Details: Incorrect card number, expiration, or CVV
- Processing Error: Temporary system issue
- Network Error: Communication failure with payment network
Fraud Prevention Tools
Checkout.com Risk Management
- Risk Rules Engine: Create custom rules to filter transactions
- Risk Scoring: Automated scoring of transaction risk levels
- Velocity Checks: Monitor transaction frequency patterns
- IP Intelligence: Evaluate transaction source IP address
- Device Fingerprinting: Identify suspicious devices
3D Secure Implementation
- 3DS1: Original protocol (redirect flow)
- 3DS2: Enhanced protocol with frictionless flow
- Challenge Flow: Additional authentication step when required
- Frictionless Flow: Risk-based authentication without customer interaction
Testing & Sandbox Environment
Test Cards
| Card Number | Brand | Scenario |
|---|---|---|
| 4242 4242 4242 4242 | Visa | Successful payment |
| 4000 0025 0000 3155 | Visa | 3DS required |
| 4000 0000 0000 0002 | Visa | Declined payment |
| 5436 0310 3060 6378 | Mastercard | Successful payment |
| 5200 0000 0000 0007 | Mastercard | Declined payment |
Testing Process
- Create sandbox account in Checkout.com Hub
- Generate test API keys
- Implement integration using test credentials
- Simulate various payment scenarios using test cards
- Verify webhook notifications in test environment
Webhooks & Notifications
Event Types
payment_approved: Payment authorized successfullypayment_captured: Funds successfully capturedpayment_declined: Payment declined by issuerpayment_refunded: Refund processed successfullypayment_voided: Authorization voidedpayment_expired: Authorization expired
Implementation Steps
- Create webhook endpoint in your application
- Register endpoint URL in Checkout.com Hub
- Implement signature verification for security
- Process incoming webhook events asynchronously
- Include retry logic for failed webhook deliveries
Compliance & Security
PCI DSS Requirements
- Level 1: Full PCI compliance for direct API integration
- Level 2: Reduced scope when using Frames
- Level 3: Minimal requirements with Hosted Payment Page
Data Security Measures
- End-to-end encryption for all communications
- Tokenization of sensitive payment details
- TLS 1.2+ for all API connections
- Regular security audits and penetration testing
Reconciliation & Reporting
Available Reports
- Transaction reports (daily/weekly/monthly)
- Settlement reports
- Chargeback and dispute reports
- Custom reports via API
Reconciliation Process
- Download transaction reports from Hub or via API
- Compare with internal order management system
- Identify and investigate discrepancies
- Match settlements with bank statements
- Reconcile refunds and chargebacks
Common Challenges & Solutions
| Challenge | Solution |
|---|---|
| High decline rates | Implement Account Updater service, optimize retry logic |
| 3DS friction | Implement 3DS2 with exemption management |
| Cross-border issues | Enable local acquiring, use relevant payment methods |
| Recurring payment failures | Implement smart retry logic, use account updater |
| Mobile payment integration | Use mobile SDKs, implement Apple Pay/Google Pay |
| Currency conversion | Enable multi-currency processing |
Best Practices & Tips
Conversion Optimization
- Minimize form fields and checkout steps
- Display trust signals and security badges
- Show all available payment methods
- Implement smart 3DS routing
- Use real-time error messaging
Operational Excellence
- Monitor authorization rates daily
- Implement intelligent retry strategy
- Use webhooks for real-time updates
- Regular reconciliation processes
- Test all updates in sandbox first
Security Enhancements
- Implement AVS and CVV verification
- Use risk-based authentication
- Enable device fingerprinting
- Implement IP filtering when necessary
- Regular security audits
Resources for Further Learning
Official Documentation
Support Channels
- Developer Support: devrel@checkout.com
- Technical Documentation: docs.checkout.com
- API Status: status.checkout.com
Community Resources
- Stack Overflow: [checkout.com] tag
- GitHub: Sample integration repositories
- YouTube: Checkout.com developer tutorials
This cheatsheet provides a comprehensive reference for implementing and optimizing Checkout.com payment processing. For the most current information, always refer to the official documentation as features and capabilities may evolve over time.