Dokumentation

1Why do we collect device data?

We collect device data to prevent fraud, to detect the user’s language and the user’s time zone. Additionally we need to read the cookie to use device based testing. Device based testing allows to configure per device if a transaction should be executed in the test environment.

Additionally some processors require a so called device fingerprint to reduce fraud. The fingerprint is calculated based up on the device of the user.

2Device Data Collection Integration

Most of the data will be collected automatically by embedding the IFrame resp. when the buyer is redirected to our payment page.

However we can collect only data sent by the browser in the HTTP header. We cannot collect a device fingerprint, since it is calculated clientside on the device. Additionally for device based testing we need to know if we should enforce the test environment before we create the transaction. The redirection to the payment page and the embedding of the IFrame is done after the transaction has been created.

Based up on the above reasons we provde a JavaScript file which can be embedded into the website. The collected data can be linked with the transaction by providing a sessionIdentifier in the JavaScript URL and within the creation call of the transaction. Through this we can link the collected device data and the transaction.

The script can be embeded like:

<script src="https://checkout.postfinance.ch/s/[spaceId]/payment/device.js?sessionIdentifier=[UniqueSessionIdentifier]" async="async"></script>

Where the [spaceId] is the ID of the space for which the script should be loaded for. The [UniqueSessionIdentifier] is a unique identifier of the session of the buyer. You may want to write this into a cookie or use a session storage to keep this identifier.

The script should be added in the payment flow before creating the transaction. Since you need to provide the sessionIdentifier in the creation request and we will apply the collected data only during the creation of the transaction. Which means that the script has to be executed already by the browser of the buyer. The execution will take up to 5 seconds. The execution will be done in the background. The web page will load completely even the execution has not completed.

Note
The integration of the device collecting JavaScript is optional. However it is highly recommended to improve the overall payment process for certain processors and to enable device based testing.

3Where can I find the collected data?

The data we collect will be assigned to the transaction. It can be queried through the web service API. The data is also visible in the transaction view in our backend.

Data which is collected by the processors will not be shown. Please get in contact with the corresponding processor to find out where you can find the collected data and for what it is used for.

4Content Security Policy Implications

Please be adviced that applying a content security policy within your checkout process may affect the embedding of the script. You may want to white list the script and check if there are other scripts loaded which may require to be white listed too.

You can find loading errors in the browser console. Those loading errors may be caused by the specified conten security policy.