Portuguese (BR)
Docs
API StatusSupport

Silent Order Post

Silent Order Post (SOP) is a service that offers the buyer more security and control over the checkout experience; it is ideal for stores that do not have the structure to comply with all PCI DSS security requirements for the use of credit cards.

Silent Order Post allows you to send your customer's payment data securely, directly to our system. The buyer's card data, such as card number and expiration date, do not travel through the store environment and are stored in encrypted form (token) in our environment, which is PCI DSS certified.

ℹ️

What is PCI DSS certification?

It is a global standard for card data security. PCI DSS was developed to encourage and improve payment data security and facilitate the widespread adoption of consistent data security measures.
Certification is mandatory for an e-commerce company to receive, process and store card data.

Main benefits

  • Direct data collection: payment data is collected directly from our systems by a script, through the fields defined in your checkout;
  • Full compatibility: the solution is compatible with all payment methods available on the Gateway (national and international);
  • PCI DSS certification: Our certification guarantees full compliance with card industry standards, reducing the scope of PCI DSS;
  • Customized checkout: customization offers full control over the checkout experience and elements of your brand.

Supported payment methods

Silent Order Post is capable of encrypting credit, debit, voucher and multiple cards, as long as they comply with the mod10 format.

How it works

The store integrates the Silent Order Post script on the checkout page (client-side). When the buyer enters card details at checkout, this data is passed directly to our environment via the installed script. Our API generates a temporary token for the buyer's card, the PaymentToken, which must be used by the store to request authorization of the transaction. This way, sensitive card data does not pass through your e-commerce environment.

Silent Order Post transaction flow
  1. The shopper accesses the store's checkout screen;
  2. The checkout page script requests the access_token for the OAuth2 authenticator;
  3. OAuth2 returns the access_token;
  4. The checkout page script requests the access_token from the Silent Order Post (access_token SOP), informing the access_token obtained in the previous step;
  5. The Silent Order Post returns the access_token SOP;
  6. The shopper fills in the payment data on the checkout screen;
  7. The checkout page script sends the card data to the Silent Order Post, informing the AccessToken SOP;
  8. The Silent Order Post returns the PaymentToken (encrypted card);
  9. The checkout page script sends the PaymentToken to the store's server, and the server sends the transaction authorization request to the API do Gateway de Pagamento, informing the PaymentToken;
  10. The Gateway de Pagamento returns the authorization response;
  11. The store confirms the shopper order, if desired.

Silent Order Post allows for more security without interfering with your page layout.

Silent Order Post with VerifyCard

It is possible enable VerifyCard together with Silent Order Post. This way, your store can check if the card is valid before requesting authorization.

VerifyCard is made up of two services: Zero Auth and Consulta BIN.

  • Zero Auth: it is a service that identifies whether a card is valid or not, through an operation similar to an authorization, but with a value of R$0.00. Zero Auth simulates an authorization without affecting the credit limit or alerting the cardholder about the test;
  • Consulta BIN: it is a service available exclusively to Cielo customers that returns card information based on the BIN (first six digits of the card), such as the card brand, whether the card is debit, credit or multiple, whether it is national or international, whether it is a corporate card, issuing bank and whether it is a prepaid card.
  1. The shopper accesses the store's checkout screen;
  2. The checkout page script requests the access_token for the OAuth2 authenticator;
  3. OAuth2 returns the access_token;
  4. The checkout page script requests the AccessToken from the Silent Order Post (AccessToken SOP), informing the access_token obtained in the previous step;
  5. The Silent Order Post returns the AccessToken SOP;
  6. The shopper fills in the payment data on the checkout screen;
  7. The checkout page script sends the card data to the Silent Order Post, informing the AccessToken SOP;
  8. The Silent Order Post requests card validation from VerifyCard;
  9. VerifyCard returns the result of ZeroAuth and Consulta BIN;
  10. The Silent Order Post returns the PaymentToken (encrypted card);
  11. The checkout page script sends the PaymentToken to the store's server, and the server sends the transaction authorization request to the API Gateway de Pagamento, informing the PaymentToken;
  12. The Gateway de Pagamento returns the authorization response;
  13. The store confirms the buyer's order, if desired.

Updated 11 days ago