I've started to process about encryption/decryption with mVisa Receive Side API.
Why do shared secret key I got in my project has length of 40 bytes, I expected it's length is 32 bytes corresponding to 256-bit.
This document decribes that it use AESGCM 256, as "The field is sent in encrypted format using the AES GCM (i.e. Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM)) algorithm for JSON Web Encryption (JWE) objects with 256-bit key (i.e. the shared secret between Visa and client for encryption and decryption of payload data)"
Thanks for inquiring about the Visa Direct mVisa API. Before moving forward, it is important to review the Visa Direct documentation via this link - https://developer.visa.com/capabilities/visa_direct/docs
In particular, please see the top few paragraphs that are shaded in yellow that discuss the requirements to use Visa Direct. After having read the documentation, if you meet those requirements, then please click through the link in those paragraphs to the Visa Direct Program Implementation Questionnaire, fill it out, and submit to the email address listed on that form. Please let us know if you have other questions.
I've started to process about encryption/decryption with mVisa Receive Side API. Why do shared secret key I got in my mcdvoice project has length of 40 bytes, I expected it's length is 32 bytes corresponding to 256-bit.
This VDP website is not a solution for end users, so I won't be able to help you out with your personal inquiry.
If I've misunderstood, and you are a developer looking to build a solution for your customers, please visit this link to "Get Started" and find an API that meets your use case. https://developer.visa.com/pages/working-with-visa-apis
Hey there @denial245,
For Visa Direct, it's not required to have the IV for GCM mode. We support only AES – GCM algorithm. IV is not applicable for encryption/decryption as we use the GCM mode in AES.
Can you please provide us with your use case so that I can assist you further?
Please take a look at our website for specific APIs relevant to your business case. https://developer.visa.com/apibrowser
For payment methods, please take a look at the links provided to you below and let us know which one would be a good fit for your use case.
Visa’s Payment Methods APIs aim to help process payments securely, safely, and quickly. Payment Methods APIs - https://developer.visa.com/site/payment-methods
Visa Checkout provides a single sign-in service to pay for online shopping purchases. After a simple setup, Visa Checkout users can skip inputting their payment and shipping information for their orders. Visa Checkout works across multiple devices so online shopping stays easy. Visa Checkout - https://developer.visa.com/capabilities/visa_checkout/docs
CyberSouce Payments can process credit, debit and gift cards across the globe and across multiple channels with scalability and security. CyberSource supports an extensive list of payment cards and offers a wide choice of gateways and acquiring banks, all through one connection. CyberSource Payments - https://developer.visa.com/capabilities/cybersource/docs
Visa Direct offers real-time payment capabilities over Visa’s global, interoperable network. Businesses and consumers can make payments to eligible card accounts, using solutions developed with participating financial institutions or payment service providers. Visa Direct - https://developer.visa.com/capabilities/visa_direct/docs
First of all thanks for helping out everyone who is posting queries in this thread.
I am currently working on a project which is distro.fm in which I want to collect money for a charity firm. I have the option of Paypal integration in my site, means users can donate money via PayPal but many of them have asked me to integrate Credit card (especially visa) to integrate into the checkout page. So, I have read the agreement and about encryption/decryption with mVisa Receive Side API. My question is that is it totally safe for the user perspective? does my user's data safe if they transact using mVisa? I know that AESGCM 256 encryption is good but still want to confirm from you.