# Secure Card Capture Key Verifone provides multiple options to integrate to the eCommerce services: Checkout as a Hosted Payments Page (HPP), Checkout as an iFrame, and your own payment forms to capture card data. For all solutions, both Verifone and you (as a merchant) need to send the card or other sensitive data in a secure way. To encrypt card details or other sensitive data, Verifone gives you the possibility to generate a private-public key pair, called **Secure Card Capture Key**. ## Availability Available to all merchants integrating with Verifone's eCommerce services. **Mandatory on accounts that are using the v2 card capture** **method** and flow as the API cannot be used without a Secure Card Capture Key. ## Secure Card Capture Key A Secure Card Capture Key consists of: * a public key, accessible to you to use for encryption * a private key, only accessible to Verifone, to use for decryption * a public key alias, to allow Verifone to match the Secure Card Capture Key to be used for decryption when a Transaction is processed. At least one Secure Card Capture Key needs to be generated for the Organization for which encrypted card details will be needed (typically, this means the Organization with which card payments will be done). **To start accepting eCommerce card payments, you must create a public key for Secure Card Capture**. The public key for Secure Card Capture ensures any card details are encrypted in the browser, so that information can be safely passed from you (merchant) to Verifone. {% hint style="warning" %} The public key for the Secure Card Capture can be created only by a merchant with an Admin role, or by a Verifone Admin on behalf of the merchant. {% endhint %} ## Cardholder encryption card API parameters The cardholder data encrypted using the Verifone provided public key. This needs to be provided in base64 encoded format. The data to encrypt is a JSON with possible tags being `cardNumber`, `sequenceNumber`, `cardholderName`, `startMonth`, `startYear`, `expiryMonth`, `expiryYear`, `cvv`. This should be a single JSON line and should not contain any spaces. Additionally, a tag called `captureTime` must be presenting indicating the time the card was captured in UTC in format RFC 3339, section 5.6. **e.g.**, 2019-08-24T14:15:22Z. Encrypted card is valid for only 15 minutes.

Parameter name	Required/Optional	Description
`cardNumber`	Required	Primary account number (PAN), the card identifier found on payment cards. Numeric value with no spaces or separators allowed between the digits.
`sequenceNumber`	Optional	The sequence number is the field which can uniquely identify a card. When two or more cards have the same card number, this field helps to make the distinction between the cards.
`expiryMonth`	Required	Numeric value with length 2. e.g., March -> 03
`expiryYear`	Required	Numeric value with length 4, e.g., 2028 -> 2028
`cvv`	Optional	Numeric value with length 3 or 4
`cardholderName`	Optional	<= 30 characters, the card holder name as it appears on the card
`startMonth`	Optional	Numeric value representing the month when the card was issued
`startYear`	Optional	Numeric value representing the year when card was issued
`captureTime`	-	The time the card was captured in UTC in format RFC 3339, section 5.6. e.g., 2019-08-24T14:15:22Z.

## Generate a Secure Card Capture Key You can generate a Secure Card Capture Key if you have a Merchant Admin role, either via Verifone Central or via API. ### Generate a Secure Card Capture Key via Verifone Central Follow these steps to generate a Secure Card Capture Key via Verifone Central. 1. Log in to your Verifone Central account. 2. Navigate to **Administration** > **Organizations**, and select the required organization. 3. Scroll down to the bottom of the page to see the *Secure Card Capture* area. 4. Click on the **Create new public key** button.

### Generate a Secure Card Capture Key via API Follow these steps to generate a Secure Card Capture Key via API. 1. Authenticate as a Merchant Admin user and make sure this role is linked to the organization for which you want to generate a Secure Card Capture Key. 2. Send the [Generate Key Pair POST call](/api-reference/open-api-references/ecommerce.md). There is no limit on how many Secure Card Capture Keys an organization can have. ## The public key and public key alias The public key and the public key alias of a Secure Card Capture can be viewed anytime either via Verifone Central or via API. ### View a public key via Verifone Central Follow these steps to view a public key for Secure Card Capture via Verifone Central. 1. Navigate to **Administration** > **Organizations***.* 2. Select the organization for which to view the Secure Card Capture Key(s). 3. Scroll down to the bottom of the page to see the *Secure Card Capture* section where all the available Secure Card Capture Key(s) are displayed. ### View a public key via API 1. Authenticate as a Merchant Admin user and make sure this role is linked to the organization for which you want to view the Secure Card Capture Key(s). 2. Send the [List Key Pair GET call](/api-reference/open-api-references/ecommerce.md). 3. Send the [Deactivate Key Pair call](/api-reference/open-api-references/ecommerce.md) to deactivate the linked Secure Card Capture Key(s). Any commercially available encryption tools can be used to encrypt card details with the Verifone Secure Card Capture Key. Verifone uses openpgpjs [NPMJS's JS Library](https://www.npmjs.com/package/openpgp) on client for the cryptography of the encrypted Card data to be encrypted by the merchant prior to connecting to Verifone's GSC. The actual cryptography itself is Elliptic Key Cryptography, achieving the same level of security as OAEP, but with much smaller key sizes and hence requiring less computing power. Once this is done, you can start performing integration tests. By using the [API Keys](/online-payments/api-integration-methods-auth-and-endpoints/api-authentication.md) you created, you can authenticate with our Checkout API or eCommerce API. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.verifone.com/online-payments/api-integration-methods-auth-and-endpoints/secure-card-capture-key.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.