Partner applications can use the Web Payments SDK to create PCI-compliant inputs to accept payments online with the Payments API. The App Marketplace requirements described in this topic apply to partner applications that use the Web Payments SDK.
Square performs client-side validation on Web Payments SDK card entry fields, such as an improper credit card number length, a wrong expiration date format, an incomplete ZIP code, and a non-credit-card number. Partners must handle all form validation errors and clearly display them to buyers when appropriate.
If credit card details are entered in the card form in a correct format but specific field values are wrong (such as an invalid expiration date or invalid card number), the card still passes the client-side validation but fails when the payment is actually attempted. Partners must handle these errors and display a user-friendly error message on the payment form if the payment attempt fails and ask the customer to re-enter the card details.
If a partner application supports ACH, they must implement the following practices:
- The application must present the modal window for ACH clearly and in an accessible way.
- The partner application must fail gracefully if a user doesn't complete the transaction.
- ACH is currently only supported in the United States and can take 3–5 business days to complete.
If a partner application supports Strong Customer Authentication (SCA), they must implement the following practices:
Partner applications must use SCA and the Payments.verifyBuyer() function if they provide any customer-facing payment flow taken in the United Kingdom and EU (where Square is available).
Partner applications must fail gracefully to a user-friendly experience if a card payment fails to be validated through SCA.
Seller-facing payment flows aren't required to incorporate the
verifyBuyer
functions at this time. Contact Square to enable the ability to flag payments that don't have theverifyBuyer
functions incorporated.