Skip to main content
It is possible to use Secure Fields to collect card details on a profile page to store the card on a buyer’s account. Secure Fields can then be used to collect the security code at checkout, allowing a buyer to use a stored card together with a securely collected security code.

1. Store card for future use

The first step is to store the card data for future use. Use the checkout session as described in our quick-start to store the card details as a new payment method in our vault. This can be done either at the time of creating a transaction by setting the store property to true, or when creating a new payment method directly from the checkout session. The returned payment method includes details about the card that was used, as well as the id of the payment method that we can use in the next step. 
{
    "type": "payment-method",
    "id": "77a76f7e-d2de-4bbc-ada9-d6a0015e6bd5",
    "method": "card",
    "scheme": "visa",
    "expiration_date": "07/24",
    ...
}

2. Collect the CVV

At checkout, Secure Fields can be used to collect the CVV for a previously stored card. When initializing Secure Fields, pass the paymentMethod object with both the id and scheme of the previously stored card. This enables proper validation for the security code based on the card scheme (e.g., 3 or 4 digits) and provides the appropriate security code label (CVV, CVC, CID) in the field data. 
<SecureFields
    gr4vyId="example"
    environment="sandbox"
    sessionId="332a6c3a-c4eb-45f6-9a4e-72af459535e2"
    paymentMethod={{
        id: "77a76f7e-d2de-4bbc-ada9-d6a0015e6bd5",
        scheme: "visa"
    }}
>
    <Form />
</SecureFields>
};
The paymentMethodId prop is deprecated but still supported for backward compatibility. We recommend using the new paymentMethod prop to benefit from scheme-specific CVV validation.
With this ID in place, you capture the security code securely. 
import {
  CardNumber,
  ExpiryDate,
  SecurityCode,
} from '@gr4vy/secure-fields-react'

const Form = () => {
  return (
    <> 
        <label htmlFor="cc-security-code">Security Code</label>
        <SecurityCode placeholder="Enter security code" />
        <button id='cc-button'>Store card data</button> 
    </>
  )
}
When using the paymentMethodId or paymentMethod object with Secure Fields, only the security code can be captured. Attempting to add any of the other fields (number, expiration date) will result in an error.

3. Create a transaction

When Secure Fields is submitted, it will collect the security code for the stored payment method. You can then create a transaction with the checkout session much like a regular Secure Fields transaction. 
var transaction = await _client.Transactions.CreateAsync(
    transactionCreate: new TransactionCreate()
    {
        Amount = 1299,
        Currency = "USD",
        Country = "US",
        PaymentMethod =
            TransactionCreatePaymentMethod.CreateCheckoutSessionWithUrlPaymentMethodCreate(
                new CheckoutSessionWithUrlPaymentMethodCreate()
                {
                    Id = checkoutSession.Id,
                }
            ),
    }
);
The returned transaction includes details about the payment method used, and the status of the transaction. 
{
  "type": "transaction",
  "id": "fe26475d-ec3e-4884-9553-f7356683f7f9",
  "status": "authentication_succeeded",
  "amount": 1299,
  "currency": "AUD",
  "payment_method": {
    "type": "payment-method",
    "id": "77a76f7e-d2de-4bbc-ada9-d6a0015e6bd5",
    "method": "card",
    "scheme": "visa",
    "expiration_date": "07/24",
    ...
  },
  ...
}