Security Requirements
- Your website must use HTTPS.
- Do not publish your public Key outside of your code.
Technical Requirements
- The page that hosts the JavaScript-SDK MUST be hosted on a webserver. The JavaScript-SDK will not work if
the page is loaded via the file URI scheme.
- When using the VP8300 USB card reader, the reader must be plugged into a USB port supporting USB 2.0 or higher
Browser Support
Clearent’s JavaScript-SDK solution will work with
- Chrome
- Firefox
- Edge
- Safari
Ending Support For IE 11 Browser and Legacy Edge
On August 17, 2020
Microsoft announced that they would be ending support for IE 11 or legacy Edge in Microsoft Teams and
M365. We believe that focusing on modern browsers that
provide a faster, more secure, more robust browsing experience is the right decision.
Beginning July 1st, 2021, we will no longer be providing coding shims (polyfills) for missing
functionality in IE 11 or legacy Edge. Please note, legacy Edge refers to the
older pre-Chromium Edge browser released prior to January 2020. Modern Edge browser is supported.
Card Validation
In accordance with best security practices, all client data is validated on Clearent servers. We do perform
basic client-side validation to improve the user-experience and reduce errors.
Credit card numbers are validated on the client as follows:
- Get card token or card field value (remove any non-numeric characters)
- Remaining digits must pass Luhn algorithm. This does not guarantee that the card is valid, simply that
the card could be a valid card. This is done to help prevent typing errors.
The card number is not validated during this process
and the user may
have still entered a cancelled, non-issued or otherwise invalid card. The payment information is not
validated on the backend
until the sale request is made from your backend.
This behavior is intentional and is done to prevent a hacker from attempting to use your website as a
validator for stolen
credit cards.
Expiration Date Validation
Expiration date is required for all transactions unless the merchant is storing and presenting card tokens to
the user
- Get expiration date field (remove any non-numeric characters)
- Entered value must be four digits, 2-digit month and 2-digit year (MMYY)
- Entered year must be > current year OR (entered year must be >= current year AND entered month must be
>= current month)
CSC/CVC Validation
By default, the card security code (CSC, CID, CVC, CVV, CVV2) is required for all transactions.
- Get CSC/CVC field (remove any non-numeric characters)
- If card is Visa, MasterCard, Discover, Diner’s Club or JCB then the security code must be 3 digits
- If card is American Express then security code must be 4 digits