Class PaymentInstrument

• TopLevel.Object
  • dw.object.PersistentObject
    • dw.object.ExtensibleObject
      • dw.customer.EncryptedObject
        • dw.order.PaymentInstrument

Base class for payment instrument either stored in the customers profile or related to an order. A payment instrument can be credit card or bank transfer. The object defines standard methods for credit card payment, and can be extended by attributes appropriate for other payment methods.

Note: this class handles sensitive financial and card holder data. Pay special attention to PCI DSS v3. requirements 1, 3, 7, and 9.

CustomerPaymentInstrument, OrderPaymentInstrument

Constant	Description
ENCRYPTION_ALGORITHM_RSA: String = "RSA"	The outdated encryption algorithm "RSA/ECB/PKCS1Padding".
ENCRYPTION_ALGORITHM_RSA_ECB_OAEPWITHSHA_256ANDMGF1PADDING: String = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"	The encryption algorithm "RSA/ECB/OAEPWithSHA-256AndMGF1Padding".
METHOD_BANK_TRANSFER: String = "BANK_TRANSFER"	Represents a bank transfer type of payment.
METHOD_BML: String = "BML"	Represents a 'bill me later' type of payment.
METHOD_CREDIT_CARD: String = "CREDIT_CARD"	Represents a credit card type of payment.
METHOD_DW_ANDROID_PAY: String = "DW_ANDROID_PAY"	Represents an Android Pay payment.
METHOD_DW_APPLE_PAY: String = "DW_APPLE_PAY"	Represents an Apple Pay payment.
METHOD_GIFT_CERTIFICATE: String = "GIFT_CERTIFICATE"	Represents a gift certificate.

Property	Description
bankAccountDriversLicense: String	Returns the driver's license number associated with the bank account if the calling context meets the following criteria: If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a storefront request, and the current customer is identical to the customer related to the basket, and the current protocol is HTTPS If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS If the instance is a OrderPaymentInstrumentInfo, and the account information has not been masked as a result of the data retention security policy for the site
bankAccountDriversLicenseLastDigits: String (read-only)	Returns the last 4 characters of the decrypted driver's license number of the bank account associated with this PaymentInstrument.
bankAccountDriversLicenseStateCode: String	Returns the driver's license state code associated with a bank account payment instrument.
bankAccountHolder: String	Returns the full name of the holder of a bank account payment instrument.
bankAccountNumber: String	Returns the bank account number if the calling context meets the following criteria: If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a storefront request, and the current customer is identical to the customer related to the basket, and the current protocol is HTTPS If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS If the instance is a OrderPaymentInstrumentInfo, and the account information has not been masked as a result of the data retention security policy for the site
bankAccountNumberLastDigits: String (read-only)	Returns the last 4 characters of the decrypted bank account number.
bankRoutingNumber: String	Returns the bank routing number of a bank account payment instrument.
creditCardExpirationMonth: Number	Returns the month of the year in which the credit card expires (1-12).
creditCardExpirationYear: Number	Returns the year in which the credit card expires, such as '2004'.
creditCardExpired: Boolean (read-only)	Returns true if this payment instrument represents an expired credit card.
creditCardHolder: String	Returns the name of the credit card owner.
creditCardIssueNumber: String	Returns the credit card issue number.
creditCardNumber: String	Returns the decrypted credit card number if the calling context meets the following criteria: If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS If the instance is a OrderPaymentInstrument in the context of a storefront request, and the current authenticated customer is referenced by the basket or order, and the current protocol is HTTPS.
creditCardNumberLastDigits: String (read-only)	Returns the last 4 characters of the decrypted credit card number.
creditCardToken: String	Secure credit card data can be replaced by a token by utilizing a tokenization provider, which securely stores the credit card data using the token as a key.
creditCardType: String	Returns the type of the credit card.
creditCardValidFromMonth: Number	Returns the month of the year in which the credit card became valid (1-12).
creditCardValidFromYear: Number	Returns the year in which the credit card became valid, such as '2001'.
giftCertificateCode: String	Returns the Gift Certificate code for this Payment Instrument.
giftCertificateID: String	Returns the Gift Certificate ID for this Payment Instrument.
maskedBankAccountDriversLicense: String (read-only)	Returns the decrypted driver's license number of the bank account with all but the last 4 characters replaced with a '*' character.
maskedBankAccountNumber: String (read-only)	Returns the decrypted bank account number with all but the last 4 characters replaced with a '*' character.
maskedCreditCardNumber: String (read-only)	Returns the decrypted credit card number with all but the last 4 characters replaced with a '*' character.
maskedGiftCertificateCode: String (read-only)	Returns the masked gift certificate code with all but the last 4 characters replaced with a '*' character.
paymentMethod: String (read-only)	Returns the identifier of the payment method represented by this payment instrument.
permanentlyMasked: Boolean (read-only)	Returns true if the account information for this Payment Instrument has been permanently masked as a result of the data retention security policy for the site or a creditcard tokenization, and false otherwise.

This class does not have a constructor, so you cannot create it directly.

Method	Description
getBankAccountDriversLicense()	Returns the driver's license number associated with the bank account if the calling context meets the following criteria: If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a storefront request, and the current customer is identical to the customer related to the basket, and the current protocol is HTTPS If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS If the instance is a OrderPaymentInstrumentInfo, and the account information has not been masked as a result of the data retention security policy for the site
getBankAccountDriversLicenseLastDigits()	Returns the last 4 characters of the decrypted driver's license number of the bank account associated with this PaymentInstrument.
getBankAccountDriversLicenseLastDigits(Number)	Returns the last specified number of characters of the decrypted driver's license number of the bank account associated with this PaymentInstrument.
getBankAccountDriversLicenseStateCode()	Returns the driver's license state code associated with a bank account payment instrument.
getBankAccountHolder()	Returns the full name of the holder of a bank account payment instrument.
getBankAccountNumber()	Returns the bank account number if the calling context meets the following criteria: If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a storefront request, and the current customer is identical to the customer related to the basket, and the current protocol is HTTPS If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS If the instance is a OrderPaymentInstrumentInfo, and the account information has not been masked as a result of the data retention security policy for the site
getBankAccountNumberLastDigits()	Returns the last 4 characters of the decrypted bank account number.
getBankAccountNumberLastDigits(Number)	Returns the last specified number of characters of the decrypted bank account card number.
getBankRoutingNumber()	Returns the bank routing number of a bank account payment instrument.
getCreditCardExpirationMonth()	Returns the month of the year in which the credit card expires (1-12).
getCreditCardExpirationYear()	Returns the year in which the credit card expires, such as '2004'.
getCreditCardHolder()	Returns the name of the credit card owner.
getCreditCardIssueNumber()	Returns the credit card issue number.
getCreditCardNumber()	Returns the decrypted credit card number if the calling context meets the following criteria: If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS If the instance is a OrderPaymentInstrument in the context of a storefront request, and the current authenticated customer is referenced by the basket or order, and the current protocol is HTTPS.
getCreditCardNumberLastDigits()	Returns the last 4 characters of the decrypted credit card number.
getCreditCardNumberLastDigits(Number)	Returns the last specified number of characters of the decrypted credit card number.
getCreditCardToken()	Secure credit card data can be replaced by a token by utilizing a tokenization provider, which securely stores the credit card data using the token as a key.
getCreditCardType()	Returns the type of the credit card.
getCreditCardValidFromMonth()	Returns the month of the year in which the credit card became valid (1-12).
getCreditCardValidFromYear()	Returns the year in which the credit card became valid, such as '2001'.
getEncryptedBankAccountDriversLicense(String, String)	Encrypts the driver's license number of the bank account of this object with the given algorithm and the given public key.
getEncryptedBankAccountNumber(String, String)	Encrypts the bank account number of this object with the given algorithm and the given public key.
getEncryptedCreditCardNumber(String, CertificateRef)	Encrypts the credit card number of this object with the given algorithm and the public key taken from a certificate in the keystore.
getEncryptedCreditCardNumber(String, String)	Encrypts the credit card number of this object with the given algorithm and the given public key.
getGiftCertificateCode()	Returns the Gift Certificate code for this Payment Instrument.
getGiftCertificateID()	Returns the Gift Certificate ID for this Payment Instrument.
getMaskedBankAccountDriversLicense()	Returns the decrypted driver's license number of the bank account with all but the last 4 characters replaced with a '*' character.
getMaskedBankAccountDriversLicense(Number)	Returns the decrypted driver's license number of the bank account with all but the specified number characters replaced with a '*' character.
getMaskedBankAccountNumber()	Returns the decrypted bank account number with all but the last 4 characters replaced with a '*' character.
getMaskedBankAccountNumber(Number)	Returns the decrypted bank account number with all but the specified number characters replaced with a '*' character.
getMaskedCreditCardNumber()	Returns the decrypted credit card number with all but the last 4 characters replaced with a '*' character.
getMaskedCreditCardNumber(Number)	Returns the decrypted credit card number with all but the specified number characters replaced with a '*' character.
getMaskedGiftCertificateCode()	Returns the masked gift certificate code with all but the last 4 characters replaced with a '*' character.
getMaskedGiftCertificateCode(Number)	Returns the masked gift certificate code with all but the specified number of characters replaced with a '*' character.
getPaymentMethod()	Returns the identifier of the payment method represented by this payment instrument.
isCreditCardExpired()	Returns true if this payment instrument represents an expired credit card.
isPermanentlyMasked()	Returns true if the account information for this Payment Instrument has been permanently masked as a result of the data retention security policy for the site or a creditcard tokenization, and false otherwise.
setBankAccountDriversLicense(String)	Set the driver's license number associated with a bank account payment instrument.
setBankAccountDriversLicenseStateCode(String)	Set the driver's license state code associated with a bank account payment instrument.
setBankAccountHolder(String)	Set the full name of the holder of a bank account payment instrument.
setBankAccountNumber(String)	Set the bank account number of a bank account payment instrument.
setBankRoutingNumber(String)	Set the bank routing number of a bank account payment instrument.
setCreditCardExpirationMonth(Number)	Sets the month of the year in which the credit card expires.
setCreditCardExpirationYear(Number)	Sets the year in which the credit card expires, such as '2004'.
setCreditCardHolder(String)	Sets the name of the credit card owner.
setCreditCardIssueNumber(String)	Set the credit card issue number.
setCreditCardNumber(String)	Sets the credit card number for this payment.
setCreditCardToken(String)	Secure credit card data can be replaced by a token by utilizing a tokenization provider, which securely stores the credit card data using the token as a key.
setCreditCardType(String)	Sets the type of the credit card.
setCreditCardValidFromMonth(Number)	Sets the month of the year in which the credit card became valid (1-12).
setCreditCardValidFromYear(Number)	Sets the year in which the credit card became valid, such as '2001'.
setGiftCertificateCode(String)	Sets the Gift Certificate code for this Payment Instrument.
setGiftCertificateID(String)	Sets the Gift Certificate ID for this Payment Instrument.

describe, getCustom

getCreationDate, getLastModified, getUUID

assign, create, create, defineProperties, defineProperty, entries, freeze, fromEntries, getOwnPropertyDescriptor, getOwnPropertyNames, getOwnPropertySymbols, getPrototypeOf, hasOwnProperty, is, isExtensible, isFrozen, isPrototypeOf, isSealed, keys, preventExtensions, propertyIsEnumerable, seal, setPrototypeOf, toLocaleString, toString, valueOf, values

ENCRYPTION_ALGORITHM_RSA: String = "RSA"

The outdated encryption algorithm "RSA/ECB/PKCS1Padding". Please do not use anymore!

Deprecated:

Support for this algorithm will be removed in a future release. Please use ENCRYPTION_ALGORITHM_RSA_ECB_OAEPWITHSHA_256ANDMGF1PADDING instead.

---

ENCRYPTION_ALGORITHM_RSA_ECB_OAEPWITHSHA_256ANDMGF1PADDING: String = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"

The encryption algorithm "RSA/ECB/OAEPWithSHA-256AndMGF1Padding".

---

METHOD_BANK_TRANSFER: String = "BANK_TRANSFER"

Represents a bank transfer type of payment.

---

METHOD_BML: String = "BML"

Represents a 'bill me later' type of payment.

---

METHOD_CREDIT_CARD: String = "CREDIT_CARD"

Represents a credit card type of payment.

---

METHOD_DW_ANDROID_PAY: String = "DW_ANDROID_PAY"

Represents an Android Pay payment.

---

METHOD_DW_APPLE_PAY: String = "DW_APPLE_PAY"

Represents an Apple Pay payment.

---

METHOD_GIFT_CERTIFICATE: String = "GIFT_CERTIFICATE"

Represents a gift certificate.

---

bankAccountDriversLicense: String

Returns the driver's license number associated with the bank account if the calling context meets the following criteria:

• If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a storefront request, and the current customer is identical to the customer related to the basket, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS
• If the instance is a OrderPaymentInstrumentInfo, and the account information has not been masked as a result of the data retention security policy for the site

Otherwise, the method returns the masked driver's license number. If a basket is reopened with OrderMgr.failOrder(Order, Boolean), it always masks sensitive information because during order creation, basket payment information is permanently masked.

See Also:

• isPermanentlyMasked()

---

bankAccountDriversLicenseLastDigits: String (read-only)

Returns the last 4 characters of the decrypted driver's license number of the bank account associated with this PaymentInstrument.

If the number is empty or null it will be returned without an exception.

---

bankAccountDriversLicenseStateCode: String

Returns the driver's license state code associated with a bank account payment instrument. Returns null for other payment methods.

---

bankAccountHolder: String

Returns the full name of the holder of a bank account payment instrument. Returns null for other payment methods.

---

bankAccountNumber: String

Returns the bank account number if the calling context meets the following criteria:

• If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a storefront request, and the current customer is identical to the customer related to the basket, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS
• If the instance is a OrderPaymentInstrumentInfo, and the account information has not been masked as a result of the data retention security policy for the site

Otherwise, the method returns the masked bank account number. If a basket is reopened with OrderMgr.failOrder(Order, Boolean), it always masks sensitive information because during order creation, basket payment information is permanently masked.

See Also:

• isPermanentlyMasked()

---

bankAccountNumberLastDigits: String (read-only)

Returns the last 4 characters of the decrypted bank account number.

If the number is empty or null, it will be returned without an exception.

---

bankRoutingNumber: String

Returns the bank routing number of a bank account payment instrument. Returns null for other payment methods.

If account information has been masked due to the data retention security policy for the site, the return value is fully masked.

See Also:

• isPermanentlyMasked()

---

creditCardExpirationMonth: Number

Returns the month of the year in which the credit card expires (1-12).

---

creditCardExpirationYear: Number

Returns the year in which the credit card expires, such as '2004'.

---

creditCardExpired: Boolean (read-only)

Returns true if this payment instrument represents an expired credit card. This check is only logical if the credit card expiration month and year are set. If either of these attributes are not set, then this method always returns false.

---

creditCardHolder: String

Returns the name of the credit card owner.

---

creditCardIssueNumber: String

Returns the credit card issue number. This attribute is only used by specific credit/debit card processors such as Solo and Switch in the UK.

---

creditCardNumber: String

Returns the decrypted credit card number if the calling context meets the following criteria:

• If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrument in the context of a storefront request, and the current authenticated customer is referenced by the basket or order, and the current protocol is HTTPS.
• If the customer is anonymous, and the customer is referenced by the order, and the protocol is secure and the order status is CREATED.
• If the instance is a OrderPaymentInstrument, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS
• If the instance is a OrderPaymentInstrument, and the account information has not been masked as a result of the data retention security policy for the site

Otherwise, the method returns the masked credit card number. If a basket is reopened with OrderMgr.failOrder(Order, Boolean), it always masks sensitive information because during order creation, basket payment information is permanently masked.

See Also:

• isPermanentlyMasked()

---

creditCardNumberLastDigits: String (read-only)

Returns the last 4 characters of the decrypted credit card number.

If the number is empty or null it will be returned without an exception.

---

creditCardToken: String

Secure credit card data can be replaced by a token by utilizing a tokenization provider, which securely stores the credit card data using the token as a key. The stored data can later reused by including the token in a request. In this way credit card processes such as authorization and capture can be implemented without being responsible for persisting the credit card data.

---

creditCardType: String

Returns the type of the credit card.

---

creditCardValidFromMonth: Number

Returns the month of the year in which the credit card became valid (1-12). This attribute is not used by all credit card types.

---

creditCardValidFromYear: Number

Returns the year in which the credit card became valid, such as '2001'. This attribute is not used by all credit card types.

---

giftCertificateCode: String

Returns the Gift Certificate code for this Payment Instrument.

---

giftCertificateID: String

Returns the Gift Certificate ID for this Payment Instrument.

Deprecated:

Use getGiftCertificateCode()

---

maskedBankAccountDriversLicense: String (read-only)

Returns the decrypted driver's license number of the bank account with all but the last 4 characters replaced with a '*' character.

If the driver's license number is empty, it will be returned without an exception.

---

maskedBankAccountNumber: String (read-only)

Returns the decrypted bank account number with all but the last 4 characters replaced with a '*' character.

If the number is empty (i.e. "" or null), it will be returned without an exception.

---

maskedCreditCardNumber: String (read-only)

Returns the decrypted credit card number with all but the last 4 characters replaced with a '*' character.

If the number is empty, it will be returned without an exception.

---

maskedGiftCertificateCode: String (read-only)

Returns the masked gift certificate code with all but the last 4 characters replaced with a '*' character.

---

paymentMethod: String (read-only)

Returns the identifier of the payment method represented by this payment instrument.

---

permanentlyMasked: Boolean (read-only)

Returns true if the account information for this Payment Instrument has been permanently masked as a result of the data retention security policy for the site or a creditcard tokenization, and false otherwise.

When account information is masked only the last 4 digits of the credit card or bank account number are recoverable. The bank account driver's license number and bank routing number are completely masked.

---

getBankAccountDriversLicense(): String

Returns the driver's license number associated with the bank account if the calling context meets the following criteria:

• If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a storefront request, and the current customer is identical to the customer related to the basket, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS
• If the instance is a OrderPaymentInstrumentInfo, and the account information has not been masked as a result of the data retention security policy for the site

Otherwise, the method returns the masked driver's license number. If a basket is reopened with OrderMgr.failOrder(Order, Boolean), it always masks sensitive information because during order creation, basket payment information is permanently masked.

Returns:

• the driver's license number if the calling context meets the necessary criteria.

See Also:

• isPermanentlyMasked()

---

getBankAccountDriversLicenseLastDigits(): String

Returns the last 4 characters of the decrypted driver's license number of the bank account associated with this PaymentInstrument.

If the number is empty or null it will be returned without an exception.

Returns:

• the last 4 characters of the de-crypted driver's license number.

---

getBankAccountDriversLicenseLastDigits(count: Number): String

Returns the last specified number of characters of the decrypted driver's license number of the bank account associated with this PaymentInstrument.

If the number is empty (i.e. "" or null), it will be returned without an exception.

Note that count is limited to 4 in an unsecure environment, and if account information for this payment instrument has been masked due to the data retention security policy for the site.

Parameters:

• count - number of characters to be returned.

Returns:

• the last specified number of characters of the decrypted driver's license number.

See Also:

• isPermanentlyMasked()

---

getBankAccountDriversLicenseStateCode(): String

Returns the driver's license state code associated with a bank account payment instrument. Returns null for other payment methods.

Returns:

• the state in which the bank account driver's license was issued.

---

getBankAccountHolder(): String

Returns the full name of the holder of a bank account payment instrument. Returns null for other payment methods.

Returns:

• the bank account holder's full name.

---

getBankAccountNumber(): String

Returns the bank account number if the calling context meets the following criteria:

• If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a storefront request, and the current customer is identical to the customer related to the basket, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrumentInfo, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS
• If the instance is a OrderPaymentInstrumentInfo, and the account information has not been masked as a result of the data retention security policy for the site

Otherwise, the method returns the masked bank account number. If a basket is reopened with OrderMgr.failOrder(Order, Boolean), it always masks sensitive information because during order creation, basket payment information is permanently masked.

Returns:

• the bank account number if the calling context meets the necessary criteria.

See Also:

• isPermanentlyMasked()

---

getBankAccountNumberLastDigits(): String

Returns the last 4 characters of the decrypted bank account number.

If the number is empty or null, it will be returned without an exception.

Returns:

• the last 4 characters of the decrypted bank account number.

---

getBankAccountNumberLastDigits(count: Number): String

Returns the last specified number of characters of the decrypted bank account card number.

If the number is empty (i.e. "" or null), it will be returned without an exception.

Note that count is limited to 4 in an unsecure environment, and if account information for this payment instrument has been masked due to the data retention security policy for the site.

Parameters:

• count - number of characters to be returned.

Returns:

• the last specified characters of the decrypted bank account number.

See Also:

• isPermanentlyMasked()

---

getBankRoutingNumber(): String

Returns the bank routing number of a bank account payment instrument. Returns null for other payment methods.

If account information has been masked due to the data retention security policy for the site, the return value is fully masked.

Returns:

• the bank account rounting number.

See Also:

• isPermanentlyMasked()

---

getCreditCardExpirationMonth(): Number

Returns the month of the year in which the credit card expires (1-12).

Returns:

• the month of the year in which the credit card expires (1-12).

---

getCreditCardExpirationYear(): Number

Returns the year in which the credit card expires, such as '2004'.

Returns:

• the year in which the credit card expires.

---

getCreditCardHolder(): String

Returns the name of the credit card owner.

Returns:

• the name of the credit card owner.

---

getCreditCardIssueNumber(): String

Returns the credit card issue number. This attribute is only used by specific credit/debit card processors such as Solo and Switch in the UK.

Returns:

• the credit card issue number

---

getCreditCardNumber(): String

Returns the decrypted credit card number if the calling context meets the following criteria:

• If the instance is a CustomerPaymentInstrument, and we are in the context of a storefront request, and the current customer is registered and authenticated, and the payment instrument is associated to the profile of the current customer, and the current protocol is HTTPS
• If the instance is a OrderPaymentInstrument in the context of a storefront request, and the current authenticated customer is referenced by the basket or order, and the current protocol is HTTPS.
• If the customer is anonymous, and the customer is referenced by the order, and the protocol is secure and the order status is CREATED.
• If the instance is a OrderPaymentInstrument, and we are in the context of a business manager request, and the current user has the permission MANAGE_ORDERS
• If the instance is a OrderPaymentInstrument, and the account information has not been masked as a result of the data retention security policy for the site

Otherwise, the method returns the masked credit card number. If a basket is reopened with OrderMgr.failOrder(Order, Boolean), it always masks sensitive information because during order creation, basket payment information is permanently masked.

Returns:

• the decrypted credit card number if the calling context meets the necessary criteria.

See Also:

• isPermanentlyMasked()

---

getCreditCardNumberLastDigits(): String

Returns the last 4 characters of the decrypted credit card number.

If the number is empty or null it will be returned without an exception.

Returns:

• the last 4 characters of the de-crypted credit card number.

---

getCreditCardNumberLastDigits(count: Number): String

Returns the last specified number of characters of the decrypted credit card number.

If the number is empty (i.e. "" or null), it will be returned without an exception.

Note that count is limited to 4 in an unsecure environment, and if account information for this payment instrument has been masked due to the data retention security policy for the site.

Parameters:

• count - number of characters to be returned.

Returns:

• the last specified number of characters of the decrypted credit card number.

See Also:

• isPermanentlyMasked()

---

getCreditCardToken(): String

Secure credit card data can be replaced by a token by utilizing a tokenization provider, which securely stores the credit card data using the token as a key. The stored data can later reused by including the token in a request. In this way credit card processes such as authorization and capture can be implemented without being responsible for persisting the credit card data.

Returns:

• the token

---

getCreditCardType(): String

Returns the type of the credit card.

Returns:

• the type of the credit card.

---

getCreditCardValidFromMonth(): Number

Returns the month of the year in which the credit card became valid (1-12). This attribute is not used by all credit card types.

Returns:

• the month of the year in which the credit card became valid (1-12).

---

getCreditCardValidFromYear(): Number

Returns the year in which the credit card became valid, such as '2001'. This attribute is not used by all credit card types.

Returns:

• the year in which the credit card became valid

---

getEncryptedBankAccountDriversLicense(algorithm: String, publicKey: String): String

Encrypts the driver's license number of the bank account of this object with the given algorithm and the given public key. Returned is the Base64 encoded representation of the result.

See also Cipher.encrypt(String, String, String, String, Number) on how to generate RSA key pairs.

If account information has been masked due to the data retention security policy for the site, the returned value is the Base64 encoded representation of the encrypted form of the masked number.

Parameters:

• algorithm - The algorithm to be used for the encryption of this credit card number. Must be a valid, non-null algorithm. Currently, only the following algorithms are supported: <li>ENCRYPTION_ALGORITHM_RSA – outdated, please do not use anymore <li>ENCRYPTION_ALGORITHM_RSA_ECB_OAEPWITHSHA_256ANDMGF1PADDING – the current algorithm </ul>
• publicKey - A Base64 encoded form of the public key to be used to encrypt this bank account driver's license number. Must be a valid, non-blank key.

Returns:

• the Base64 encoded representation of the bank account driver's license.

Throws:

• IllegalArgumentException - If algorithm is not a valid known algorithm.
• IllegalArgumentException - If publicKey is a null, empty or blank string.

---

getEncryptedBankAccountNumber(algorithm: String, publicKey: String): String

Encrypts the bank account number of this object with the given algorithm and the given public key. Returned is the Base64 encoded representation of the result.

If account information has been masked due to the data retention security policy for the site, the returned value is the Base64 encoded representation of the encrypted form of the masked number.

Parameters:

• algorithm - The algorithm to be used for the encryption of this credit card number. Must be a valid, non-null algorithm. Currently, only the following algorithms are supported: <li>ENCRYPTION_ALGORITHM_RSA – outdated, please do not use anymore <li>ENCRYPTION_ALGORITHM_RSA_ECB_OAEPWITHSHA_256ANDMGF1PADDING – the current algorithm </ul>
• publicKey - A Base64 encoded form of the public key to be used to encrypt this credit card number. Must be a valid, non-blank key.

Returns:

• the Base64 encoded representation of the bank account number.

Throws:

• IllegalArgumentException - If algorithm is not a valid known algorithm.
• IllegalArgumentException - If publicKey is a null, empty or blank string.

See Also:

• isPermanentlyMasked()

---

getEncryptedCreditCardNumber(algorithm: String, certificateRef: CertificateRef): String

Encrypts the credit card number of this object with the given algorithm and the public key taken from a certificate in the keystore. Returned is the Base64 encoded representation of the result.

See also Cipher.encrypt(String, CertificateRef, String, String, Number) on how to generate RSA key pairs.

If account information has been masked due to the data retention security policy for the site, the returned value is the Base64 encoded representation of the encrypted form of the masked number.

Parameters:

• algorithm - The algorithm to be used for the encryption of this credit card number. Must be a valid, non-null algorithm. Currently, only the following algorithms are supported: <li>ENCRYPTION_ALGORITHM_RSA – outdated, please do not use anymore <li>ENCRYPTION_ALGORITHM_RSA_ECB_OAEPWITHSHA_256ANDMGF1PADDING – the current algorithm </ul>
• certificateRef - A reference to a trusted certificate entry containing the public key in the keystore. Must be non-null.

Returns:

• the Base64 encoded representation of the credit card number.

Throws:

• IllegalArgumentException - If algorithm is not a valid known algorithm.
• IllegalArgumentException - If certificateRef is null or could not be found.

See Also:

• isPermanentlyMasked()

---

getEncryptedCreditCardNumber(algorithm: String, publicKey: String): String

Encrypts the credit card number of this object with the given algorithm and the given public key. Returned is the Base64 encoded representation of the result.

See also Cipher.encrypt(String, String, String, String, Number) on how to generate RSA key pairs.

If account information has been masked due to the data retention security policy for the site, the returned value is the Base64 encoded representation of the encrypted form of the masked number.

Parameters:

• algorithm - The algorithm to be used for the encryption of this credit card number. Must be a valid, non-null algorithm. Currently, only the following algorithms are supported: <li>ENCRYPTION_ALGORITHM_RSA – outdated, please do not use anymore <li>ENCRYPTION_ALGORITHM_RSA_ECB_OAEPWITHSHA_256ANDMGF1PADDING – the current algorithm </ul>
• publicKey - A Base64 encoded form of the public key to be used to encrypt this credit card number. Must be a valid, non-blank key.

Returns:

• the Base64 encoded representation of the credit card number.

Throws:

• IllegalArgumentException - If algorithm is not a valid known algorithm.
• IllegalArgumentException - If publicKey is a null, empty or blank string.

See Also:

• isPermanentlyMasked()

Deprecated:

Please use getEncryptedCreditCardNumber(String, CertificateRef) instead.

---

getGiftCertificateCode(): String

Returns the Gift Certificate code for this Payment Instrument.

Returns:

• the Gift Certificate code or null if not set.

---

getGiftCertificateID(): String

Returns the Gift Certificate ID for this Payment Instrument.

Returns:

• the Gift Certificate ID or null if not set.

Deprecated:

Use getGiftCertificateCode()

---

getMaskedBankAccountDriversLicense(): String

Returns the decrypted driver's license number of the bank account with all but the last 4 characters replaced with a '*' character.

If the driver's license number is empty, it will be returned without an exception.

Returns:

• the decrypted driver's license number with all but the last 4 characters replaced with a '*' character.

---

getMaskedBankAccountDriversLicense(ignore: Number): String

Returns the decrypted driver's license number of the bank account with all but the specified number characters replaced with a '*' character.

If the driver's license number is empty (i.e. "" or null), it will be returned without an exception.

Note that ignore is limited to 4 in an unsecure environment, and if account information for this payment instrument has been masked due to the data retention security policy for the site.

Parameters:

• ignore - the number of characters to leave unmasked.

Returns:

• the decrypted driver's license number with all but the specified number characters replaced with a '*' character.

See Also:

• isPermanentlyMasked()

---

getMaskedBankAccountNumber(): String

Returns the decrypted bank account number with all but the last 4 characters replaced with a '*' character.

If the number is empty (i.e. "" or null), it will be returned without an exception.

Returns:

• the decrypted bank account number with all but the last 4 characters replaced with a '*' character.

---

getMaskedBankAccountNumber(ignore: Number): String

Returns the decrypted bank account number with all but the specified number characters replaced with a '*' character.

If the card number is empty (i.e. "" or null), it will be returned without an exception.

Note that ignore is limited to 4 in an unsecure environment, and if account information for this payment instrument has been masked due to the data retention security policy for the site.

Parameters:

• ignore - the number of characters to leave unmasked

Returns:

• the decrypted bank account number with all but the specified number of characters replaced with a '*' character.

See Also:

• isPermanentlyMasked()

---

getMaskedCreditCardNumber(): String

Returns the decrypted credit card number with all but the last 4 characters replaced with a '*' character.

If the number is empty, it will be returned without an exception.

Returns:

• the decrypted credit card number with all but the last 4 characters replaced with a '*' character.

---

getMaskedCreditCardNumber(ignore: Number): String

Returns the decrypted credit card number with all but the specified number characters replaced with a '*' character.

If the card number is empty (i.e. "" or null), it will be returned without an exception.

Note that ignore is limited to 4 in an unsecure environment, and if account information for this payment instrument has been masked due to the data retention security policy for the site.

Parameters:

• ignore - the number of characters to leave unmasked.

Returns:

• the decrypted credit card number with all but the specified number characters replaced with a '*' character.

See Also:

• isPermanentlyMasked()

---

getMaskedGiftCertificateCode(): String

Returns the masked gift certificate code with all but the last 4 characters replaced with a '*' character.

Returns:

• the masked gift certificate code.

---

getMaskedGiftCertificateCode(ignore: Number): String

Returns the masked gift certificate code with all but the specified number of characters replaced with a '*' character.

Parameters:

• ignore - the number of characters to leave unmasked.

Returns:

• the masked gift certificate code.

Throws:

• IllegalArgumentException - if ignore is negative.

---

getPaymentMethod(): String

Returns the identifier of the payment method represented by this payment instrument.

Returns:

• the identifier of the payment method represented by this payment instrument.

---

isCreditCardExpired(): Boolean

Returns true if this payment instrument represents an expired credit card. This check is only logical if the credit card expiration month and year are set. If either of these attributes are not set, then this method always returns false.

Returns:

• true if this payment instrument represents an expired credit card, false otherwise

---

isPermanentlyMasked(): Boolean

Returns true if the account information for this Payment Instrument has been permanently masked as a result of the data retention security policy for the site or a creditcard tokenization, and false otherwise.

When account information is masked only the last 4 digits of the credit card or bank account number are recoverable. The bank account driver's license number and bank routing number are completely masked.

Returns:

• whether or not the account information has been masked

---

setBankAccountDriversLicense(license: String): void

Set the driver's license number associated with a bank account payment instrument.

Parameters:

• license - the bank account holder driver's license.

---

setBankAccountDriversLicenseStateCode(stateCode: String): void

Set the driver's license state code associated with a bank account payment instrument.

Parameters:

• stateCode - the state in which the bank account driver's license was issued.

---

setBankAccountHolder(holder: String): void

Set the full name of the holder of a bank account payment instrument.

Parameters:

• holder - the bank account holder's full name.

---

setBankAccountNumber(accountNumber: String): void

Set the bank account number of a bank account payment instrument.

Parameters:

• accountNumber - the bank account number.

---

setBankRoutingNumber(routingNumber: String): void

Set the bank routing number of a bank account payment instrument.

Parameters:

• routingNumber - the bank account rounting number.

---

setCreditCardExpirationMonth(aValue: Number): void

Sets the month of the year in which the credit card expires. Permissible values are from 1 to 12.

Parameters:

• aValue - the month of the year in which the credit card expires. Permissible values are from 1 to 12.

---

setCreditCardExpirationYear(aValue: Number): void

Sets the year in which the credit card expires, such as '2004'.

Parameters:

• aValue - the year in which the credit card expires.

---

setCreditCardHolder(aValue: String): void

Sets the name of the credit card owner.

Parameters:

• aValue - the name of the credit card owner.

---

setCreditCardIssueNumber(aValue: String): void

Set the credit card issue number. This attribute is only used by specific credit/debit card processors such as Solo and Switch in the UK.

Parameters:

• aValue - the credit card issue number

---

setCreditCardNumber(aValue: String): void

Sets the credit card number for this payment.

Parameters:

• aValue - the new value of the credit card number.

---

setCreditCardToken(token: String): void

Secure credit card data can be replaced by a token by utilizing a tokenization provider, which securely stores the credit card data using the token as a key. The stored data can later reused by including the token in a request. In this way credit card processes such as authorization and capture can be implemented without being responsible for persisting the credit card data.

An Exception will be thrown when the token is null or blank.

When setting a credit card token, the account information (including the creditcard number) is masked and all creditcard attributes are frozen and an attempt to change will be result in an exception.

Parameters:

• token - the token

See Also:

• isPermanentlyMasked()

---

setCreditCardType(aValue: String): void

Sets the type of the credit card.

Parameters:

• aValue - the type of the credit card.

---

setCreditCardValidFromMonth(aValue: Number): void

Sets the month of the year in which the credit card became valid (1-12). This attribute is not used by all credit card types

Parameters:

• aValue - the month of the year in which the credit card became valid (1-12).

---

setCreditCardValidFromYear(aValue: Number): void

Sets the year in which the credit card became valid, such as '2001'. This attribute is not used by all credit card types.

Parameters:

• aValue - the year in which the credit card became valid

---

setGiftCertificateCode(giftCertificateCode: String): void

Sets the Gift Certificate code for this Payment Instrument.

Parameters:

• giftCertificateCode - the Gift Certificate code.

---

setGiftCertificateID(giftCertificateID: String): void

Sets the Gift Certificate ID for this Payment Instrument.

Parameters:

• giftCertificateID - the Gift Certificate ID.

Deprecated:

Use setGiftCertificateCode(String)

---