For PartnersFor Acquiring Partners
Klarna

Why integrate with MCS

Settle orders with virtual credit cards issued by Klarna
Merchant Card Service(MCS) lets you settle orders with virtual credit cards issued by Klarna. We offer prepaid, single use, and multiple use cards in all European currencies as well as in USD.

Credit card payment
If you operate in a market where your customers don’t have credit cards, but you still want to have them as customers you can integrate with Klarna. The consumer can then do their payment as they want and you get a credit card issued by Klarna that you can use in your normal card flow.

Affiliate marketplaces
If you own a marketplace with different merchants acting on your platform, you can settle customer’s payments towards the merchants via Klarna’s virtual credit cards. Each merchant can independently settle their part of an order. You can choose to settle payments with one card for each merchant or provide a single card with multiple usage to all merchants involved in an order.

Fast integration
When using MCS, no changes are needed to your current integration to Klarna’s checkout. If you only want to use the checkout or Klarna payment capabilities without the ordering handling done on Klarna’s side you can integrate with a card and use it in your normal order handling system.

How MCS integrates into your flow
sequenceDiagram autonumber participant A as Merchant participant B as KP participant C as Klarna Merchant Card Service participant D as Merchant's Acquirer participant E as Klarna Card Issuer A ->>B: Checkout order A ->>C: Request virtual credit card C -->>A: Virtual credit card data A ->>D: Authorization on card D ->>E: Authorization on card A ->>D: Capture on card D ->>E: Capture on card A ->>D: Refund on card D ->>E: Refund on card

How to integrate with MCS
  1. 1.
    Enroll as virtual credit card merchant
  2. 2.
    Read the section Encryption and decryption of card data
  3. 3.
    Integrate to MCS’ endpoints: API Reference

Encryption and decryption of card data
To protect the sensitive virtual credit card data, we perform encryption on the card data before sending them to you.
sequenceDiagram autonumber participant A as Merchant participant B as Klarna participant C as Klarna Merchant Card Service A ->>A: Generate private/public key pair of at least 2024bits A ->>B: Send public key B -->>A: {key id} for submitted public key A ->>C: Request card providing {key id} for encryption of card data C ->>C: Encrypt card data C -->>A: Card data encrypted with public key associated with {key id} A ->>A: Decrypt card data
The data is encrypted using a 128 bit symmetric key using the following algorithm: AES/CTR/NoPadding. The symmetric key is then encrypted with the public key you enrolled using the following algorithm: RSA/ECB/PKCS1Padding. The RSA keypair generated by you must be at least of the size 2048 bits. Please provide your public key in JWK format.
Each public key is given an key_id that is used by you in the settlement request. It is possible to have more than one active public key.
You can use the following commands to generate a new private/public key pair:
openssl genrsa -out private_key.pem 4096
openssl rsa -in private_key.pem -outform PEM -pubout -out public_key.pem
Now you can use the tool of your choice to convert the public key from .pem format to .jwk format. For example with this JavaScript tool pem-jwk:
pem-jwk public_key.pem > public_key.jwk
Please make sure to securely store your private key as it is integrity of the virtual credit card data.

Encryption
When you request a card you have to provide a key_id to the public key you want to use. This key will be used to encrypt the symmetric key used to encrypt the card details.

Decryption
When requesting a virtual credit card, you will find in the response the following fields. These are used to decrypt the sensitive card data.
JSON
1 2 3 4 5 6
{ "pci_data": "string", "iv": "string", "aes_key": "string" }
The sensitive card data pci_data is encrypted by a generated symmetric key aes_key which itself is encrypted by your public key.
To decrypt the card data, perform these steps:
  1. 1.
    Base64 decode aes_key
  2. 2.
    Decrypt decoded aes_key using your private key
  3. 3.
    Base64 decode pci_data
  4. 4.
    Decrypt decoded pci_data using decrypted aes_key and iv (initialization vector)
Make sure you are using the private key which corresponds to the key_id you provided when you requested the card.
In the decrypted data the card information in plaintext is available and formatted as a JSON object. Here’s an example of decrypted card information.
JSON
1 2 3 4 5 6
{ "pan": "4111111111111", "expiry_date": "01/19", "cvv": "789" }