3.1.7 Payment Page Timeout

The payment pages (credit card details capture or 3DSecure) can timeout if the customer does not respond in a specified time.
This is handled by the payment gateway with notifications to the customer and to the merchant.
The Session Expiry service will expire all abandoned session every 15 min.
Take note, this is a lengthy batch process and runs as scheduled tasks between VFS and the bank.
It should never be relied upon to be returned quickly or included in a synchronous user-journey with the customer.

• 3.1.7.1 Session Expiration
• 3.1.7.2 Session Expiration: Merchant Notification
• 3.1.7.3 Session Expiration: Customer Notification

3.1.7.1 Session Expiration

An abandoned session can result from the following actions, which will result in the payment session never being deleted:

• A customer starts a payment and closes their browser.
• A customer starts a payment and then fails to complete the card capture and 3DSecure within the time period.
• A customer starts a payment and there is a connection failure of some kind.

3.1.7.2 Session Expiration: Merchant Notification

• The Session Expiry service completes the following steps when it runs a cycle:
• Fetches all sessions that are older than 15 min
• Extracts payment related sessions
• Iterates over each payment session and
• Logs a payment event for that transaction
• Sends any webhooks that are found (with a 1002 error code a.k.a. Session Abandoned – see 4.4 Appendix D:Payment Gateway Response Codes)
• Sends a transaction postback to the notify url (if not already sent via a webhook)
• Deletes all abandoned sessions (both payment and non–payment)

3.1.7.3 Session Expiration: Customer Notification

When a payment is about to expire on payment gateway (1 minute before), a notification is sent to the payment page alerting the customer.
The customer has the option to extend the session by a further 15 minutes, or not.
If the customer does not extend the session or the session expiration timer reaches 0, it will then automatically expire the session.
Payment events will be logged and a failure webhook (with a 1003 error code a.k.a. Session Expired – see 4.4 Appendix D:Payment Gateway Response Codes ) is sent back to the merchant.

Continue

• Continue to 3.1.8 Tokenisation Step 5: Synchronous Form Post–Back from Payment Gateway

Return

• Return to 3.1.6 Tokenisation Step 4: Customer Card Payment and Authentication
• Return to 3. Merchant Integration Flow: Card Tokenisation and Tokenised Payments
• Return to 1. Contents