About Card Payment in Korea

Learn how the Korean card payment system works.

The four stages below are important terms to understand the card payment flow in South Korea.

Let's understand the three essential concepts of card payments in South Korea, which are 'How Transaction Steps works', 'Capture', and 'Card Company App(AppCard)'.

In Korean transaction steps, authentication and authorization takes place in two separate steps. On the other hand, in many global payment flow, authentication and authorization takes place in a single step.

Single-step way is convenient because you can get the authorization result after a single payment request. However, since you don't know when the customer will complete the payment, you’re also unable to know when the authorization will be complete. To get the authorization result, you must connect a webhook from your merchant server. Using a webhook can be problematic if the users closes the payment window or if your merchant server is too busy to process the webhook even after multiple attempts. Payment will be marked as failed in your merchant server but marked complete in the PG server, resulting in inconsistent data. With single-step way, you must take multiple additional steps to ensure authorization data consistency.

In contrast, separated-step way guarantees data consistency and reduces your workload. By separating authentication and authorization, it is highly unlikely that the payment window will be closed or that the authorization data will be inconsistent due to issues with your merchant server. There is one additional step requesting authorization after authentication, but since we send a success redirect URL after authorization, you don’t need to continually check the server for a response. You can use the payment information returned by the success redirect URL to make an authentication request.

Capture is the process of submitting a payment data of an approved payment to the card company. You're asking the card company to pay you for the goods or services that the customer paid on credit. The payment data: the card number, the amount, the authorization number, and the installment period.

By default, purchases are made automatically at midnight every day. But we also support manual capture too. If you capture is not processed, the payment stays in approved, where the money hasn't actually moved, just debited. You don’t receive the money from the card company, and the payment isn’t settled. TossPayments automatically captures payments that have been authorized for you. If you want to manually capture your own payments, request a separate contract.

An "Card Company App" is a payment method provided by card companies on their apps. An AppCard can be used in place of a physical card for online and offline transactions.

To use an Card Company App, you must have the card company’s app installed on your phone. Install your credit/debit card app and register your card. If you're already using the card company's finance or card app, you can skip the hassle of registering, and just verify your identity and password.

At checkout, select your credit card company and choose Card Company App. The card company’s app will open, and you'll be able to pay with your Card Company App.

👉 Here's a YouTube video of an Card Company App from Lotte Card, a South Korean credit card company.

• 0:19~1:00 : Mobile Process
• 1:00 ~2:27 : PC web Process

The payment request process in Tosspayments consists of 3 parts: Request-Authentication-Authorization(Approval). This document does not cover the steps after the payment request(capture, settlement). First, a customer requests a payment. Let's use the Tosspayments checkout window as an example.

First, a customer requests a payment. The merchant client then calls the payment window. The customer selects a card in the payment window. Now, with the payment information and the customer's card information, we ask the card company to authorize the payment.

From the PG's point of view, a payment request is a process where a customer provides information about the product they want to buy, the buyer's information, etc. and submits this information to the payment window. If you think of it in terms of the Tosspayments payment window, a payment request is made when you select a credit card and select the "Next" button to bring up the credit card window.

After the request, there are two things that need to happen in turn: the card company needs to authorize the payment, and the merchant needs to authorize the payment. Let's take a closer look at each step.

This is the process where the buyer requests payment to purchase goods or services. The payment request information (product information, payment amount, etc.) already entered in the order form is passed to the Tosspayments payment window. The buyer adds payment information such as selecting a payment method (e.g. Samsung Card, Apple Pay, etc.).

Now we need to authorize the requested payment. Authorization is the process by which the card company verifies the customer's credit card information and payment amount to ensure that this transaction is valid and that the payment should be allowed. This protects both the buyer and the merchant, and prevents fraud and abuse.

Authentication is performed by the buyer's chosen payment method, which is the card company. When customer make a card payment, you've probably entered customer's card number, expiration date, CVC, and a one-time password (OTP) issued by customer's card issuer. Nowadays, you can conveniently authenticate with an app card. When customer can see a window like this, they're at the beginning of the authentication process.

After successful authentication, TossPayments will redirect customer to the success URL set by the merchant. The success redirect URL contains the parameters needed to authorize the payment, as shown in the example below. With these parameters, the developer has something to do.

When we finish the payment request like this, it looks like we're done from the buyer's perspective, but from the developer's perspective, we've only finished the request. There's still work to do to actually finalize the buyer's payment.

This is the process of requesting the card company to approve the authorized payment. If the authorization is successful, the merchant provides the goods or services to the buyer, and the card company or bank charges the buyer for the payment amount, so this is the step that actually finalizes the payment.

Use the Payment Authorization API provided by TossPayments. We call the authorization API with the information we received as query parameters in the success redirect URL after the payment request-authorization. The card is actually requested to authorize the payment, and if the payment authorization response comes back as successful, the payment is completed. The buyer and seller receive a payment completion message, and the developer can see the payment success response.