Exporting credit card mandates from Mollie
Note
This document is for payment service providers who wish to export a merchantβs credit card mandates from Mollie for migration purposes.
If a merchant wishes to switch to a different payment service provider, the merchant can export a list of their credit card mandates from the Mollie Dashboard. This way, existing mandates can be transferred to the new payment service provider.
You must provide the merchant with your public PGP key, to which the export should be encrypted.
The merchant must contact Mollie to enable the functionality to export the mandates.
The merchant will thus provide you with:
- A csv file containing the export, encrypted to your PGP public key, and signed by Mollieβs PGP key.
- A unique public key generated by Mollie that is used for signing the encrypted file.
Steps to extract the mandate export
Warning
Note that the decrypted export contains Card Holder Data as defined under PCI-DSS. Make sure the decryption is only performed in compliant environments.
We recommend using GnuPG for decryption and signature verification.
First, put the export file, your private key and Mollieβs public key in a dedicated folder, e.g. ~/mollie-export.
$ ls -ls
8 -rw-r--r--@ 1 user staff 3431 Apr 21 16:07 competitor-private.gpg
8 -rw-r--r--@ 1 user staff 1578 Apr 21 16:08 export.gpg
8 -rw-r--r--@ 1 user staff 3904 Apr 21 16:08 mollie-public.gpg
Initialize a GnuPG keybox in the current folder and import the required keys. You may be prompted for your passphrase.
$ gpg --homedir . --import competitor-private.gpg mollie-public.gpg
gpg: keybox '~/mollie-export/exports/pubring.kbx' created
gpg: ~/mollie-export/exports/trustdb.gpg: trustdb created
gpg: key 63334E285D901170: public key "Competitor Private Key <[email protected]>" imported
gpg: key 63334E285D901170: secret key imported
gpg: key D6051B52CD370E56: public key "Mollie Import 2853921 <[email protected]>" imported
gpg: Total number processed: 2
gpg: imported: 2
gpg: secret keys read: 1
gpg: secret keys imported: 1
Then, instruct GnuPG to decrypt the message:
gpg --homedir . --output decrypted.gpg --decrypt export.gpg
gpg: encrypted with 2048-bit RSA key, ID A2EB785078DB5DA8, created 2020-04-21
"Competitor Private Key <[email protected]>"
Finally, verify the signature of the decrypted export using Mollieβs public key.
The key is not signed by Mollie by default. If you would like the key to be signed, contact [email protected] and we will confirm the authenticity of the public key and return you a signed version of the key.
$ gpg --homedir . --output verified.csv --verify decrypted.gpg
gpg: Signature made Tue Apr 21 15:56:37 2020 CEST
gpg: using RSA key 09055A078D6B55BA
gpg: Good signature from "Mollie Import 2853921 <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4B7B DEE3 E2EF DF20 C21F A316 D605 1B52 CD37 0E56
Subkey fingerprint: E67B 54E3 8423 B30E 77FD F82F 0905 5A07 8D6B 55BA
You can find the decrypted credit card mandate export in verified.csv.
Export file format
The exported mandates file will be formatted as a comma separated file with the following columns:
old_customer_id,card_number,card_exp_month,card_exp_year,card_scheme,transaction_id,name
mdt_123456,4242424242424242,12,2023,SCHEME,987654321234567,"John Doe"
Note
card_exp_monthrefers to the month number without a leading zero. For example,1for January.
card_exp_yearrefers to the year in the yyyy format. For example,2000for the start of the millennium.
card_schemerefers to the scheme of the initial transaction that authorized the recurring payments. Possible values:AMEX,BANCONTACT,MASTERCARD,VISA,CARTES_BANCAIRES
transaction_idrefers to the scheme transaction ID of the initial transaction that authorized the recurring payments.
Updated 26 days ago
