# Device Payment Processing
source: https://developer.mastercard.com/mastercard-gateway/documentation/tutorials-and-guides/device-payment-processing/index.md

Device payment processing refers to enabling **secure, real-time payment processing directly from a device** rather than through a hosted web page.

## Types of Devices {#types-of-devices}

* **Physical POS Terminals**: Payments processed through card-present devices like chip-and-PIN machines or contactless readers.
* **Mobile Devices**: Transactions initiated via smartphones or tablets using apps that integrate the Mastercard Gateway API.
* **IoT or Specialized Devices**: Smart devices that can accept payments.

## How to Set Up Device Payment Processing Using Mastercard Gateway API {#how-to-set-up-device-payment-processing-using-mastercard-gateway-api}

### 1. Prerequisites {#1-prerequisites}

* **Merchant Account**: Ensure you have a merchant account registered with Mastercard Gateway.
* **API Credentials**: Obtain your Merchant ID and API Password from the gateway.
* **Transaction Type** : Confirm that your account supports **Purchase** transactions.
* **Security Setup**
  * Enable **tokenization** for secure card storage.
  * Configure **CSC (Card Security Code)** rules for fraud prevention.
* **Device Certification**: If you're using a physical POS device, ensure it meets Mastercard's compliance standards.

### 2. Integration Steps {#2-integration-steps}

#### Create a Payment Session {#create-a-payment-session}

* Use the [**Session**](https://mtf.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/100/operation/Session:%20Create%20Session.html?locale=en_US) API operation to initialize a payment session.
* This session acts as a container for transaction details.

#### Device Payment Flow {#device-payment-flow}

* For device-based payments (e.g., POS or mobile), use **API endpoints** rather than hosted checkout.
* Collect card details securely on the device and send them to the gateway using the [**Transaction**](https://mtf.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/100/operation/Transaction:%20%20Authorize.html?locale=en_US) API operation.

#### Authentication \& Tokenization {#authentication--tokenization}

* Implement **3-D Secure (3DS)** if required for cardholder [authentication](https://mtf.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/100/operation/Authentication:%20%20Authenticate%20Payer.html?locale=en_US).
* Use [**tokenization**](https://mtf.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/100/operation/Tokenization:%20%20Create%20or%20Update%20Browser%20Payment%20Token.html?locale=en_US) for storing card details for recurring or future payments.

#### Process the Payment {#process-the-payment}

* Call the `POST /transaction` endpoint with the required fields:
  * `merchantId`
  * `apiPassword`
  * `transaction.type` (e.g., PURCHASE)
  * `sourceOfFunds.provided.card` (card details or token)
  * Device information (if applicable)

#### Handle Responses {#handle-responses}

* The API will return a response with transaction status (**SUCCESS** , **FAILED**, etc.).
* Implement proper error handling and logging.

### 3. Security \& Compliance {#3-security--compliance}

* Ensure **PCI DSS compliance** for handling card data.
* Use **HTTPS** for all API calls.
* Implement risk assessment and fraud detection tools:
  * Mastercard Gateway offers the **Risk JavaScript library** with **NuDetect** and other services.