topic Do you know what this company is using for payment processing? in Integration and Testing

Do you know what this company is using for payment processing?

blackfoot — Thu, 08 Mar 2012 21:07:56 GMT

Hello,

I was wondering if anyone could tell me if this company was using authroize.net as their gateway, and if so which "version" of authorize.net they had. I would like to adopt their method since we too deal with digital goods.

I've linked over three screen shots. Screen shot 3 is not hosted on their site. The URL says worldpay, however worldpay is a merchant service not a gateway. Is their anyway to set up my site this way using authorize.net? I use a custom shopping cart, however I'm more concerned with not having to host my payment page, but be able to design the css and html of the hosted payment page. Also I like the idea of picking which CC type to use before having to go to the actual payment page.

http://i42.tinypic.com/23kxjxv.jpg

http://i40.tinypic.com/rkmqnl.jpg

http://i40.tinypic.com/2ajco5y.jpg

Thanks

Re: Do you know what this company is using for payment processing?

TJPride — Thu, 08 Mar 2012 21:51:09 GMT

If you use DPM, you can host the form on your site but have it submit to Authorize.net, meaning the credit card data goes straight from the customer's computer to Authorize.net and never passes through your hosting. You'll still want an SSL to keep up appearances, but essentially it should do what you want. You can also use SIM, which is a form hosted on Authorize.net, and customize background color, text colors, font styles, header text, what fields are displayed, footer text. It should be good enough for most integrations.

Re: Do you know what this company is using for payment processing?

blackfoot — Fri, 09 Mar 2012 12:53:53 GMT

Thank you sir,

I saw that Authroize.net has a hosted payment page "SIM" however I was wondering if you noticed in the screen shots the url displayed "worldpay.com" on the hosted checkoutpage, I confirmed that; this particular site uses authroize.net. Why is the page hosted by the merchant (worldpay) and not the gateway provider (authorize.net)?

I had another question I was wondering if someone could clear up. We sell digital goods and currently we have billing details (feilds) that we would like the user to be required to fill out prior to leaving our site to make the purchase on the hosted page. If we were to do this could we "pass" along the billing details to authroize.net to be used on the purchase page? If we were to sell digital goods we would like the user to be able to downlaod after purchase, if the page is hosted how is our database going to know if a payment was completed so that the user can be granted rights to download their purchase?

Re: Do you know what this company is using for payment processing?

TJPride — Fri, 09 Mar 2012 19:50:08 GMT

You would add a session ID or a database record ID to the data passed to SIM. You would probably also turn on relay response, so you can send the customer directly to a receipt page on your site that would use that session ID or database record (passed from the data sent to relay response) to load their list of downloads.

If you want to get a better idea of how relay response works, look at the DPM documentation, it explains it more clearly. Both DPM and SIM can use relay response, though SIM defaults to having it turned off.

http://www.authorize.net/support/DirectPost_guide.pdf

Re: Do you know what this company is using for payment processing?

blackfoot — Sat, 10 Mar 2012 13:07:22 GMT

Thank you for your response,

Would their be any pro's or con's to utilizing AIM vs the other integration methods? Do you think theirs more room for error when using the advanced method? Our devlopers in India said they can integrate this and it wouldnt be an issue however I'm pretty concerned because I've been reading that AIM and Pay flow pro are more risky for me as a merchant vs Authorize.net or Paypal because their PCI compliant more so then a hosted pay form. We know no matter which integration method we choose to go with im required to have some PCI compliance however we had advised this to my dev team and they said that they are not saving any credit card information using these methods but simply "passing" them off to Authorize.net and via SSL. This may sound silly but when we read on the internet about which method is rite for you their was a check list for advanced integration and it basically said this method is rite for you if "you can program, have an SSL cert". It seems like theirs more thats required of us from a merchant stand point and we cant really find anythying that shows us who should or shouldnt use AIM or Pay flow Pro.

Re: Do you know what this company is using for payment processing?

TJPride — Sat, 10 Mar 2012 19:06:16 GMT

AIM is fine IF the computer running it is (a) only used for Authorize.net transactions (b) connects to Authorize.net directly over the Internet and (c) has sufficient security, firewalls, etc. and ideally isn't networked to other computers. Essentially, a POS (Point of Service) device like a computer with a swiper in a restaurant would qualify; under a very strict set of rules, so might a dedicated server at a PCI-compliant hoster. Your typical shared hosting account or even virtual dedicated hosting? Forget it. You can't get SAQ-C, and SAQ-D will be impossible to pass.

You can, however, integrate SIM or DPM. If you need recurring billing, CIM with hosted billing popup and cron job to generate the payments.

Re: Do you know what this company is using for payment processing?

blackfoot — Sun, 11 Mar 2012 12:29:42 GMT

We can tell you rite now that we will be using a hosted cloud with racksapce, eventually if and when we get big enough will have a dedicated SQL server but as of now it will be a VPS. Do you foresee any issues if we chose to go with DPM and use our VPS? Could we still be PCI DSS this way?

Re: Do you know what this company is using for payment processing?

TJPride — Sun, 11 Mar 2012 17:17:34 GMT

DPM never has the credit card data pass through your server. It goes direct from customer to Authorize.net, regardless of the fact that the form is hosted on your server. So you'd be just fine with that. I don't think you have to pass any SAQ requirements with DPM.

Re: Do you know what this company is using for payment processing?

blackfoot — Mon, 12 Mar 2012 07:54:14 GMT

Alright sounds good,

Hopefully we can edit the form page css and html?

Re: Do you know what this company is using for payment processing?

TJPride — Mon, 12 Mar 2012 19:13:17 GMT

The form is hosted from your server. It just submits to Authorize.net. So you have total control over the look of the form.

Re: Do you know what this company is using for payment processing?

blackfoot — Mon, 12 Mar 2012 20:17:20 GMT

Thats for AIM rite?

I meant Authorize.net new DPM method; we can't really change much? I wanted to change the css of the fields to match our site theme

Re: Do you know what this company is using for payment processing?

TJPride — Mon, 12 Mar 2012 21:14:57 GMT

DPM has the form hosted by you, however the information entered into the form never passes through your server, it goes direct to Authorize.net.

AIM has the form hosted by you, but it submits to your server and then you pass the data internally to Authorize.net.

Both give you total control over the form, but DPM avoids PCI requirements while AIM definitely does not.

Re: Do you know what this company is using for payment processing?

blackfoot — Tue, 13 Mar 2012 13:48:52 GMT

Can DPM be used on a custom shopping cart or does it have to be used with a compatable shopping cart? Also I called Authorize.net and I asked about DPM, and they didn't know if the payment form was in an iframe. I keep reading and it says that the credit card information does not touch our servers however how is this possible when we are the ones whose hosting the form and then passing the data along to Authorize.net?

Re: Do you know what this company is using for payment processing?

RaynorC1emen7 — Tue, 13 Mar 2012 14:37:04 GMT

For DPM, you are hosting the CC info form. But, when the use click the submit button, the form should post to authorize.net directly, which mean it wouldn't go thru your server.

Re: Do you know what this company is using for payment processing?

TJPride — Tue, 13 Mar 2012 17:25:35 GMT

YOU are not passing the data, the CUSTOMER is passing the data. All the form does is tell the customer's computer what data and where to send it. Yes, DPM can be adapted for use with anything (except recurring payments, that's a different subject...), and no, it's not in an iframe. It's just like a regular form, except it submits to Authorize.net. I know, it seemed a bit odd to me as well when I first found out about it.

Re: Do you know what this company is using for payment processing?

blackfoot — Wed, 14 Mar 2012 00:20:29 GMT

I think I understand now. When the user clicks submit can I post the billing details to my server and at the same time send the entire form to authorize.net? Basically I would like to retain certain fields (customer address and name) and then pass along the rest authorize.net

Re: Do you know what this company is using for payment processing?

TJPride — Wed, 14 Mar 2012 02:08:17 GMT

No. However, the relay response feature built into DPM allows you to pick all that up again on the far side via the relay response page. You would just pass anything important like customer ID or session ID as a hidden field in the DPM form.

Re: Do you know what this company is using for payment processing?

blackfoot — Thu, 15 Mar 2012 08:12:40 GMT

Shucks, none of the other methods would allow me to retain anything prior to passing to Authroize.net?

Re: Do you know what this company is using for payment processing?

TJPride — Thu, 15 Mar 2012 08:33:27 GMT

Well...

Credit card data has to be submitted direct to Authorize.net for you to avoid PCI requirements, and you can't intercept data sent direct to Authorize.net (at least not without using Javascript...) Therefore, if your form has the user fill out their personal / shipping info and their credit card info on the same form, you can not intercept any of it on this, end, just the far end. However, you could theoretically have a two-part form, the first part to collect personal / shipping details and the second part to collect credit card details and go direct to Authorize.net. The second part would have all the info collected in the first part as hidden fields, and you could also store it in your db at the same time.

Re: Do you know what this company is using for payment processing?

blackfoot — Fri, 16 Mar 2012 06:02:21 GMT

I just found this and was wondering if this goes against what you had said?

"WARNING: Merchant-Defined Data fields are not intended, and MUST NOT be used, to capture personally identifying information. Accordingly, Merchant is prohibited from capturing, obtaining, and/or transmitting any personally identifying information in or by means of the Merchant-Defined Data fields. Personally identifying information includes, but is not limited to: name, address, credit card number, social security number, drivers license number, state-issued identification number, passport number, and card verification numbers (CVV, CVC2, CVV2, CID, CVN). If Authorize.Net, a CyberSource solution, discovers that Merchant is capturing and/or transmitting personally identifying information by means of the Merchant-Defined Data fields, whether or not intentionally, CyberSource WILL immediately suspend Merchant�s account, which will result in a rejection of any and all transaction requests submitted by Merchant after the point of suspension."