The article has been updated successfully.- Introduction
- Merchant e-Commerce Example
- Getting Started with Hosted Checkout
- Configuring the Payment Page
- Integration: Two Options
- With a Shopping Cart
- Without a Shopping Cart
- Transaction Results Handling
- Security
- Viewing Hosted Checkout Online
The Hosted Checkout solution provides merchants with a non-storing, “hands off” solution that complies completely with Payment Card Industry Data Security Standards. Additionally the solution delivers Interac Online Debit functionality while eliminating its costly development, integration, and long certification process imposed by ACXSYS.
Solution Overview
This product provides Interac Online and credit card processing through a hosted payment page. Because Hosted Checkout is already certified for Interac Online, Interac has waived the certification requirements for any merchants that wish to offer it in conjunction with Hosted Checkout. This eliminates an expensive 2 to 3 months of deployment time and effort.
Hosted payment pages eliminate merchant exposure to cardholder data while removing the requirement for SSL certificates. With PCI compliance a critical and mandatory requirement this increases the significance of this facet.
Payment Pages can be customized according to merchant user interface requirements. Colours, logos, and wording can be sent to E-xact in HTML format so the cardholder has the same user interface experience during payment as when they are shopping on the merchant site.
Other configuration options available include:
- Enabling specific payment types (i.e. Credit Card or Interac Online only or both)
- Receipt notification emails to the cardholder and/or merchant
- Customized messaging for receipt emails
- Verified by Visa and MasterCard SecureCode (no additional development required)
Merchant e-Commerce Example
A typical website offering goods for sale is depicted in Figure 1. Customers add items to their shopping cart by pressing the “Add to Cart” button shown in Figure 2.
Figure 1
Figure 2
In Figure 3 the customer clicks the “Checkout” link when ready to pay for their selected items. At this point they are taken to their Hosted Checkout payment page on E-xact’s servers, shown in Figure 4.
Figure 3
Figure 4
Note from the logo, colours, and font the seamless transition from merchant (Figure 3) to external (Figure 4) site. This external site is where the customer will enter their payment information, isolating the merchant from the sensitive cardholder data.
The page shown in Figure 4 has been configured to offer both credit card and Interac Online payment types. Also displayed is the option for the cardholder to enter their email address for receipt delivery. This an optional offering configured at the merchant’s discretion.
Once the payment has been processed the receipt, or Customer Transaction Record (CTR), appears as in Figure 5.
Figure 5
Getting Started with Hosted Checkout
The first step in setting up Hosted Checkout is starting the process to obtain a production account with E-xact Transactions or Chase Paymentech. While registration is in progress merchants can obtain test credentials for their developers to access the demo system and get a head start on the integration.
Once a production account is set up developers can simply configure a live payment page and swap its values with the demo credentials in the code.
Configuring the Payment Page
To configure a new demo or live Payment Page, Merchant Administrators can log in to RPM (Figure 6) and click on the Hosted Checkout menu option (Figure 7).
Figure 6
Figure 7
A listing Payment Pages already set up on the account is shown in Figure 8. Merchant Administrators can select one of these links to view or edit its configuration or click the “New Payment Page” link.
Figure 8
Integration: Two options
There are two basic ways to integrate Hosted Checkout into a merchant website:
- With a shopping cart
- Without a shopping cart
Hosted Checkout is coded to connect with any shopping cart that follows the “Authorize.NET SIM” model and has been tested and confirmed with the following:
- Agoracart
- CommerceSQL
- CubeCart
- Comersus
- OpenCart
- osCMax
- osCommerce
- Ubercart
- ZenCart
Integration is fairly straightforward:
- One file in the cart software is renamed
- Two variables from the Payment Page configuration are inserted in the shopping cart configuration
Shopping cart software is not mandatory for Hosted Checkout as developers can integrate the code directly into an HTML page.
Form code in a variety of languages, including Ruby, Perl, PHP, and ColdFusion, can be downloaded at: http://www.e-xact.com/API/ under “Hosted Checkout Developer Integrations”.
Note that irrespective of cart or software choice, additional integration is required for merchants that wish to use the Relay Response and Silent Post methods. Please see “Transaction Results Handling” below.
Transaction Results Handling
After the customer enters and submits their payment information on the hosted payment page there are three different ways to manage the transaction results: Receipt Link, Relay Response, and Silent Post.
Receipt Link
This is most basic method. The approved or declined transaction receipt is displayed to the customer plus a link that will return them to the merchant website. There are 4 types of Receipt Link to choose from: LINK, GET, POST, and REDI.
Relay Response
This method involves a ‘call and answer’ relay between E-xact and merchant servers.
- Transaction results (approved or declined) are returned to the merchant from E-xact's servers
- The merchant servers reply back and this response is passed on to the customer's browser as a receipt for the transaction
Step 2 lets the merchant return a customized receipt via the HTML code they return to E-xact.
If the merchant server does not respond in Step 2, the customer receives the standard receipt display as in Receipt Link. However, with Relay Response it is important to note that E-xact is expecting a response from the merchant.
Silent Post
This method is basically a ‘hybrid’ of Receipt Link and Relay Response.
With Silent Post the transaction results are returned to the merchant's server but unlike with Relay Response, E-xact is not expecting an answer back. Similar to Receipt Link, the customer is instead shown the standard E-xact receipt (approved or declined).
Additional Integration for Relay Response and Silent Post
For additional technical information on the development required for Relay Response and Silent Post, see the Hosted Checkout Integration Manual.
Security
Hosted Checkout is safe and secure. Sophisticated hash calculations are executed on E-xact’s servers to confirm that only requests from designated merchant sites are accepted. In the case of Relay Response, merchant servers conduct a separate hashing confirmation to verify the authenticity of the response from E-xact.
Viewing Hosted Checkout Online
Access a full-featured demonstration merchant website and its Hosted Checkout payment page immediately by going to: http://store.e-xact.com
The store is set to mimic the real life shopping experience of the online customer so feel free to add items to the shopping cart, checkout, and enter payment information.
Test Card Information:
Visa: 4111111111111111 exp: (any future date)
MasterCard: 5500000000000004 exp: (any future date)
American Express: 340000000000009 exp: (any future date)
For information on test CVD values click here
