Integrating Electronic Payment Processing into Web Applications

AGA304

Rick Strahl West Wind Technologies www.west-wind.com

Rick Strahl ± Who am I?
‡ President West Wind Technologies
Developer Tools Vendor on Maui, Hawaii Specialty software development and training Web and Enterprise Development Focus on .NET

‡ Microsoft MVP
C# Working with Microsoft tech for 18+ years

‡ Co-Publisher of CoDe Magazine ‡ Author
Over 75 magazine articles Large .NET article white paper archive at www.west-wind.com/articles.asp My Web Log www.west-wind.com/weblog/

LinkPoint PayPal. PayPal Payments Pro .What we'll cover ‡ How the Process works Payment flow through the system How do you sign up? What does it cost? ‡ Integration into your Site Taking payments on your Web site Making the process transparent to the user Application managed shopping cart perspective ‡ Processors Authorize.NET. PayFlow Pro.

AMEX. Verisign.) Front End Network processes the actual card talks to card issuing banks returns authorization code (PaymentTech. Global Payment.Synergy.) Merchant Service Provider payment 'escrow' bank receives payments. FirstData. Nova) AMEX Diners etc. Linkpoint etc. handles disputes calculates merchant percentages (PaymentTech.CardServices etc.How online Credit Card Processing works Your Web Application takes orders sends order payment info for processing Gateway Processor provides Internet based API sends CC info to processing networks (Authorize. Global Payment.NET. Nova) Your Bank Account Back End Network processes settlements communicates with merchant bank (PaymentTech. FirstData. receives payments usually after few business days .Wells Fargo.

Who's involved in a Transaction (transaction processing) ‡ Your Web Site Takes the initial order. submits for CC Processing Receives confirmation or failure and displays result Handles confirming order and items ‡ Gateway Services Provide the 'developer API' front end and Internet Gateway Pass off to the various processing networks ‡ Front End Network Front end to Card Issuing Banks Banks authorize and provide transaction detail Authorization picked up by Gateway ‡ Back End Network Handles settlements of transaction batches Talks to Card Issuing banks Holds authorized funds or passes them on to the merchant bank .

but higher rates . Directly interface with your bank account Directly deduct merchant percentages No 'merchant fees'. Chargebacks. Diner. complaints Issues statements to you ‡ Your Bank Your regular business bank account Receives any approved funds after a few days ‡ AMEX.Who's Involved in the Transaction (payment processing) ‡ Merchant Service Provider Acts as Intermediary bank that receives payment Splits merchant percentage off. pays CC company and you Handles operational issues like Fraud. Discover etc.

40) Administration/Statement fee (US $10) ‡ Credit Card Companies Merchant percentage based on transaction Visa/MasterCard: 2.0% (bus/int'l) AMEX: Flat 3.Paying 'the Man' ‡ You pay each step in the chain Make sure you do your homework The 'little' charges add up ‡ Gateway Service Monthly access to the Gateway Usually pretty cheap ($15-$30-$60) ‡ Merchant Service Provider Monthly charge which includes a set number of transactions Based on per transaction fee (US $.5-4.0-2.0% .5% or 3.20-.5-4.

Signing up ‡ Brand new account Easiest: Sign up with a reseller provider and let them provide you with gateway and merchant account Mix and match ‡ Existing bank account Your bank works with a specific CC Processing Network When you sign up with a Gateway provider you have to make sure that the Gateway supports the network 'Big' or local banks often use Nova. JCB Diners are separate Use their own networks and require separate signup Transfer directly to your bank (no merchant provider) . Discover. FirstData ‡ AMEX.

CyberSource ‡ Compare Rates Rates often vary significantly Some 'Providers' like Verisign do one-stop setup and provide both gateway and merchant services as package . SecurePay. WorldPay.Net Verisign PayFlow Pro LinkPoint PaymentNet.Pick a Gateway ‡ Lots of Gateways available Many more are resold by resellers Be careful of resellers ± they usually add no value! ‡ Some of the most common ones Authorize. iTransact.

comma delimited response Very fast (2-5 seconds) Cheap .NET $60 a month / $249 setup ‡ LinkPoint High risk provider Usually more expensive Exclusively resold through 3rd party providers Often required by 'big banks' for Internet business Very tight credit validation ± causes many card declines .NET Very easy to integrate (AIM) POST values.$15 a month / free setup ($175 cancellation) ‡ Verisign PayFlow Pro COM or C++ based API Best accessed via COM Interop in ASP.Gateway Providers ‡ Authorize.

then ship or send download link Error: ‡ If unsucessful you handle error display/management ‡ Different gateways vary in their error messages .Web Site Integration ‡ Your shopping cart handles shopping experience Users use your ASP. checks out Your app accepts their user information and CC info ‡ You pass off Credit Card Processing to Gateway Your code fires a call to the Gateway API Gateway processes the Credit Card Transaction Returns a result code to you ‡ You confirm the order Success: ‡ Display order confirmation page ‡ You send email confirmation.NET cart implementation Your app adds items.

Online or Offline Processing? ‡ Online Processing Orders are processed immediately as user works Immediate feedback to user If products are electronic ± immediate 'shipment' Immediate failure feedback: 90% is invalid user input! Potential for fraud ‡ Offline Processing More secure ± you get a chance to review orders Required if additional checks need to be performed Example: Software Updates might require verification ‡ Mix and Match Allow automatic processing for straight items Hold orders that have 'special' items for verification .

Create a Credit Card Processing class ‡ Take CC processing out of the front end! Chances are you will re-use it in multiple places example: Web app and Desktop app both use CC processing Chances are you will switch providers over the years Create a front end class that provides provider abstraction ‡ CC information is fairly uniform across providers You send the same basic set of information Switching between providers is useful Class interface simplifies setting up a new provider ‡ ccProcessing Base class Provides the base interface for all properties Provide specific implmentations for each provider ccAuthorizeNet. ccLinkPoint etc. . ccPayFlowPro.

Credit Card Capture Security ‡ Never. ever redisplay full card to user! You can capture cards and store them If you need to redisplay always trim off the end or use **** ‡ Ask for card security code Minimize card fraud of stolen CC numbers Using it often reduces your transaction merchant percentage ‡ Don't hold on to CC numbers Once processing is done and approved you can get rid of CCs If you need to issue credits ask for the card again from customer If you do hold on to card numbers. encrypt them .

What about PayPal? (standard) ‡ PayPal's not a merchant provider Money transfers into your PayPal account But it requires users to have a PayPal account ‡ Good choice for starting out and small businesses It's a very economical and quick way to get started! No startup fees Approval process is easy You only pay a percentage of your sale ± no other fees! ‡ Appeals to many customers No need to give you a credit card You don't handle Credit Cards ± less risk for you Many people have accumulated PayPal money in their accounts .

then returns Somewhat unprofessional ‡ Non-seamless Integration Can't be isolated as 'business process' Can't be made completely generic Requires mixing UI logic and business logic ‡ Can't be used from a desktop application Requires HTML interfaces Auto-validation requires a Web server callback (IPN) .Integrating PayPal (standard) ‡ Disconnected User Interface Requires you go through the PayPal Web site Exits your site. goes to PayPal.

PayPal Payments Order Form www.com internally activated POSTs to URL on your site checks confirmation HTTP POST .aspx nonnon-visual page confirms order to PayPal allows you to fulfil order HTTP POST PayPal IPN Confirm www.myserver.com orderform. but should not confirm order IPN Confirm www.com PayPalConfirmation.com shows payment Form redirects to URL on your site takes order info creates own totals sends info to PayPal shows completion.aspx redirects to PayPal Payment Form www.paypal.myserver.paypal.

PayPal Payments Pro ‡ PayPal goes Merchant Services Flat rate for all cards! Good rates Higher rejection rates ‡ Awkard Configuration and Testing Requires several separate toolkits Uses custom SSL implementation Requires private keys and key installation Documentation is inadequate Error reporting from server is not end user ready .

low fees.NET with MerchantPlus Good rates.NET API is easy to integrate (no setup) And no ± they don't pay me for this . fast and good customer service Authorize.Summary ‡ Do your homework Check rates and read the fine print in contracts Beware of hidden fees ‡ Test your setup Test your setup thouroughly before going live Take advantage of test gateways ‡ My recommendation? I use Authorize.

05 per transaction + Merchant Percentages/Fees ‡ Verisign PayFlow Pro Direct Signup Price: $60/month. $.10 per transaction + Merchant Percentages ‡ LinkPoint Available with 'merchant packages' Available from many bank internet packages Wouldn't recommend as first choice <g> ‡ PayPal Direct Signup No startup fees. Free setup.Net Merchant Plus Price: $14.95 Statement Fee. no monthly fees Percentages on purchase .Resources ‡ Authorize.95/month + $9. $. $249 setup.

zip .Resources ‡ Updated Downloads Updated Slides 30 page Session Notes document ccProcessing Classes Small Sample Application www.west-wind.com/conferences/Conn_2006_ECommerce.