Hosted Checkout Merchant Integration Primer

Created by Richard Moore, Modified on Tue, 19 Mar at 5:24 PM by Anna Byazina

1 Introduction
2 Solution Overview
3 Merchant e-Commerce Example
4 Getting Started with Hosted Checkout
4.1 Configuring the Payment Page
4.2 Integration: Two options
4.2.1 With Shopping Cart
4.2.2 Without a Shopping Cart
4.3 Transaction Results and Receipting
5 Security
6 Viewing Hosted Checkout Online

1 Introduction

The Hosted Checkout solution provides merchants with a non-storing, “hands off” solution that complies completely with Payment Card Industry Data Security Standards. Additionally the solution delivers Interac Online Debit functionality while eliminating its costly development, integration, and long certification process imposed by ACXSYS.

2 Solution Overview

This product provides Interac Online and credit card processing through a hosted payment page. Because Hosted Checkout is already certified for Interac Online, Interac has waived the certification requirements for any merchants that wish to offer it in conjunction with Hosted Checkout. This eliminates an expensive 2 to 3 months of deployment time and effort.

Hosted Payment Pages eliminate merchant exposure to cardholder data while removing the requirement for SSL certificates. With PCI compliance a critical and mandatory requirement this increases the significance of this facet.

Payment Pages can be customized according to merchant user interface requirements. Colours, logos, and wording can be sent to E-xact in HTML format so the cardholder has the same user interface experience during payment as when they are shopping on the merchant site.

Other configuration options available include:

Enabling specific payment types (i.e. Credit Card or Interac Online only or both)
Receipt notification emails to the cardholder and/or merchant
Customized messaging for receipt emails
Verified by Visa and MasterCard SecureCode (no additional development required)

As with all E-xact software, Hosted Checkout includes access to all RPM functionality such Virtual Point of Sale and Reports.

3 Merchant e-Commerce Example

A typical website offering goods for sale is depicted in Figure 1. Customers add items to their shopping cart by pressing the “Add to Cart” button shown in Figure 2.

$C:\Users\CARA-USER\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\72E8820E.tmp$

Figure 1

$C:\Users\CARA-USER\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2CFE2EB7.tmp$

Figure 2

In Figure 3 the customer clicks the “Checkout” link when ready to pay for their selected items. At this point they are taken to their Hosted Checkout Payment Page on E-xact’s servers, shown in Figure 4.

$C:\Users\CARA-USER\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1F64494C.tmp$

Figure 3

$C:\Users\CARA-USER\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B5B800DD.tmp$

Figure 4

Note from the logo, colours, and font the seamless transition from merchant (Figure 3) to external (Figure 4) site. This external site is where the customer will enter their payment information, isolating the merchant from the sensitive cardholder data.

The page shown in Figure 4 has been configured to offer both credit card and Interac Online payment types. Also displayed is the option for the cardholder to enter their email address for receipt delivery. This an optional offering configured at the merchant’s discretion.

Once the payment has been processed the receipt, or Customer Transaction Record (CTR), appears as in Figure 5.

$C:\Users\CARA-USER\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A045193A.tmp$

Figure 5

4 Getting Started with Hosted Checkout

The first step in setting up Hosted Checkout is starting the process to obtain a production account with E-xact Transactions or Chase Paymentech. While registration is in progress merchants can obtain test credentials for their developers to access the demo system and get a head start on the integration.

Once a production account is set up developers can simply configure a live payment page and swap its values with the demo credentials in the code.

4.1 Configuring the Payment Page

To configure a new demo or live Payment Page, Merchant Administrators can log in to RPM (Figure 6) and click on the Payment Pages menu option (Figure 7).

$C:\Users\CARA-USER\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\223963F3.tmp$

Figure 6

$C:\Users\CARA-USER\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5D77E558.tmp$

Figure 7

A listing of Payment Pages that are already set up on the account is shown in Figure 8. Merchant Administrators can select one of these links to view or edit its configuration or click the “Create a New Payment Page” link.

$C:\Users\CARA-USER\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\EA0FB579.tmp$

Figure 8

4.2 Integration: Two options

There are two basic ways to integrate Hosted Checkout into a merchant website:

With a shopping cart
Without a shopping cart

4.2.1 With Shopping Cart

Hosted Checkout is coded to connect with any shopping cart that follows the Authorize.NET SIM model and has been tested and confirmed with the following:

Agoracart
CommerceSQL
CubeCart
Comersus
OpenCart
osCMax
osCommerce
Ubercart
ZenCart

Merchants interested in using an Authorize.NET-compatible shopping cart not listed above can contact E-xact or Chase Paymentech directly to confirm its workability.

Integration is fairly straightforward:

One file in the cart software is renamed
Two variables from the Payment Page configuration are inserted in the shopping cart configuration

4.2.2 Without a Shopping Cart

Shopping cart software is not mandatory for Hosted Checkout as developers can integrate the code directly into an HTML page.

Form code in a variety of languages, including Ruby, Perl, PHP, and ColdFusion, can be downloaded here.

Note that irrespective of cart or software choice, additional integration is required for merchants that wish to use the Relay Response and Silent Post methods. Please see "Transaction Results Handling" below.

4.3 Transaction Results and Receipting

After a transaction is processed, by default E-xact's standard transaction receipt is displayed to the customer. There are several options that allow customization of this behavior: Receipt Link, Relay Response, and Silent Post. These options enable a combination of the following:

return the transaction results to the merchant site
display a transaction receipt generated by the merchant site
redirect the customer to the merchant site

Option	Description
Receipt Link Method	This comes in two flavors: user-initiated navigation - LINK, GET and POST methods add a link or button on the standard transaction receipt. If the customer clicks the link or button, he/she is taken to the configured URL (usually back to the merchant site), optionally including the transaction results. automatic navigation - AUTO-POST, AUTO-GET and REDI methods automatically take the customer to the configured URL and include the transaction results. These methods are commonly used for custom receipting, where the merchant server processes the returned transaction results and presents a receipt based on them.
Relay Response	Sends transaction results to a server specified by the merchant. The response from the merchant server is then passed on to the customer's browser as a receipt for the transaction. It allows the merchant to tailor the receipt page to the individual customer and update their web server in real time (for example, to empty the shopping cart).
Silent Post	Similar to Relay Response except that no response is expected from the merchant server, and the customer is shown the standard receipt page. It is typically used as a secondary source of transaction results alongside the Receipt Link or Relay Response methods.

For additional technical information on the development required for these methods, see the Hosted Checkout Integration Manual.

5 Security

Hosted Checkout is safe and secure. Sophisticated hash calculations are executed on E-xact’s servers to confirm that only requests from designated merchant sites are accepted. In the case of Relay Response, merchant servers conduct a separate hashing confirmation to verify the authenticity of the response from E-xact.

6 Test Card Information:

Visa	4111111111111111	exp: (any future date)
MasterCard	5500000000000004	exp: (any future date)
American Express	340000000000009	exp: (any future date

For information on test CVD values click here