I'm having a column (Channel) which shows me where the customer took his reservation (Web, Cellular etc..).
The data in this column for one of my products (assume product_id=101) is incorrect; meaning, the product can be bought only using the Cell phone, but in my data base the channel for this product includes also Web etc..
This make me a troubles because I'm classifying my products according to their channel:
Case
When Channel in (1001,1002) Then 'Web'
When Channel in (1050,1051) Then 'Cel'
etc...
Now, I'd like to write the above-mentioned product's (101) channel as 'Cel', and I'm not so sure how to do it.
Your help would be appreciated.
Related
I'm currently looking into Cybersource's REST API for the tokenization of cards.
Reference: https://developer.cybersource.com/api-reference-assets/index.html#token-management
However, I'm having some trouble wrapping my head around the following and could use some advice from those who have already worked with Cybersource and are more familiar with the terminology.
Under Token Management, there's an Instrument Identifier and Payment Instrument.
Instrument Identifier seems to return the same unique ID for the same card and is part of the overall Payment Instrument token.
If I POST (create) a Payment Instrument token, inside the response, I see that as well, where an Instrument Identifier is returned and giving me back the same id as long as the card is the same.
However, the Payment Instrument always returns a new token.
Question:
I'm trying to think of Payment Instrument as a payment method, tokenizing a card, and not per payment, but since it returns a different token each time even if I put in the same credit card, am I understanding this wrong? Should I treat the Payment Instrument as something else completely different?
If I were to store a token on our side, which one would I be?
As for payments API, we can pass in a token, does this work for both types mentioned above?
Any help, guidance or thoughts are appreciated
Cybersource is never good at API design or documentation. but their document on this topic could help you understand the concept
https://developer.cybersource.com/api/developer-guides/dita-tms/paymentInstrumentREST.html
Look at the first chart.
A "customer" has a "payment instrument" which associates with a "card", which could have multiple instrument identifiers that each has one-on-one mapping with a specific card number.
This model exists because consumer can have the SAME card updated with different card numbers OR expire date. ("Payment Instrument" tries to represent the "SAMEness" part of it.)
So Cybersource's "Payment Instrument" model can be seen as an "abstract" card object/container representing the working "instrument" (that is why it doesn't store the number) which knows the actual card number that should be used (but the merchant doesn't necessary need to know), in the mean time, it knows the "history" of the card.
The naming is terrible, the "Payment Instrument" itself has an ID, then Instrument Identifier ID is an "ID" too (guess the guy who came up with the name forgot ID is the acronym for "Identifier"? LOL). Very confusing indeed. Just keep in mind that Instrument Identifier ID maps to a card number, "Payment Instrument" ID is a container that maps to a series of (SAME) card numbers (potentially)
So that answers your question why you can get a different "Payment Instrument" ID every time, because you can think of it as different merchant has a different "Payment Instrument" ID for the same customer with that physical card. As long as Cybersource has the record and knows how to find the associated instrument identifier ID via this "Payment Instrument ID", it is mission accomplished.
Again you know Cybersource is a dinosaur living in the past, so you have to deal with it
So my understanding of how this works, is that a payment instrument is a TYPE of payment (ACH, CreditCard, bitcoin, ApplePay™, GooglePay™, etc.) then the instrument identifier is the token (or id) that represents the specific account number within that payment type.
So a payment instrument of Credit Card might have an instrument identifier of Visa account 4242424242424242 but the Token Management Service (TMS) returns an instrument identifier of AA7D990C34583376EB05345443E0234242434B. The TMS allows for relevant information to then be stored within a CUSTOMER identifier (which is the "wallet" owner). As the TMS becomes more feature rich, the addition of things like 'shipping info' and other possible 'preferences' may become available. The other concept is that this digital wallet (TMS token API) can have its permissions granted to other merchant entities so that all payment processing and transactions can be managed through one (OMNICHANEL) API and this payment information can remain SECURE, AUDITABLE, GRANTED, REVOKED, etc.
Now the reason you can get different "tokens" for the same instrument is based on preference. This means that if a cardholder doesn't want to 'keep payment info on file' or 'store the token for later use'. Then the TMS system will provide a token for one-time use, thereby satisfying the requirement of the merchant (reducing PCI scope/risks) and keeping the preference of the cardholder.
This is in no way an official explanation, so I am definitely open to any additional insights on how TMS (from Cybersource™) is designed to work.
I am trying to create a simple membership where I create a virtual product that represents a membership card. So I only have one membership-card product.
I will provide a tangible membership card when the customer visits for the first time. By hand, I like to fill in the unique generated number when a membership card is purchased. The customer needs to see the unique number in the confirmation email.
Any tips, ideas about where to start?
Running NopCommerce 3.40
I think i read somewhere that NopCommerce's Shopping cart is PCI compliant. It also looks like NopCommerce's shopping cart stores Credit card data.
1.) So what does this PCI process do?
2.) Is it just a fashion of encryption of data as it passes to the database?
3.) Is it my fault if the hosted database say from GoDaddy gets hacked for a bunch of credit cards?
I don't know why NopCommerce is storing Credit Cards. I think I have to figure out how to disable that part. I mean if I don't then I need to purchase a PCI Certificate?
EDIT :
I did some more reading. It looks like if I use Stripe or another third party gateway no Credit card information gets stored. I think only Manual Payments credit card information gets stored. Is this right?
1) PCI-DSS stands for Payment Card Industry Data Security Standard. The standard guides you so you know what are you doing with the cards data and that it is secure enough, given your transaction volume, data collected and stored, etc.
2) It is not. Basically, it says that if the card data (CC number, CVV code) ever pass near your system (in a logical sense), then you are in the PCI scope, and have to comply or the acquirers (banks) won't talk to you.
3) I think you'd be liable, look into GoDaddy disclaimers.
I doubt there's anything like 'PCI compliant shopping cart'. This is how you process the payment, as in, can your javascript access the CC number input box, can your router see the unencrypted CC number, etc.
In your case, I assume a small e-commerce, I'd look to outsource the payment page. Be it Stripe, PayPal, Skrill, Neteller, whatever makes you never see the data except for the income amount.
Our main product opinion aquisition channel are our mailings, that are sent after a purchase. Additionally, within Your Account panel, in past purchases there is an option to review a product a client bought.
I would like to compare how many percent of reviews does the functionality in Your Account provides. Adding a review is set as a goal, but I can't compare them as I would compare traffic channels, because Your Account page is not a channel. What would be the correct way to do that?
I have also done a sequence which includes users, step 1 is Page - Your Account, step 2 is Goal Completion per user more and equal 1. I'm not sure if I approached this problem correctly.
I have an app which ties members to their respective groups the moment they complete registeration. e.g Payroll staffs --> Payroll group, Helpdesk staffs --> Helpdesk group. I want to make use of signalR to cater for their notification requirements so whenever Payroll staffs does something significant that requires to notify the rest, it publishes a message and only those inside the Payroll group will receive the notification.
A staff is not restricted to only one group but unlimited no. of groups depending on the company requirements.
I am not exactly sure how to go about this but what I can think of is when the moment a staff signs in, my app gets data from the db, maybe a string of concatened groups and does a loop to 'subscribes' to all the groups they belong to and after that store that group infomation data from the db in a session variable and use it as a subscription list everytime the user changes page so that they can receive notifications throughout their session on the app.
Anyone has got any suggestion to handle my situation better? Thanks.