What is the process of offline payment gateway. I got the one side process from internet.
User will enter first and final 4 digit of credit card and giving cvv code, filling other relevant details then submit.
It will reach to to the admin side, I want to know what is the process happening admin side for receiving and completing the process.
I saw some woocommerce plug in for WordPress, but I didn't clear what is happening in other side.
Thank You
I am going to treat this question as a business logic one more so than a technical one. Based on information provided, I see two possible scenarios:
Scenario One - Storing CC#s for later
You're wanting to collect credit card information to process later via a terminal. Like a POS system inside a store or a web portal where you can type in the information.
This would be very difficult to make compliant with PCI-DSS. The cost of maintaining a PCI complaint system, much less setting it up, tends to be prohibitive except for the largest of companies. You need to use a service, like PayPal, Stripe, Authorize.net, etc etc. Depending on the platform you're developing the website, all major credit card processors should have tools for a simple integration.
Scenario Two - Accepting offline payment methods
This would be a usecase where you want to allow users to pay via mailing a check or some other form of physical payment. This would just mean adapting your shopping / payment experience to allow an option to pay that method, provide a mailing address, and putting a hold on the purchase from processing further until payment is received.
This is what I have based on what was given so far, if I am off base, please elaborate!
Related
I have an ASP.Net website, and am attempting to re-implement our existing PayPal checkout flow (previously based on their Payments Pro product/SOAP APIs) to behave similarly under their Advanced Checkout flow with REST APIs. (PayPal is deprecating fraud filters in Payments Pro and it's forcing the change from a business perspective).
I've reviewed the PayPal v2 REST APIs. PayPal-based checkout is fine (and I have a working flow for it) but can find no means to directly accept credit cards for processing. The closest I've come is to use the PayPal.Net library and attempt to run the card as a FundingInstrument -- but this returns an "PAYEE_ACCOUNT_INVALID" in the Sandbox, even though that account Advanced Credit and Debit box checked in the app settings. I could simply direct all payments to the PayPal main page and let the user choose the funding source from there, but the user experience of doing a Visa payment this way is cumbersome and likely to lead to cart abandonment for users accustomed to simply running their stored Visa card as a method of payment.
The available JavaScript code I've seen appears to render the credit card buttons on the site by calling host code, and effectively executing the transaction entirely on PayPal's servers. If my own Javascript was better, I might be able to figure out the loop of how to stuff in the user's saved details into the rendered buttons, but I'd much prefer some sort of .Net-based solution. Has anyone had any experience building such a thing? Is it even possible in the current REST API?
Any pointers would be much appreciated--never had so much trouble locating sample code or resources for a project, and am starting to wonder if it's simply not supported...
Thanks,
-Pete
The best solution is to use Advanced Credit and Debit Card hosted fields. The CSS of these fields can be customized to match the rest of your site, but the actual number, cvv, expiry date fields are hosted directly by PayPal (in tiny iframes), which frees you from having to do a PCI SAQ-D assessment for that processing.
This does not give a solution cards you've already stored numbers for, however. You could vault all those cards, using the PayPal vault API and then later referencing each vaulted payment token to create orders with them. This way you'll be able to eliminate the storage of actual card information on your systems.
Hoping for a bit of guidance / reassurance on air search and book flow in Sabre (SOAP API) which I'm integrating with for a client website project.
My client is planning to take payment separately via a 3rd party payment gateway and also have a 3rd party ticketing robot.
The details I have been given from the ticketing robot company is that we should create the PNR then queue transfer to "International/Domestic Agent Q50" (with their PCC).
I've got access to and have been reading the Sabre Dev Studio, have access to the Sabre SOAP API (I have my client's credentials and PCC) and have followed the "Low Far Search and Book" workflow here (https://developer.sabre.com/docs/read/workflows/Low_Fare_Search_and_Book) exchanging EnhancedAirBookRQ and PassengerDetailsRQ for CreatePassengerNameRecordRQ as advised on that page and inserting payment before, my proposed work flow is:
Create a token with TokenCreateRQ
Use token to perform a search with BargainFinderMaxRQ
Display results to customer, customer picks an itinerary / flight segments
Collect customer details from customer
External payment gateway take payment for amount returned in BarginFinderMaxRQ
Book the desired flight segments using the orchestrated API CreatePassengerNameRecordRQ, including:
Adding passenger details and flight segments
Specifying that the payment was in cash
Performing the queue transfer?
I've got BargainFinderMaxRQ coded up and working.
I'm starting the integration with CreatePassengerNameRecordRQ and have noticed the price returned can be different to the price returned from BargainFinderMaxRQ. Which makes me question the above work flow. I selected it due to the easier integration (I can use tokens rather than manage a session and it's just one API call).
So, my questions:
Is my understanding correct, is this the correct work flow for the project? Given that my client is taking payment via an external payment gateway and want to display the final figure to the customer before they pay.
I'm struggling to understand how the ticketing robot fits into the process. Hoping for a steer on how that affects the PNR call(s). Do I still set the ticket type to "7TAW" and queue place onto their PCC + queue number?
Thank you for any help, greatly appreciated.
1) Yes, the process is correct, but there are scenarios in which airlines change fares or where the airline does not confirm the availability immediately, so when you price you are actually pricing an IATA fare, which is usually more expensive. For particular scenarios, I recommend you to contact the API support.
2) The "7TAW", which is the ticketing time limit, is meant to have the limit set by the airline until when you can issue the ticket without having the possibility of losing the given price. Some airlines require that to be done on the same day of the booking (which is what you are setting with the 7TAW). Some airlines give you some days and some others can give you just 30 minutes after booking. It is almost impossible for us to respond on how would the robot require this to be provided, so for you to be sure, I would recommend you checking with the owners of that robot and ask them how would they want it, maybe they don't even care.
I'm starting to use Paypal SDK to implement the payment service for a ASP.NET site. I wrote the code following the SDK example and everything worked fine, of course I'm managing the whole process (credit card data entry and submission included). The site owner however complained about credit card data management and thus asked me to re-implement the whole procedure without managing the credit card data 'internally' at all but leaving Paypal doing this part of the job.
This mean that NO data of the credit card should be entered in forms belonging to the site I'm coding.
As far as I can see (but I'm just a newbie in Paypal SDK) there's not a way to do what I'm asked for using SDK API calls.
Given my lack of experience I'm not sure about what I'm stating then I can only suppose that I'm missing something so... there's a way to do so trough API calls?
Best Regards,
Mike
What your site owner is likely asking you to do is to leverage PayPal's Vault API (part of its REST APIs) to store credit card information so your site doesn't have to. If you store the credit card information on your site, you have to ensure the data is stored in a PCI-compliant manner, which may be too costly for some sites. The Vault API will return a credit card token that can only be used by your REST application for making payments. The API also allows you to get the details of the credit card using the token, but will mask the full credit card number.
There are some examples on how to do this in the PayPal .NET SDK Samples. If there's a use case that's missing, feel free to let us know over on GitHub.
PayPal basics for ASP.net c#
http://www.codeproject.com/Articles/42894/Introduction-to-PayPal-for-C-ASP-NET-developers
http://www.codeproject.com/Questions/718003/How-implement-Strong-cryptography-with-associated
http://forums.asp.net/t/1977404.aspx?Integrate+with+Paypal+account+within+Net+project
http://www.west-wind.com/presentations/PayPalIntegration/PayPalIntegration.asp
We have a client using Volusion as a storefront/e-commerce solution. We need to export purchase data, including credit card information, from it into a fulfillment provider who will then run a customer's credit card only when/if the item they ordered ships.
We have access to the server running IIS, we have the API on the fulfillment provider side to send this data over HTTPS, and we can build a simple polling ASP.Net app that runs on the same PCI-certified server that holds the CC data that moves data from Volusion to the fulfillment provider securely.
What remains is how to get the data out of Volusion. We've had several answers and none have panned out:
Use the API. The API documentation is very light, and doesn't make clear how to get CC data out.
Fill out a verification form and you can "view" it. This came from their customer service department, but they were very shaky on details.
Query the database directly. It's not clear whether this is feasible.
If someone here has handled external credit card processing on Volusion before, we're interested in how to get this done. What the process is to get these fields enabled in the XML API and the format of those fields would be enough, or some other approach - whatever gets us to the finish line.
I am pretty sure that Volusion will not ever release customer's Credit Card information to you via an API or any other means.
maybe this will help you do more research:
http://devwiki.volusion.com/index.php/Customers_Export
http://devwiki.volusion.com/index.php/Orders_Export - the closest you can get is the last 4 of the CC number.
A better design pattern would be to charge the customer at purchase time, if the drop shipper cannot fulfill the order cancel the order and refund the transaction.
You cannot extract the credit card number through the Volusion API. The only way to do it is contact Volusion Support have them enable the displaying of credit card numbers within your Admin. They will probably have you sign a wavier that you will follow PCI compliance.
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
Storing credit card details
I'm working on creating an architecture for a site where users can login and buy products. My boss would like the checkout page to remember the user's credit card info so they don't have to enter it every time, like Amazon.
I don't want to store credit card info in a database for a variety of reasons; I refuse to do it. But my boss insists on the site remembering the user's credit card info.
So, how can this be accomplished? It obviously is being done, unless sites like Amazon are storing user's credit card info and making it extremely secure.
Some companies do indeed store credit card information. If they're responsible, they conform to the Payment Card Industry Data Security Standards. This can be quite expensive, so companies often partner with third parties to handle these transactions.
You could use a service like Authorize.NET's Customer Information Manager CIM. Many other payment gateways offer similar solutions. You store the payment information with them once, then make future requests for payments using a payment profile ID instead of the actual payment information. Another popular company that offers similar services is Braintree Payment Solutions.
Why not encrypt it and make a decryption program that will only allow one CC at a time to be accessed? Maybe something like that would work.
I guess even before that, you have to ask yourself whether or not the user even wants that type of functionality. The only web sites that I might want to keep my CC info stored on are Amazon.com, PapaJohns.com, and maybe one or two others. If you are selling pool equipment, doors, stereo equipment, or something like that, your boss is an idiot.