Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.
-
Upload
benjamin-gibbs -
Category
Documents
-
view
222 -
download
0
Transcript of Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.
Credit Card ProcessingCredit Card Processing
Gail “Montreal” Shoffey Keeler
August 14, 2007
About MeAbout Me
Contractor with TEKsystems
Current project: Reliant Energy
Working with ColdFusion over 4 years
Credit Card ProcessingCredit Card Processing
What are the first items that come to mind when you think of credit card processing?
Security
Connectivity
Components
What You Will Leave WithWhat You Will Leave With
3 key points you will leave with after the meetingAn understanding of Payment Card Industry Data Security Standard (PCI DSS)
An example of a credit card merchant’s Application Programming Interface (API)
An example of credit card components
How these skills will help in the futureProcess credit cards in real time
Store credit card information within PCI compliance
Create your own final step in a shopping cart
FocusFocus
What is PCI compliance?
PCI CompliancePCI Compliance
Secure your business• Intellectual and Web property• Credit card data/account information protected• Transaction information locked
Store data in inaccessible areas• From locks to scanning devices
Payment Card Industry (PCI)Payment Card Industry (PCI)
PCI History5 major credit card brands:
Visa
MasterCard
American Express
DiscoverCard
JCB International
PCI Security Council founded in June 2005Competitor brand-specific requirements intersecting
Single standard for protecting credit card data
Based on ISO 17799 information security standardThere are 12 main requirements
PCI Controls 1 of 2PCI Controls 1 of 2
Build and Maintain a Secure NetworkInstall and maintain a firewall configuration to protect cardholder data
Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data Protect stored cardholder data
Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program Use and regularly update anti-virus software
Develop and maintain secure systems and applications
PCI Controls 2 of 2PCI Controls 2 of 2
Implement Strong Access Control Measures Restrict access to cardholder data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data
Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes
Maintain an Information Security PolicyMaintain a policy that addresses information security
FocusFocus
What is PCI compliance? Why use APIs?
Application Programming InterfaceApplication Programming Interface
The Application Programming Interface (API) consists of several sets of related methods or functions that specifies how two different computers can communicate
Platform independent
Facilitates subsequent developers who may need to tap into new services
Using the API offers greater advantages into your organization’s business needs
API AdvantagesAPI Advantages
CyberSource API ChoicesCyberSource API Choices
Linux Solaris Windows
ASP/COM X
C X X
Java X X X
.NET X
PHP X X
Perl X X
General API DocumentationGeneral API Documentation
Java API DocumentationJava API Documentation
FocusFocus
What is PCI compliance? Why use APIs? Where’s the code?
Load the configuration
Create properties object
Create credit card object
Process the results
Combine into a transaction object
The ProcessThe Process
Load the ConfigurationLoad the Configuration
<merchantID>your merchant ID</merchantID><keysDirectory>C:\CFUGMD\secure\certificate</keysDirectory><sendToProduction>false</sendToProduction><targetAPIVersion>1.26</targetAPIVersion><keyFilename>CFUGMDkey.p12</keyFilename><namespaceURI>urn:schemas-cybersource-com:transaction-
data-1.26</namespaceURI><enableLog>true</enableLog><logDirectory>C:\CFUGMD\secure\log</logDirectory><logFilename>cybs.log</logFilename><logMaximumSize>10</logMaximumSize><timeout>130</timeout><useHttpClient>false</useHttpClient>
Parse the PropertiesParse the Properties
// init CyberSource params
csMerchantID = this.getSettingsParam("merchantID");csKeysDirectory = this.getSettingsParam("keysDirectory");csSendToProduction = this.getSettingsParam("sendToProduction");csTargetAPIVersion = this.getSettingsParam("targetAPIVersion");
csKeyFilename = this.getSettingsParam("keyFilename");csServerURL = this.getSettingsParam("serverURL");csNamespaceURI = this.getSettingsParam("namespaceURI");csEnableLog = this.getSettingsParam("enableLog");csLogDirectory = this.getSettingsParam("logDirectory");csLogFilename = this.getSettingsParam("logFilename");csLogMaximumSize = this.getSettingsParam("logMaximumSize");csTimeout = this.getSettingsParam("timeout");csUseHttpClient = this.getSettingsParam("useHttpClient");
Add Merchant-Specific ValuesAdd Merchant-Specific Values// CyberSource-specific values for credit cardscsCreditCardType = arguments.creditCard.getCcType();
switch(csCreditCardType){case "VISA":
csCreditCardValue = '001';break;
case "MASTERCARD":csCreditCardValue = '002';break;
case "AMEX":csCreditCardValue = '003';break;
case "DISCOVER":csCreditCardValue = '004';break;
case "JCB":csCreditCardValue = '007';break;
default:csCreditCardValue = '';
}
Create Properties ObjectCreate Properties Object
// create csProps - Properties object and init object constructorcsProps = createObject("Java","java.util.Properties");csProps.put("merchantID",csMerchantID);csProps.put("keysDirectory",csKeysDirectory);csProps.put("sendToProduction",csSendToProduction);csProps.put("targetAPIVersion",csTargetAPIVersion);csProps.put("keyFilename",csKeyFilename);csProps.put("namespaceURI",csNamespaceURI);csProps.put("enableLog",csEnableLog);csProps.put("logDirectory",csLogDirectory);csProps.put("logFilename",csLogFilename);csProps.put("logMaximumSize",csLogMaximumSize);csProps.put("timeout",csTimeout);csProps.put("useHttpClient",csUseHttpClient);
Create Credit Card ObjectCreate Credit Card Object
// create csRequest - HashMap objectcsRequest = createObject("Java","java.util.HashMap");csRequest.put("billTo_city",arguments.creditCard.getCcCity());csRequest.put("billTo_country",arguments.creditCard.getCcCountry());csRequest.put("billTo_customerID",1); // optional good for level 2csRequest.put("billTo_email",arguments.creditCard.getCcEmail());csRequest.put("billTo_firstName",arguments.creditCard.getCcFirstName());csRequest.put("billTo_lastName",arguments.creditCard.getCcLastName());csRequest.put("billTo_postalCode",arguments.creditCard.getCcZip());csRequest.put("billTo_state",arguments.creditCard.getCcStateProvince());csRequest.put("billTo_street1",arguments.creditCard.getCcAddress1());csRequest.put("billTo_street2",arguments.creditCard.getCcAddress2());csRequest.put("card_accountNumber",arguments.creditCard.getCcNumber());csRequest.put("card_cardType",csCreditCardValue);csRequest.put("card_cvIndicator","1"); // 0, 1, 2, 9csRequest.put("card_cvNumber",arguments.creditCard.getCvvCode());csRequest.put("card_expirationMonth",arguments.creditCard.getCcExpMonth());csRequest.put("card_expirationYear",arguments.creditCard.getCcExpYear());csRequest.put("ccAuthService_commerceIndicator","internet"); // internet (default): eCommerce transaction.csRequest.put("ccAuthService_run","true");csRequest.put("ccCaptureService_run","true");csRequest.put("comments","Payment made via EFT Module");csRequest.put("item_0_unitPrice",csAmount); // loop to check the items purchased note: this is the totalcsRequest.put("merchantID",csMerchantID);csRequest.put("merchantReferenceCode",cookieFacade.getValue("jsessionid"));csRequest.put("purchaseTotals_currency","USD");
Combine Objects in TransactionCombine Objects in Transaction
// CREDIT CARD AUTHORIZATION AND CAPTURE REQUEST
csReply = createObject("Java","java.util.HashMap");
csReply = createObject("Java","com.cybersource.ws.client.Client").
runTransaction(csRequest,csProps);
Code responseCode response
<!--- check to see if response was error or denied ---><cfif StructFind(csReply, "decision") IS 'ACCEPT'><cfset eftResponse = structNew() /><cfset eftResponse.transactionReference = StructFind(csReply, "requestID") /><cfset eftResponse.transactionToken = StructFind(csReply, "requestToken") /><cfset eftResponse.amountCharged = StructFind(csReply, "ccCaptureReply_amount") /><cfset eftResponse.cardholderName = arguments.creditCard.getCardholderName() /><cfset eftResponse.creditCardType = arguments.creditCard.getCcType() /><cfreturn eftResponse />
<cfelse><!--- init errors --->
</cfif
Credit Card ComponentsCredit Card Components
type
Your Questions & CommentsYour Questions & Comments
Key Learning ObjectivesKey Learning Objectives
Security, compliance and the law
APIs are the best connectivity
Use components
BLOGSBLOGS
Phill Nacelli
http://www.phillnacelli.net
Scott Stroz
http://www.boyzoid.com
Special Thanks Go ToSpecial Thanks Go To
Montreal
http://www.montrealoncf.org