Strahl ASP Connections AGA304 Integrating Electronic Payments

8/3/2019 Strahl ASP Connections AGA304 Integrating Electronic Payments

1/21

Integrating Electronic Payment

Processing into Web ApplicationsAGA304

Rick Strahl

West Wind Technologieswww.west-wind.com


2/21

Rick Strahl Who am I?

President West Wind Technologies

Developer Tools Vendor on Maui, Hawaii

Specialty software development and training

Web and Enterprise Development

Focus on .NET

Microsoft MVP C#

Working with Microsoft tech for 18+ years

Co-Publisher of CoDe Magazine

Author Over 75 magazine articles

Large .NET article white paper archive atwww.west-wind.com/articles.asp

My Web Logwww.west-wind.com/weblog/


3/21

What we'll cover

How the Process works Payment flow through the system

How do you sign up?

What does it cost?

Integration into your Site Taking payments on your Web site

Making the process transparent to the user

Application managed shopping cart perspective

Processors Authorize.NET, PayFlow Pro, LinkPoint

PayPal, PayPal Payments Pro


4/21

How online Credit Card Processing works

Your Web Applicationtakes orderssends order payment info for processing

Gateway ProcessorGateway Processorprovides Internet based APIprovides Internet based API

sends CC info to processing networkssends CC info to processing networks

(Authorize.NET, Verisign, Linkpoint etc.)(Authorize.NET, Verisign, Linkpoint etc.)

Your Bank AccountYour Bank Account

receives paymentsreceives payments

usually after few business daysusually after few business days

Front End Networkprocesses the actual card

talks to card issuing banksreturns authorization code

(PaymentTech, FirstData, Global Payment, Nova)

Merchant Service ProviderMerchant Service Providerpayment 'escrow' bankpayment 'escrow' bank

receives payments, handles disputesreceives payments, handles disputes

calculates merchant percentagescalculates merchant percentages

(PaymentTech,Wells Fargo,Synergy,AMEX,CardServices etc.)(PaymentTech,Wells Fargo,Synergy,AMEX,CardServices etc.)

AMEX

Diners etc.

Back End Networkprocesses settlements

communicates with merchant bank(PaymentTech, FirstData, Global Payment, Nova)


5/21

Who's involved in a Transaction(transaction processing)

Your Web Site Takes the initial order, submits for CC Processing

Receives confirmation or failure and displays result

Handles confirming order and items

Gateway Services

Provide the 'developerAPI' front end and Internet Gateway Pass off to the various processing networks

Front End Network Front end to Card Issuing Banks

Banks authorize and provide transaction detail

Authorization picked up by Gateway

Back End Network Handles settlements of transaction batches

Talks to Card Issuing banks

Holds authorized funds or passes them on to the merchant bank


6/21

Who's Involved in the Transaction(payment processing)

Merchant Service Provider Acts as Intermediary bank that receives payment

Splits merchant percentage off, pays CC company and you

Handles operational issues like Fraud, Chargebacks, complaints

Issues statements to you

Your Bank Your regular business bank account

Receives any approved funds after a few days

AMEX, Diner, Discover etc. Directly interface with your bank account

Directly deduct merchant percentages

No 'merchant fees', but higher rates


7/21

Paying 'the Man'

You pay each step in the chain Make sure you do your homework

The 'little' charges add up

Gateway Service Monthly access to the Gateway

Usually pretty cheap ($15-$30-$60)

Merchant Service Provider Monthly charge which includes a set number of transactions

Based on per transaction fee (US $.20-.40)

Administration/Statement fee (US $10)

Credit Card Companies Merchant percentage based on transaction

Visa/MasterCard: 2.0-2.5% or3.5-4.0% (bus/int'l) AMEX: Flat 3.5-4.0%


8/21

Signing up

Brand new account

Easiest: Sign up with a reseller provider and

let them provide you with gateway and merchant account

Mix and match

Existing bank account

Your bank works with a specific CC Processing Network

When you sign up with a Gateway provider you have

to make sure that the Gateway supports the network

'Big' or local banks often use Nova, FirstData

AMEX, Discover, JCB Diners are separate

Use their own networks and require separate signup

Transfer directly to your bank (no merchant provider)


9/21

Pick a Gateway

Lots of Gateways available Many more are resold by resellers

Be careful of resellers they usually add no value!

Some of the most common ones Authorize.Net

Verisign PayFlow Pro

LinkPoint

PaymentNet, SecurePay, WorldPay, iTransact, CyberSource

Compare Rates Rates often vary significantly

Some 'Providers' like Verisign do one-stop setup andprovide both gateway and merchant services as package


10/21

Gateway Providers

Authorize.NET Very easy to integrate (AIM)

POST values, comma delimited response

Very fast (2-5 seconds)

Cheap - $15 a month / free setup ($175 cancellation)

Verisign PayFlow Pro COM or C++ based API

Best accessed via COM Interop in ASP.NET

$60 a month / $249 setup

LinkPoint High risk provider

Usually more expensive

Exclusively resold through 3rd party providers Often required by 'big banks' forInternet business

Very tight credit validation causes many card declines


11/21

Web Site Integration

Your shopping cart handles shopping experience Users use yourASP.NET cart implementation

Your app adds items, checks out

Your app accepts their user information and CC info

You pass off Credit Card Processing to Gateway Your code fires a call to the Gateway API Gateway processes the Credit Card Transaction

Returns a result code to you

You confirm the order

Success: Display order confirmation page

You send email confirmation, then ship or send download link

Error: If unsucessful you handle error display/management

Different gateways vary in their error messages


12/21

Online orOffline Processing?

Online Processing Orders are processed immediately as user works

Immediate feedback to user

If products are electronic immediate 'shipment'

Immediate failure feedback: 90% is invalid user input!

P

otential for fraud

Offline Processing More secure you get a chance to review orders

Required if additional checks need to be performed

Example: Software Updates might require verification

Mix and Match Allow automatic processing for straight items

Hold orders that have 'special' items for verification


13/21

Create a Credit Card Processing class

Take CC processing out of the front end! Chances are you will re-use it in multiple places

example: Web app and Desktop app both use CC processing

Chances are you will switch providers over the years

Create a front end class that provides provider abstraction

CC information is fairly uniform across providers You send the same basic set of information

Switching between providers is useful

Class interface simplifies setting up a new provider

ccProcessing Base class Provides the base interface for all properties

Provide specific implmentations for each provider

ccAuthorizeNet, ccPayFlowPro, ccLinkPoint etc.


14/21

Credit Card Capture Security

Never, ever redisplay full card to user! You can capture cards and store them

If you need to redisplay always trim off the end or use ****

Ask for card security code Minimize card fraud of stolen CC numbers

Using it often reduces your transaction merchant percentage

Don't hold on to CC numbers

Once processing is done and approved you can get rid of CCs If you need to issue credits ask for the card again from customer

If you do hold on to card numbers, encrypt them


15/21

What about PayPal? (standard)

PayPal's not a merchant provider Money transfers into yourPayPal account

But it requires users to have a PayPal account

Good choice for starting out and small businesses

It's a very economical and quick way to get started! No startup fees

Approval process is easy

You only pay a percentage of your sale no other fees!

Appeals to many customers No need to give you a credit card

You don't handle Credit Cards less risk for you

Many people have accumulated PayPalmoney in their accounts


16/21

Integrating PayPal (standard)

Disconnected UserInterface Requires you go through the PayPal Web site

Exits your site, goes to PayPal, then returns

Somewhat unprofessional

Non-seamless Integration

Can't be isolated as 'business process'

Can't be made completely generic

Requires mixing UI logic and business logic

Can't be used from a desktop application

Requires HTML interfaces

Auto-validation requires a Web server callback (IPN)


17/21

Order FormOrder Formwww.myserver.comwww.myserver.comorderform.aspxorderform.aspx

takes order infocreates own totals

sends info to PayPal

shows completion, butshows completion, butshould not confirm ordershould not confirm order

PayPalPayPalPayment FormPayment Form

www.paypal.com

shows payment Form

redirects to URL on your site

PayPal Payments

redirects to

IPN ConfirmIPN Confirmwww.myserver.comwww.myserver.comPayPalConfirmation.aspxPayPalConfirmation.aspx

nonnon--visual pagevisual pageconfirms order to PayPalconfirms order to PayPalallows you to fulfil orderallows you to fulfil order

HTTP POST

PayPalPayPalIPN ConfirmIPN Confirm

www.paypal.com

internally activated

POSTs to URL on your site

checks confirmationHTTP POST


18/21

PayPal Payments Pro

PayPal goes Merchant Services Flat rate for all cards!

Good rates

Higher rejection rates

Awkard Configuration and Testing Requires several separate toolkits

Uses custom SSL implementation

Requires private keys and key installation Documentation is inadequate

Error reporting from server is not end user ready


19/21

Summary

Do your homework Check rates and read the fine print in contracts Beware of hidden fees

Test your setup

Test your setup thouroughly before going live Take advantage of test gateways

My recommendation? I use Authorize.NET with MerchantPlus

Good rates, low fees, fast and good customer service

Authorize.NET API is easy to integrate (no setup) And no they don't pay me for this


20/21

Resources

Authorize.Net Merchant Plus

Price: $14.95/month + $9.95 Statement Fee, Free setup, $.05 pertransaction + Merchant Percentages/Fees

Verisign PayFlow Pro Direct Signup

Price: $60/month, $249 setup, $.10 per transaction + MerchantPercentages

LinkPoint Available with 'merchant packages'

Available from many bank internet packages

Wouldn't recommend as first choice

PayPal Direct Signup

No startup fees, no monthly fees

Percentages on purchase


21/21

Resources

Updated Downloads

Updated Slides

30 page Session Notes document ccProcessing Classes

Small Sample Application www.west-wind.com/conferences/Conn_2006_ECommerce.zip

Strahl ASP Connections AGA304 Integrating Electronic Payments

Documents

Transcript of Strahl ASP Connections AGA304 Integrating Electronic Payments