how & why payment gateways
DESCRIPTION
How & Why Payment Gateways. By: Syed Imran Ali Rizvi. Agenda. What is Payment Gateway Terminology Flow of Payment Process Type of P ayment Gateways SSL and Security Advantages and Disadvantages Examples… What to ask in third payment gateway parties ? Most F amous Payment Gateway. - PowerPoint PPT PresentationTRANSCRIPT
How & Why Payment Gateways
http://kb.nextbridge.org 1
By: Syed Imran Ali Rizvi
Agenda• What is Payment Gateway• Terminology• Flow of Payment Process• Type of Payment Gateways• SSL and Security• Advantages and Disadvantages• Examples…• What to ask in third payment gateway parties?• Most Famous Payment Gateway
2http://kb.nextbridge.org
What is Payment Gateway?
A payment gateway provides a secure transaction between your online store and your internet merchant account.
3http://kb.nextbridge.org
Terms Related to Payment Gateway
• E-commerce
• Web Services
• Payment Processes
4http://kb.nextbridge.org
E-commerce
• Electronic Commerce, commonly known as (electronic marketing) e-commerce or eCommerce, consists of the buying and selling of products or services over electronic systems such as the Internet.
Web Services
• A Web service supports interoperable machine-to-machine interaction over a network”.
• For accessing every web service we need an API(Application Program Interface). • Web service is a platform independent.
6http://kb.nextbridge.org
Payment Process
A payment process is nothing but the transaction of money between the users and merchant (owner of the product).
In payment process we need there are 2 types of accounts.
• Business Account (user / buyer of goods)
• Merchant Account (owner / seller of goods )
7http://kb.nextbridge.org
Flow of Payment Process
8http://kb.nextbridge.org
Working of Payment Gateway • Visitor places the order on the website and it is sent to the merchant's web server in encrypted
format. This is usually done via SSL (Secure Socket Layer) encryption.
• The transactions details are then forwarded to the concerned Payment Gateway.
• The transaction information is then passed on to the merchants acquiring bank by the Payment Gateway.
• Merchants acquiring bank then forwards the transaction information to the issuing bank (one that issued the credit card to the customer).
• Then the card issuing bank sends a response back to the Payment Gateway. The response includes information that whether the payment has been approved or declined. In case of declination the reason is also sent in the response.
• The response is then forwarded by the Payment Gateway to the merchant’s server.
• At merchants server the response is encrypted again and is relayed back to the customer. This allows the customer to know that whether the order has been placed successfully or not.
• The entire process typically takes less than 5 seconds
9http://kb.nextbridge.org
Types of Payment Gateways
Com based Gateways– Requires that you install a software called a DLL provided by the gateway
company on your web hosting server.– Require that you have your own dedicated SSL certificate.
XML transport Gateway– Do NOT require a DLL install, they use a facility already installed on most servers.– Requires SSL certificate.
Form based Gateways– Do Not require any extra software to be installed on your web hosting– Some, but not all, require that you have your own SSL certificate.
10http://kb.nextbridge.org
What is SSL?
SSL stands for Secure Socket Layer
• Payment Gateways encrypt sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant.
• SSL used HTTPS protocol and was originally developed by Netscape in February 1995.
• SSL use 443 port instead of 80.
11http://kb.nextbridge.org
Security
• Since the customer is usually required to enter personal details, the entire communication of 'Submit Order' page (i.e. customer - payment gateway) is must carried out through HTTPS protocol.
• To validate the request of the payment page result, signed request is often used - which is the result of the hash function in which the parameters of an application confirmed by a «secret word», known only to the merchant and payment gateway.
• To validate the request of the payment page result, sometimes IP of the requesting server has to be verified.
http://kb.nextbridge.org 12
Advantages• Credit card validation and
processing in real time.
• Helps the business to go online & be available to users worldwide 24 hours a day 7 days a week.
• Less fraud (but there are many stolen credit card numbers floating around)
• Money is normally deposited into your bank account automatically.
• Reports and refunds normally allowed via browser by gateway company.
DisadvantageEvery gateway company charges fees. Fee can include some or all of the following:
• Fixed fee per month
• Percentage fee per amount spent
• A fixed fee per transaction
• In addition your own bank or the gateway's bank will charge a merchant fee for the privilege of allowing credit card purchases. This can range from 1-5% or more.
13http://kb.nextbridge.org
PayPal (As an example)
14http://kb.nextbridge.org
<?php require_once("paypal_pro_signature.inc.php");$firstName = ‘Imran'; $lastName = ‘Ali'; *$creditCardType = ‘VISA'; *$creditCardNumber = ‘4111111111111111'; *$expDate = ‘0315'; *$cvv2Number = ‘123'; address1 = ‘test address1'; $address2 = ‘test address2'; $city = ‘test city'; $state = ‘CA'; $zip = ‘92030'; *$amount = ’55.65'; $currencyCode = ‘USD'; $methodToCall = ‘DoDirectPayment';
$nvpstr='PAYMENTACTION=‘Sale'&AMT='.$amount.'&CREDITCARDTYPE='.$creditCardType.'&ACCT='.$creditCardNumber.'&EXPDATE='.$padDateMonth.$expDateYear.'&CVV2='.$cvv2Number.'&FIRSTNAME='.$firstName.'&LASTNAME='.$lastName.'&STREET='.$address1.'&CITY='.$city.'&STATE='.$state.'&ZIP='.$zip.'&COUNTRYCODE=US&CURRENCYCODE='.$currencyCode;
$paypalPro = new paypal_pro(‘api_username’, ‘api_password’, ’api_signature’);$resArray = $paypalPro->hash_call($methodToCall,$nvpstr);if(stristr($resArray["ACK"], 'Success') || stristr($resArray["ACK"], 'SuccessWithWarning')){
// success}else{
// failedprint_r($resArray);
}
http://kb.nextbridge.org 15
function hash_call($methodName,$nvpStr){$ch = curl_init();curl_setopt($ch, CURLOPT_URL,’ https://api-3t.paypal.com/nvp’);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_POST, 1);$nvpreq = "METHOD=".urlencode($methodName)."&VERSION=".urlencode($this-
>VERSION)."&PWD=".urlencode($this->API_PASSWORD)."&USER=".urlencode($this->API_USERNAME)."&SIGNATURE=".urlencode($this->API_SIGNATURE).$nvpStr;curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq);$response = curl_exec($ch);curl_close($ch); if (curl_errno($ch)){
die("CURL send a error during perform operation: ".curl_errno($ch));} else {
return $response;}}?>
http://kb.nextbridge.org 16
What to ask in third payment gateways parties?• How long has this company been in service?• What is the company history?• How long has their particular software package been in
use?• Can you test a demo software?• How much will the setup and service bundle cost?• How much are processing costs and fees?• Dose the system needs special installation equipment?• Who are the customers that already exist and uses this
system?
Most Famous payment gateways
18http://kb.nextbridge.org
Queries?
Credits
• Training Head– Wajhe Muhammad
• Training Managers– Fahad Shakeel– Nazar Hussain
• Coordinator– Tehseen
• Presenter & Content by– Syed Imran Ali Rizvi
http://kb.nextbridge.org 19
This Training is available at
http://kb.nextbridge.org
Thank You