Customise 4D Business Kit To Fit Your Needs

Accepting / Verifying Payment Information
Technical Note 02-49

Introduction

With over 60% of U.S. households having access to the Internet, more than half shop from home or work on a weekly basis. In fact, according to Ipsos-Reid, a leading research company, of the 100 million Americans (and growing) who use the Internet, half of them will spend at least $500 shopping online this year. What this information means is that if you're not selling online, you're missing a significant revenue opportunity. And with advances in technology, selling online has never been easier or more cost-effective. Case in point, is the 4D Business Kit, which allows you to deploy your E-commerce solution in a short period of time.
The main advantage of having an online store is that it allows you to be open for business 24 hours a day, 7 days a week. Not only is this is an important convenience for your customers; it also means more opportunity for you, as the merchant. With the right E-commerce solution implementing the right payment-processing tool, the cost savings associated with the function of a full time staff to handle your transactions and orders are enormous. Most of what you need is all done automatically for you. Since an online store is no longer an option for a successful business, the most important part of selling online is accepting payments from your customers.
Online payment processing offers a customer the convenience of submitting their credit card or other form of payment on your Web site, and for you to actually receive the money from this transaction. Online payment processing requires coordinating the flow of transactions among a complex network of financial institutions and processors. Lucky for us, most of what goes on behind the scene are handled by the payment gateway. Armed with this information and this Tech Note, you will be able to set up an integral part of your E-commerce solution using the 4D Business Kit.

Knowledge of Payment Gateways

The most important step in putting your Web site to work for you, is accepting payments online. To help you accomplish this, payment gateways provide the access to a network of banks and financial institutions so that payment information can be routed securely and reliably. Because payment information is very sensitive, choosing a payment gateway requires understanding in the way they work and trust in their services. Two such companies are VeriSign and Authorize.net. The services provided by both these companies can be seamlessly integrated into 4D Business Kit. Another payment gateway that will work great is Paypal.

The picture below describes a payment gateway integrated into 4D Business Kit (Merchant).

1. The Consumer places an order with the merchant through the web site.
2 a. A secure connection to the payment gateway via the Client's browser. (using a linking options of the payment gateway)
2 b. A secure connection to the payment gateway via the 4D Business Kit Server.
2. A connection is made to the payment gateway via 2a or 2b.
3. The Authorisation Request received by the payment gateway is encrypted and then forwarded to the Consumer's Credit Card Issuer to verify the consumer's credit card account and that funds are available.
4. The Credit Card Issuer's Response is returned to the payment gateway.
5. This response is then forwarded back to the merchant. This process usually takes less than 3 seconds (steps 4 and 5).
6. Upon approval, the Merchant fulfills the consumer's order.
7. During settlement, the Credit Card Issuer receives a settlement request from the payment gateway.
8. Transaction is settled when Credit Card Issuer deposits funds into the merchant account.
9. The Merchant Account Provider deposits transaction funds into the Merchant's Checking Account.

Types of services offered by Payment Gateways

There are two types of services offered by payment gateways. In the above diagram, they are steps 2a and 2b. The differences between them are subtle to the consumer, however the implementation between them varies greatly.

Step 2a)
The connection to the payment gateway is made via a direct connection initiated by the server, in this case 4D Business Kit. By using a 4D Business Kit command, 4DBKCreditCardProcess, a script written for either Verisign or Authorize.net's services is called and the connection is made to the respective payment gateway. Your customers never leave your site to authenticate the payment option, and are unaware of anything that happens "behind the scene" on the server side.

The direct connection service uses a client/server architecture to transfer data from your 4D Business Kit server to the payment gateway, which then returns the result back to 4D Business Kit after the request has been processed. This type of service is a TCP/IP based Internet payment solution that is pre-integrated into 4D Business Kit. They are multi-threaded, which allows for multiple concurrent transactions from a single client (in this case, the 4D Business Kit server acts as a client to the payment gateway).
You will need to have a certificate in order to use this service. The certificate is required to securely accept personal information from your customers.
The advantages of a direct connect is that you keep your customers on your site at all times, you have full control of your what goes on before, during and after the request. It is the most automated solution for a merchant. The disadvantage is that it cost more than the link method and a larger traffic volume is necessary to make this option viable.

Step 2b)
The second option, is most commonly referred to as the link method. The connection to the payment gateway is made via the client's browser by clicking on a "submit" button. This type of service is an HTTP-based Internet payment solution that can easily be integrated with 4D Business Kit. All that is necessary is the few lines of HTML code provided by your payment gateway to include on your web page.
When the customers are ready to check out, they click on the button on the web page that makes a request to the payment gateway. A page that is served by the payment gateway, instead of 4D Business Kit is delivered to the client's browser. At this point, the customers temporarily leave your site to finish the authorisation. When the authorisation is completed, your customers will then be re-directed back to your site to finish the transaction.
Your payment gateway will provide all the codes necessary for you to do this. You can use 4D Business Kit code to pass customer information as well as shopping cart information to the payment gateway.

The advantages of an HTTP-based solution are, it is also easy to implement and maintain, ideal for merchants who process low to medium amount of orders, cheaper and more cost effective for low volumes, may not need a certificate (since you wont be responsible for making the secure connection for authentication). The disadvantage is that your customers leave your site momentarily as they connect to your payment gateway's site and then re-enters your site. The site differences and visual differences may deter your customers from continuing their purchase.

4D Business Kit supports this type of service offered by Verisign, Authorize.net, PayPal, and many more.

The two options of payment gateways are described in detail below, grouped by the two companies that we have discussed.

VeriSign's PayFlow payment gateways

PayFlowPro is a service offered by VeriSign that allows your server(s) to make the secure connection to VeriSign's servers to process the authentication and verification request. 4D Business Kit will connect to VeriSign using the PayFlowPro service via a payment script written specifically for use with the 4D Business Kit. You will need to fill in the login information for your VeriSign account in the Services tab of your store properties window on the 4D Business Kit application.

The script file is a text file called US_VeriSign_PFP.txt. This file is located in:

[Your 4DBK Root Directory]\Services\Payments\CreditCard directory.

To call the script, the tag command 4DBKCreditCardProcess is placed in the HTML file, along with a list of parameters passed to it. In the example below, this command is used with the 4DBKExecute command, and they are called from a JavaScript function.

This JavaScript function takes a form that the customer fills out as a parameter. Within the function, the values of the fields from the form are pass in as parameters to the 4DBKCreditCardProcess command. This command takes in a total of five parameters: the script file to use, the credit card number, the expiration date, the amount to charge, and the currency. In the ValidateOrder function, I've combined the amount to charge and the currency together into one JavaScript variable called "amountholder". You can see that it is possible to assign a JavaScript variable a value from 4DBK simply by using a 4DBK tag.

Note: to use the EncodeURL() JavaScript function, you must have the following line placed before the body in your HTML file:

This will include a JavaScript library file in which the EncodeURL() function can be found in.

Once the customer has completed the form and pressed the submit button, a chain reaction will occur. First, the values received from the form will be passed into the OrderValidate function. Second, those same form values will then be passed to the 4DBKCreditCardProcess command. Third, the 4DBKExecute command will execute the entire string of commands built. Lastly, based on the parameters received in the 4DBKCreditCardProcess command, 4D Business Kit will make a secure connection to VeriSign's server using port 443 to transfer the information for processing.

The same script is used to process the returned result back from VeriSign. The returned result includes whether the transaction was declined or accepted, the transaction number and a response string. These three values are then stored into 4DBK variables for you to use on your web page to determine what to do with the order. The three variables you can then use are: 4DBKCreditCardCode1, 4DBKCreditCardText and 4DBKCreditCardTID.

4DBKCreditCardCode1 will return a "0" if approved, anything else means either declined or unapproved. On the page that the JavaScript function OrderValidate() took you to, place this set of code to test for whether the transaction was approved or not.

PayFlowLink is a service that requires much less work on the merchant's part. All you have to do is to insert a piece of HTML code onto your site where the customer is ready to check out. The code creates a form statement that accepts some values and is passed onto the URL specified by the code. Here is the code:

You can see how the customer information stored in the 4DBK tags can be extracted and integrated with the HTML code provided by VeriSign. Once the customer clicks the submit button to continue with the purchase, the "action" attribute of the form statement will execute and connect the client's browser to the server specified by the URL.

With this type of account, you can customise a page that is being served by VeriSign's own servers to have the look and feel of your store. With this type of account you will also be able to login to VeriSign and set up your transaction parameters, such as a return URL to send transactions that are approved.

Before any of this will work, you will have to sign up for a test account. You can obtain test accounts by signing up with VeriSign at this URL below.

http://www.verisign.com/products/payment.html

Authorize.net's Merchant Solutions payment gateways

The Advanced Integrated Method (AIM), previously known as ADC Direct Response is very similar to VeriSign's PayFlowPro payment system. In the AIM system, 4D Business Kit also acts as a client, connecting to Authorize.net's servers to process the authentication and verification request. You will need to fill in the login information for your Authorize.net account in the Services tab of your store properties window on the 4D Business Kit application.

The script file that will be called is, US_AuthorizeNet_ADC.txt. This file is located in:

[Your 4DBK Root Directory]\Services\Payments\CreditCard directory.

The call for this tag is the same as the call for VeriSign's PayFlowPro service. In fact, the only thing we have to change is in our JavaScript function. We replace the name of the script file that is passed into the 4DBKCreditCardProcess command with the US_AuthorizeNet_ADC.txt file.

One more thing that needs to be changed from VeriSign's implementation is the response codes. Authorize.net's AIM payment system will return the following three response codes: 4DBKCreditCardCode1, 4DBKCreditCardCode2, and 4DBKCreditCardText.

4DBKCreditCardCode1 will now return a "1" if approved, anything else means either declined or unapproved. Edit the page in which the JavaScript function OrderValidate() takes you to and place this set of code to test for whether the transaction was approved or not.

WebLink is the second payment gateway solution offered by Authorize.net. This is essentially the same payment solution as VeriSign's PayFlowLink. The piece of HTML code you will have to place on your site is provided below. Place this code on the page where the customer can check out. The code creates a form statement that passes a few hidden fields to the URL of an Authorize.net server for processing. Here is the code:

Here, the customer information can again be extracted and integrated with the HTML code provided by Authorize.net. Once the customer clicks the submit button to continue with the purchase, the "action" attribute of the form statement will execute and connect the client's browser to the server specified by the URL.

The above is only a sample code. You will need to have an account to proceed with this service. Please follow the URL below for more information on obtaining an account.

http://www.authorize.net/solutions/weblink.php

 

4D UK Newsletter

Please enter your email address to register for the 4D UK newsletter

International | Company | Contact 4D | Site Map | Privacy Policy | © 4D UK 1995-2009 | Change font size: [A] [A] [A] |