Hi,
I’ve done a lot of research on the hosted payment process, and I’ve got the general idea, I’d just like some clarification on a few specifics.
So say I’ve set up my merchant account and payment gateway (authorize.net) and I now need to integrate my payment gateway with my custom shopping cart.
My requirements:
> Don’t leave my site (or at least appear not to)
> Don’t store users card details or sensitive data
Am I right in saying that I’d need an SSL certificate for the site, then I’d pass the required values to the payment gateway via a form, and then after a few seconds I’d receive a response code which I can then display to the user? Simple as that?
Therefore I wouldn’t have to keep any of the payment details apart from delivery address and contact details.
Is this correct? If not, what would happen differently?
Many thanks in advance!
Authorizenet offers two integration methods: SIM (Simple Integration Method) and AIM (Advanced Integration Method). Neither works quite the way you described.
SIM is the “hosted payment page” method. The customer will leave your site when it’s time for payment. The page will not look exactly like the rest of your checkout process, Authnet’s customization options are limited. They are returned to your site after making payment. Since no payment information is ever submitted to your website, you don’t need an SSL certificate.
AIM keeps the user on your site, but credit card data is submitted directly to you and only passed on to authnet in the background. You need an SSL certificate, and you need to become PCIDSS compliant. You’ll be contractually obligated by your merchant account provider to fill out the PCI compliance questionnaire, lock down your servers, create security and access policies, and have your server scanned quarterly to certify your compliance.
Thanks for the response!
Okay AIM sounds like what I’m looking for.
So the user will enter their card details on my site, that doesn’t mean I have to store them does it, don’t I only need them so I can pass them to authnet in the background? Do I pass authnet form fields? Do they send a response code to say if the transaction is successful?
You do not need to store anything. You just pass on the information to Authnet. You get a response code, among other things, back.
There is a full integration guide on the Authorizenet website that tells you everything you need to know. Do a bit of searching and you’ll likely find plenty of example code for whatever language you’re programming in.
Okay thanks for your help!