credit card transaction processing for e commerce web sites with java l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Credit Card Transaction Processing for E-commerce Web Sites with Java PowerPoint Presentation
Download Presentation
Credit Card Transaction Processing for E-commerce Web Sites with Java

Loading in 2 Seconds...

play fullscreen
1 / 48

Credit Card Transaction Processing for E-commerce Web Sites with Java - PowerPoint PPT Presentation


  • 289 Views
  • Uploaded on

Credit Card Transaction Processing for E-commerce Web Sites with Java. Sean C. Sullivan sean@seansullivan.com. Agenda. Credit card fundamentals Credit card transaction processing Solutions for Java developers Q & A. Credit Cards. Credit Cards 101. Card number Expiration date

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Credit Card Transaction Processing for E-commerce Web Sites with Java' - Gabriel


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
credit card transaction processing for e commerce web sites with java

Credit Card Transaction Processing for E-commerce Web Sites with Java

Sean C. Sullivan

sean@seansullivan.com

agenda
Agenda
  • Credit card fundamentals
  • Credit card transaction processing
  • Solutions for Java developers
  • Q & A
credit cards 101
Credit Cards 101
  • Card number
  • Expiration date
  • Card verification number
validating a credit card number
Validating aCredit Card Number
  • “Mod 10” check algorithm
  • Right-most digit is the check digit
    • 4100000000000001

Note:

Always run the Mod-10 algorithm before submitting a transaction!

example mod 10 algorithm
Example: Mod-10 algorithm
  • Number: 74385
  • (5*1) , (8 * 2) , (3 * 1), (4 * 2), (7 * 1)
  • 5, 16, 3, 8, 7
  • 5 + (1 + 6) + 3 + 8 + 7
  • Sum = 30
  • 30 mod 10 = zero
  • This number passes the algorithm.
types of credit card transactions
Types of Credit Card Transactions
  • Card present transactions
  • Card not present (CNP) transactions
participants in a credit card transaction
Participants in a Credit Card Transaction
  • Cardholder
  • Issuing bank
  • Merchant
  • Acquiring bank
typical internet transaction
Typical Internet transaction

Internet

payment

service

provider

Cardholder

Merchant’s

web site

Issuing

bank

Payment

processor

Acquiring

bank

basic credit card transaction
Basic Credit Card Transaction

Two steps:

  • Authorization
  • Settlement
authorizations
Authorizations

Authorization request

Merchant

application

Internet

payment

service

provider

Authorization response

Authorization takes place when the customer places an order

address verification
Address Verification
  • Address Verification System (AVS)
  • Use it!
  • Added protection against fraud
  • Verifies:
    • billing street address
    • billing zip code
authorization issues
Authorization Issues
  • How long does an authorization take?
  • What if your application does not receive a response?
  • Lifetime of an authorization?
  • What if the cardholder cancels the order?
authorization reversals
Authorization Reversals
  • Undo a prior authorization
  • Types:
    • Full reversal
    • Partial reversal
  • Not universally supported
    • CyberSource: no auth reversals
settlement
Settlement
  • “settle” an authorized transaction
    • CyberSource refers to this as “bill”

For physical goods, settlement of the transaction should not occur until the merchandise is shipped to the customer.

credits
Credits
  • Refund
  • Original credit
merchant account
Merchant Account
  • Sign up for Merchant account with a financial institution

Alternative:

  • Use a payment service that does not require you to have a merchant account (ex: PayPal, CCNow)
java api for credit card transaction processing
Java API for Credit Card Transaction Processing?
  • There is no standard API
  • Must use API provided by the payment service provider
  • Every vendor has their own API
internet payment service providers
Internet PaymentService Providers
  • ClearCommerce
  • Cybercash
  • CyberSource
  • SurePay
  • Verisign
  • …and many more
choosing a payment service provider
Choosing a Payment Service Provider
  • Transaction fees?
  • Multiple currencies?
  • Integration with 3rd party web commerce products?
  • Support for required card types?
  • API / SDK?
choosing a payment service provider cont
Choosing a Payment Service Provider (cont)
  • Provides a Test server for performing “test” transactions?
  • Fraud screening services?
  • Management and Reporting tools?
  • Service and support?
  • Security? Scalability?
development issues
Development Issues
  • Explicitly open and close SSL sockets?
  • Need to license an SSL class library?
  • One connection or many?
  • Connection timeouts
  • Does the vendor’s API shield you from connection complexity?
development issues cont
Development Issues (cont)
  • How to represent money?
    • java.lang.String??
    • java.math.BigDecimal??
  • Classes to represent currency?
  • Thread safety of the vendor’s class library?
exceptional conditions
Exceptional Conditions
  • Card reported stolen
  • Card reported lost
  • Card expired
  • Invalid credit card
  • Funds not available
  • AVS: no match
cybersource
CyberSource

www.cybersource.com

  • payment service provider
cybersource26

Cardholder

Merchant

web site

SCMP

HTTP/SSL

CyberSource

CyberSource
getting started with cybersource
Getting Started with CyberSource
  • Register at
    • www.cybersource.com
  • Download
    • “CyberSource Java ICS Client Developers Kit (CDK)”
setting up the cybersource cdk
Setting up the CyberSource CDK
  • Generate cert and key pair
    • run Ecert utility
  • Edit ICSClient properties file
  • Update classpath
    • cdkjava3310.jar
cybersource credit card services
CyberSource Credit Card Services
  • Authorizations
    • ics_auth
  • Authorization Reversals
    • not supported
  • Settlement
    • ics_bill
cybersource credit card services cont
CyberSource Credit Card Services (cont)
  • Issue a credit
    • ics_credit
  • Score a transaction’s fraud risk
    • ics_score
cybersource key classes
CyberSource: key classes
  • ICSClient
  • ICSClientRequest
  • ICSOffer
  • ICSClientReply
cybersource authorization
CyberSource authorization

ICSClient client = …

ICSClientOffer offer =

new ICSClientOffer();

ICSClientRequest req =

new ICSClientRequest(client);

req.addApplication(“ics_auth”);

req.setMerchantId(“sockwarehouse”);

cybersource authorization 2
CyberSource authorization, 2

req.setCustomerCreditCardNumber(

“4111111111111111“);

req.setCustomerCreditCardExpirationMonth("12");

req.setCustomerCreditCardExpirationYear("2004");

req.setCurrency("USD");

cybersource authorization 3
CyberSource authorization, 3

offer.setAmount(“7.99”);

offer.setQuantity(1);

req.addOffer(offer);

ICSClientReply reply = (ICSClientReply) client.send(request);

slide35
Q & A
  • Questions?
credit card transaction processing for e commerce web sites with java36

Credit Card Transaction Processing for E-commerce Web Sites with Java

Sean C. Sullivan

sean@seansullivan.com

slide37
The following slides are uncategorized and are included here as reference material.

This material was omitted from the O’Reilly presentation due to time constraints.

jdollars project
JDollars Project

http://jdollars.sourceforge.net/

terminology
Terminology
  • Card Not Present (CNP)
  • Address Verification Service (AVS)
  • Chargebacks
  • MOTO
  • CVV2
best practices
Best Practices
  • Use AVS
  • Use SSL
    • Cardholder  web site
    • Web site  payment service provider
  • Protect your private keys
  • Encrypt credit card numbers
best practices cont
Best Practices (cont)
  • For Development & QA:
    • Send transactions to test server
    • Use “test” merchant account
    • Use non-production certificates
avoid bad practices
Avoid Bad Practices
  • Don’t put credit card numbers in outgoing e-mail messages
  • Don’t display credit card numbers on an unsecured web page
  • Don’t display full credit card number on a web page; instead: last 4 digits only
  • Don’t put CC #’s in browser cookies
what are you selling
What are you selling?
  • Digital goods or Physical goods
  • Leather clothing, computers/electronics, jewelry, luxury items

Tip:

If a customer orders 10 Rolex watches, it should set off a red flag!

fraud screening solutions
Fraud Screening Solutions
  • ClearCommerce FraudShield
  • CrediView
  • CyberSource Internet Fraud Screen
  • HNC Software eFalcon
  • Verisign Payflow Fraud Screen
cardholder statement
Cardholder Statement
  • Transaction amount
  • Transaction date
  • Merchant name
  • City or Phone Number
  • State
additional topics
Additional Topics
  • Chargebacks…
  • Fraud…
  • Risk management techniques…
  • Commercial cards (Level II)
  • American Express Private Payments
  • “Verified by Visa”
resources
Resources
  • www.cybersource.com
  • www.visa.com
  • www.visabrc.com
  • www.mastercard.com
  • www.merchantfraudsquad.com
  • jdollars.sourceforge.net