Credit Card Transaction Processing for E-commerce Web Sites with Java

1 / 48

# Credit Card Transaction Processing for E-commerce Web Sites with Java - PowerPoint PPT Presentation

Credit Card Transaction Processing for E-commerce Web Sites with Java. Sean C. Sullivan sean@seansullivan.com. Agenda. Credit card fundamentals Credit card transaction processing Solutions for Java developers Q &amp; A. Credit Cards. Credit Cards 101. Card number Expiration date

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Credit Card Transaction Processing for E-commerce Web Sites with Java' - Gabriel

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### Credit Card Transaction Processing for E-commerce Web Sites with Java

Sean C. Sullivan

sean@seansullivan.com

Agenda
• Credit card fundamentals
• Credit card transaction processing
• Solutions for Java developers
• Q & A
Credit Cards 101
• Card number
• Expiration date
• Card verification number
Validating aCredit Card Number
• “Mod 10” check algorithm
• Right-most digit is the check digit
• 4100000000000001

Note:

Always run the Mod-10 algorithm before submitting a transaction!

Example: Mod-10 algorithm
• Number: 74385
• (5*1) , (8 * 2) , (3 * 1), (4 * 2), (7 * 1)
• 5, 16, 3, 8, 7
• 5 + (1 + 6) + 3 + 8 + 7
• Sum = 30
• 30 mod 10 = zero
• This number passes the algorithm.
Types of Credit Card Transactions
• Card present transactions
• Card not present (CNP) transactions
Participants in a Credit Card Transaction
• Cardholder
• Issuing bank
• Merchant
• Acquiring bank
Typical Internet transaction

Internet

payment

service

provider

Cardholder

Merchant’s

web site

Issuing

bank

Payment

processor

Acquiring

bank

Basic Credit Card Transaction

Two steps:

• Authorization
• Settlement
Authorizations

Authorization request

Merchant

application

Internet

payment

service

provider

Authorization response

Authorization takes place when the customer places an order

• Use it!
• Verifies:
• billing zip code
Authorization Issues
• How long does an authorization take?
• What if the cardholder cancels the order?
Authorization Reversals
• Undo a prior authorization
• Types:
• Full reversal
• Partial reversal
• Not universally supported
• CyberSource: no auth reversals
Settlement
• “settle” an authorized transaction
• CyberSource refers to this as “bill”

For physical goods, settlement of the transaction should not occur until the merchandise is shipped to the customer.

Credits
• Refund
• Original credit
Merchant Account

Alternative:

• Use a payment service that does not require you to have a merchant account (ex: PayPal, CCNow)
Java API for Credit Card Transaction Processing?
• There is no standard API
• Must use API provided by the payment service provider
• Every vendor has their own API
Internet PaymentService Providers
• ClearCommerce
• Cybercash
• CyberSource
• SurePay
• Verisign
• …and many more
Choosing a Payment Service Provider
• Transaction fees?
• Multiple currencies?
• Integration with 3rd party web commerce products?
• Support for required card types?
• API / SDK?
Choosing a Payment Service Provider (cont)
• Provides a Test server for performing “test” transactions?
• Fraud screening services?
• Management and Reporting tools?
• Service and support?
• Security? Scalability?
Development Issues
• Explicitly open and close SSL sockets?
• Need to license an SSL class library?
• One connection or many?
• Connection timeouts
• Does the vendor’s API shield you from connection complexity?
Development Issues (cont)
• How to represent money?
• java.lang.String??
• java.math.BigDecimal??
• Classes to represent currency?
• Thread safety of the vendor’s class library?
Exceptional Conditions
• Card reported stolen
• Card reported lost
• Card expired
• Invalid credit card
• Funds not available
• AVS: no match
CyberSource

www.cybersource.com

• payment service provider

Cardholder

Merchant

web site

SCMP

HTTP/SSL

CyberSource

CyberSource
Getting Started with CyberSource
• Register at
• www.cybersource.com
• “CyberSource Java ICS Client Developers Kit (CDK)”
Setting up the CyberSource CDK
• Generate cert and key pair
• run Ecert utility
• Edit ICSClient properties file
• Update classpath
• cdkjava3310.jar
CyberSource Credit Card Services
• Authorizations
• ics_auth
• Authorization Reversals
• not supported
• Settlement
• ics_bill
CyberSource Credit Card Services (cont)
• Issue a credit
• ics_credit
• Score a transaction’s fraud risk
• ics_score
CyberSource: key classes
• ICSClient
• ICSClientRequest
• ICSOffer
CyberSource authorization

ICSClient client = …

ICSClientOffer offer =

new ICSClientOffer();

ICSClientRequest req =

new ICSClientRequest(client);

req.setMerchantId(“sockwarehouse”);

CyberSource authorization, 2

req.setCustomerCreditCardNumber(

“4111111111111111“);

req.setCustomerCreditCardExpirationMonth("12");

req.setCustomerCreditCardExpirationYear("2004");

req.setCurrency("USD");

CyberSource authorization, 3

offer.setAmount(“7.99”);

offer.setQuantity(1);

Q & A
• Questions?

### Credit Card Transaction Processing for E-commerce Web Sites with Java

Sean C. Sullivan

sean@seansullivan.com

The following slides are uncategorized and are included here as reference material.

This material was omitted from the O’Reilly presentation due to time constraints.

JDollars Project

http://jdollars.sourceforge.net/

Terminology
• Card Not Present (CNP)
• Chargebacks
• MOTO
• CVV2
Best Practices
• Use AVS
• Use SSL
• Cardholder  web site
• Web site  payment service provider
• Encrypt credit card numbers
Best Practices (cont)
• For Development & QA:
• Send transactions to test server
• Use “test” merchant account
• Use non-production certificates
• Don’t put credit card numbers in outgoing e-mail messages
• Don’t display credit card numbers on an unsecured web page
• Don’t display full credit card number on a web page; instead: last 4 digits only
• Don’t put CC #’s in browser cookies
What are you selling?
• Digital goods or Physical goods
• Leather clothing, computers/electronics, jewelry, luxury items

Tip:

If a customer orders 10 Rolex watches, it should set off a red flag!

Fraud Screening Solutions
• ClearCommerce FraudShield
• CrediView
• CyberSource Internet Fraud Screen
• HNC Software eFalcon
• Verisign Payflow Fraud Screen
Cardholder Statement
• Transaction amount
• Transaction date
• Merchant name
• City or Phone Number
• State