1 / 19

How & Why Payment Gateways

How & Why Payment Gateways. By: Syed Imran Ali Rizvi. Agenda. What is Payment Gateway Terminology Flow of Payment Process Type of P ayment Gateways SSL and Security Advantages and Disadvantages Examples… What to ask in third payment gateway parties ? Most F amous Payment Gateway.

eagan
Download Presentation

How & Why Payment Gateways

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How & Why Payment Gateways • By: Syed Imran Ali Rizvi http://kb.nextbridge.org

  2. Agenda • What is Payment Gateway • Terminology • Flow of Payment Process • Type of Payment Gateways • SSL and Security • Advantages and Disadvantages • Examples… • What to ask in third payment gateway parties? • Most Famous Payment Gateway http://kb.nextbridge.org

  3. What is Payment Gateway? A payment gatewayprovides a secure transaction between your online store and your internet merchant account. http://kb.nextbridge.org

  4. Terms Related to Payment Gateway • E-commerce • Web Services • Payment Processes http://kb.nextbridge.org

  5. E-commerce • Electronic Commerce, commonly known as (electronic marketing) e-commerce or eCommerce, consists of the buying and selling of products or services over electronic systems such as the Internet.

  6. Web Services • A Web servicesupports interoperable machine-to-machine interaction over a network”. • For accessing every web service we need an API(Application Program Interface). • Web service is a platform independent. http://kb.nextbridge.org

  7. Payment Process • A payment process is nothing but the transaction of money between the users and merchant (owner of the product). • In payment process we need there are 2 types of accounts. • Business Account (user / buyer of goods) • Merchant Account (owner / seller of goods ) http://kb.nextbridge.org

  8. Flow of Payment Process http://kb.nextbridge.org

  9. Working of Payment Gateway • Visitor places the order on the website and it is sent to the merchant's web server in encrypted format. This is usually done via SSL (Secure Socket Layer) encryption. • The transactions details are then forwarded to the concerned Payment Gateway. • The transaction information is then passed on to the merchants acquiring bank by the Payment Gateway. • Merchants acquiring bank then forwards the transaction information to the issuing bank (one that issued the credit card to the customer). • Then the card issuing bank sends a response back to the Payment Gateway. The response includes information that whether the payment has been approved or declined. In case of declination the reason is also sent in the response. • The response is then forwarded by the Payment Gateway to the merchant’s server. • At merchants server the response is encrypted again and is relayed back to the customer. This allows the customer to know that whether the order has been placed successfully or not. • The entire process typically takes less than 5 seconds http://kb.nextbridge.org

  10. Types of Payment Gateways Com based Gateways • Requires that you install a software called a DLL provided by the gateway company on your web hosting server. • Require that you have your own dedicated SSL certificate. XML transport Gateway • Do NOT require a DLL install, they use a facility already installed on most servers. • Requires SSL certificate. Form based Gateways • Do Not require any extra software to be installed on your web hosting • Some, but not all, require that you have your own SSL certificate. http://kb.nextbridge.org

  11. What is SSL? SSL stands for Secure Socket Layer • Payment Gateways encrypt sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant. • SSL used HTTPS protocol and was originally developed by Netscape in February 1995. • SSL use 443 port instead of 80. http://kb.nextbridge.org

  12. Security • Since the customer is usually required to enter personal details, the entire communication of 'Submit Order' page (i.e. customer - payment gateway) is must carried out through HTTPS protocol. • To validate the request of the payment page result, signed request is often used - which is the result of the hash function in which the parameters of an application confirmed by a «secret word», known only to the merchant and payment gateway. • To validate the request of the payment page result, sometimes IP of the requesting server has to be verified. http://kb.nextbridge.org

  13. Advantages • Credit card validation and processing in real time. • Helps the business to go online & be available to users worldwide 24 hours a day 7 days a week. • Less fraud (but there are many stolen credit card numbers floating around) • Money is normally deposited into your bank account automatically. • Reports and refunds normally allowed via browser by gateway company. Disadvantage Every gateway company charges fees. Fee can include some or all of the following: • Fixed fee per month • Percentage fee per amount spent • A fixed fee per transaction • In addition your own bank or the gateway's bank will charge a merchant fee for the privilege of allowing credit card purchases. This can range from 1-5% or more. http://kb.nextbridge.org

  14. PayPal (As an example) http://kb.nextbridge.org

  15. <?php require_once("paypal_pro_signature.inc.php"); $firstName=‘Imran'; $lastName= ‘Ali'; *$creditCardType = ‘VISA'; *$creditCardNumber = ‘4111111111111111'; *$expDate = ‘0315'; *$cvv2Number = ‘123'; address1 = ‘test address1'; $address2 = ‘test address2'; $city = ‘test city'; $state = ‘CA'; $zip = ‘92030'; *$amount = ’55.65'; $currencyCode = ‘USD'; $methodToCall = ‘DoDirectPayment'; $nvpstr='PAYMENTACTION=‘Sale'&AMT='.$amount.'&CREDITCARDTYPE='.$creditCardType.'&ACCT='.$creditCardNumber.'&EXPDATE='.$padDateMonth.$expDateYear.'&CVV2='.$cvv2Number.'&FIRSTNAME='.$firstName.'&LASTNAME='.$lastName.'&STREET='.$address1.'&CITY='.$city.'&STATE='.$state.'&ZIP='.$zip.'&COUNTRYCODE=US&CURRENCYCODE='.$currencyCode; $paypalPro = new paypal_pro(‘api_username’, ‘api_password’, ’api_signature’); $resArray = $paypalPro->hash_call($methodToCall,$nvpstr); if(stristr($resArray["ACK"], 'Success') || stristr($resArray["ACK"], 'SuccessWithWarning')){ // success }else{ // failed print_r($resArray); } http://kb.nextbridge.org

  16. function hash_call($methodName,$nvpStr){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,’ https://api-3t.paypal.com/nvp’); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_POST, 1); $nvpreq = "METHOD=".urlencode($methodName)."&VERSION=".urlencode($this->VERSION)."&PWD=".urlencode($this->API_PASSWORD)."&USER=".urlencode($this->API_USERNAME)."&SIGNATURE=".urlencode($this->API_SIGNATURE).$nvpStr; curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq); $response = curl_exec($ch); curl_close($ch); if (curl_errno($ch)){ die("CURL send a error during perform operation: ".curl_errno($ch)); } else { return $response; } } ?> http://kb.nextbridge.org

  17. What to ask in third payment gateways parties? • How long has this company been in service? • What is the company history? • How long has their particular software package been in use? • Can you test a demo software? • How much will the setup and service bundle cost? • How much are processing costs and fees? • Dose the system needs special installation equipment? • Who are the customers that already exist and uses this system?

  18. Most Famous payment gateways Queries? http://kb.nextbridge.org

  19. Credits • Training Head • Wajhe Muhammad • Training Managers • FahadShakeel • NazarHussain • Coordinator • Tehseen • Presenter & Content by • Syed Imran Ali Rizvi • This Training is available at • http://kb.nextbridge.org Thank You http://kb.nextbridge.org

More Related