cancel
Showing results for 
Search instead for 
Did you mean: 

Do you know what this company is using for payment processing?

Hello,

 

I was wondering if anyone could tell me if this company was using authroize.net as their gateway, and if so which "version" of authorize.net they had. I would like to adopt their method since we too deal with digital goods.

 

I've linked over three screen shots. Screen shot  3 is not hosted on their site. The URL says worldpay, however worldpay is a merchant service not a gateway. Is their anyway to set up my site this way using authorize.net? I use a custom shopping cart, however I'm more concerned with not having to host my payment page, but be able to design the css and html of the hosted payment page. Also I like the idea of picking which CC type to use before having to go to the actual payment page.

 

http://i42.tinypic.com/23kxjxv.jpg

http://i40.tinypic.com/rkmqnl.jpg

http://i40.tinypic.com/2ajco5y.jpg

 

Thanks

blackfoot
Contributor
4 ACCEPTED SOLUTIONS

Accepted Solutions

If you use DPM, you can host the form on your site but have it submit to Authorize.net, meaning the credit card data goes straight from the customer's computer to Authorize.net and never passes through your hosting. You'll still want an SSL to keep up appearances, but essentially it should do what you want. You can also use SIM, which is a form hosted on Authorize.net, and customize background color, text colors, font styles, header text, what fields are displayed, footer text. It should be good enough for most integrations.

View solution in original post

TJPride
Expert

You would add a session ID or a database record ID to the data passed to SIM. You would probably also turn on relay response, so you can send the customer directly to a receipt page on your site that would use that session ID or database record (passed from the data sent to relay response) to load their list of downloads.

 

If you want to get a better idea of how relay response works, look at the DPM documentation, it explains it more clearly. Both DPM and SIM can use relay response, though SIM defaults to having it turned off.

http://www.authorize.net/support/DirectPost_guide.pdf

View solution in original post

AIM is fine IF the computer running it is (a) only used for Authorize.net transactions (b) connects to Authorize.net directly over the Internet and (c) has sufficient security, firewalls, etc. and ideally isn't networked to other computers. Essentially, a POS (Point of Service) device like a computer with a swiper in a restaurant would qualify; under a very strict set of rules, so might a dedicated server at a PCI-compliant hoster. Your typical shared hosting account or even virtual dedicated hosting? Forget it. You can't get SAQ-C, and SAQ-D will be impossible to pass.

 

You can, however, integrate SIM or DPM. If you need recurring billing, CIM with hosted billing popup and cron job to generate the payments.

View solution in original post

DPM never has the credit card data pass through your server. It goes direct from customer to Authorize.net, regardless of the fact that the form is hosted on your server. So you'd be just fine with that. I don't think you have to pass any SAQ requirements with DPM.

View solution in original post

22 REPLIES 22

If you use DPM, you can host the form on your site but have it submit to Authorize.net, meaning the credit card data goes straight from the customer's computer to Authorize.net and never passes through your hosting. You'll still want an SSL to keep up appearances, but essentially it should do what you want. You can also use SIM, which is a form hosted on Authorize.net, and customize background color, text colors, font styles, header text, what fields are displayed, footer text. It should be good enough for most integrations.

TJPride
Expert

Thank you sir,

 

I saw that Authroize.net has a hosted payment page "SIM" however I was wondering if you noticed in the screen shots the url displayed "worldpay.com" on the hosted checkoutpage, I confirmed that; this particular site uses authroize.net. Why is the page hosted by the merchant (worldpay) and not the gateway provider (authorize.net)?

 

I had another question I was wondering if someone could clear up. We sell digital goods and currently we have billing details (feilds) that we would like the user to be required to fill out prior to leaving our site to make the purchase on the hosted page. If we were to do this could we "pass" along the billing details to authroize.net to be used on the purchase page? If we were to sell digital goods we would like the user to be able to downlaod after purchase, if the page is hosted how is our database going to know if a payment was completed so that the user can be granted rights to download their purchase?

You would add a session ID or a database record ID to the data passed to SIM. You would probably also turn on relay response, so you can send the customer directly to a receipt page on your site that would use that session ID or database record (passed from the data sent to relay response) to load their list of downloads.

 

If you want to get a better idea of how relay response works, look at the DPM documentation, it explains it more clearly. Both DPM and SIM can use relay response, though SIM defaults to having it turned off.

http://www.authorize.net/support/DirectPost_guide.pdf

Thank you for your response,

 

Would their be any pro's or con's to utilizing AIM vs the other integration methods? Do you think theirs more room for error when using the advanced method? Our devlopers in India said they can integrate this and it wouldnt be an issue however I'm pretty concerned because I've been reading that AIM and Pay flow pro are more risky for me as a merchant vs Authorize.net or Paypal because their PCI compliant more so then a hosted pay form. We know no matter which integration method we choose to go with im required to have some PCI compliance however we had advised this to my dev team and they said that they are not saving any credit card information using these methods but simply "passing" them off to Authorize.net and via SSL. This may sound silly but when we read on the internet about which method is rite for you their was a check list for advanced integration and it basically said this method is rite for you if "you can program, have an SSL cert". It seems like theirs more thats required of us from a merchant stand point and we cant really find anythying that shows us who should or shouldnt use AIM or Pay flow Pro. 

AIM is fine IF the computer running it is (a) only used for Authorize.net transactions (b) connects to Authorize.net directly over the Internet and (c) has sufficient security, firewalls, etc. and ideally isn't networked to other computers. Essentially, a POS (Point of Service) device like a computer with a swiper in a restaurant would qualify; under a very strict set of rules, so might a dedicated server at a PCI-compliant hoster. Your typical shared hosting account or even virtual dedicated hosting? Forget it. You can't get SAQ-C, and SAQ-D will be impossible to pass.

 

You can, however, integrate SIM or DPM. If you need recurring billing, CIM with hosted billing popup and cron job to generate the payments.

We can tell you rite now that we will be using a hosted cloud with racksapce, eventually if and when we get big enough will have a dedicated SQL server but as of now it will be a VPS. Do you foresee any issues if we chose to go with DPM and use our VPS? Could we still be PCI DSS this way? 

DPM never has the credit card data pass through your server. It goes direct from customer to Authorize.net, regardless of the fact that the form is hosted on your server. So you'd be just fine with that. I don't think you have to pass any SAQ requirements with DPM.

Alright sounds good,

 

Hopefully we can edit the form page css and html?

The form is hosted from your server. It just submits to Authorize.net. So you have total control over the look of the form.