Reply
Member
Posts: 1
Registered: ‎03-14-2019

ECWID Integration

[ Edited ]

My website is hosted on WIX and I am using the ECWID shopping cart with Authorize.net for payment processing. Currently ECWID sends my customers FROM my website and redirects them to the following Endpoint URL: https://secure2.authorize.net/gateway/transact.dll .... however, I need to do onsite payment processing. Can this be accomplished by designating a different Endpoint URL call?

All Star
Posts: 673
Registered: ‎11-05-2018

Re: ECWID Integration

Changing the endpoint url won’t do it. You would need to change your entire integration. Sounds like you are using a SIM form. The upgrade for that would be to get accept Hosted. Accept Hosted can be used within an iframe in such a way that it “feels” like to the customer that they are on your website. The payment page is still actually hosted by authorize.net and on their server.

To do things “on site” has big implications for PCI compliance. Your current integration most likely falls under the SAQ A scope, which is easy to comply with and also the scope
the Accept Hosted Form falls under. To do things on your own form on your own server you have 2 options, 1 is a method that tokenizes the CC data in the browser and then sends the tokenized data through your server. The solution for that is Accept.js. The other is where the CC data is transmitted directly across your server, meaning no client side tokenization happens.

Option 1 would put you at SAQ A-EP, and would increase your compliance requirements by a good bit. If you use the second option where the CC data hits your server, you are going to be SAQ D and the list of requirements you have to meet runs about 67 pages. A handful of those requirements pertain to vulnerability scanning and pen testing, with probably a minimum cost of $15,000 a year. I have no idea of the actual fees people are paying, but I’d be surprised if it’s much less than that and I will bet the farm that many companies pay much more.

If I were you I would stick to the hosted payment form you have or even better upgrade to an accept Hosted payment form. There will be dozens less hoops for you to jump through. If you do opt for a solution with a greater compliance burden I would do some research on Wix hosting. At anything above SAQ A, your hosting company is required to comply with every item on your list of requirements pertaining to the web server and it is your responsibility verify that they do so. At your current scope you are likely compliant no matter who you are Hosted with.
Highlighted
Member
Posts: 1
Registered: ‎09-30-2019

Re: ECWID Integration

Ecwid’s API is a RESTful API with oAuth2 authentication UPSers. Any developer can use it to manage store data, add new interfaces to the Ecwid Control Panel, and even customize the storefront from an external application.