Payment gateway integrations

The sheer number of different ways available in which the payment interface can be implemented with an Ecommerce platform can overwhelm the most of accomplished system integrators and decision makers.

I have listed below some of the options of implementing payment interface and the pros/cons. The details below are for card type of payment. For other payment methods, such as PayPal, bank transfers, I may write a separate post.

Legend/Definitions

Ecommerce platform : Any Ecommerce shopping cart that is being used. It could be a product like ATG, WCS, Hybris or could be an in-house developed application. It is the application that runs various channels such as desktop, mobile, call centre etc.

Payment Gateways:  Sometime it is also known as Payment Service Providers.  They facilitate the transfer of information between Ecommerce platform and acquiring bank.  http://en.wikipedia.org/wiki/Payment_gateway

 1. Hosted payment page solution Vs API method

First let us see the difference between Hosted payment page solution and API method of implementation for card payments.

In a hosted payment page method, during the checkout, the page that captures the payment information ( the page where the shopper types-in his card information) is hosted by the payment gateway on its server. So the retailers’ Ecommerce platform does not capture, store or transmit any sensitive card information.

Whereas in the API method, the payment page is very much the part of the Ecommerce platform. Card information is captured by the Ecommerce platform and transmitted to the payment gateway.

Hosted API
PCI DSS compliance Most of the responsibilities are transferred to payment gateway as the merchant does not store any card information. Since merchant stores the card information, merchant’s implementation needs to be PCI and compliant and the mandatory QSA audits  need to be done at regular intervals.
Control The page that captures the card details, is hosted by Payment Gateway and hence  the merchant doesn’t have direct control over this page. However, normally payment gateways can style this hosted page, to be in-line with overall website. Merchant can decide the look & feel  of the page that captures card information. Style/CSS information can be modified by Merchant without being dependant on the payment gateway.
User experience 1)      Since the shopper on the site, is taken to a different URL for providing card information , it doesn’t provide a seamless user journey.Some payment gateways, provide an Iframe approach ( rather than a completely different hosted page). In Iframe approach the Iframe part is also hosted by the Payment Gateway but there could be issues with this Iframe as well. Sometimes Iframe may render  later than the other page elements, giving a not so satisfactory user experience.2)      Since the card details are not available with the merchant ( to be precise, on the Ecommerce platform of the merchant), the shopper can’t save his card and reuse next time he comes to site, when registered and logged-in. (some payment gateways provide a complex API to achieve this ) 1)      Card details page, is part of the main site, hence shopper is never taken out of the main site. This gives a seamless user experience.2)      Since the card information is stored on the Merchant site, shoppers can chose to save their card details and reuse next time they do a purchase.

2. Delayed capture Vs Authorise & capture at checkout

Based on when the card is authorised and money captured there are two modes possible.

2.1 Delayed capture: The payment card is authorised only during checkout  on your channel ( web, telephone, mobile), so that the shopper’s card is verified and the equivalent amount is blocked/reserved  but actually money is not taken out from the card.  The actually money is charged on the card ( known as capture or settle) , when you (as a retailer)  are ready to ship the item ( which ensures that you are charging your customers’ card only when you are sure that the item he has requested to buy is actually available in warehouse and you are about to ship it).

This type of  process is normally used by retailers who have a delayed fulfilment process. Where it takes considerable time between placing the order and actually shipping the item. It is also used by retailers, who are not sure of the inventory position, when the order is being placed on the Ecommerce channel.

Following diagram shows, delayed capture process with API method of integration. The Fraud screening element is left of for simplicity.

Delayed Capture V1

Following diagram shows,  delayed capture mode with hosted payment method. ( Fraud screening element is left out for simplicity)

Hosted Auth and CaptureV1

2.2 Authorise & capture at checkout

During checkout itself, the card is authorised and captured ( i.e. money is charged on the card).

This is particularly popular among the Ecommerce retailers who sell high value goods such as electronics or jewelry and have normally no issues with item availability.

Following diagram shows,  Authorise & Capture mode with API payment integration  ( Fraud screening element is left out for simplicity)

Auth and Capture V1

Summary

Integration of Ecommerce platform is an involved subject with various aspects to consider such as PCI compliance, Hosted Vs non Hosted,  capture  type (delayed Vs same time), fraud screening. I have covered a few aspects here and certain could not cover all possible aspects.  I might update this post with more information ( mainly with Fraud screening and PCI) but meanwhile please provide your views and opinions on the post .

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s