|
Hello and
welcome to IntelliPay. Your integration of IntelliPay's payment
processing system can be easily accomplished using standard tools
and languages. You'll find that our various unique and powerful
features allow you to bring powerful transaction-level controls
to your real-time payment processes giving your business or client
outstanding control over their real-time payment income.
Which IntelliPay
features you choose to integrate will be determined by your business
model and merchant-side needs. You can choose the simplest of
integrations or add various IntelliPay features bringing more
robust capabilities to bear. This document will highlight some
of the more significant business decisions you need to make, as
well as discuss various tips for integration. Also, in addition
to our online documentation - which you
should review in some detail - you can also contact our standard
technical
support for basic questions, or, if needed, we can provide
access to an IntelliPay engineer for prearranged phone appointments
to help resolve any issues you may have.
IntelliPay
Product Overview
In developing
an IntelliPay integration you will use either our LinkSmart™
product or our ExpertLink™ product. This will be the first
decision you must make. The essential differences of these
two products are:
LinkSmart: IntelliPay
serves the secure payment pages for the merchant. We pre-fill
the initial secure page with data your system sent us from your
HTML form on your final shopping page. You do NOT need a secure
server to use LinkSmart as we'll collect the credit card data
and any other data required by the merchant in his customizable
IntelliPay configuration (SAMS). The vast majority of small
merchants use LinkSmart as it allows them to avoid expenses
related to secure site certificates and other transaction-related
security issues. However, using LinkSmart does not cover all
the merchant's security considerations.
By default,
LinkSmart serves our own generic payment pages. These pages
are minimally customizable by sending us your logo which we'll
include on the page. Also, you have basic control over header
and footer text and page background colors. LinkSmart can be
upgraded to use SmartPages™ which allows you to completely
redesign our payment pages, and we serve those in place of ours.
ExpertLink:
You serve your own secure transaction pages and send/receive
secure payment transactions "in the background."
You will need your own secure server and a program or "connector"
to take the transaction data from your secure form, open an
SSL socket to us over the Internet and send and receive transactions
messages in HTTP.
Using ExpertLink,
you can build very robust transaction handlings by taking advantage
of the dynamic nature of our AVS Rules and our new Duplicate
Transaction System. Also, ExpertLink users also have access
to our BatchManagement product allowing remote control
over previously authorized transactions.
Other
Business Decisions
- Decide
what data fields (HTML form fields) you want to collect and
send IntelliPay based on the possible fields we accept (found
in the LinkSmart or ExpertLink Docs/docs_access.htm).
- Configure
the merchant's IntelliPay configuration in SAMS. You can set
Required and Editable fields and more. If you don't send us
fields required in SAMS, we will issue an error message. Our
system also checks for basic edit errors in various field contents
(an "@" in the email address, a properly formatted
AMOUNT, properly formatted phone numbers, etc.)
- Also in
SAMS, pay attention to settings related to the Duplicate Transaction
System, the email transaction receipts we can automatically
send, and other settings. SAMS settings will have a direct impact
on any programming you build, and if you or your merchant later
changes SAMS settings, it could affect your programming workability.
- ExpertLink
has the natural return data stream in the SSL socket it uses.
However, an additional live data stream is available to both
LinkSmart and ExpertLink users - Silent Post. Do you want a
second live response stream to feed another program or location?
- Using ExpertLink,
you will have complete control over your user's experience.
You will have to generate the secure payment page, any retry
pages and secure receipts. You can do these dynamically, giving
your customers a completely interactive experience, and when
receiving an authorization response from us, you can move the
customer to any portion of your site for downloads, etc. Retry
pages are pages displayed when a customer's card has been declined
or there was some error in the prior attempt and you offer them
another payment page allowing them to retry with the same or
another card.
- What will
you do with the live data stream(s) we return? Aside from controlling
your customer's online experience, you can use our live data
stream(s) to achieve real-time updates to your shopping cart
database, customer management systems, CRM systems, front office
contact and/or sales management systems, update or notify fulfillment
systems or other 3rd party partners, and more.
- Does your
business require the use of Authorization Only transactions?
This is where you authorize the transaction one day, but settle
it later than "today" (usually within 7 days) after
you've shipped or fulfilled the order. If so, then you can make
use of our BatchManagement product described in our ExpertLink
documentation.
Basic
Programming Tips
After reviewing
our product documentation you have probably noticed how easily
IntelliPay can be integrated using languages and programming
tools you are already familiar with.
In general,
the program or "connector" you build to talk to ExpertLink
will imitate a client-side browser and talk HTTPS to ExpertLink.
The HTTP over SSL must arrive as a correctly formed POST with
appropriate headers and content encoding. It must also be able
to follow a redirect directive.
Coding SSL
sockets is easier now since the OpenSSL code is available in
several languages (www.openssl.org),
and other platforms have native methods for opening secure sockets.
Additionally, ExpertLink currently handles session management
with a cookie in the header but you can safely ignore this header
in your connector..
You can
dynamically request that our replies arrive as a delimited list
or as Name=Value pairs.
Also, we
suggest that whatever system you are building include automated
email transaction receipts sent to the buyer immediately on
approval. You can use ours, or disable them and use your own.
In any case, a transaction receipt in addition to the HTML receipt
seems to reduce merchant chargebacks.
About
Response Codes and Formats
If you are
building an ExpertLink connection or are using Silent Post,
request a current version of our Response Code documentation.
About
Security
Merchant-side
security issues have always been important and they are becoming
increasingly important. Many ecommerce sites have paid a price
for "fast and loose" handling of customer data as
well as data requiring obvious security such as credit card
numbers.
Whether
you are using a commercial shopping cart or store product, or
are building your own, you must be aware of and verify the handling
of a variety of security and other risk-related issues.
Notably,
if you are collecting the credit card numbers on your site,
and maybe storing them as well, you or your store software should
be encrypting the data prior to saving it. Also, the database
holding the data should not be accessible from other entry points
such as web servers. You should also consider whether your web
site is protected by a robust firewall product complete with
their latest updates. Likewise, passwords should exist for every
individual and process that can access machines, databases and
secure interfaces. Access should be on "need to know"
basis, and password rotation should be forced.
As you know,
there are many more security related issues and this document
cannot define or address them adequately. However, it's worth
noting the credit card associations Visa, MasterCard and others,
as well as the merchant account providing banks, are increasingly
aware of merchant-level security problems and issues. It's likely
that these institutions may someday issue security advisories,
guidelines or requirements for ebusiness Internet sites.
So taking some precautions now not only makes good business
sense, but may someday affect your merchant account.
IntelliPay's
security is constantly monitored and our system architecture
was built from the ground up with security issues in mind.
Many businesses
use IntelliPay because they don't want to store sensitive financial
data on their local machines.
For
Multiple Merchant Integrations
Programmers
or integrators building ecommerce systems that will support
many merchants will have to send the correct IntelliPay loginID
and LinkSmart Password for the merchant. Otherwise, the processes
described here and in our other documentation are essentially
identical.
However,
you may want to make provisions for different merchant's business
models as related to various IntelliPay features. Some merchants
may not use our Duplicate Transaction System at all while others
may. Some merchants may not use it in the beginning but may
want it later. Others may use our AVS controls and others may
not. Some may want specific day-to-day control over AVS settings
by using an interface in your product or system to set rules
you allow them to set, such as "if transaction amount is
greater than $nn, reject AVS mismatches." (This illustrates
a business rule you can build into your product using one of
IntelliPay's features.)
The more
of our features you support as options for your business customers,
the more valuable you and your product will be to them. Done
well, you become indispensable.
Back to Top of Page
Also
see documentation about the Secure Account Management System,
and other IntelliPay products from our Documents section. |
