Whenever you buy something on the Internet, your purchase has to go through a number of predefined steps. Understanding all the steps will make it easier for you to think through the code you need to write. But before you jump headfirst into coding, you’d better familiarize yourself with the fundamentals of online processing, including sale transactions and gateways.
It starts with transactions
All credit card processing is done within transactions. To a Web site owner, the most important type of transaction is a sale transaction. The other types of transactions are preauth, postauth, credit, and chargeback. Here’s a brief description of each one:
- · Sale: A sale is when the card hold purchases a product or service from a merchant, and the money is transferred to the merchant’s account.
- · Preauth: A preauth is a transaction where no money is transferred. Typically, a preauth is done to check that a credit card is valid, and the usual amount for a preauth is $1.00.
- · Postauth: A postauth involves purchasing something before it is shipped. The customer can preorder something, and the amount is deducted from the customer’s credit limit. No money is transferred, but the card hold is maintained on the customer’s card. When the merchant fulfills (typically, ships the product), the merchant can perform a postauth to transfer the money and remove the card hold from the customer’s card.
- · Credit: A credit is the opposite of a sale. A merchant transfers money from its account into a customer’s account.
- · Chargeback: A chargeback occurs after a customer disputes a charge made to his or her card. Chargebacks are expensive and time-consuming to deal with. When a customer disputes a billing, the bank withdraws the amount from the merchant account and deposits it temporarily back into the customer’s account. The merchant then has a certain number of days to justify the billing. If the merchant justifies the billing to the bank’s satisfaction, the money is again transferred from the customer’s account into the merchant’s account. The bank then also bills the merchant some amount per chargeback. Chargeback fees are specific to the merchant’s bank.
Next, the transaction then moves through a gateway, which is the service you will use to validate a credit card and to request money.
Online processing Web site requirements
To perform online credit card processing, Web site owners need to meet these requirements:
- · They need to have a Card Not Present merchant account.
- · They need to have an account with a gateway.
- · Typically, they need to provide a Vital Tear Sheet to the gateway. This sheet comes from the bank.
- · If they want to accept American Express cards, they generally have to set up a relationship with American Express and provide that information to the gateway.
- · They need a server with SSL enabled.
Gateways for these transactions
Most gateways provide an API for each type of online transaction. Some provide a Web-based interface for performing the same transactions. The sale transaction is the most common, so we will look at it in depth.
The following is an example that uses the Credit Card Processing Workflow diagram shown in Figure A as a visual reference and describes a basic sale transaction. For purposes of this example, I’m assuming there is a catalog or similar mechanism so that end users can select their purchases.
There are a number of distinct steps for an online credit card transaction. Each transaction has to go through these steps to be considered a sale.
This sidebar lists some other gateways and their services.
|Credit card processing workflow|
Sale transaction narrative
Each of the steps below corresponds to one of the numbered boxes in the workflow diagram:
- · All transactions start with a customer. In this case, box 1, the customer is online, typically looking at an HTML form. This form collects the customer’s credit card information and sends it to the server for processing. The user fills out the form and then clicks Submit.
- · The server receives the information POSTed in the form the user submitted. The server then sends the information to code that resides on the server for processing.
- · The processing code receives the information from the Web server and validates the data entered by the user. If the data is valid, the code formats the data into a format that the gateway can understand. The code then sends the formatted data to the gateway. In effect, the code is asking the gateway whether the credit card is a good card and whether it can do the transaction.
- · The gateway receives the formatted data from the HostRAD code, validates the card, and checks to see whether the amount for the transaction is available in the user’s account. If the card is good and the funds are available, the gateway sends an approved message back to the code (box 3); if the card is bad or the funds are not available, the gateway sends a declined message back to the code. For providing this service, the gateway charges the merchant money. Sometimes this is a per-transaction charge, and other times it is absorbed in the monthly cost. (The amount charged depends on a number of variables as determined by the gateway when the merchant sets up an account with the gateway.)
- · As transactions arrive at the gateway, they’re batched through to the appropriate clearinghouse. Box 5 shows some of the bigger clearinghouses. The clearinghouse that is used is determined by the credit card type and the bank that issued the card. As the clearinghouses receive transactions from all the gateways, the clearinghouses batch the transactions for all the banks involved, transferring monies from bank to bank. For providing this service, the clearinghouse takes between two percent and five percent of the total sale.
- · As the clearinghouses batch the transactions they receive, they transfer money from the customer’s bank (6.1) to the merchant’s bank (6.2).
- · The merchant’s bank receives the transactions from a clearinghouse and then transfers the appropriate amount of money for the customer transaction (started in box 1) into the Merchant’s Card Not Present merchant account (7). For providing the Merchant account, the bank will charge various fees. Different banks have very different fee structures; contact your bank for details on Card Not Present merchant account costs.
Although not exhaustive, the following list shows some gateways:
- · AuthorizeNet
- · CyberSource
- · WorldPay
- · IPayment
- · Echo
- · Verisign
- · TrustCommerce
- · CardService International
Think before you code
Before you implement online processing, make sure that you understand how all the pieces work together and that you meet all of the requirements, such as setting up a merchant account and enabling SSL.