Copyright
Support
TroubleShooting
Cart Files
Cart Structure
Configuration
Catalog Pages
Cart Page
Checkout Page
Insecure Order

Back
Home

Unsecure Credit Card Gateway Setup
When the customer chooses to use the insecure credit option, they are routed to the credit card order page (defined by the COgateway variable in the settings file) so they can enter their credit card information and finalize/submit their order. For credit gateway orders, it is assumed that you have a merchant account that either has a web portal for card validation and transaction capture, or a script based component you can run on your account for card validation. If you do not have a merchant account, then you will not need to use this form of order submission.

Configuration Notes
In the NC_settings file, there are several variables geared specifically towards gateway posting. The following info should help you get your form order working quickly.

unsecureGatewayAction
Set the unsecureGatewayAction variable to a valid URL
of your card processing component or portal. For example, merchants that use Verisign's PayFlow Link portal would set their unsecureGatewayAction variable like so:

var unsecureGatewayAction = 'https://payflowlink.verisign.com/payflowlink.cfm';

extraFormTags
This variable is an array that can hold any fields that may be required by your credit processing portal to operate. For instance, Verisign's PayFlow Link requires the fields LOGIN, PARTNER, TYPE, and other fields in order to function properly. Since the NC_buildform.js script is built to create generalized forms, it's better to leave specialized, non cart related form fields out of the script and add them when the time comes.

When the buildform.js file is executed, it creates the form tag with the action equal to the value of unsecurePostAction, then immediately writes all the tags in the extraFormTags array. After that, it creates all the form tags relavent to the NebuCart system. An example of a PayFlow Link specific extraFromTags array is below:

var extraFormTags = new Array(
' <input type="hidden" name="LOGIN" value="your_login">',
'<input type="hidden" name="PARTNER" value="VeriSign">',
'<input type="hidden" name="TYPE" value="S">',
'<input type="hidden" name="METHOD" value="CC">',
'<input type="hidden" name="EMAILCUSTOMER" value="False">',
'<input type="hidden" name="EMAILMERCHANT" value="False">'
);


If your gateway doesn't require any special tags, then you can leave this array empty and no extra tags will get rendered.


NOTE (if you read only one thing on this page...)
You should really, really, really read your card processor's documentation so that you understand how much data, if any, is captured and retained when processing credit card orders. Most processing systems take a set number of fields with proprietary field names, with little or no support for extra fields. If your card processor doesn't capture all the fields passed to it, then you will most likely loose critical order information.

It's a good idea to perform some pre-processing data capture by posting the data to a script that can write the order to a file or database on your account, then repost the data to your gateway.
This method is being used with most of the sites that are currently using NebuCart, so believe us when we say it works.

We guarantee that when properly configured, NebuCart will post all the form information to your gateway processor. Once it leaves your site, however, it is up to you or your card processor to maintain that data. We DO NOT provide technical support for your gateway (unless you've $ contracted $ us to do so), so if something is not performing as it should, check your documentation first!

Gateway Order Page
Once you've configured your settings for posting to your particular gateway, the gateway order page will handle passing the order information to your card processor. Below is the basic code for a gateway order page:


<HTML>
<HEAD>
<!-- include the NebuCart Settings -->
<script language=javascript src="path/to/js_files/NC_settings.js">

<!-- include the NebuCart Engine -->
<script language=javascript src="path/to/Js_files/NebuCart.js">

<!-- include the NebuCart Formatting Functions-->
<script language=javascript src="path/to/Js_files/NC_formatting.js">
</HEAD>

<BODY>

<!-- include the Form Builder script-->
<script language=javascript src="path/to/Js_files/NC_buildform.js">


<!-- include the Customer Information script-->
<script language=javascript src="path/to/Js_files/NC_buildcustomer.js">

<!-- include the Cart View script-->
<script language=javascript src="path/to/Js_files/NC_viewcart.js">


<!-- include the Credit Card Entry script-->
<script language=javascript src="path/to/Js_files/NC_buildcredit.js">

</BODY>
</HTML>


The NC_buildform script, as mentioned before, handles the creation of all the hiden form fields that will be used to send all the order information - ordered items, options, quantities, etc, customer shipping/billing info, and of course the credit card data, to your credit card processor, or pre-validation data capture
script.

The scripts NC_buildcustomer
and NC_viewcart are simply used to display all the final information and cart totals to the customer for verifictaion.

NC_buildcredit actually handles creating the Card Type radio button set as defined by cardOption variable, as well as the input fields for Name on Card, Card Number, and Expiration Date. It also renders the button for submitting the order to your gateway should the card info be entered correctly.

Back-Ends
Due to the widely varried field naming conventions used by all the gateway processors, the default NC_buildform and NC_buildcredit scripts may not send the correct fields to your particular gateway. These two are teh most highly customized scripts in the NebuCart system. We already have customized scripts for Verisign, Authorize.net, and WorldPay Jr., so check our Back-Ends page to see what is available. If we don't have it, we can write it!

Security, AGAIN
We can't stress enough the sensitivity that people have over giving their credit information over the web, even when the connection is secure. You really should think about that full version...

Printable Form
Insecure Form
Insecure Gateway
Back
Main