|
Unsecure
Credit Card Gateway Setup
When
the customer chooses to use the insecure credit option, they are
routed to the credit card order page (defined by the COgateway
variable in the settings file) so they can enter their credit card
information and finalize/submit their order. For credit gateway
orders, it is assumed that you have a merchant account that either
has a web portal for card validation and transaction capture, or
a script based component you can run on your account for card validation.
If you do not have a merchant account, then you will not need to
use this form of order submission.
Configuration
Notes
In the NC_settings file, there are several variables
geared specifically towards gateway posting. The following info
should help you get your form order working quickly.
unsecureGatewayAction
Set the unsecureGatewayAction variable to a valid URL
of your card processing component or portal. For example, merchants
that use Verisign's PayFlow Link portal would set their unsecureGatewayAction
variable like so:
var unsecureGatewayAction
= 'https://payflowlink.verisign.com/payflowlink.cfm';
extraFormTags
This
variable is an array that can hold any fields that may be required
by your credit processing portal to operate. For instance, Verisign's
PayFlow Link requires the fields LOGIN, PARTNER, TYPE, and
other fields in order to function properly. Since the NC_buildform.js
script is built to create generalized forms, it's better to leave
specialized, non cart related form fields out of the script and
add them when the time comes.
When the buildform.js file is executed, it creates the form tag
with the action equal to the value of unsecurePostAction,
then immediately writes all the tags in the extraFormTags
array. After that, it creates all the form tags relavent to the
NebuCart system. An example of a PayFlow Link specific extraFromTags
array is below:
var extraFormTags
= new Array(
' <input type="hidden" name="LOGIN" value="your_login">',
'<input type="hidden" name="PARTNER" value="VeriSign">',
'<input type="hidden" name="TYPE" value="S">',
'<input type="hidden" name="METHOD" value="CC">',
'<input type="hidden" name="EMAILCUSTOMER" value="False">',
'<input type="hidden" name="EMAILMERCHANT" value="False">'
);
If your gateway doesn't require any special tags, then you can leave
this array empty and no extra tags will get rendered.
NOTE (if you read only one thing on this page...)
You should really, really, really read your
card processor's documentation so that you understand how much data,
if any, is captured and retained when processing credit card orders.
Most processing systems take a set number of fields with proprietary
field names, with little or no support for extra fields. If your
card processor doesn't capture all the fields passed to it, then
you will most likely loose critical order information.
It's a good idea to perform some pre-processing data capture by
posting the data to a script that can write the order to a file
or database on your account, then repost the data to your gateway.
This method is being used with most of the sites that are currently
using NebuCart, so believe us when we say it works.
We
guarantee that when properly configured, NebuCart will post all
the form information to your gateway processor. Once it leaves your
site, however, it is up to you or your card processor to maintain
that data. We DO NOT provide technical support for your gateway
(unless you've $ contracted $ us to do so), so if something is not
performing as it should, check your documentation first!
Gateway
Order Page
Once you've configured your settings for posting to your particular
gateway, the gateway order page will handle passing the order information
to your card processor. Below is the basic code for a gateway order
page:
<HTML>
<HEAD>
<!-- include the NebuCart Settings -->
<script language=javascript src="path/to/js_files/NC_settings.js">
<!-- include the NebuCart Engine -->
<script language=javascript src="path/to/Js_files/NebuCart.js">
<!-- include the NebuCart Formatting Functions-->
<script language=javascript src="path/to/Js_files/NC_formatting.js">
</HEAD>
<BODY>
<!--
include the Form Builder script-->
<script language=javascript src="path/to/Js_files/NC_buildform.js">
<!--
include the Customer Information script-->
<script language=javascript src="path/to/Js_files/NC_buildcustomer.js">
<!--
include the Cart View script-->
<script language=javascript src="path/to/Js_files/NC_viewcart.js">
<!--
include the Credit Card Entry script-->
<script language=javascript src="path/to/Js_files/NC_buildcredit.js">
</BODY>
</HTML>
The NC_buildform script, as mentioned before, handles the
creation of all the hiden form fields that will be used to send
all the order information - ordered items, options, quantities,
etc, customer shipping/billing info, and of course the credit card
data, to your credit card processor, or pre-validation data capture
script.
The scripts NC_buildcustomer
and NC_viewcart are simply used to display
all the final information and cart totals to the customer for verifictaion.
NC_buildcredit actually handles creating the Card Type radio
button set as defined by cardOption variable, as well as
the input fields for Name on Card, Card Number, and Expiration Date.
It also renders the button for submitting the order to your gateway
should the card info be entered correctly.
Back-Ends
Due to the widely varried field naming conventions used by all
the gateway processors, the default NC_buildform and NC_buildcredit
scripts may not send the correct fields to your particular gateway.
These two are teh most highly customized scripts in the NebuCart
system. We already have customized scripts for Verisign, Authorize.net,
and WorldPay Jr., so check our Back-Ends page to see what is available.
If we don't have it, we can write it!
Security, AGAIN
We can't stress enough the sensitivity that people have over giving
their credit information over the web, even when the connection
is secure. You really should think about that full version...
Printable
Form
Insecure Form
Insecure
Gateway
Back
Main
|
