Magento Extension User Guide. This document explains how to install the official Secure Trading extension on your Magento store.

Similar documents
Magento Extension User Guide: Payment Pages. This document explains how to install the official Secure Trading extension on your Magento store.

Magento Extension User Guide: Web Services Version 3.6.1

CSV Download. 2.1 (a) Automatically downloading transactions as Comma Separated Values (CSV). Published: 1 August 2017

XML Specification: Subscriptions

Payment Pages Setup Guide Version 2

Authorize.Net Magento 2.x Payment Module

XML Specification ideal

XML Specification QIWI

Magento 2 Community / Enterprise Plugin

Subscriptions and Payment Pages Version 2

STPP Testing Published: 8 December 2017

MyST User Guide Published: 23 April 2018

MyST User Guide 3.1. Published: 23 July 2018

Vantiv ecommerce for Magento 2

Card Store Published: 5 June 2018

Vantiv ecommerce for Magento 1 User Guide. Version 1.0.7

CyberSource Global Payment Management for Magento 2

Important Notice. All company and brand products and service names are trademarks or registered trademarks of their respective holders.

CyberSource Global Payment Management

Magento Extension Update Guide Version This document explains how to update an existing install of our Magento extension.

XML Specification Paysafecard

Payment Pages Customisation Version 2

MySagePay User Guide

Version: 2.2 (a) Published: 1 August 2017

MySagePay USER GUIDE

Merchant Portal User Guide

XML Specification (c)

CyberSource Global Payment Management for Magento 2

Copyright 2017 Ingenico epayments. e-terminal (Virtual terminal)

Merchant e-solutions Payment Acceptance User Guide for Magento (M1)

XML Specification: 3-D Secure

Merchant e-solutions Payment Acceptance User Guide for Magento version 2.x ( M2 )

Getting Started with Transaction Express. Transaction Express User Guide

2017 Barclaycard. e-terminal (Virtual terminal)

Version: 1.14 (b) Published: 1 August 2017

WePay Payment Gateway

Getting Started With Transaction Express

ekashu Frequently Asked Questions

User Guide Netaxept Administration Module. Version 1.50

Web Services User Guide

Using the Telstra T-Suite Management Console. Customer Administrator s Reference Manual

1 Virtual Terminal Quick Reference Guide. Virtual Terminal Quick Reference Guide. Getting Started

Sterling Virtual Terminal. User Guide

User Guide Netaxept Administration Module

Frequently Asked Questions

First Data Global Gateway SM Virtual Terminal User Manual

Magento 2 User Guide March 11, 2018

Account Management. Pilot Support Guide

PayPlug. The payment solution that increases your sales PAYPLUG EXTENSION FOR MAGENTO V1

Account Management. Pilot Support Guide

PLEXUS PAY PORTAL YOUR HOW-TO GUIDE

User Guide: VirtualMerchant

Version: 1.11 Published: 22 October 2014

Virtual Terminal User Guide

Token System Integration & Protocol Guideline (Server & Direct)

HANDEPAY DASHBOARD USER GUIDE HANDEPAY DASHBOARD USER GUIDE. Version:

NAB TRANSACT. Direct Post v2.1.2 Integration Guide

Resurs Bank. Magento 1 module. Checkout

ATB Online Business General User. User Guide

USER MANUAL. Fooman Connect: Xero - Magento 2. Quick Links. Leave a Review Reviews help to build a trusted Magento community.

Direct Post Integration Guide

Wirecard CEE Integration Documentation

Express Interface. Certification Details.

Merchant Administration User Guide

PX Shopping Cart Plugin Magento. Version 1.3

VISA PAYMENT CONTROLS GETTING STARTED GUIDE. Provide ongoing payment control to support your business card program

MANUAL. Extension for Shop System Magento Version th September 2017

PayPal Express Checkout Services

USER HELP. Copyright Information Copyright 2016 Global Payments Inc. All rights reserved worldwide.

Payson Magento - All in One

User s Guide. (Virtual Terminal Edition)

Sage Pay Form Integration and Protocol Guidelines Published: 27/08/2015

USER MANUAL. MageMob Admin TABLE OF CONTENTS. Version: 1.0.0

RAM QUICK REFERENCE GUIDE. Lloyds Bank Cardnet Online Management Information System

Copyright 2017 Ingenico epayments. Extension for Magento

ANZ FASTPAY NEXT GENERATION MERCHANT OPERATING GUIDE ANZ FASTPAY PORTAL

Hardware One-Time Password User Guide November 2017

You can use these quick links, and the links on the left sidebar to navigate quickly around this User Manual.

MasterPass Guide. Business Gateway. V1.1 February Use this guide to:

iveri Lite BackOffice User Guide

Sage Pay Form Integration and Protocol Guidelines Published: 05/01/2015

Add New Administrator - This function allows you to add new administrators to the EPP system.

Authorize.net CIM - Magento 2 USER MANUAL MAGEDELIGHT.COM E:

Login and Pay with Amazon - extension for Magento

SecureBill. Integration Guide. Version: 1.2

BluePay Magento 2 User Guide

You can use these quick links, and the links on the left sidebar to navigate quickly around this User Manual.

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

NAB EFTPOS USER GUIDE. for Countertop

PAYMENT SYSTEM RESPONSE CODES

FirstView. Merchant User Guide. Version 1.0. FirstView Merchant User Guide

Wirecard CEE Integration Documentation

Personal Online Banking Reference Guide

Your Guide to Merchant Online

U s e r s g U i d e 1

EFTPOS 1. User guide.

Copyright 2017 Ingenico epayments. PayPal Express Checkout

First Data Gateway. Virtual Terminal User Guide. Version 2.5

USER GUIDE REPORTING <ACQ + GW IMAGE HERE> VERSION 1.0

Phone-Based One-Time Password User Guide November 2017

Transcription:

This document explains how to install the official Secure Trading extension on your Magento store. Module version: 3.2.1 Published: 13 June 2014

Table of Contents 1 Introduction... 3 1.1 Features... 3 1.2 Requirements... 3 1.3 About Magento Extensions... 3 2 Process Overview... 4 2.1 Overview of making a payment... 4 3 First-Time Configuration... 5 3.1 Install and configure the extension... 6 3.2 Configure Secure Trading account... 16 3.3 Make a test payment... 22 4 Advanced Configuration... 26 4.1 Magento extension... 26 4.2 Secure Trading account... 35 5 Managing Orders... 36 5.1 Orders Not Invoiced (Authorize Only)... 36 5.2 Payment Review Orders (Authorize & Capture)... 38 5.3 Invoiced Orders... 39 5.4 Credit Memo... 40 6 Testing and Maintenance... 42 6.1 Compatibility... 42 6.2 Troubleshooting... 43 7 Additional Notes... 44 7.1 Create Web Services Username... 44 7.2 Multi-store configuration... 45 7.3 Multi-shipping purchasing... 46 7.4 Failed payment attempt... 46 7.5 PayPal support... 47 7.6 Transaction reporting... 47 7.7 Log files... 47 7.8 Updates... 47 8 Further Information and Support... 48 8.1 Secure Trading Support... 48 8.2 Secure Trading Sales... 48 8.3 Useful Documents... 48 Secure Trading Limited 2014 13 June 2014 Page 2 / 48

1 Introduction The Secure Trading extension written for Magento Community Edition allows you to seamlessly integrate the full Secure Trading Payment Pages experience within your online store, including our comprehensive suite of fraud-checking tools. This document outlines the installation, configuration, testing and interaction of the extension between Secure Trading and Magento. 1.1 Features The SecureTrading Magento extension supports the following features: 1.2 Requirements Magento s one-step checkout process Magento s multi-shipping checkout process Multi-store Multi-currency Customisable iframe configuration 3D secure-enabled payments Secure Trading s Protect Plus fraud services Secure Trading s Account Check feature Payments initiated from the Magento admin area (Mail Order / Telephone Order) Extensive transaction reporting tools Managing Secure Trading transaction from within the Magento admin interface Fully supports UTF-8 character set You will need to consider the following steps before processing payments through Secure Trading s Payment Pages using our Magento extension. 1.2.1 Magento installation You will need to have a web server running a Magento store installation, in order to install the Secure Trading extension. The extension has been designed and tested for use with Magento 1.7, 1.8 and 1.9 Community Edition. 1.2.2 Secure Trading account In order to process transactions through Secure Trading s servers, you will need to have an account with us and a site reference. You are provided with a Secure Trading site reference when you sign up and this is used to uniquely identify your account when you send any data to Secure Trading. It should also be quoted with any correspondence with Secure Trading. Please note that to process Mail Order/Telephone Order requests through STPP, you must have a MOTO merchant number and you must ask Support (see section 8.1) to allow MOTO to be processed on your Payment Pages. For more information on becoming a Secure Trading merchant, please contact our Sales team (see section 8.2). If you believe you already have a Secure Trading account, but do not know your site reference, please contact our support team (see section 8.1). 1.3 About Magento Extensions A Magento extension is a collection of files that are packaged together in order to alter or extend the behaviour of Magento. Extensions do not affect core Magento code and instead interact with Magento in several non-disruptive ways: 1. Additional files included in the extension folder will be executed within the Magento workflow. 2. Magento event observers will listen for certain conditions and execute additional predefined operations. Secure Trading Limited 2014 13 June 2014 Page 3 / 48

2 Process Overview This section of the document explains how payments are processed using the Secure Trading extension for your Magento store. 2.1 Overview of making a payment C U S T O M E R M A G E N T O S E C U R E T R A D I N G Step 1) The Customer opts to make a payment on Merchant s Magento store using Secure Trading s Payment Pages extension. Step 2) Customer enters billing and delivery information and confirms the order. Step 3) The Magento store generates a request to Secure Trading s Payment Pages. Step 4) The Customer inputs payment details on Secure Trading s servers and submits these details to the acquiring bank over a secure connection. Step 6) The Magento store displays a success message to the customer. Step 5) Secure Trading interprets response from the Acquiring Bank and submits a notification to the Magento store to confirm the result of the transaction. C U S T O M E R M A G E N T O S E C U R E T R A D I N G 2.1.1 Capture (Settlement) Funds that have been authorised by your acquiring bank will generally be transferred into your bank account within 24 hours. Secure Trading calls this process of settling funds into your account the settlement process. Magento calls this process capturing the funds. Secure Trading Limited 2014 13 June 2014 Page 4 / 48

3 First-Time Configuration Follow these three easy steps to start making payments with the extension: S T E P 1 Install and configure the extension on your Magento store. See section 3.1 for more information. S T E P 2 Configure your Secure Trading account. See section 3.2 for more information. S T E P 3 Make a test payment using the test details provided. See section 3.3 for more information. Secure Trading Limited 2014 13 June 2014 Page 5 / 48

3.1 Install and configure the extension S T E P 1 Install and configure the extension on your Magento store. 3.1.1 Installation 1. Access Magento Connect to retrieve the Secure Trading payment extension from the following URL : http://www.magentocommerce.com/magento-connect/securetrading.html 2. Sign in and click the Install Now button. 3. Tick the "I agree to the extension license agreement" note and click the "Get Extension Key" button. 4. Click the "Select Key" button and copy the contents. Secure Trading Limited 2014 13 June 2014 Page 6 / 48

5. Sign in to your Magento admin panel, hover over System and then hover over Magento Connect from the drop-down menu. From here, select Magento Connect Manager. When prompted, enter your admin credentials to proceed to the Magento Connect Manager. 6. Once signed in to the Magento Connect Manager, you will need to locate the section titled Install new Extensions and paste the copied extension key into the text box (as seen below). 7. Click Install. The installation of the extension will begin. 8. You will be shown a list of current extensions (under Manage Existing Extensions ). From here, you can Cancel Installation or Proceed. Click Proceed to install the extension. Secure Trading Limited 2014 13 June 2014 Page 7 / 48

9. Once the installation has been completed, click Refresh under the console. 10. Please ensure the section titled Manage Existing Extensions has the extension listed with a Package name of Securetrading_Stpp and is also showing the expected version number. The extension is now installed and ready to configure. Secure Trading Limited 2014 13 June 2014 Page 8 / 48

3.1.2 Configure the extension 1. Sign in to the Magento administration area. 2. Hover over System from the options at the top of the page, and then click Configuration from the drop-down menu. 3. On the page that loads, select Payment Methods on the left side menu. Secure Trading Limited 2014 13 June 2014 Page 9 / 48

3.1.2.1 Configure Payment Pages In the SecureTrading STPP box, click the Configure button for Secure Trading Payment Pages. This expands to show two further options: Basic Configuration Gateway Configuration 3.1.2.2 Payment Pages: Basic Configuration Click Configure next to Basic Configuration (under Secure Trading Payment Pages ). This expands to show settings you can configure. Ensure the Enabled field is set to Yes. You may also wish to give the payment module a distinctive name while testing so it will stand out on the checkout page. The name and description can be changed before switching to your live Secure Trading site. When you have finished, click Close to collapse the list of settings. Secure Trading Limited 2014 13 June 2014 Page 10 / 48

3.1.2.3 Payment Pages: Gateway Configuration Click Configure next to Gateway Configuration (under Secure Trading Payment Pages ). This expands to show settings you can configure. Enter your Secure Trading site reference To perform transactions on your Secure Trading account, you must assign your unique site reference to your Magento store. This is achieved by typing your site reference into the Site Reference field. When setting up the Magento extension for the first time, Secure Trading strongly recommends using your test site reference (e.g. test_site12345 ). This allows you to perform test payments to Secure Trading s test bank using test card numbers (see section 3.3), to ensure your implementation works as you expect. When you are ready to go live, you would swap the site reference here for your live one (e.g. site24680 ). Secure Trading Limited 2014 13 June 2014 Page 11 / 48

Configure ST Site Security Secure Trading strongly recommends enabling Site Security on your Magento solution. Site Security will prevent malicious users from modifying sensitive payment information before being re-directed to the Secure Trading payment pages from your Magento store. This feature can be enabled by following these steps: 1. Set Use Site Security to Yes. 2. Enter a difficult-to-guess combination of letters and numbers into the Site Security Password field. This combination should be at least 8 characters long. 3. You must now notify Secure Trading Support team vie email (support@securetrading.com) of the site reference being used and that you have "enabled the Site Security Password Hash" and include the following fields in this order : currencyiso3a mainamount sitereference settlestatus settleduedate orderreference accounttypedescription order_increment_ids PASSWORD* *The last field, 'PASSWORD', is to be the combination of characters you entered into the 'Site Security Password'. Secure Trading Support will notify you when Site Security has been enabled on your site. Secure Trading will never ask for your Site Security password after first-time configuration. Never share your Site Security password with third parties. Do not store hard copies of this password. Secure Trading Limited 2014 13 June 2014 Page 12 / 48

Configure ST Notification Hash Secure Trading strongly recommends enabling Notification Hash on your Magento solution. Configuring a Notification Hash will help you to ensure that only Secure Trading can update your Magento store following a transaction. This feature can be enabled by following these steps: 1. Set Use Notification Hash to Yes. 2. Enter a difficult-to-guess combination of letters and numbers into the Notification Hash Password field. This combination should be at least 8 characters long. 3. Remember this password. You will need to enter it again when configuring your Secure Trading account within MyST, later in this document. Secure Trading Limited 2014 13 June 2014 Page 13 / 48

3.1.2.4 Configure Secure Trading API The extension can be configured to use Web Services (recommended) to instruct Secure Trading to update transactions with any changes made to orders processed within the Magento interface. This section outlines how to configure this functionality. The Secure Trading extension is recommended to be used with Secure Trading Web Services; it also supports the use of our STAPI client. For more information on Web Services, please refer to our Web Services Guide For more information on the STAPI client, please refer to our STAPI User Guide All Secure Trading documents can be found on our website. In the SecureTrading STPP box, click the Configure button for Secure Trading API. This expands to show two further options: Gateway Configuration Connection Configuration 3.1.2.5 Secure Trading API: Gateway Configuration Click Configure next to Gateway Configuration (under Secure Trading API ). In the settings displayed, enter your site reference into the Site Reference field and choose Stpp Web Services in the Connection drop-down box. Secure Trading Limited 2014 13 June 2014 Page 14 / 48

3.1.2.6 Secure Trading API: Connection Configuration Click Configure next to Connection Configuration (under Secure Trading API ). Then click Configure next to Web Services Connections. This expands to show additional Web Services settings you can configure. Enter your Web Services username in the Web Services Alias and Web Services Username fields (they must both be the same) and your Web Services password in the Web Services Password field. If you do not already have a Web Services username and password, you can create Web Services credentials for your site(s) by following the steps outlined in section 7.1. The Verify SSL CA (Web Services) field must be set to Yes and the path to your certificate authority must be entered in the SSL CA FILE (Web Services) field, before going live. 3.1.2.7 Save your settings Always be sure to click Save Config when you have finished changing configuration in order to save your preferences. Secure Trading Limited 2014 13 June 2014 Page 15 / 48

3.2 Configure Secure Trading account S T E P 2 Configure your Secure Trading account. 3.2.1 Notifications Notifications are responsible for updating order information in your Magento store after payment has been completed. Using MyST to configure notifications is described in detail in the MyST User Guide All Secure Trading documents can be found on our website. 1. Navigate to https://myst.securetrading.net/login and sign in to MyST. 2. Click Notifications from the left side menu. 3. Ensure the site reference you used in section 3.1.2.3 has been selected in SiteReference field in the upper left of the page. 4. Click Add filter. 5. Configure the filter with the following options: Field Description Requests Payment types Error codes Input required Enter a recognizable name of your choice here e.g. "success and decline transactions". AUTH (mandatory) ACCOUNTCHECK (optional) THREEDQUERY (optional) RISKDEC (optional) Select all required payment types. 0 - successful transactions (mandatory) 70000 - declined transactions (optional) 6. Click Save. Please note that notifications can be sent for error codes other than 0 or 70000 e.g. for unauthenticated 3-D Secure payments (error code 60022). If you wish to be sent errorcodes other than 0 or 70000, please contact the Secure Trading Support team (see section 8.1). Secure Trading Limited 2014 13 June 2014 Page 16 / 48

7. Click Add destination. 8. Configure the destination with the following options: Field Description Notification type Process notification Destination Input required Enter a recognizable name of your choice here e.g. "Magento notification destination". URL (This will perform a HTTP POST to your Magento store). Online (A notification is sent to your store before the customer completes the transaction). <your_root_magento_install_here>/index.php/securetrading/redirect/notific ation The value of this field is included in the Notification Hash which can be used to verify the request has not been modified. Secure Trading strongly recommends enabling the Notification Hash feature on your Magento solution. Notification password Security algorithm Secure Trading strongly recommends using a different value for your Notification Hash password to the Site Security password entered while configuring the Magento store. To enable the Notification Hash, please enter the same password here that you specified in section 3.1.2.3 (under Configure ST Notification Hash heading). sha256 (algorithm used for generating the notification hash) Secure Trading Limited 2014 13 June 2014 Page 17 / 48

Fields: (select all of the following default fields) accounttypedescription billingcountryiso2a billingcounty billingemail billingfirstname billinglastname billingpostcode billingprefixname billingpremise billingstreet billingtelephone billingtown customercountryiso2a customercounty customeremail customerfirstname customerlastname customerpostcode customerprefixname customerpremise customerstreet customertelephone customertown enrolled errorcode maskedpan orderreference parenttransactionreference paymenttypedescription requesttypedescription securityresponseaddress securityresponsepostcode securityresponsesecuritycode settlestatus status transactionreference Custom Fields: (include the following custom fields) errordata errormessage order_increment_ids send_confirmation You must ensure all of the fields above are selected in the Add new destination overlay. If any of the fields are missing, Secure Trading may not update your Magento store correctly following the processing of new transactions or transaction updates. It is possible to submit additional fields to the above for additional reporting within the ST Transactions page if required. 9. Click Save. 10. Select the filter you created from the Filters drop-down at the top of the table. Then select the destination you created from the Destinations drop-down to the right of the filter. Secure Trading Limited 2014 13 June 2014 Page 18 / 48

11. Click Save. Ensure the filter and destination is displayed together when the page reloads (with corresponding Active checkbox ticked to indicate notification is active). Secure Trading Limited 2014 13 June 2014 Page 19 / 48

3.2.2 Redirects Once a payment has been successfully processed using the Secure Trading Payment Pages, you will need to configure a redirect(s) to return the user from the Payment Pages to your Magento store. You will need to sign in to MyST with your username and password and use the Payment pages redirects feature. The following MyST user roles have access to this functionality: Site admin Developer 1 Developer 2 For a full tutorial on configuring redirects for Payment Pages, please refer to the MyST User Guide All Secure Trading documents can be found on our website. ECOM Redirect This will redirect customers to your Magento store after they have processed a successful e- commerce (ECOM) payment on the Payment Pages. Please configure a Condition with the following criteria: Accounts in ECOM Requests in AUTH Error codes in 0 Give the Condition a unique and memorable name, e.g. successful Magento ECOM. Please configure an Action with the following criteria: Website address (URL) of <your_root_magento_install_here>/index.php/securetrading/redirect/redirect Under the Field selection tab, tick the following field: o orderreference And add the following custom field: o order_increment_ids Give the Action a unique and memorable name, e.g. Magento store. For multi-store installations, please see section 7.2. Secure Trading Limited 2014 13 June 2014 Page 20 / 48

MOTO Redirect This will redirect you or other designated users to your Magento admin area, after performing a successful Mail Order / Telephone Order (MOTO) using the Payment Pages. Please configure a Condition with the following criteria: Accounts in MOTO Requests in AUTH Error codes in 0 Give the Condition a unique and memorable name, e.g. successful Magento MOTO. Please configure an Action with the following criteria: Website address (URL) of <your_root_magento_install_here>/index.php/admin/sales_order_create_securetrading/red irect Give the Action a unique and memorable name, e.g. Magento admin area. Assign Actions to Conditions In order to configure an active redirect, navigate to the main Payment pages redirect page (click the link in the left side menu). Then, underneath the Existing rules for <site reference> tab, use the drop-down boxes at the top of the table to select one of the above Conditions and the corresponding Action. Click Save after creating each redirect and ensure they are shown in the table with a tick to show they are active (new rules are set to be active automatically). For the ECOM redirect, be sure to assign the ECOM Condition (e.g. successful Magento ECOM ) to the Magento store Action (e.g. Magento store ). For the MOTO redirect, be sure to assign the MOTO Condition (e.g. successful Magento MOTO ) to the Magento admin area Action (e.g. Magento admin area ). After you have clicked Save, the new redirect will be displayed in the table with a tick to illustrate that the redirect is active (shown below). Secure Trading Limited 2014 13 June 2014 Page 21 / 48

3.3 Make a test payment S T E P 3 Make a test payment using the test details provided. You must only perform the following tests when connecting to your Secure Trading test site (must start with test_ ). Configuring your site reference is outlined as part of step 1. 1. Add an item(s) to your cart and proceed to checkout. 2. Register/sign in as appropriate and fill out billing and shipping information. 3. If the extension has been configured correctly, it will appear as a payment option in your store (name and description dependent on your configuration settings, see section 4.1.1.1). Select this option and click Continue. Secure Trading Limited 2014 13 June 2014 Page 22 / 48

4. Confirm your order by clicking Place Order. 5. You will now be redirected to the Secure Trading s Payment Pages solution. By default, this will be shown in an iframe within your Magento store (see section 4.1.4 for further options). All Ecommerce payment types enabled on your account will be displayed. Select a payment type to process the payment with by clicking its respective logo. Secure Trading Limited 2014 13 June 2014 Page 23 / 48

6. Enter payment details into the fields shown and click Pay. Name of payment type Authorisation Decline Security code American Express 340000000000611 340000000000512 1234 Diners 3000000000000111 3000000000000012 123 Discover 6011000000000301 6011000000000202 123 JCB 3528000000000411 3528000000000312 123 Maestro 5000000000000611 5000000000000512 123 MasterCard 5100000000000511 5100000000000412 123 MasterCard Debit 5124990000000101 5124990000000002 123 V PAY 4370000000000061 4370000000000012 123 Visa 4111110000000211 4111110000000112 123 Visa Debit 4310720000000091 4310720000000042 123 Visa Electron 4245190000000311 4245190000000212 123 Visa Purchasing 4484000000000411 4484000000000312 123 If the customer modifies the billing or delivery details at this stage, Secure Trading will update your Magento store with these changes after the payment has been authorised. Please refer to section 7.3 for information on multi-shipping. Secure Trading Limited 2014 13 June 2014 Page 24 / 48

7. Providing the test card details you entered were for an authorised response, you will be shown a success message. If you entered declining test card details, an error message will be shown, and you ll be allowed to try different payment details. Secure Trading Limited 2014 13 June 2014 Page 25 / 48

4 Advanced Configuration 4.1 Magento extension 1. Sign in to the Magento administration area. 2. Hover over System from the options at the top of the page, and then click Configuration from the drop-down menu. 3. On the page that loads, select Payment Methods on the left-hand menu. 4. Click on SecureTrading STPP. You will be presented with two areas that can be customised by clicking their respective Configure buttons: Secure Trading Payment Pages Secure Trading API. Secure Trading Limited 2014 13 June 2014 Page 26 / 48

4.1.1 Secure Trading Payment Pages After you click Configure next to Secure Trading Payment Pages, the box expands to show two additional options: Basic Configuration Gateway Configuration. Click Configure next to these options to view the settings for the extension that you can customise. 4.1.1.1 Basic Configuration Field Enabled Title Description Applicable countries Specific countries Use iframe Iframe height Iframe width Description This controls if the extension is enabled or not. This is the title of the extension when shown on the storefront. This is the description of the extension when shown on the storefront. This allows the extension to be enabled for ALL countries or specific countries as required. If Applicable countries is set to "Specific countries" this is the list of allowed countries. Controls if an iframe is used to display the payment page. If the iframe is enabled, this controls the height of the iframe. This value can be set using either pixels (px) or percentages (%).The default value is 600px. If the iframe is enabled, this controls the width of the iframe. This value can be set using either pixels (px) or percentages (%).The default value is 100%. Secure Trading Limited 2014 13 June 2014 Page 27 / 48

4.1.1.2 Gateway Configuration Field Site reference Use site security Site security password Use notification hash Notification hash password Parent CSS Child CSS Parent JS Child JS Payment action Settle due date Settle status Description This is the site reference of your Secure Trading account. Enable/disable the use of Site Security. The Site Security Password used. Enabled/disable the use of Notification Hash The Notification Hash Password used. The Parent CSS to use when displaying the payment page. The Child CSS to use when displaying the payment page. The Parent JS file to use when displaying the payment page. The Child JS file to use when displaying the payment page. Either Authorize and Capture or Authorize Only. This setting dictates whether or not funds are automatically captured by Secure Trading. See section 4.1.3 for more information. The settle due date is the day that Secure Trading will schedule to the payment to be included in the next available settlement run. This is the settle status that will be applied to this transaction. This should normally be set to 0. Secure Trading Limited 2014 13 June 2014 Page 28 / 48

4.1.2 Secure Trading API Updates can be performed on orders within Magento which updates the Secure Trading transaction, this is achieved by configuring the extension to utilise Secure Trading s Web Services or STAPI client. For information on how to perform the order updates see section 5. After you click Configure next to Secure Trading API, the box expands to show two additional options: Gateway Configuration Connection Configuration. Click Configure next to these options to view the settings for the extension that you can customise. 4.1.2.1 Gateway Configuration Field Site reference Connection Description This is the site reference of your Secure Trading account. We recommend using Web Services. Instructions on configuring Web Services on your Magento store can be found in section 3.1.2.4. This extension also supports the use of our STAPI client. For more information on our STAPI client, please refer to our STAPI User Guide All Secure Trading documents can be found on our website. 4.1.2.2 Connection Configuration STAPI Field ST API Alias ST API Host ST API Port Description This is the alias to use when connecting to SecureTrading through ST API. Usually this is the same as your site reference. This is the host on which the ST API client is running. This should usually be set to "localhost". This is the port on which the ST API client is listening. The default port for ST API is 5000. Secure Trading Limited 2014 13 June 2014 Page 29 / 48

4.1.2.3 Connection Configuration Web Services Connections Field Web Services alias Web Services username Web Services password Verify SSL CA (Web Services) SSL CA FILE (Web Services) Description Username of the Web Services user account associated with your site(s). Password of the Web Services user account associated with your site(s). Enable this option to verify that the CA (Certificate Authority) signing the SecureTrading Web Services SSL certificate is one you trust. This should always be used in a production environment and should only be disabled for testing purposes when using a test site reference. The full file path containing trusted CAs. The file should be in.pem/.crt format. This is required when verifying SSL CAs with our Web Services connection method. 4.1.3 Payment Action Types Secure Trading supports two payment action settings: 1. Authorize and Capture Secure Trading sends a request for payment authorisation, and the funds will be captured in a subsequent settlement run (normally within 24 hours). See sections 4.1.3.1 and 4.1.3.2. 2. Authorize only Secure Trading sends a request for payment authorisation, but the funds will not be captured without further action from the merchant. See sections 4.1.3.3 and 4.1.3.4. Secure Trading Limited 2014 13 June 2014 Page 30 / 48

4.1.3.1 Diagram of Order Status Flow (using Authorize & Capture Payment Action) The following is a diagrammatic overview of the order status flow in Magento when the customer places an order in your store when payment action is set to Authorize & Capture (described in more detail in section 4.1.3.2): Step 1) The Magento store displays the Secure Trading Payment Pages in an iframe. Order status: Payment Pages Step 2) Customer enters their payment details on Secure Trading s servers. Step 3) Secure Trading submits a request to the Acquiring Bank and interprets the response returned. I F E R R O R Customer can amend payment details and start again. I F A U T H O R I S E D Step 4) Magento automatically generates an invoice. I F S U S P I C I O U S E.g. if card security code provided by Customer returns Not Matched response. Order status: Payment Review p Invoice is in Pending status. I F M E R C H A N T A P P R O V E S I F N O T S U S P I C I O U S Order status: Processing Invoice is in Paid status and is sent to the Customer. I F M E R C H A N T D E N I E S I F M E R C H A N T S H I P S Order status: Canceled Payment cancelled by the Merchant. Invoice is in Canceled status. Order status: Completed Product is delivered to Customer. More information can be found over the page. Secure Trading Limited 2014 13 June 2014 Page 31 / 48

4.1.3.2 Description of Order Status Flow (using Authorize and Capture Payment Action) After the checkout process (one-page or multi-shipping) hosted by your Magento store, the customer confirms they are ready to make a payment by clicking Place Order. At this point, the customer is shown the Secure Trading Payment Pages within an iframe (by default), where they can enter their payment details on our secure server. In Magento, the order status is set to Payment Pages. After the customer clicks Pay, Secure Trading sends a request to the acquiring bank which in turn submits a request to the card issuer, which will either authorise the payment or decline. If the payment is declined, the customer remains on Secure Trading s Payment Pages and is given the opportunity to amend their details and try again if they wish to do so. If the payment has been authorised and the order is: Not suspicious, an invoice is automatically generated by your Magento store and the order status is set to Processing. Unless you manually update or cancel the transaction, the funds will be captured (settled) in Secure Trading s next settlement run. Suspicious, such as a rule has been triggered on Secure Trading s systems to suspend the transaction (e.g. if the security code entered is incorrect), the order status in Magento is set to Payment Review and the generated invoice will be in a pending status. You can review a Payment Review transaction and opt to cancel it using the Magento interface by clicking on the Deny Payment button, in which case the order status is updated to Canceled and the funds will not be captured. Alternatively, you can approve the payment by clicking on the Accept Payment button and allow the funds to be captured, in which case the invoice is updated to Paid status and the order status is updated to Processing. These actions are performed on the Order View page for the order in question. Please note that merchants using Protect Plus will need to view the transaction details in MyST and review the Risk Decision response before accepting the payment in Payment Review status. To dispatch your product, you must manually confirm this in the Magento interface. This is achieved by clicking Ship on the Order View page for the order in question. When you have done so, the order status in Magento is updated to Completed. Secure Trading Limited 2014 13 June 2014 Page 32 / 48

4.1.3.3 Diagram of Order Status Flow (using Authorize Only Payment Action) The following is a diagrammatic overview of the order status flow in Magento when the customer places an order in your store (described in more detail in section 4.1.3.4): Diagrammatic Overview Step 1) The Magento store displays the Secure Trading Payment Pages in an iframe. Order status: Payment Pages Step 2) Customer enters their payment details on Secure Trading s servers. Step 3) Secure Trading submits a request to the Acquiring Bank and interprets the response returned. I F E R R O R Customer can amend payment details and start again. I F A U T H O R I S E D Order status: Processing p Payment authorised by the Acquiring Bank and awaits action from Merchant. I F M E R C H A N T G E N E R A T E S I N V O I C E Order status: Processing Merchant opts to generate invoice for the Customer. I F M E R C H A N T S H I P S Order status: Completed Product is delivered to Customer. More information can be found over the page. Secure Trading Limited 2014 13 June 2014 Page 33 / 48

4.1.3.4 Description of Order Status Flow (using Authorize Only Payment Action) After the one-page checkout process hosted by your Magento store, the customer confirms they are ready to make a payment by clicking Place Order. At this point, the customer is shown the Secure Trading Payment Pages within an iframe (by default), where they can enter their payment details on our secure server. Within Magento, the order status is set to Payment Pages. After the customer clicks Pay, Secure Trading sends a request to the acquiring bank which in turn submits a request to the card issuer, which will either authorise the payment or decline. If the card issuer declines the payment, the customer remains on Secure Trading s Payment Pages and are given the opportunity to amend their details to try again if they wish to do so. If the payment has been authorised, the order status in Magento is set to Processing. You must manually Invoice or Cancel each payment using the Magento interface. To deny a payment and prevent it from being captured (settled), click Cancel on the Order View page for the order in question (This will leave the transaction in a suspended state within Secure Trading and will not be scheduled for capture (settlement). To proceed with the order, generate an invoice within the Magento interface. This is achieved by clicking Invoice on the Order View page. This allows the funds to be captured in Secure Trading s next settlement run by updating the transaction on Secure Trading to be scheduled for capture (settlement). Please note that merchants using Protect Plus will need to view the Risk Decision transaction details within MyST and review the shield status code response before accepting payment. To dispatch your product, you must manually confirm this within the Magento interface. This is achieved by clicking Ship on the Order View page for the order in question. Once the item(s) have been shipped, the order status in Magento is updated to Completed. 4.1.4 Configure Iframe By default, the extension uses iframes to redirect your Customers to Secure Trading s Payment Pages. Iframes are used to display the Payment Pages within your Magento store. This is used to create a seamless user experience. If you wish to disable iframes: Navigate to the SecureTrading Payment Pages > Basic Configuration settings within the extension settings and set Use iframes to No. Information on modifying the extension s configuration options can be found in section 4.1. Please be sure to click Save Config to save any changes made. Secure Trading Limited 2014 13 June 2014 Page 34 / 48

4.2 Secure Trading account 4.2.1 Configure ST Payment Pages Secure Trading allows you to customize your Payment Pages in a number of ways. To enable any of the following features on your Secure Trading Payment Pages solution, please contact Secure Trading support (see section 8.1). The following features are described in more detail in the Payment Pages Setup Guide All Secure Trading documents can be found on our website. 4.2.1.1 Risk Decision (Protect Plus) The purpose of Risk Decision requests is to minimise fraud by analysing customer details and highlighting possible fraudulent activity by using Secure Trading s Protect Plus system. This is to assist you in making a decision of whether or not to process a customer s transaction, based on the perceived level of risk. This is achieved by checking the industry s largest negative database and also searching for suspicious patterns in user activity. The system uses neural-based fraud assessments that can be configured specifically for your account and is constantly updating the fraud checks used to combat new risks. Based on the decision returned by the Protect Plus system a customer that is deemed as suspicious can be prevented from processing a payment. 4.2.1.2 Account Check An Account Check is an optional request to help minimise fraud. It allows payment details to be validated, and checks that the details entered by the customer matches those on the card issuer s records. No funds will be reserved or transferred by the Account Check request. Please note that Account Checks are only available for certain Acquiring Banks. Please contact the Secure Trading support team for more information (see section 8.1). 4.2.1.3 3D Secure 3D Secure is a protocol designed to reduce fraud and Chargebacks during e-commerce Internet transactions. Cardholders are asked to identify themselves at the point of sale before the purchase can be completed. This usually means entering a PIN or other password after entering their credit card details. In the event of a dispute with the transaction at a later date, the card issuer will usually take responsibility of the Chargeback instead of the merchant. The liability issues involved with 3D Secure transactions are out of the scope of this document. For a detailed indication of the liabilities involved, contact your bank. Please note that only certain payment types support 3D Secure. Secure Trading Limited 2014 13 June 2014 Page 35 / 48

5 Managing Orders The Secure Trading extension provides full integration with your Magento store. You are able to manage your orders using the Magento admin interface and any actions taken will instruct Secure Trading to update transaction(s), as required provided that you have configured the advanced extension settings to use the Web Services or STAPI client as detailed in section 3.1.2.4. Please note that Secure Trading strongly recommends using the Magento admin interface when managing orders processed by your store. The purpose of this section of the document is to outline the expected behaviour of Secure Trading s extension for Magento when performing default Magento actions on orders processed by your store. These actions are core Magento functions. For up-to-date information on Magento features, please refer to Magento s website. 5.1 Orders Not Invoiced (Authorize Only) This section only applies to merchants using Authorize Only payment action status. Please note that if you wish to process the order you must issue the invoice within 7 days of the payment being authorised. After this time period, Secure Trading will automatically cancel the transaction as the authorisation code will have expired. Secure Trading Limited 2014 13 June 2014 Page 36 / 48

When using the Authorize Only payment action type see section 4.1.3.3 for more information. Orders that are yet to be invoiced (default behavior when Payment Action is set to Authorize Only for a successfully processed transaction) will have the following actions that can be performed: Action button Edit Cancel Send Email Hold Unhold Invoice Credit Memo Ship Reorder Comment Click Edit to change details of an order. For non-invoiced orders, this procedure cancels the order and creates a new offline (MOTO) order with the modified details you provide. Secure Trading sends a new request to the card issuer for authorisation with the payment details you provide. Click Cancel to cancel an order. This marks the order as Canceled in the Magento interface. Cancelled orders cannot be resumed using the Magento interface; in such a scenario, you will need to process a new order. Note 1: Any partial captures that are registered within Magento for an order before it is manually cancelled will still proceed for settlement. Once cancelled no further funds can be accepted from the order. Note 2: It is still possible for credit memo s to be performed on any existing invoices generated for an order that is in a Canceled state. Click Send Email to send an email to the customer. By default, the email is sent to the customer s user account email address. When on the order details page, this will send an order confirmation email if one was not sent initially. When on the invoice details page, this will send an invoice confirmation. When on the credit memo page, this will send a credit memo confirmation. When clicked on the shipping page, this will send a shipping confirmation. Click Hold to put an order on hold. This prevents subsequent actions such as shipping the product or refunding the order without explicitly unholding the order first. Putting an order on hold will not prevent funds from being captured by the acquiring bank, if this has been previously authorised. Click Unhold to take an order off hold status. This allows you to perform other actions on the order, such as modification or cancellation, generating an invoice or shipping the product. Click Invoice to generate an invoice for the order and proceed with the payment. Performing this action will allow funds to be captured by the acquiring bank (usually occurs within 24 hours). Once an invoice has been generated for an order, it is not possible to cancel it. Instead, you will need process a Credit Memo (refund). For information on Credit Memo please see section Credit Memo5.4 Click Ship to dispatch the product to the customer. This is unrelated to the state of the payment and can be performed at any time after an order has been generated. We strongly recommend waiting for funds to be captured by your acquiring bank before shipping. Click Reorder to create a new order using details of the order being viewed. You will be presented with a form pre-filled with details of the order, allowing you to process an additional order with the same or different details depending on your requirements. Secure Trading Limited 2014 13 June 2014 Page 37 / 48

5.2 Payment Review Orders (Authorize & Capture) This section only applies to merchants using Authorize & Capture payment action status. When an order is in Payment Review status, this is because a transaction has met certain predefined criteria that have led Secure Trading to suspend payment until you have manually reviewed the transaction. By default, this occurs when the customer has entered an invalid CVV2 (security code on the customer s card) or when Protect Plus (if enabled) returns a CHALLENGE or DENY response. Please note that if you wish to process the order you must issue the invoice within 7 days of the payment being authorised. After this time period, Secure Trading will automatically cancel the transaction as the authorisation code will have expired. Please note that merchants using Protect Plus will need to view the transaction details in MyST and review the Risk Decision response before accepting payment. Secure Trading Limited 2014 13 June 2014 Page 38 / 48

Action button Send Email Accept Payment Deny Payment Comment Click Send Email to send an email to the customer. By default, the email is sent to the customer s user account email address. When on the order details page, this will send an order confirmation email if one was not sent initially. When on the invoice details page, this will send an invoice confirmation. When on the credit memo page, this will send a credit memo confirmation. When clicked on the shipping page, this will send a shipping confirmation. This will instruct Secure Trading to accept the payment. Selecting this option will allow the funds to be captured by the acquiring bank. This will set the order status to Processing. This will instruct Secure Trading to prevent the funds from being captured by the acquiring bank. This will set the order status to Canceled. 5.3 Invoiced Orders Secure Trading Limited 2014 13 June 2014 Page 39 / 48

All orders that have been invoiced will have the following actions that can be performed: Action button Edit Comment Click Edit to change details of an order. For invoiced orders, this procedure creates a new order with the modified details you provide. Secure Trading sends a new request to the card issuer for authorisation with the payment details you provide. Note: The original order and transaction will still be processed unless you opt to override the order. Click Send Email to send an email to the customer. By default, the email is sent to the customer s user account email address. When on the order details page, this will send an order confirmation email if one was not sent initially. Send Email When on the invoice details page, this will send an invoice confirmation. When on the credit memo page, this will send a credit memo confirmation. When clicked on the shipping page, this will send a shipping confirmation. Credit Memo For information on Credit Memo see section 5.4 Click Hold to put an order on hold. This prevents subsequent actions such as shipping the product or Hold refunding the order without explicitly unholding the order first. Putting an order on hold will not prevent funds from being captured by the acquiring bank, if this has been previously authorised. Click Unhold to take an order off hold status. Unhold This allows you to perform other actions, such as shipping the product or refunding the order. Click Ship to dispatch the product to the customer. This is unrelated to the state of the payment and can be performed at any Ship time after an order has been generated. We strongly recommend waiting for funds to be captured by your acquiring bank before shipping. Click Reorder to create a new order using details of the order being viewed. Reorder You will be presented with a form pre-filled with details of the order, allowing you to process an additional order with the same or different details depending on your requirements. 5.4 Credit Memo There are two types of Credit Memos that can be issued for an order: 1. Offline Credit Memos 2. Online Credit Memos 5.4.1 Offline Credit Memos Offline credit memos will not update the transaction on the Secure Trading system and will only generate the credit memo within Magento. Offline credit memos are issued when a refund is performed when clicking the Refund Offline button. Clicking Credit Memo from the Order View page will lead to issuing an offline credit memo. Secure Trading Limited 2014 13 June 2014 Page 40 / 48

5.4.2 Online Credit Memos Online credit memos will update the transaction on the Secure Trading system and will also generate a credit memo within Magento. To generate an online credit memo, please follow the following steps: Step 1 - From within the Magento Administration portal select from the menu: Sales > Orders Step 2 - Choose an Order (by clicking on the order). Step 3 - Select Invoice from the left side menu on the Order View page. Step 4 - Choose an Invoice (by clicking on an invoice). Step 5 - click the Credit Memo button. Step 6 - click the Refund button. Alternatively you could access the invoice, by navigating to Sales > Invoice and continuing from Step 4 mentioned above. Note: Clicking the Refund Offline button when issuing a credit memo will generate an offline credit memo which will NOT update the transaction on Secure Trading's systems. 5.4.3 Credit Memo behavior The following behaviour is observed when issuing a credit memo for the following conditions: Condition 1: For full refunds where funds have not been captured Secure Trading will cancel the order and the authorised funds will be released back to the customer s account. Condition 2: For full refunds where funds have been captured Secure Trading will initiate a refund for the full amount. Condition 3: For partial refunds where funds have not been captured Secure Trading will reduce the amount that will be captured by the acquiring bank, as required. The remainder of the reserved funds will be released to the customer s bank account. Condition 4: For partial refunds where funds have been captured Secure Trading will initiate a partial refund for the specified amount. Secure Trading Limited 2014 13 June 2014 Page 41 / 48

6 Testing and Maintenance Magento is written in PHP and runs on an HTTP webserver. Secure Trading s typical testing environment is a LAMP (Ubuntu OS) or WAMP (Windows OS) stack. Due to the enormous variety of possible environments that may run this module, (each webserver has its own peculiarities and has its own set of PHP version distributions) we recommend that each installation or upgrade is thoroughly tested on a staging system before being deployed to production. Once the module is deployed to the stage system, we recommend running test cases with a similar workload as is expected on the production system. As with all test systems, we recommend that you replicate the production system in terms of hardware and software setups to eliminate any possible anomalies. After the module is deployed to a production system, we recommend that all available log files are monitored and if any unexpected behaviour is detected, appropriate personnel should be alerted immediately. All production system changes should adhere to a strict change-control process to reduce the likelihood of release issues. 6.1 Compatibility Secure Trading has tested the Magento extension with a default installation of Magento. We cannot guarantee the behaviour if any core code has been modified or if any additional modules have been enabled. Secure Trading Limited 2014 13 June 2014 Page 42 / 48

6.2 Troubleshooting Symptom(s) Payment module not displaying within System > Configuration > Payment Methods Suggested solution(s) Ensure you have installed the extension correctly, by following the instructions outlined in section 3.1. If this does not resolve the problem, please change the file permissions / CHMOD settings of the extension (temporarily) to 777. This will give it full access to READ, WRITE and EXECUTE. Ensure the file permissions are set securely before going live (at least 755 ). Issues such as the cart not redirecting or updating as expected can be caused by the ST notification and/or redirect not being configured correctly. Payment not updating or cart not emptying on your Magento store following a successful payment. Please check that your notification settings have been configured as outlined in section 3.2.1. In particular, ensure all required fields have been ticked when configuring the filter. Please check that your Payment Pages redirects have been configured as outlined in section 3.2.2. If you are still having problems with the shopping cart, please contact Secure Trading Support (see section 8.1) and they will assist you in troubleshooting the problem. Unable to generate invoice or credit memo. This could be caused by the misconfiguration of Web Services / STAPI within the Secure Trading extension settings within the Magento admin interface. Please ensure that you have entered all the required credentials into the respective fields. See section 4.1.2. Secure Trading Limited 2014 13 June 2014 Page 43 / 48

7 Additional Notes 7.1 Create Web Services Username The SecureTrading extension for Magento can be configured to use Web Services to instruct Secure Trading to update transactions with any changes made to orders processed within the Magento interface. In order to use Web Services on your Secure Trading account, a user account with the role of Webservices must be assigned to your site(s) using MyST. To create a new user account you must have an account with the role Site Admin. Sign in to MyST and click Add new username from the left side menu. Enter a unique and memorable username and password for the user and ensure the role you assign the user is Webservices. Then click Save. For more info on managing users on your Secure Trading site, please refer to the MyST User Guide All Secure Trading documents can be found on our website. After you have configured the Web Services credentials in MyST, you need to assign these to your Magento extension. Please refer to section 3.1.2.4 for instructions on how to do this. Secure Trading Limited 2014 13 June 2014 Page 44 / 48

7.2 Multi-store configuration 7.2.1 Configuring redirects For multi-store configurations, you will be required to set up a redirect for each store. This procedure is as outlined in section 3.2.2, except you will need to consider the following additional requirements. Each redirect will require an additional field to be used in the condition for the redirect. The additional field required is Custom field 1. This can be found within the Advanced settings tab when setting up a condition. This value should represent the storeid value for the respective store(s). For example, if you have 3 stores setup, EUR store, GBP store and JPY store, you would need to setup 3 redirects, one for each store. 7.2.1.1 Finding the storeid in the Magento admin interface One method of finding out the storeid of each store is by navigating to the Manage Stores page ( System > Manage Stores ) and then hovering the mouse cursor over each store. A tooltip will be displayed, showing the storeid of the store in question. 7.2.1.2 Configuring the condition with the storeid Once the storeid is known, you can configure the condition with this value present within Custom field 1 as shown below: Secure Trading Limited 2014 13 June 2014 Page 45 / 48

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback