ekashu Frequently Asked Questions

Similar documents
ekashu Payment Page Developer s Integration Guide

Magento 2 Community / Enterprise Plugin

Payment Pages Setup Guide Version 2

Magento Extension User Guide: Web Services Version 3.6.1

Authorize.Net Magento 2.x Payment Module

CyberSource Global Payment Management

Magento Extension User Guide: Payment Pages. This document explains how to install the official Secure Trading extension on your Magento store.

Frequently Asked Questions

CyberSource Global Payment Management for Magento 2

Merchant e-solutions Payment Acceptance User Guide for Magento version 2.x ( M2 )

STPP Testing Published: 8 December 2017

AIB Merchant Services AIB Merchant Services Quick Reference Guide Verifone

PayPal Express Checkout Services

Magento Extension User Guide. This document explains how to install the official Secure Trading extension on your Magento store.

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

CyberSource Secure Acceptance Web/Mobile

XML Specification: Subscriptions

MasterPass Guide. Business Gateway. V1.1 February Use this guide to:

X-Payments:FAQ. X-Payments user manual

CyberSource Global Payment Management for Magento 2

DIRECT CONNECT GATEWAY

Gradintelligence student support FAQs

User Guide Netaxept Administration Module. Version 1.50

MyST User Guide 3.1. Published: 23 July 2018

Merchant e-solutions Payment Acceptance User Guide for Magento (M1)

MySagePay User Guide

User Guide Netaxept Administration Module

SecureBill. Integration Guide. Version: 1.2

Token System Integration & Protocol Guideline (Server & Direct)

BluePay QuickBooks Online Plugin User Guide

How to Guide. How to create mobile surveys. and forms START

Express Interface. Certification Details.

MyST User Guide Published: 23 April 2018

Make online payments with peace of mind. HBL DebitCard enables enhanced security on internet-based transactions

MySagePay USER GUIDE

XML Specification ideal

PayPal Standard Sandbox Testing

Entrust Cloud Enterprise. Enrollment Guide

Sage Pay Form Integration and Protocol Guidelines Published: 27/08/2015

Security Requirements and Assessment Procedures for EMV 3-D Secure Core Components: ACS, DS, and 3DS Server

COMPREHENSIVE LIST OF CASHLESS FAQs (GUESTS)

Sage Pay Form Integration and Protocol Guidelines Published: 05/01/2015

1 Virtual Terminal Quick Reference Guide. Virtual Terminal Quick Reference Guide. Getting Started

STRIPE PAYMENTS FOR MAGENTO 2 - DOCUMENTATION

FREQUENTLY ASKED QUESTIONS

IP Pay. End User System Reference Manual. Document revision October 2008

NAB TRANSACT. Direct Post v2.1.2 Integration Guide

XML Specification QIWI

Bank Better with Market USA s New Online Banking & Mobile App!

FlexPay Purchase One Click

Volume 8, Issue 1 Payment Processing News from Shift4 Corporation November 2005

Guide to Getting Started. Personal Online Banking & Bill Pay

New Option For PASS (Payment Account Secure Storage) Using The ELEMENT Express Interface

Virtual Terminal. Quick Start Guide. v.01_03/18

Ivolunteer.com is excited to announce that we can now pass credit and debit card payments along with the sign-up process!

Patients' FAQs. Patient Portal Version 2.7 NEXTMD.COM

PORTAL NOFRAUD GUIDE

The Money Is in the Square Cash Lets Users Funds to Friends

Subscriptions and Payment Pages Version 2

YOUR GUIDE TO ANZ INTERNET BANKING

Quick Reference Guide: SafeShop 3 Web Store. User Manual

Introduction to application management

CCGT Grant Application System User Guide for Applicants, Reviewers and Co-Signatories

E-Bill & Collect User Guide June 2016

Testing Documentation

iphone User Guide & Manual

Guide to credit card security

At merchants that have not yet signed up for your card will continue to work without the need to use an OTP.

USER GUIDE REPORTING <ACQ + GW IMAGE HERE> VERSION 1.0

Payment Pages Customisation Version 2

Trusted Advisor User Guide. inty CASCADE v 2.9.0

DreamFactory Security Guide

Wirecard CEE Integration Documentation

XML Specification: 3-D Secure

Smart Bulk SMS & Voice SMS Marketing Script with 2-Way Messaging. Quick-Start Manual

Mobile Banking Frequently Asked Questions

Sparrow Client (Front-end) API

Get the most from your Health Savings Account. Your guide to your HSA and online account access

Introduction NOTE IF THE REQUEST IS APPROVED, BEFORE PROCEEDING, THE REQUESTING DEPARTMENT MUST AGREE TO BE

Business Online Banking & Bill Pay Guide to Getting Started

Login and Pay with Amazon - extension for Magento

Wells Fargo Merchant Services. Wells Fargo Mobile Merchant User Guide for Apple ipad Version 3.2

The Studio Director QuickBooks Help

Welcome to United Bank - Mobile Banking!

Oracle Banking Digital Experience

Welcome to Cart32, Sincerely, Cart32 Support Team

Implementation Guide Corporate egateway

Important Notice. All company and brand products and service names are trademarks or registered trademarks of their respective holders.

Direct Post Integration Guide

Payment Card Industry (PCI) Data Security Standard

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

Installation & Configuration Guide Enterprise/Unlimited Edition

Merchant Portal User Guide

Paylane Direct System. Webservice based payment management system

Service Schedule BT Web Manager

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

2019 ConCardis GmbH. Alias Manager (Tokenization)

Virtual Terminal User Guide

Sage Pay Direct Integration and Protocol Guidelines Published: 13/05/2015

How to Guide. How to Create Mobile Surveys and Forms START

Transcription:

ekashu Frequently Asked Questions Document addressing commonly raised support queries and issues for new integrators. Issue: 1 (November 2013) Author: Fred Spooner (Integration Support)

Action Name Date Created F. Spooner 13 th November 2013 Release Version Date Released Change Notice Pages Affected Remarks Distribution List Name Organisation Title CreditCall Corporation 1133 Broadway, Suite 706 New York, NY 10010 USA T +1 (212) 807 4979 F +1 (212) 330 8006 CreditCall Ltd Merchants House South Wapping Road Bristol BS1 4RW T 0117 930 4455 F 0117 930 4477 E support@creditcall.com W www.creditcall.com 2

CONTENTS General... 4 Where can I find documentation for ekashu?... 4 Can I use real payment cards on the test platform?... 4 How long does it take to switch from a test account to a live account?... 4 Features & Functionality... 5 Can I use ekashu to make repeat payments (without storing card details)?... 5 Is there any way to submit data to ekashu using HTTP GET instead of POST?... 5 How do I turn off 3-D Secure Verification?... 6 How can I provide my customers with a transaction reference?... 6 Does ekashu automatically email confirmation of payment to customers?... 6 How do I test/use ekashu with PayPal?... 7 Customisation... 8 Can I turn off/change the address fields/card logos/other elements on the payment page?... 8 Is it possible to change which fields are mandatory on the ekashu page (such as CVV)?... 8 Can CreditCall host a custom ekashu stylesheet for me?... 8 Hash Keys/Hash Codes... 9 How do I obtain a Hash Key for use with ekashu?... 9 How do I generate an ekashu_hash_code?... 9 What is the difference between ekashu_hash_code and ekashu_hash_code_result?... 9 Callbacks... 10 What is the difference between a success/failure URL and a success/failure callback URL?... 10 If I specify a callback URL as well as a redirect URL, is the same information posted to both?... 10 Why is my callback URL not doing anything even when a transaction is successfully processed by ekashu?... 10 Common Errors/Warnings... 11 How can I force ekashu to fail/decline a transaction during testing?... 11 If a payment is declined, is it possible to inform the user why?... 11 ekashu returns the error: Invalid POST form field value for: ekashu_seller_id and/or Invalid POST form field value for: ekashu_seller_key.... 11 ekashu responds with the error: The seller cannot accept a payment this high/low.... 12 During redirects on the ekashu test platform, I get a security warning that data will be sent over an unencrypted connection/i get an invalid certificate warning.... 12 3

GENERAL Where can I find documentation for ekashu? The latest version of the ekashu integration guide is available in PDF format on the CreditCall website: http://www.creditcall.com/hres/ekashu%20paymentpage%20integration%20guide.pdf Can I use real payment cards on the test platform? From a security point of view, it is not considered good practice to use real payment cards in a testing environment, and accordingly, we do not recommend it. That said, as the test platform simulates acquirer responses and is not connected to any real acquirers, funds will not be reserved or charged against a live, enrolled payment card. A quick web search will provide you with suitable lists of card data for testing purposes, and generators that produce Luhn-valid card numbers. Alternatively, contact ekashusupport@creditcall.com and we will be more than happy to provide you with a list of card details that can be used appropriately for testing, along with AVS (Address Verification System) and CVV (Card Verification Value) information that will allow you to fully test your application s validation of cardholder details, and handle bank declines and other errors accordingly. Card details that are not registered on the test platform will pass AVS and CVV validation regardless of whether they are correct or not (i.e. any given address or CVV will be returned as Matched ), so it is advisable to use a combination of test data provided by CreditCall as well as card data generated or sourced by yourself for the testing process. It is worth noting that any test card data provided by CreditCall or found anywhere else will not work on any live platform. A card number that passes a Luhn algorithm check does not mean that it is enrolled with any bank or will work on a live payment platform. It is discouraged to ever use test card data on a live system. How long does it take to switch from a test account to a live account? Once we have received a signed merchant registration form we set up your account on our platform using the merchant account details provided by your acquirer. This can take up to 5 working days. Once this stage is complete and we have successfully tested it we will provide you with the configuration information. Keep in mind that it can take up to 2 weeks to register as a merchant with 3-D Secure and it is always advisable to allow as much time as possible for the switch over before going completely live. 4

FEATURES & FUNCTIONALITY Can I use ekashu to make repeat payments (without storing card details)? ekashu is primarily intended to safely capture, authenticate, and process payment card information. However, every successful card authorisation processed by ekashu will return ekashu_card_hash and ekashu_card_reference which together are commonly known as a token. Tokens can be safely stored (e.g. in a database) without coming under scope for PCI DSS, and submitted to ekashu to make subsequent payments from a card, without requiring the card details themselves. This can make your application s user experience more convenient for your customers, as rather than having to enter their card details every time they want to pay, the token that refers to their card details can be retrieved from your database and passed to ekashu to take payment. Rather than having to input the card number, expiry date, and Card Verification Value (CVV), you can set ekashu_card_hash and ekashu_card_reference as hidden elements in your form to the card hash and card reference associated with the customer. Other than the customer pressing pay in order to submit payment, this method essentially negates the need for cardholder interaction in this situation. If ekashu_verification_value_verify is set to true when performing a transaction in this way, ekashu will still prompt the cardholder for the CVV. This can be useful as an extra verification step to ensure that the user legitimately possesses the payment card in question, and reduces the risk of fraud and resultant chargebacks. As the card number isn t supplied in this case, the 3-D Secure process cannot take place and is bypassed automatically. If more flexibility over transactions is required, it is worth investigating CardEaseXML, the SDK on which ekashu is based. In addition to accepting regular payment card information, tokenised card information returned by ekashu can be processed via CardEaseXML, and vice versa. Additionally, CardEaseXML supports the setup and management of recurring payments. While CardEaseXML and ekashu complement each other to create a more powerful payment processing application, the use of CardEaseXML will increase the lead time required for integration and testing before going live. For more information about CardEaseXML, visit http://www.creditcall.com/cardease_xml.html. Remember: storing card information puts the merchant in scope for PCI DSS assessment and should be avoided. You should ONLY store the tokenised card hash and card reference returned by ekashu. Is there any way to submit data to ekashu using HTTP GET instead of POST? No. There are certain core parts of the payment page that require HTTPS POST, and GET exposes too much data that is at risk of being manipulated or edited, affecting the transaction. You can however, pass your own reference to ekashu as part of the HTML form if necessary. See the ekashu integration guide for more information. You can specify GET data in your success/failure/callback URLs if you wish, but we strongly discourage including any sensitive data, or data that could influence your site s response to the data returned by ekashu. 5

How do I turn off 3-D Secure Verification? In some cases, it is not necessary to make 3-D Secure verification mandatory, for example if ekashu is being used to process card data in a back-office environment. As 3-D Secure functionality ensures fraud liability shift as well as an extra layer of security, it is not recommended to disable it. That said, you are able to disable 3-D Secure verification by adding the hidden form element ekashu_3d_secure_verify and setting it to false. Remember: Maestro card scheme rules require 3-D Secure validation for e-commerce transactions. Failure to do so may result in fines from the acquiring bank, or automatic declining of Maestro transactions. As such, ekashu will override the option to bypass 3-D Secure when presented with a Maestro card. How can I provide my customers with a transaction reference? You can pass your own reference to ekashu using the form field ekashu_reference. This will be returned exactly as it was posted when you are redirected back to your site after payment via ekashu. Alternatively, if you prefer, you may use ekashu_transaction_id as a unique payment reference. Does ekashu automatically email confirmation of payment to customers? ekashu does not provide this functionality. If you wish to email customers confirmation of a transaction, you will need to implement this yourself on your website. Naturally, you can use data returned by ekashu (such as masked card number, transaction reference, etc.) to supplement the confirmation message. We recommend that you investigate ekashu s callback functionality in the ekashu Integration Guide. 6

How do I test/use ekashu with PayPal? In order to test ekashu with PayPal, you will require a PayPal developer account if you do not already have one. PayPal offers a 'sandbox' platform for test purposes, which allows the creation of test business/merchant accounts, and test personal/buyer accounts, without the need to supply information such as bank details, etc. For an overview of PayPal's Sandbox testing environment, and instructions on how to create test accounts, visit https://developer.paypal.com/webapps/developer/docs/classic/lifecycle/ug_sandbox/#accounts. You will require a test business account (normally this is automatically configured when you register), and at least one test buyer account so that you can perform a PayPal transaction via ekashu from start to finish. Once your test credentials are configured, contact ekashusupport@creditcall.com with the following information: Your Terminal ID (ekashu seller ID) Your PayPal Sandbox Business account email We will endeavour to configure your Terminal ID for PayPal testing within a working day. Once the above steps have been followed, you can specify the ekashu_payment_method and ekashu_payment_methods fields, you will need to allow the CreditCall/eKashu API access to your Sandbox account. The process is essentially the same for live accounts, except that your PayPal Business account will be registered on the ekashu/cardease platform during the boarding process with CreditCall. Naturally, the API credentials for a live account will differ as well. Refer to the ekashu integration guide or contact ekashu support for more information. 7

CUSTOMISATION Can I turn off/change the address fields/card logos/other elements on the payment page? Address fields can be disabled by setting: ekashu_card_address_verify, ekashu_card_zip_code_verify, ekashu_card_address_required to false. More information on this can be found in the ekashu integration guide. We discourage using CSS to hide elements on the page, as card scheme rules state that 3-D Secure logos and card scheme logos (including the space around them) should be present and intact on the payment page. Other than that, feel free to stylise the page how you wish. On the test platform, ekashu will display all card scheme logos. When you go live, only the card schemes in which you are enrolled to take payment will be displayed. Note: Please bear in mind that if you hide an input field that may be required by certain cards (such as start date) we cannot be held responsible if errors occur when attempting to take payment. Is it possible to change which fields are mandatory on the ekashu page (such as CVV)? We cannot change which fields are mandatory or not, as this depends entirely on the card scheme of the customer. If the customer doesn t enter a CVV when one is required, ekashu will then prompt them to enter the valid CVV once they ve attempted to submit the form. Can CreditCall host a custom ekashu stylesheet for me? Yes, although we encourage you to host it on your own HTTPS server so that you can maintain it without needing to send us a new one every time it is updated. NOTE: all CSS/images/other elements that you are using to redecorate the ekashu payment page should be hosted securely (https), otherwise the user s browser will display warnings about mixed secure/unsecure content. This could cause lost revenue due to users mistaking the warnings as a potential fraud/phishing attempt. 8

HASH KEYS/HASH CODES How do I obtain a Hash Key for use with ekashu? Email salesadmin@creditcall.com with the subject hash key request, providing your Seller ID and Transaction Key. We will endeavour to respond with your Hash Key within 24 working hours. Keep in mind that there will be one Hash Key provided for testing, and a separate one must be requested for live use, so please provide the relevant Seller ID and Transaction Key. Test Seller IDs commonly begin with a 9, and live IDs with a 2. How do I generate an ekashu_hash_code? [This process is explained in the ekashu integration guide.] In brief, ekashu_hash_code is a SHA1 hash generated from a concatenated string composed of the merchant s secret Hash Key, Seller ID, the Transaction Reference, and the transaction Amount. It is used to validate the transaction between being posted to ekashu from the merchant s site, and the user s browser being redirected, to ensure that the data has not been tampered with (i.e. altering the amount!) The guide also contains sample code explaining how to generate the hash code in C# and in PHP, in a format that should be fairly simple to apply in a different programming language if required. Note: You will need to request a hash key from CreditCall if you do not already have one. See How do I obtain a Hash Key for use with ekashu? below. Take care when generating your hash code. If you are met with an error stating invalid POST form field value for: ekashu_hash_code, double check the data that is being passed to the function. For example, when using Major AmountUnits, $2 will not result in the same hash code as $2.00, or even 2 or 2.00. The same applies to the transaction reference. The strings that are passed to your function to create your hash code must be identical to those that are POSTed to ekashu. What is the difference between ekashu_hash_code and ekashu_hash_code_result? ekashu_hash_code_result is similar to ekashu_hash_code except that it validates the response from ekashu after a transaction has been processed. It is constructed from the merchant s Hash Key, Seller ID, Transaction Reference, and Auth Result. Using the variables described above, a Hash Code can be generated by your own application that can be used to validate against the ekashu_hash_code_result returned by ekashu. When produced correctly, the user-generated Hash Code will be an exact match. This will prevent a user tampering with the POST data, for example fooling your website into registering a transaction as successful when it had actually failed or been declined. 9

CALLBACKS What is the difference between a success/failure URL and a success/failure callback URL? The ekashu_success_url and ekashu_failure_url fields redirect the customer s browser back to the specified page upon a successful or failed transaction. The callback URLs (ekashu_callback_success_url and ekashu_failure_url) send data to a specified page behind the scenes, usually to execute a script (specified by the URL) that makes use of the data returned by ekashu when a transaction takes place. If a callback fails, our servers will retry a callback after 1 minute, then 2 minutes, then 4 minutes, and so on, until it is successful (HTTP code 200), or up to a maximum of 3 days. This process is intended to be used as a failsafe should the customer s browser fail to redirect back to the success or failure page. A brief example of this feature would be a script that automatically closes a customer s order and emails them confirmation of the transaction once the callback has been performed. If I specify a callback URL as well as a redirect URL, is the same information posted to both? Yes, when the ekashu_include_post field is set to true. See the ekashu integration guide for more information. Why is my callback URL not doing anything even when a transaction is successfully processed by ekashu? This issue often arises when the callbacks are directed to the URL of a server behind a firewall, for instance, an in-house development server. If you think that this is the case, please contact ekashusupport@creditcall.com and we will provide you with the IP addresses that need to be added as exceptions to your firewall s rules. Our firewalls do not support callbacks on any ports other than 443 and 80. Also, keep in mind that local server IP addresses or localhost will not work as the ekashu servers will not know where to direct the callback. Our servers are configured to reattempt failed callbacks after a set period of time, up to a maximum limit, in order to minimise a loss of information should there be a connection issue between our servers and your site. Finally, your callback script should expect POST data to be returned by ekashu, although you can specify GET parameters in the callback URL if necessary. 10

COMMON ERRORS/WARNINGS How can I force ekashu to fail/decline a transaction during testing? The simplest way to do this is to set the transaction amount to greater than 130 (the maximum limit on the test platform) three times, or use one of our test cards with an incorrect CVV (Card Verification Value). If a payment is declined, is it possible to inform the user why? Our payment page performs routine validation checks of your customer s card details, to ensure the card number is valid (Luhn check), that the expiry date is in the future, and so on. The acquiring bank only responds to validated card information with either AUTH CODE: xxxxxx or DECLINED. It does not provide a reason as to why the card was declined. If a payment fails due to a failure to validate the card details (incorrect format, communication failure, etc.), ekashu will return the relevant error message. ekashu returns the error: Invalid POST form field value for: ekashu_seller_id and/or Invalid POST form field value for: ekashu_seller_key. Remember that your ekashu_seller_key is the first eight characters of the Transaction Key provided to you upon registration to Test WebMIS (on our test platform), or by our Sales Admin team during the boarding process on our live platform. Your ekashu_seller_id is the Terminal ID provided in the same way (registration on Test WebMIS or via our Sales Admin team for live boarding). If you haven t signed up for a Test WebMIS account, then you can do so at: https://testwebmis.creditcall.com/registration.php If you have registered on Test WebMIS but don t know your Terminal ID and Transaction Key, first check your email inbox/spam folder for an email from noreply@creditcall.com and see if the initial registration email is there. If not, contact ekashusupport@creditcall.com. Remember: There are two different pairs of Terminal ID and Transaction Key for each platform: test, and live. They are not interchangeable between the test and live platforms. To obtain live credentials, you will need to contact the CreditCall Sales Admin team about our boarding procedures. In most cases, live Terminal IDs start with 2, and test Terminal IDs start with 9. 11

ekashu responds with the error: The seller cannot accept a payment this high/low. On the ekashu test platform, there is a maximum transaction amount of 130 major units (e.g. $130, 130, 130 etc.). The minimum transaction amount is 0.25 major units (e.g. 25, 25p etc.). On the live platform, these limits can be configured to whatever you like when setting up your merchant account. The default limit is between 0.50 major units and 100.00 major units. If you need your minimum/maximum limits altered, please contact salesadmin@creditcall.com. Please note: we cannot change the transaction amount limit on the test platform, as it can cause other integrator s tests to fail unexpectedly. During redirects on the ekashu test platform, I get a security warning that data will be sent over an unencrypted connection/i get an invalid certificate warning. On the test platform the 3-D Secure Access Control Server (ACS) will present the cardholder s browser with a certificate that was not issued by a trusted certificate authority. This is intentional as it helps to make sure that the ACS is not mistakenly used for live transactions. When using the test platform the certificate warning displayed by the browser relating to the ACS can be safely ignored allowing authentication to continue. It has been noted that a similar warning tends to occur on the live platform when using Mozilla Firefox; however it can occur in other browsers as well. The most common reason for this is that a custom CSS file, and/or other HTML elements such as images, used by the merchant are not hosted on a secure (HTTPS) server. Ensure that your success and failure redirect URLs also use HTTPS. If you are using the live platform, you are certain that the criteria described above have been met, and your users are met with the same warning, it is inadvisable to continue entering sensitive data, and you should contact ekashusupport@creditcall.com. 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback