I'm currently working on a site for a company that sells luxury products. Because of this I'm a little confused about what e-commerce options I have. As far as I know, ucommerce and teacommerce both require you to pay using payment gateways that capture card details on an external provider's page. I don't feel this reflects the luxury products that the site will be trying to sell - it'd be far better to actually take the payment on the site. Is this actually possible? Does umbraco have any ecommerce solutions that support this? What alternatives are there?
The problem is that banks require the server where the payment details are stored to meet quite stringent security requirements, including annual audits (at least they do in NZ, not sure about other ocuntries). If you store CC details on your server without meeting these requirements you will be liable for any fraud that occurs.
One option that I have used is to use an embedded iFrame to give the appearance that everything is occuring on your site. I used a NZ based payment provider for this (DPS). DPS has the ability to do some simple customization to the page so it didn't look like an embedded page.
If you go for one of these solutions you will likely have to develop your own payment provider if you are using TeaCommerce or uCommerce.
My first port of call if I was you would be to call or email DPS and discuss your requirements. They've been very responsive and helpful whenever I've contacted them.
Thanks for the explanation - I appreciate the help!
With the ecommerce solution I had in mind, I wasn't proposing to store any payment details on my site. In fact I wasn't even planning on having any membership but now I think about it, it'll probably be necessary for viewing past orders at a minimum. I'm just getting ideas about whether handling the payment on-site is actually feasible. What I'm really wondering is if there are any payment providers that would allow me to almost 'fake' handling the transaction on my site.. similar to what you're proposing with the iframe.
Would it be possible to set up controls for card number, expiry date etc and then somehow post these values over an encrypted channel to a server for processing? That way I wouldn't actually be handling any of the information, yet to the user it'd look like the payment was being processed on the site. None of the data I'd be capturing would be stored by my system in any way. At most I'd probably just store customer details such as name, address and order details but no financial information would be kept in any way.
Yes, that is what I do with the PX Pay method mentioned above. I collect all of the order and delivery details, the next step goes to an iFrame containing the DPS credit card payment screen and then I return to my site
Hi Paul, do you happen to have a url I could look at to see it in progress? Are you saying that, from the user's perspective, they're never aware of leaving your site to handle the payment? Because that's the effect I'm keen to get..
Thanks!
EDIT: PxPay have a demo site that showcased exactly what you spoke of - that's precisely what I'm looking for! Thanks!
With uCommerce you don't have to use customer redirect to do payment. You can do a straight API integration too. Our default providers use customer redirect to avoid PCI requirements for store owners, but if that's not a problem you can definitely go down that route.
You can also embed the existing payment providers in an iframe as Paul suggests.
www.morebox.dk is good example of what that would look like. It should work with all the providers that come out of the box with uCommerce.
E-commerce solutions that don't take you to an external page to pay
Hi all,
I'm currently working on a site for a company that sells luxury products. Because of this I'm a little confused about what e-commerce options I have. As far as I know, ucommerce and teacommerce both require you to pay using payment gateways that capture card details on an external provider's page. I don't feel this reflects the luxury products that the site will be trying to sell - it'd be far better to actually take the payment on the site. Is this actually possible? Does umbraco have any ecommerce solutions that support this? What alternatives are there?
Thanks
The problem is that banks require the server where the payment details are stored to meet quite stringent security requirements, including annual audits (at least they do in NZ, not sure about other ocuntries). If you store CC details on your server without meeting these requirements you will be liable for any fraud that occurs.
One option that I have used is to use an embedded iFrame to give the appearance that everything is occuring on your site. I used a NZ based payment provider for this (DPS). DPS has the ability to do some simple customization to the page so it didn't look like an embedded page.
It's a fair amount of work and testing to get this set up. If it sounds like you I see DPS also have UK & USA based service. Check out the PxPay option: http://www.paymentexpress.com/Technical_Resources/Ecommerce_Hosted/PxPay.aspx
To have a truely integrated solution without iFrames check out the merchant hosted options: http://www.paymentexpress.com/Products/Ecommerce/Merchant_Hosted
If you go for one of these solutions you will likely have to develop your own payment provider if you are using TeaCommerce or uCommerce.
My first port of call if I was you would be to call or email DPS and discuss your requirements. They've been very responsive and helpful whenever I've contacted them.
Cheers
Paul
Hi Paul,
Thanks for the explanation - I appreciate the help!
With the ecommerce solution I had in mind, I wasn't proposing to store any payment details on my site. In fact I wasn't even planning on having any membership but now I think about it, it'll probably be necessary for viewing past orders at a minimum. I'm just getting ideas about whether handling the payment on-site is actually feasible. What I'm really wondering is if there are any payment providers that would allow me to almost 'fake' handling the transaction on my site.. similar to what you're proposing with the iframe.
Would it be possible to set up controls for card number, expiry date etc and then somehow post these values over an encrypted channel to a server for processing? That way I wouldn't actually be handling any of the information, yet to the user it'd look like the payment was being processed on the site. None of the data I'd be capturing would be stored by my system in any way. At most I'd probably just store customer details such as name, address and order details but no financial information would be kept in any way.
Is this possible at all?
Thanks for your help so far!
Yes, that is what I do with the PX Pay method mentioned above. I collect all of the order and delivery details, the next step goes to an iFrame containing the DPS credit card payment screen and then I return to my site
Hi Paul, do you happen to have a url I could look at to see it in progress? Are you saying that, from the user's perspective, they're never aware of leaving your site to handle the payment? Because that's the effect I'm keen to get..
Thanks!
EDIT: PxPay have a demo site that showcased exactly what you spoke of - that's precisely what I'm looking for! Thanks!
OK, good luck with the project. It's been 2-3 years since I implemented this solution but I can't recall having too many issues integrating PxPay
Hi Al,
With uCommerce you don't have to use customer redirect to do payment. You can do a straight API integration too. Our default providers use customer redirect to avoid PCI requirements for store owners, but if that's not a problem you can definitely go down that route.
You can also embed the existing payment providers in an iframe as Paul suggests.
www.morebox.dk is good example of what that would look like. It should work with all the providers that come out of the box with uCommerce.
Hope this helps.
is working on a reply...