Welcome to WebmasterWorld Guest from 54.87.18.165

Forum Moderators: buckworks

Message Too Old, No Replies

Payment gateways with iframe

     
1:57 am on Sep 16, 2014 (gmt 0)

Full Member

5+ Year Member Top Contributors Of The Month

joined:May 11, 2012
posts: 320
votes: 3


My company recently landed a merchant account but the merchant processor we use has a very limited payment gateway module for processing sales through our shopping cart. One of the big negatives if that that it can't authorize first but simply capture only. This is bad for us. BUT worse than that, the cart is not communicating properly with their payment gateway module and details are being sent. The merchant has basically told us that the gateway is limited and if we hate it, we need to look elsewhere for better gateway gateway solutions.

I'd love to use a payment gateway system that I am familiar with like Authorize dot net but Authorize dot net uses direct checkout and my website is not currently PCI complaint, a requirement of my merchant processor. I guess the majority of sites just turn on Authorize dot net and take sales without giving any thought to PCI complaint regulations? I know I didn't for years but want to do it right this time so we don't loose this current merchant processor.

I've been looking into PCI complaint rules and the process takes a lot of time, so I'm seeking an alternative for now.

Recently, I've researched using iframes for checkouts and really like this as a solutions. Obviously with this, the credit card form appears as if it is onsite but it is actually an offsite form shown through an iFrame. Cool! The idea of mimicking the onsite appearance, still means that I'm not hosting the credit card form which should reduce PCI issues.

The problem is, I can't find any payment gateways like Authorize dot net, PayJunction, that are iframe compatible? I hear that 2checkout is iframe on a lot of sites but 2checkout is really a merchant processor and gateway in one like PayPal. I really need to find a payment gateway that can work with my processor and also be iframe compatible.

Does anybody know of any? Any suggestions are greatly appreciated.
9:26 am on Sept 16, 2014 (gmt 0)

Senior Member from ES 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 24, 2002
posts:1129
votes: 2


hi,

I've been looking into PCI complaint rules and the process takes a lot of time, so I'm seeking an alternative for now.


not necessarily. i certified our server at the first level PCI which allows me to capture and forward personal details as long as they are encrypted (this is the most basic level PCI certification - i am not storing any credit card details on the server, merely passing them on to the merchant).

the yearly cost is less than 100 EUR and i get quarterly scans to check for vulnerabilities. search online for a PCI vendor and check prices. the most complex bit is the questionaire, but even that is common sense.

good luck
2:26 pm on Sept 16, 2014 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4209
votes: 265


Authorize net is fine with pass-through setup like jamie describes (not iframe), they offer several ways to do it with step by step instructions that give you options for perl or php carts. I couldn't code my way out of a paper bag at the time, but I was able to muddle through and do it myself. Authorize net does not permit non PCI compliant sites to just "turn on" their services, it isn't active until they verify the compliance level. In my case I only wanted to capture and not process the orders because it could be 2 weeks or more before shipping a custom made item. I needed to have authorization authentication with address verification worldwide. Authorize net worked perfectly this way.
3:04 pm on Sept 16, 2014 (gmt 0)

Full Member

5+ Year Member Top Contributors Of The Month

joined:May 11, 2012
posts: 320
votes: 3


@jamie, what do you mean by you certified your server? Is this an upgrade package? I've never heard of hosting companies offering PCI packages.