|
Posted by "Ragnar" on 10/08/05 09:58
Hi Mark,
basically what I am working on is integrating a step inbetween the checkout
and the payment gateway processing.
The cardholder information is checked for enrolment in the first step, if
the cardholder is enrolled he will need to authenticate himself by password
(this is where the 2nd page comes in) if the authentication is successfull
he is forwarded to the 3rd page where the payment gateway processing takes
place.
It's like any other online payment integration i have done before but this
time there is this extra step required due to Visa's and Mastercards new
security feature.
I didn't see an issue with passing this information along since it's already
used in the verification of the cardholder which also requires
the card number.
I do require the payment info again on page 3 to pass it along to the
payment gateway, but didn't want to store it on my end for that.
What I gather from Richards answer earlier that the difference between
$_POST, $_GET or $_COOKIE, $_SESSION is almost irrelevant, I might
as well store the detail in a session to be able to use them on page
3 it seems.
> Is this what happens:
>
> 1. User enters payment data
> 2. XML check that payment data is OK
> 3. redirection to a page (on another site?), where for some reason the
> payment data is required again (why?).
>
> This sounds like a mixture of two ways of implementing online payments.
> Forgive me if I'm telling you what you already know, but in general I
> believe things work as follows:
>
> 1 The whole process from payment to verification takes place on the
> payment
> provider's server
> or
> 2. the whole thing takes place on your server, with some inline (XML in
> this case) communication with your payment provider to verify the card
> details.
>
> You seem to be doing a bit of both, or have I misunderstood?
> Why do you need the payment details on the third page? If you don't
> actually
> need them, then the security problem goes away, and you can use the
> session
> object or whatever to persist the customer data.
> Does this help?
--
NEU: Telefon-Flatrate f
[Back to original message]
|