SSL Interface Product See a REAL-TIME DEMO of this product See how VbV & SecureCode redirects work

Supports & (Click logos to find out more)

The Payment Gateway SSL Web Interface is a component of the Payment Gateway that provides a real-time credit card authorisation service for Web merchants. eSec's Payment Gateway employs a strong security framework resulting in the safest possible conditions for commercial transactions on the Internet. The Payment Gateway SSL Web Interface has been designed to interface with Web sites that operate a conventional shopping cart style of purchasing system; it does not actually include any form of purchasing system.

The Payment Gateway SSL Web Interface may utilise either the Web Redirect Model or the Web Proxy Model for transaction management. The Web Proxy Model is used by default unless otherwise specified within the transaction parameters.

How It Works

In a shopping cart system, the customer browses through a catalogue of available products, selecting items for purchase along the way. These selected items are stored in the customer's "shopping cart", a term that really refers to a list of items stored by the server. Once the customer is satisfied with the item list, the purchase process may be initiated.

The purchasing system is responsible for preparing the information describing both the items being purchased and the customer requesting the purchase. The eSec payment software constitutes the second to last stage of the purchase process, in that it provides real-time authorisation of the credit card that the customer wishes to use for the purchase. This is similar to telephoning a bank when presented with a credit card in a conventional over-the-counter purchase. Once the payment software has determined whether the credit card may be used for the purchase, the website's existing purchasing system must complete the transaction.

The payment software provides a secure mechanism for entering credit card details for a single purchase transaction, and for transmitting these details to an Australian financial institution. Some parameters for the purchase must be changed for each different transaction, which means that the Web page that contains the payment software must be generated for each transaction. This may be performed via CGI program, ASP, or any other mechanism that allows the creation of HTML pages dynamically. Once the purchase request has been processed by the financial institution, the Web site's purchasing system is notified of the result.

There is no provision within the payment software for directly entering other details of the purchase, such as the items being purchased or the customer's personal details.

Step By Step Summary

1. The SSL Interface is a CGI script located on a eSec server and accessible only via SSL connection.
2. When the consumer is ready to pay for goods or services from the merchant's Web site, the merchant's Web site determines the amount of the purchase and generates a Web page containing a HTML form that invokes the Payment Gateway SSL interface.
3. The consumer enters credit card details into the HTML form and submits a purchase request by selecting the form's "purchase" button.
4. The credit card and payment details are transmitted to the SecurePay server using a SSL connection. As part of the establishment of this SSL connection, the eSec server is authenticated using a digital certificate and the transaction details are encrypted as per the SSL capabilities of the consumer's browser.
5. The credit card details are sent from the eSec server to the merchant's bank via an AS2805 compliant payment switching network owned and managed by First Data Resources Australia (FDRA).
6. When a response is received via the FDRA network, the merchant's Web site is notified of the result of the transaction.
7. The merchant's Web site generates a Web page informing the consumer of the final transaction result.