1 / 28

Credit Card Processing

Credit Card Processing. Gail “Montreal” Shoffey Keeler August 14, 2007. About Me. Contractor with TEKsystems Current project: Reliant Energy Working with ColdFusion over 4 years. Credit Card Processing. What are the first items that come to mind when you think of credit card processing?

camdyn
Télécharger la présentation

Credit Card Processing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007

  2. About Me • Contractor with TEKsystems • Current project: Reliant Energy • Working with ColdFusion over 4 years

  3. Credit Card Processing • What are the first items that come to mind when you think of credit card processing? Security Connectivity Components

  4. What You Will Leave With • 3 key points you will leave with after the meeting • An understanding of Payment Card Industry Data Security Standard (PCI DSS) • An example of a credit card merchant’s Application Programming Interface (API) • An example of credit card components • How these skills will help in the future • Process credit cards in real time • Store credit card information within PCI compliance • Create your own final step in a shopping cart

  5. Focus What is PCI compliance?

  6. PCI Compliance • Secure your business • Intellectual and Web property • Credit card data/account information protected • Transaction information locked • Store data in inaccessible areas • From locks to scanning devices

  7. Payment Card Industry (PCI) • PCI History • 5 major credit card brands: • Visa • MasterCard • American Express • DiscoverCard • JCB International • PCI Security Council founded in June 2005 • Competitor brand-specific requirements intersecting • Single standard for protecting credit card data • Based on ISO 17799  information security standard • There are 12 main requirements

  8. PCI Controls 1 of 2 • Build and Maintain a Secure Network • Install and maintain a firewall configuration to protect cardholder data • Do not use vendor-supplied defaults for system passwords and other security parameters • Protect Cardholder Data • Protect stored cardholder data • Encrypt transmission of cardholder data across open, public networks • Maintain a Vulnerability Management Program • Use and regularly update anti-virus software • Develop and maintain secure systems and applications

  9. PCI Controls 2 of 2 • Implement Strong Access Control Measures • Restrict access to cardholder data by business need-to-know • Assign a unique ID to each person with computer access • Restrict physical access to cardholder data • Regularly Monitor and Test Networks • Track and monitor all access to network resources and cardholder data • Regularly test security systems and processes • Maintain an Information Security Policy • Maintain a policy that addresses information security

  10. Focus What is PCI compliance? Why use APIs?

  11. Application Programming Interface • The Application Programming Interface (API) consists of several sets of related methods or functions that specifies how two different computers can communicate • Platform independent • Facilitates subsequent developers who may need to tap into new services • Using the API offers greater advantages into your organization’s business needs

  12. API Advantages

  13. CyberSource API Choices

  14. General API Documentation

  15. Java API Documentation

  16. Focus What is PCI compliance? Why use APIs? Where’s the code?

  17. The Process Load the configuration Create credit card object Process the results Create properties object Combine into a transaction object

  18. Load the Configuration <merchantID>your merchant ID</merchantID> <keysDirectory>C:\CFUGMD\secure\certificate</keysDirectory> <sendToProduction>false</sendToProduction> <targetAPIVersion>1.26</targetAPIVersion> <keyFilename>CFUGMDkey.p12</keyFilename> <namespaceURI>urn:schemas-cybersource-com:transaction- data-1.26</namespaceURI> <enableLog>true</enableLog> <logDirectory>C:\CFUGMD\secure\log</logDirectory> <logFilename>cybs.log</logFilename> <logMaximumSize>10</logMaximumSize> <timeout>130</timeout> <useHttpClient>false</useHttpClient>

  19. Parse the Properties // init CyberSource params csMerchantID = this.getSettingsParam("merchantID"); csKeysDirectory = this.getSettingsParam("keysDirectory"); csSendToProduction = this.getSettingsParam("sendToProduction"); csTargetAPIVersion = this.getSettingsParam("targetAPIVersion"); csKeyFilename = this.getSettingsParam("keyFilename"); csServerURL = this.getSettingsParam("serverURL"); csNamespaceURI = this.getSettingsParam("namespaceURI"); csEnableLog = this.getSettingsParam("enableLog"); csLogDirectory = this.getSettingsParam("logDirectory"); csLogFilename = this.getSettingsParam("logFilename"); csLogMaximumSize = this.getSettingsParam("logMaximumSize"); csTimeout = this.getSettingsParam("timeout"); csUseHttpClient = this.getSettingsParam("useHttpClient");

  20. Add Merchant-Specific Values • // CyberSource-specific values for credit cards • csCreditCardType = arguments.creditCard.getCcType(); • switch(csCreditCardType){ • case "VISA": • csCreditCardValue = '001'; • break; • case "MASTERCARD": • csCreditCardValue = '002'; • break; • case "AMEX": • csCreditCardValue = '003'; • break; • case "DISCOVER": • csCreditCardValue = '004'; • break; • case "JCB": • csCreditCardValue = '007'; • break; • default: • csCreditCardValue = ''; • }

  21. Create Properties Object // create csProps - Properties object and init object constructor csProps = createObject("Java","java.util.Properties"); csProps.put("merchantID",csMerchantID); csProps.put("keysDirectory",csKeysDirectory); csProps.put("sendToProduction",csSendToProduction); csProps.put("targetAPIVersion",csTargetAPIVersion); csProps.put("keyFilename",csKeyFilename); csProps.put("namespaceURI",csNamespaceURI); csProps.put("enableLog",csEnableLog); csProps.put("logDirectory",csLogDirectory); csProps.put("logFilename",csLogFilename); csProps.put("logMaximumSize",csLogMaximumSize); csProps.put("timeout",csTimeout); csProps.put("useHttpClient",csUseHttpClient);

  22. Create Credit Card Object // create csRequest - HashMap object csRequest = createObject("Java","java.util.HashMap"); csRequest.put("billTo_city",arguments.creditCard.getCcCity()); csRequest.put("billTo_country",arguments.creditCard.getCcCountry()); csRequest.put("billTo_customerID",1); // optional good for level 2 csRequest.put("billTo_email",arguments.creditCard.getCcEmail()); csRequest.put("billTo_firstName",arguments.creditCard.getCcFirstName()); csRequest.put("billTo_lastName",arguments.creditCard.getCcLastName()); csRequest.put("billTo_postalCode",arguments.creditCard.getCcZip()); csRequest.put("billTo_state",arguments.creditCard.getCcStateProvince()); csRequest.put("billTo_street1",arguments.creditCard.getCcAddress1()); csRequest.put("billTo_street2",arguments.creditCard.getCcAddress2()); csRequest.put("card_accountNumber",arguments.creditCard.getCcNumber()); csRequest.put("card_cardType",csCreditCardValue); csRequest.put("card_cvIndicator","1"); // 0, 1, 2, 9 csRequest.put("card_cvNumber",arguments.creditCard.getCvvCode()); csRequest.put("card_expirationMonth",arguments.creditCard.getCcExpMonth()); csRequest.put("card_expirationYear",arguments.creditCard.getCcExpYear()); csRequest.put("ccAuthService_commerceIndicator","internet"); // internet (default): eCommerce transaction. csRequest.put("ccAuthService_run","true"); csRequest.put("ccCaptureService_run","true"); csRequest.put("comments","Payment made via EFT Module"); csRequest.put("item_0_unitPrice",csAmount); // loop to check the items purchased note: this is the total csRequest.put("merchantID",csMerchantID); csRequest.put("merchantReferenceCode",cookieFacade.getValue("jsessionid")); csRequest.put("purchaseTotals_currency","USD");

  23. Combine Objects in Transaction // CREDIT CARD AUTHORIZATION AND CAPTURE REQUEST csReply = createObject("Java","java.util.HashMap"); csReply = createObject("Java","com.cybersource.ws.client.Client"). runTransaction(csRequest,csProps);

  24. Code response <!--- check to see if response was error or denied ---> <cfif StructFind(csReply, "decision") IS 'ACCEPT'> <cfset eftResponse = structNew() /> <cfset eftResponse.transactionReference = StructFind(csReply, "requestID") /> <cfset eftResponse.transactionToken = StructFind(csReply, "requestToken") /> <cfset eftResponse.amountCharged = StructFind(csReply, "ccCaptureReply_amount") /> <cfset eftResponse.cardholderName = arguments.creditCard.getCardholderName() /> <cfset eftResponse.creditCardType = arguments.creditCard.getCcType() /> <cfreturn eftResponse /> <cfelse> <!--- init errors ---> </cfif

  25. Credit Card Components type

  26. Your Questions & Comments

  27. Key Learning Objectives • Security, compliance and the law • APIs are the best connectivity • Use components

  28. BLOGS • PhillNacelli • http://www.phillnacelli.net • Scott Stroz • http://www.boyzoid.com • Montreal • http://www.montrealoncf.org Special Thanks Go To

More Related