Enter card details without leaving site

[Guest amt2002]

Hello,

Bit of a newbie question but I've been searching around like mad but can't find a cubecart site that does this, nor a definitive answer on these forums....

All I'm wanting to do is have my customers pay for their items on my site without leaving to go to a third party site. I thought Paypal Website Payments Pro with Express Checkout allows for this yet I can't find find any cubecart site that doesn't divert straight to paypal or other payment server on the payment page?

Can anyone tell me if it's possible (and perhaps point me to a site which does this)?

Many thanks,

Alex

[tomoharu]

Do you have a merchant account? Cubecart does allow a direct card input (Payment Methods > Card Capture) . PayPal Website payments DOES have you input card info on the store's site. It will only divert to PayPal if the customer chooses to pay via PayPal (through Express), not card. Have been using it w/ Cube Cart for well over a year.

[vokf]

CubeCart 4 integrates very well with HSBC Secure ePayments. I've completed a few stores that use this.

The sensitive date is sent from your store direct to HSBC for clearing. HSBC then redirect the customer to your site. Visually, they stay on your site.

Costs are about £200 set-up (HSBC), Monthly fee of about £20, with transaction fees of about 2%. You will need an SSL certificate (£20-£30 ish depending on your host)

This will give you a proper merchant account for internet transactions.

If you're US based... these costs will not mean anything! (Note:Can people please add their rough location to their profile!)

You'll need to work out if the monthly fee and transaction fees are better than PayPal for your expected order levels.

One of my clients is selling mobility equipment and the average order level is about £1.2K, so the odd 1% difference, really adds up. (2 transactions pays the months fee)

It does depend on where you are based, and also the level of business you have. If business is low (with low number of visitors) then the money may be better spent on promotion and SEO.

If visitors are high, but they are not buying, then it could be a number of factors - and if you are using PayPal make sure you add your logo to their checkout page to ease the jump from your site to PayPals.

[Guest amt2002]

Do you have a merchant account? Cubecart does allow a direct card input (Payment Methods > Card Capture) . PayPal Website payments DOES have you input card info on the store's site. It will only divert to PayPal if the customer chooses to pay via PayPal (through Express), not card. Have been using it w/ Cube Cart for well over a year.

This is the sort of Paypal integration I read about and wanted to see, so it's good to hear it can indeed be done. Any chance I could see it in action on your site?

CubeCart 4 integrates very well with HSBC Secure ePayments. I've completed a few stores that use this.

The sensitive date is sent from your store direct to HSBC for clearing. HSBC then redirect the customer to your site. Visually, they stay on your site.

Costs are about £200 set-up (HSBC), Monthly fee of about £20, with transaction fees of about 2%. You will need an SSL certificate (£20-£30 ish depending on your host)

This will give you a proper merchant account for internet transactions.

If you're US based... these costs will not mean anything! (Note:Can people please add their rough location to their profile!)

You'll need to work out if the monthly fee and transaction fees are better than PayPal for your expected order levels.

One of my clients is selling mobility equipment and the average order level is about £1.2K, so the odd 1% difference, really adds up. (2 transactions pays the months fee)

It does depend on where you are based, and also the level of business you have. If business is low (with low number of visitors) then the money may be better spent on promotion and SEO.

If visitors are high, but they are not buying, then it could be a number of factors - and if you are using PayPal make sure you add your logo to their checkout page to ease the jump from your site to PayPals.

This is very interesting. My business bank account is with HSBC (I'm in UK too) and I was in discussing a merchant account with them last week.

Though I thought it was always a case of leaving the site to go to their secure payment page. For this reason I had discounted it in favour of Paypal Pro's complete integration. My shop turnover is expected to be high so the merchant account would be worth it.

So can I confirm: the customer enters their credit card details into a secure payment page on MY site, clicks pay, then what happens? Does the customer see anything of the HSBC external site or does all this happen in the background? IF the transaction is denied, can it divert back to the credit card page allowing user to amend their card details / pay by another card?

When are 3d secure passwords entered?

Would you mind pointing me to a site where such a system is in place?

Thanks for all your help, much appreciated.

[vokf]

Do you have a merchant account? Cubecart does allow a direct card input (Payment Methods > Card Capture) . PayPal Website payments DOES have you input card info on the store's site. It will only divert to PayPal if the customer chooses to pay via PayPal (through Express), not card. Have been using it w/ Cube Cart for well over a year.

This is the sort of Paypal integration I read about and wanted to see, so it's good to hear it can indeed be done. Any chance I could see it in action on your site?

CubeCart 4 integrates very well with HSBC Secure ePayments. I've completed a few stores that use this.

The sensitive date is sent from your store direct to HSBC for clearing. HSBC then redirect the customer to your site. Visually, they stay on your site.

Costs are about £200 set-up (HSBC), Monthly fee of about £20, with transaction fees of about 2%. You will need an SSL certificate (£20-£30 ish depending on your host)

This will give you a proper merchant account for internet transactions.

If you're US based... these costs will not mean anything! (Note:Can people please add their rough location to their profile!)

You'll need to work out if the monthly fee and transaction fees are better than PayPal for your expected order levels.

One of my clients is selling mobility equipment and the average order level is about £1.2K, so the odd 1% difference, really adds up. (2 transactions pays the months fee)

It does depend on where you are based, and also the level of business you have. If business is low (with low number of visitors) then the money may be better spent on promotion and SEO.

If visitors are high, but they are not buying, then it could be a number of factors - and if you are using PayPal make sure you add your logo to their checkout page to ease the jump from your site to PayPals.

This is very interesting. My business bank account is with HSBC (I'm in UK too) and I was in discussing a merchant account with them last week.

Though I thought it was always a case of leaving the site to go to their secure payment page. For this reason I had discounted it in favour of Paypal Pro's complete integration. My shop turnover is expected to be high so the merchant account would be worth it.

So can I confirm: the customer enters their credit card details into a secure payment page on MY site, clicks pay, then what happens? Does the customer see anything of the HSBC external site or does all this happen in the background? IF the transaction is denied, can it divert back to the credit card page allowing user to amend their card details / pay by another card?

When are 3d secure passwords entered?

Would you mind pointing me to a site where such a system is in place?

Thanks for all your help, much appreciated.

Hi,

the sequence is;

1. Customer arrives on payment page on your site, and provides Credit Card details

2. Customer hits "submit", and *data* is sent to HSBC for processing. Currently not sure about 3D Secure - it may be a pop-up window, I can't remember...

3. Customer is redirected to "payment accepted" or "payment failed" page on your cite.

Basically, the HSBC site does not output any html - so the customer does not see anything whilst the transaction is being processed (they see the payment page on your site). Once the processing is complete, their site will redirect the customer back to your site.

Visually, this is what you require.

If you'd like a demo, let me know (I'm away this weekend though), and I will create a £0.01 product & free shipping for a specific time frame for you to run a test purchase - it will only cost you 1p.

As a merchant, you'll have a HSBC admin area (that I've never seen), which will allow you to process refunds and track transactions. I don't think you get to see the Credit Cart information.

I hope this helps,

Jason

[Guest amt2002]

Thank you, and if I could take you up on your offer of a 1p product that would be great (please don't worry if this is too much of a hassle for you though - I've taken up too much of your time already).

Assuming it works like I hope, I shall undoubtedly go for this.

[Guest Christian K.]

FYI- check with your hosting company about taking this route first. Processing any sensitive credit card data on your website directly means that you & your host are now required to be PCI DSS compliant. This is a large list of policies & regulations that must be taken by the users, as well as the company hosting. If your host is not already PCI DSS compliant, this is no easy or quick process! It can take a significant amount of work, and even additional expenses (e.g. machines that process the CC data need to have video monitoring, etc). Your best bet would be to find anotehr host who is already PCI compliant.

[vokf]

FYI- check with your hosting company about taking this route first. Processing any sensitive credit card data on your website directly means that you & your host are now required to be PCI DSS compliant. This is a large list of policies & regulations that must be taken by the users, as well as the company hosting. If your host is not already PCI DSS compliant, this is no easy or quick process! It can take a significant amount of work, and even additional expenses (e.g. machines that process the CC data need to have video monitoring, etc). Your best bet would be to find anotehr host who is already PCI compliant.

Christian,

When using the HSBC gateway the CC website is not processing credit card data. The customer enters their details on the form (on their browser), and this information is sent directly to HSBC (HTTP POST if I'm correct?). The CC Store never gets to see the Credit Card Data, its call client side, then posted using SSL to the HSBC clearing server.

So, no PCI compliance is required.

I'm not sure of the other Payment Modules (protx/worldpay etc). The only one that stands out as a problem is the module that stores details on the system for offline/manual processing.

If this is being used, then credit card details are being stored, and so PCI is 100% required.

Jason

[Guest Christian K.]

FYI- check with your hosting company about taking this route first. Processing any sensitive credit card data on your website directly means that you & your host are now required to be PCI DSS compliant. This is a large list of policies & regulations that must be taken by the users, as well as the company hosting. If your host is not already PCI DSS compliant, this is no easy or quick process! It can take a significant amount of work, and even additional expenses (e.g. machines that process the CC data need to have video monitoring, etc). Your best bet would be to find anotehr host who is already PCI compliant.

Christian,

When using the HSBC gateway the CC website is not processing credit card data. The customer enters their details on the form (on their browser), and this information is sent directly to HSBC (HTTP POST if I'm correct?). The CC Store never gets to see the Credit Card Data, its call client side, then posted using SSL to the HSBC clearing server.

So, no PCI compliance is required.

I'm not sure of the other Payment Modules (protx/worldpay etc). The only one that stands out as a problem is the module that stores details on the system for offline/manual processing.

If this is being used, then credit card details are being stored, and so PCI is 100% required.

Jason

I could be wrong, but my understanding of policy is that if you are collecting any credit card account, exp date, or CCV2 data on any particular page, that server that is collecting needs to be PCI compliant. The data is being entered on the CubeCart webpage, & then transferred to the gateway thru an SSL connection, but that doesn't mean the CubeCart page is immune to breach, or is not liable. Every step in the process needs to be secured, starting from the page you enter the info, thru the entire process. From my knowledge, this type of scenario is the exact reason why PCI was instituted, because these smaller companies where data was collected were not secure, even though the transmission to the gateway may have been encrypted. If compliance is not required on the page collecting credit card data, then it is a glaring oversight in my opinion. A client side call is mitigating some potential problems, but still vulnerable from cross site scripting attacks, etc, from the machine serving the page, don't you think?

If CubeCart is redirecting to a 3rd party gateway page (like HSBC, or Authorize.net, etc. etc), then a large amount of responsibility is taken off the shoulders of the cubecart website, but not all. When working with Elavon, even though our cubecart server is not collecting any credit card data directly (our cart redirects to a Elavon page, where it is collected & processed, & then returns to our webpage), we still had to pass PCI compliance. There are different 'levels' of PCI, where basically some policy doesn't apply to you if you are not collecting or storing any of the credit card data on your server.

[Guest]

Do you have a merchant account? Cubecart does allow a direct card input (Payment Methods > Card Capture) . PayPal Website payments DOES have you input card info on the store's site. It will only divert to PayPal if the customer chooses to pay via PayPal (through Express), not card. Have been using it w/ Cube Cart for well over a year.

This is the sort of Paypal integration I read about and wanted to see, so it's good to hear it can indeed be done. Any chance I could see it in action on your site?

CubeCart 4 integrates very well with HSBC Secure ePayments. I've completed a few stores that use this.

The sensitive date is sent from your store direct to HSBC for clearing. HSBC then redirect the customer to your site. Visually, they stay on your site.

Costs are about £200 set-up (HSBC), Monthly fee of about £20, with transaction fees of about 2%. You will need an SSL certificate (£20-£30 ish depending on your host)

This will give you a proper merchant account for internet transactions.

If you're US based... these costs will not mean anything! (Note:Can people please add their rough location to their profile!)

You'll need to work out if the monthly fee and transaction fees are better than PayPal for your expected order levels.

One of my clients is selling mobility equipment and the average order level is about £1.2K, so the odd 1% difference, really adds up. (2 transactions pays the months fee)

It does depend on where you are based, and also the level of business you have. If business is low (with low number of visitors) then the money may be better spent on promotion and SEO.

If visitors are high, but they are not buying, then it could be a number of factors - and if you are using PayPal make sure you add your logo to their checkout page to ease the jump from your site to PayPals.

This is very interesting. My business bank account is with HSBC (I'm in UK too) and I was in discussing a merchant account with them last week.

Though I thought it was always a case of leaving the site to go to their secure payment page. For this reason I had discounted it in favour of Paypal Pro's complete integration. My shop turnover is expected to be high so the merchant account would be worth it.

So can I confirm: the customer enters their credit card details into a secure payment page on MY site, clicks pay, then what happens? Does the customer see anything of the HSBC external site or does all this happen in the background? IF the transaction is denied, can it divert back to the credit card page allowing user to amend their card details / pay by another card?

When are 3d secure passwords entered?

Would you mind pointing me to a site where such a system is in place?

Thanks for all your help, much appreciated.

Hi,

the sequence is;

1. Customer arrives on payment page on your site, and provides Credit Card details

2. Customer hits "submit", and *data* is sent to HSBC for processing. Currently not sure about 3D Secure - it may be a pop-up window, I can't remember...

3. Customer is redirected to "payment accepted" or "payment failed" page on your cite.

Basically, the HSBC site does not output any html - so the customer does not see anything whilst the transaction is being processed (they see the payment page on your site). Once the processing is complete, their site will redirect the customer back to your site.

Visually, this is what you require.

If you'd like a demo, let me know (I'm away this weekend though), and I will create a £0.01 product & free shipping for a specific time frame for you to run a test purchase - it will only cost you 1p.

As a merchant, you'll have a HSBC admin area (that I've never seen), which will allow you to process refunds and track transactions. I don't think you get to see the Credit Cart information.

I hope this helps,

Jason

Jason,

Please can u let me know how to make HSBC gateway work step by step as i am stuck in it and can't make it work at all, I have SSL certificate and my customer got a merchant account but everytime I go through the payment process after entering the card details the page just redirects to itself and no messeges or any action happens

HSBC didn't make the acoount access API at first but when I asked them to do they told me that it is activated now ... but no difference happened

I really need your help .. by the way I am using cubecart v5

Thanks