Merchant hosted payment window
In this section, you will find information about the implementation of the merchant hosted payment window.
Payment window controlled by merchant
If you choose to use your own hosted payment window, you will have a complete control of the layout of the payment window. However, it should be noted that merchant hosted payment window is mainly used for card integration only, and in this case card data is transmitted and stored in your systems so you need to implement your solution according to all PCI DSS requirements.
PCI DSS (Payment Card Industry Data Security Standard) is a standard created by the card schemes. It requires merchants, payment service providers (like Nets) and card acquirers, to implement solutions that will secure the consumer's card data during a payment transaction, and when saved in a database. Such a solution needs to be validated yearly by external PCI DSS inspectors, at the costs of the ones hosting the solution. If you have more questions about PCI DSS, please contact your chosen card acquirer.
When implementing merchant hosted payment window, the basic payment flow goes as follows.
- Start the payment process by sending the Register call to Netaxept, and set serviceType=M to let us know you will be using a merchant hosted payment window. Read more about the Register call >
- After the successful registration, use the Terminal call to direct the customer’s web browser to your payment window in order for the customer to choose the payment method and enter payment method information. Besides merchantId and transactionId, you need to provide pan, expiryDate and securityCode parameters as well. Read more about the Terminal phase >
- If the Response code is "OK", make the financial operation, like authorization (AUTH) or authorization & capture (SALE), to the transaction by using the Process call. Read more about the Process call >
If something fails, you can find the detailed reason for the failure via the Query call. For merchant hosted payment window, Netaxept composes error messages returned to the merchant from the certain fields and messages, and you can decide yourself how to communicate these error messages to your customers. Read more about response messages > (see especially the "Error codes related to merchant hosted payment window" section)