Problem Statement:
- How can payment gateway integration impact online payment transaction success rate?
- How to integrate a payment gateway to achieve security, and transaction success rate?
- How can payment gateway integration make or break an online business?
Target Audience: Online Merchants, Payment Service Providers, Digital Payments Software Developers and Testers.
While integrating with a payment gateway, always focus on integration security, online payment transaction success rate, ease of integration and integration test-ability.
Security: Attackers can fraud online payments participants, be it online merchant, payment service provider or the buyer. You would want to know the following.
- Protection from man in the middle attack - Attackers use this attack pattern to exploit loopholes in payment integration. Here is another post of mine for providing details about this aspect.
- Passing un-required but sensitive information parameters in a web based transaction. For example a merchant is not supposed to pass hashing seed in the parameters when a buyer is redirected to payment page.
- Passing invalid parameters to payment gateway by merchant. For example refund amount more than captured amount. Always validate the fields before sending them to payment gateway.
- Transferring data in an unsecured/non-encrypted channel (eg. HTTP instead of HTTPS). It's must to use HTTPS.
Online Payment Transaction success rate: A failed online transaction is a direct business loss. It also adds to frustration of customer, makes the payment experience poor and the buyer may not want come again. It also adds to customer care issues. Know the following in this regards.
- A payment gateway may reject or invalidate a transaction if the merchant is sending invalid or un-required parameters. It also makes the message payload heavy and consumes more network bandwidth. Ideally, if possible, a payment gateway should attempt to correct invalid parameter. For example a payment gateway can ignore an optional but invalid value instead of rejecting the transaction. There can be various such ways to sanitize the parameter values.
- A merchant should make a server to server status inquiry when a buyer is not getting redirected to merchant system from PG in a defined time. It might happen that the buyer has paid but was not redirected to merchant because of some network issue. It would also reduce any duplicate payment related issues. Would make the buyer feel good because the buyer would get to know that the payment has been made and accepted by merchant else it leads to buyer feeling uneasy about the payment status.
- A Payment Gateway should send a notification to merchant system that the transaction has been successful. This makes it double sure that merchant system gets to know about success of the transaction. Usually this feature is optionally given by all payment gateways but sometimes merchants do not use the feature which creates other issues. The best way to send the notification is to call a restful API of merchant system to update that the payment has been successful failure
- A merchant should make status inquiry transaction, if there is a timeout in a particular transaction. For example, if merchant initiated a refund transaction but did not get response. Before invoking a duplicate refund, ideally the merchant should make a status inquiry to validate if the previous refund transaction was successful or not. Same might be applicable to a sale transaction.
Ease of integration: Following are important steps for ease of integration.
- Integration specification documents - Integration specification documents has to be up-to date, clean, simple, full of examples and details. It's always better to provide examples for various scenarios, details of each parameters, flow diagrams, and information about integration kits in different programming languages.
- Plugins for popular e-commerce platforms - It's always better that the payment gateways always provide integration plugins for different e-commerce platforms like Magento.
- Integration kits in different programming languages - It's a must the the payment gateway provide integration kits in all different programming languages. Like Java, Python, Go, PHP, C#/.NET etc.
- Integration support - A payment gateway needs a team to give support the technical teams of merchants at the time of technical integration
Integration test-ability: Automation integration tests - Integration kits in different programming languages needs to have various test cases to cover various scenarios. For example - A positive/negative test case for validating the message hash. A test case for a failed transaction, a test case for a duplicate check, a test case for a fraud transaction, a test case with/without optional fields, a test case capturing an un-authorised transaction, a test case to initiate a refund against a not captured transaction etc.
Thanks for your read. Please comment if you liked my post or need more details.
After reading the above posts, I got some useful knowledge which is really informative. Thanks for posting it.Buy Policies Procedures Software
ReplyDeleteExcellent information, this knowledge is excellent and very important for everyone. I am heartily thankful to you for providing this kind of information. Thanks once again for sharing it. corporate event management Dubai
ReplyDelete