View source | Discuss this page | Page history | Printable version   

OpenbravoPOS Payment Gateways

Contents

Overview

A payment gateway is an e-commerce application service provider that authorizes payments for e-businesses, on-line retailers, bricks and clicks, or traditional brick and mortar. It is the equivalent of a physical point of sale terminal located in most retail outlets. Payment gateway protects credit cards details encrypting sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant and also between merchant and payment processor.

Workflow

A payment gateway facilitates the transfer of information between a payment portal and the Front End Processor or acquiring bank. When a customer orders a product from a payment gateway enabled merchant, the payment gateway performs a variety of tasks to process the transaction:

  1. A customer swipe the credit card and the device reads the information stored in the card.
  2. The merchant sends the transaction details to their payment gateway, this is done via SSL (Secure Socket Layer) encryption.
  3. The payment gateway forwards the transaction information to the processor used by the merchant's acquiring bank.
  4. The processor forwards the transaction information to the card association (i.e., Visa/MasterCard).
  5. The card association routes the transaction to the correct card issuing bank.
  6. The credit card issuing bank receives the authorization request and sends a response back to the processor with a response code.
  7. The processor forwards the response to the payment gateway.
  8. The payment gateway receives the response, and forwards it on to the interface used to process the payment where it is interpreted and a relevant response then relayed back to the cardholder and the merchant.
Payment Gateway workflow diagram

User tutorial

Card Present Transaction

Card present (also called face-to-face) transactions are those in which both the payment card and the cardholder are present at the time the payment is processed. Merchants operating in face-to-face environments are required to make all efforts to ensure that transactions are legitimate. The process of card acceptance is conducted at physical terminals and the preparedness of their operators is critical for the proper execution of the transaction.

Standards

EMV

Introduction
In 2000 the European Commission decided that to foster innovation (Lisbon Agenda) the single market must make it easier to move money around the EU. Specifically, cross-border payments should not cost more than domestic payments. In other words, you can use your bank card in another EU country and they won’t charge you any more commission to withdraw money as they do in your home country. This initiative is known as the Single Euro Payment Area (SEPA). The SEPA zone encompasses 31 european countries (EU-27 plus Liechtenstein, Iceland, Norway and Switzerland). To make SEPA a reality, all EU banks need to agree on the same standards and implement the same procedures to ensure interoperability at the moment of accepting a card. To give an example, a cash machine (ATM) in Austria should be capable of accepting and understanding a card issued by an Italian bank. Said and done: the standard was developed by Europay, Mastercard and Visa and they called it EMV (the initials of the three companies). EMV will mean that there will be no difference between national and transfers within Europe. EMV will make SEPA a reality - meaning cheaper payments and faster money transfers between countries in the eurozone.
Advantages
The EMV standard is based on "Smart cards with a microprocessor chip" and this microprocessor chip is capable of storing not just financial applications (EMV) but also other types of application such as strong authentication and digital signature. EMV financial transactions are more secure against fraud than traditional credit card payments which use the data encoded in a magnetic stripe on the back of the card. This is due to the use of encryption algorithms such as DES, Triple-DES, RSA and SHA to provide authentication of the card to the processing terminal and the transaction processing center. The majority of implementations of EMV cards and terminals confirm the identity of the cardholder by requiring the entry of a PIN (Personal Identification Number) rather than signing a paper receipt.
Deployment deadline in Europe
The banks of these 31 countries are obliged by SEPA to migrate all their magnetic strip cards to EMV smart cards. They have from January 2008 to 31st December 2010 to do the migration.
Openbravo POS
The future Openbravo POS payment gateway class architecture will support all the requirements needed to implement the EMV standard, it is as simple as adding a new class which implements PaymentGateway interface.

PCI DSS

The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.

Validation of compliance can be performed either internally or externally, depending on the volume of card transactions the organisation is handling, but regardless of the size of the organisation, compliance must be assessed annually. Organisations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of self-certification via a Self-Assessment Questionnaire (SAQ).

More information about the requirements.

Getting an account

First step is to get a merchant account to start processing Card Present Transactions. Is necessary to contact the gateway (by a web inquiry form, email, telephone...) to do it. All gateways provide a Virtual Terminal which allows you to manually process credit card transactions from any computer with an Internet connection in the world. You simply login to a secure website with a login and password and you are able to charge cards, perform authorizations, and even process credits. In addition, you have complete on-line reporting of all your transactions and orders.

Authorize.NET
You need API Login and Transaction Key parameters to configure Card Present transactions in Openbravo POS.
PayPoint
You need Merchant ID and Transaction Key parameters.
PlanetAuthorize
You need Username and Password parameters.
PaymentsGateway
You need Merchant ID and Password parameters.
First Data
You need Store Name, User ID and p12 file.
La Caixa
The solution they provide is Cyberpack. You need Merchant Code, Terminal and Commerce sign.

Magnetic Card Reader

Tracks

All the information inside the financial transaction cards is stored in three tracks. This data (alphanumeric characters) follow a specific format defined by the international standard ISO/IEC 7813.

Types

The magnetic swipe reader must be configured in keyboard mode to work with Openbravo POS. Open a text editor and swipe the card. The tracks information should appear in the editor.

Example of Track1
%B1234567890123445^SURNAME1 SURNAME2/NAME ^99011200000000000000**XXX******?*

View Hardware Installation Tutorial for more information.

In the configuration panel is possible to select between four different types of magnetic card readers:

Openbravo POS configuration

Open Openbravo POS and login selecting an user with sufficient privileges to modify configuration settings. Go to Configuration panel and scroll down until you can view Payment configuration parameters.

Payment gateway configuration panel

The configuration values are as follows:

Save and restart the application.

Running transaction

  1. Request for a merchant account to the payment gateway company in order to get required configuration values.
  2. Configure Openbravo POS correctly.
  3. In Payment dialog select Card tab and depending the magnetic card reader type selected fill cardholder information fields.
  4. Press OK button and wait for the response of the gateway.
    • Success: the process ends correctly and you return to the sales window automatically.
    • Fail: the gateway can't validate sent data and it returns an error code explaining the reason of the failure. The information will be displayed in the Payment window.
Openbravo POS payment window

Planetauthorize Example

Planetauthorize payment gateway supports all major forms of credit card transactions including Visa, MasterCard, American Express, Discover, diners Club and JCB.

This payment platform is Multi-Currency. Currency support includes US Dollar, Euro, Australian Dollar, British Pound, Canadian Dollar, Danish Krone, Hong Kong Dollar, Japanese Yen, New Zealand Dollar, Norwegian Krone, South African Rand, Swedish Krona, swish Franc and more.

Planetauthorize payment gateway can support merchant accounts issued by any bank as long as the merchant account runs on one of the following 8 processing networks: Vital, Global Payments - East, Pago, Concord/Buypass, FDMS - Nashville, FDMS - Omaha, Paymentech Salem or Paymentech Tampa.

In the following steps the workflow is explained through an example by the user point of view. A test account is used for this purpose, note that some instructions could differ from the real merchant account.

Get an account
Put in contact with Planetauthorize and they will provide you some keys to access to the virtual terminal and make Card Present Transactions. The next step is associate your bank account to the Planetauthorize gateway in order to process transactions. The parameters needed in Openbravo POS are Username and Password.
Configure Openbravo POS
Login as Administrator and go to Configuration. Following Openbravo POS Configuration section, select Planetauthorize as Payment Gateway and fill Commerce ID = Username and Commerce pass = Password fields with the data provided by the gateway. Save and restart the application.
Finish a sale
Once in the Payment window (after pressing equals (=) button in Sales window), select Card tab and depending on the magnetic card reader type selected complete the form and press OK button. Wait until the process finish (2-3 seconds) and if it ends correctly you will be redirected to Sales window again with an empty ticket.
Checking the transaction in the virtual terminal
Point in your browser the URL provided by Planetauthorize and login the Virtual Terminal. This is the place where you can manage all transactions and create reports. In the left menu, click on Reports, then configure the filter and click on the Submit button. A table will appear with information regarding to each transaction made.
Planetauthorize transactions report

If you click on the ID assigned you will get all the information related to this transaction.

Planetauthorize transaction details
Refund the transaction
Two ways to make a refund.
Planetauthorize refund transactions

In this image two new refunds are shown. View the Type and Amount columns to notice that they are refunds.

Developers tutorial

Architecture

The base interface in Openbravo POS that performs payments is PaymentGateway (com.openbravo.pos.payment). All the payment gateways providers have its own implementation of this interface that deals with the technical details of the communication with the payment gateway services.

Payment Gateways class diagram

Each payment gateway implements PaymentGateway interface and overrides execute method using their own API.

public void execute(PaymentInfoMagcard payinfo);

Creating new Payment Gateway

This flexible and extensible architecture reduces the effort required to modify an existing functionality and minimizes the impact of adding a new payment gateway provider.

If the developers wants to implement a new payment gateway the process is described in the next steps:

Note: by default the package of a class is com.openbravo.pos.payment in the following steps, if the package is different it will be explicitly shown.

@Override
public void execute(PaymentInfoMagcard payinfo) {
  //Your code
}

Configuration Panel

Modify the configuration panel of the application to show in the combo box the gateway what you are creating:

initPayments("MyGateway", new ConfigPaymentPanelMyExample());
else if ("MyGateway".equals(sReader)) {
 return new PaymentGatewayMyExample(props);
}

Checking gateway response

During test phase is very useful to know what is exactly the response of the gateway in order to fix any problem.

In the execute method, the input is buffered and it must be read with readLine(). Depending of the response type you should need only one call to this method or a loop.

BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream()));
response = in.readLine();

All the replied information is stored in this variable and it could be used to debugging purposes.

Suppported Payment Gateways

Authorize.NET

Documentation
Test account

PayPoint

Documentation
Test Account

Planetauthorize

Documentation
Test account

PaymentsGateway

Documentation

First Data

Documentation
Test account

La Caixa

Web information not available at this moment.

FAQ

1. Transaction error: null using LinkPoint

The exception launched is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This simply means that the web server or the URL you are connecting to does not have a valid certificate from an authorized CA.

So, you need to do is to import the server certificate and install it in your JDK's keystore.

Windows

A tipical path: C:\Program Files\Java\jdk1.6.0_13\jre\bin\keytool.exe

keytool -import -alias linkptstaging -keystore ..\lib\security\cacerts -file "path of the certificate file"
keytool -list -keystore ..\lib\security\cacerts

More information...

Linux

sudo /usr/lib/jvm/java-6-sun-1.6.0.07/bin/keytool -import -keystore /usr/lib/jvm/java-6-sun/jre/lib/security/cacerts -file "path of the certificate file" -alias linkptstaging
keytool -list -keystore /usr/lib/jvm/java-6-sun/jre/lib/security/cacerts

The default password of the keystore is: changeit

More information...

Retrieved from "http://wiki.openbravo.com/wiki/OpenbravoPOS_Payment_Gateways"

This page has been accessed 53,079 times. This page was last modified on 8 June 2009, at 14:17. Content is available under Creative Commons Attribution-ShareAlike 2.5 Spain License.