This document has been created to help you decide the most appropriate method of integrating with the Worldnet gateway. It is intended for review after you have decided upon your Merchant Account but before you start integrating with us. All costs will be considered including integration cost, ongoing merchant costs, PCI DSS compliance costs and even Worldnet own charges. Different technologies, languages, consumer industries, server environments and other technical considerations will also be addressed.
2 A brief description of different integration methods
2.1 Hosted Payment Page
The Hosted Payment Page (HPP) has been created as a method for small-to-medium sized organisations to integrate their websites with our payment gateway. This is a hosted service with the highest levels of internet security, whose appearance can be customised to look just like you site. This is solely for use as a payment gateway for websites.
The benefits of the HPP:
No cost for SSL certificate: PCI DSS requires that web pages accepting credit card information must have SSLv3 128-bit minimum certificates. Our host has a 128-bit to 256-bit certificate with full “green bar” functionality for extra customer confidence. The equivalent certificate from VeriSign is the “Secure Site Pro with EV” which currently costs $1,499/year (March 2010).
No PCI considerations: PCI also states that any site accepting card information must NEVER store the CVV, and if it does store the card number, it must be 256-bit AES encrypted. Most web servers log traffic to and from them which may include card numbers. These logs would have to be audited on a continual basis to ensure that card numbers are not being stored. Also, if you accept any sensitive card information on your site you jump up from a PCI SAQ A (Self Assessment Questionnaire) to an SAQ D. This means that you have to answer 30 pages of questions instead of 2!
Ease of integration: As opposed to other integration methods, the HPP integration is VERY simple. You just have to submit a simple web form to us and then display the response that our host sends back.
Everything under one roof: To enable features when using the Hosted Payment Page such as 3DSecure, eDCC, Mobile Payments etc., there is no extra development to do. We just flick a switch once we have all the data and your customers will then be offered the new feature(s).
Plug-in availability: We have Hosted Payment Page plug-ins readily available for almost all our available shopping carts.
Can be implemented in an iFrame: If you do not want the customer to leave your site you can implement the HPP within a frame. This is preferable for some merchants, but also means that the customer will not see the “green bar” that would be displayed otherwise.
2.2 XML Gateway
The XML gateway is intended for much more elaborate integrations and for very large sites. It offers full access to all of our products and methods through a high speed, common platform gateway. This can be used as a payment gateway for a large website, but it can also be integrated into your existing corporate infrastructure. Companies using the XML gateway must maintain their own security and are subject to more rigorous PCI security assessment.
Benefits of the XML gateway:
Access: All of our products can be controlled through the XML gateway, whether you want to process a payment, register card information for secure storage on our system, setup a recurring payment, check the status of existing subscriptions or refund a customer.
Site integration: If you would like to integrate the card processing heavily into your site, then the XML gateway is the way to go. You can store card references on your site for loyal customers so that they don't have to put their card details in each time, or display the status of a customers subscription to your product, etc.
3.1 Small Business
For small businesses the Hosted Payment Page is nearly always the most cost effective route. There is an extra cost involved with using this service, but it is greatly outweighed by the savings made both directly because an SSL certificate does not have to maintained and because the integration is very simple compared to other methods, and indirectly in that it removes the workload required to manage PCI compliance.
3.2 Large Enterprise
For large enterprise the costs involved can be quite difficult to calculate. You must take into account development costs, opportunity costs during the development period, the value of customer loyalty due to having an easy to use site, etc., etc..