Skip navigation
All Places > In the News > Blog
1 2 3 4 Previous Next

In the News

160 posts

In part one of this two-part series, we highlighted five critical payment integration questions for the development team.

 

These questions looked at data security, integration capability, the ability to scale and access to support. Answers from the development team provide a way to plan and work with a payment solution provider. There are more questions to consider for your payment integration.

 

five additional questions to ask developers

 

Let’s look at five more critical questions to ask the development team:

 

1) Does the payment integration technology provider have a testing platform?

Worldpay has a developer sandbox that serves as a secure testing platform for card payments, a wide range of currencies and alternative payment options.

 

The sandbox offers simulators so developers can create mock retail orders to test every aspect of the payment lifecycle -- from payment submission to authorization and capture to settlement or refund.

 

During the testing process, developers can include various payment parameters like payment outcome. Throughout the simulations, developers can also gauge shopper payment flow. Knowing how to address different shopper volume levels can help the company design a payment processing system that delivers an enhanced customer experience.

 

Developers can also use magic values in Worldpay’s sandbox. These values represent specific payment parameters added to an XML order. Using one or more of these magic values accelerates the testing process.

 

2) How do Worldpay’s features and benefits compare to payment industry competitors?

From helping small businesses to enterprises, Worldpay’s payment solution is a comprehensive product suite. Depending on the complexity of your business, the development team has the possibility to implement a wide range of features to realize significant benefits. 

 

Worldpay enables smarter, faster, and easier payment processing with alternative payment methods, cross-border payments, gateway services, fraud and risk management, omni-channel, treasury services, and more. 

 

For small businesses, including pop-up shops and kiosk businesses, there are many features to help the connected consumer buy anytime, anywhere. Payment acceptance options include terminals and POS systems, mobile payments, credit cards, gift cards, and prepaid cards.

 

Enterprises share some of the same needs as small businesses, but they also have other requirements that Worldpay understands. These advantages offer frictionless, on-demand payments for in-store and online environments across all card types.

 

Beyond delivering a full feature set for all types of businesses, Worldpay ensures a secure payment environment. Working as both a gateway and acquirer means we own and operate the entire payment journey. Data is not lost during any touchpoint due to the greater level of control. Proprietary in-house fraud tools bolster payment and data security.

 

3) Why do some payment integration processes take longer than others? Which features take the longest to integrate?

Security compliance complexity impacts payment integration timing. The degree of customization a company needs may also affect the process.

 

Developers can provide guidance on delays to better inform the team on payment integration progress. They can test available fraud protection and screening tools.

 

To gain some momentum, developers can leverage Worldpay’s range of APIs for every business type. For example, JSON API is our newest offering and includes a combination of rich payment features and alternative payment options.

 

XML API is a comprehensive API designed for global enterprises that seek advanced card payment features, alternative payment options and enhanced functionality and granular control. Small business can use HTML API to enjoy hosted payment pages. In each case, these payment integration APIs can improve the timeline.

 

4) Are mobile wallet capabilities worth adding to our payment integration platform?

Mobile wallets usage in the U.S. has surpassed debit cards by seven percent in 2017. This payment method will become the top payment choice by 2021, according to research.

 

Many companies have struggled to decide whether they should integrate this feature in their payment processing. With research pointing to growing mobile wallet market share in the U.S., your company may want to include this payment option now or in the future.

 

In tracking these payment trend changes, Worldpay provides a fast, effective way for developers to add mobile wallets to the payment processing environment.

 

5) How can our company prepare for alternative payment methods, such as voice payments?

A company should evaluate what’s driving trends in alternative payment methods like voice payments, assess adoption rates and understand the consumer’s point-of-view.

 

Interest in this alternative payment method has grown as more consumers and businesses have started using voice-driven digital assistants like Alexa and Google Home. As users become more accustomed to relying on these digital assistants, the devices will need more digital banking integration solutions to handle voice-driven payments.

 

A BI Intelligence research report stated that 18 million US consumers have already made a voice payment. Millions more stated that they plan to try voice payments soon or want to learn more about how they work. By 2022, this figure will grow because of technology and security improvements.

 

In the discussion between you and your development team, ask developers to be aware of these types of trends as well as explore the technical components of emerging alternative payments methods. When the company is ready to implement this type of payment acceptance method, the development team is more prepared.

 

Time to Talk

Although there is a lot to think about, it’s time to talk with the Worldpay integration team, ask these payment integration questions and discuss the available solutions. Contact Worldpay to discover the best payment integration framework for your company and improve how you work with merchants and shoppers.

 

Related Links:

3 Considerations for Building a Gig Economy App

 

The largest hotel chain in the world (Airbnb) has no hotels, and the largest taxi company in the world (Uber) has no taxis. How did this come about? How did these and other so-called “gig economy” companies impose massive disruption on billion-dollar industries in such a short time?

Part of the answer, of course, involves their novel business strategies. But also at play are the apps that drive these gig-economy companies. Uber, Airbnb and the like would be nothing without well-designed apps that deliver an excellent user experience.

 

In this regard, there is a lot that developers can learn from the gig economy. Traditionally, programmers haven’t spent much time thinking about how to develop the type of app that powers a company like Uber. But as the gig economy grows more and more important, that will likely change.

 

Toward that end, let’s take a look at what developers should be thinking about if they’re building a gig-economy app. The lessons below apply whether you’re creating such an app from scratch, or improving one that already exists (and yes, while gig-economy apps like the ones I’ve mentioned above may be great, there is always room for improvement).

 

Scaling the stack

 

To be competitive and relevant in today’s gig economy market, where customer expectations are basically going through the roof, scalability is key. It doesn’t matter whether there is just one user on your app or 100,000 — They all expect your app to perform like Netflix. Accounting for spikes in usage is an important part of scaling and you need to be ready to handle the traffic before you start advertising or giving out discounts. The key here is to scale horizontally and automate the process of adding and removing containers or virtual machines based on demand.

 

Automated scaling isn’t just about adding more nodes based on a preset threshold. It’s also about automatically rebalancing the workload among the servers and hosting virtual machines in multiple regions. Load balancers monitor nodes and distribute traffic efficiently among them so no one node takes on too much work. However, this process must be repeated every time there’s a significant change in workload, or some servers may be overworked while others just waste away. That’s why it’s a good idea to automate the process with a tool like Elastic Load Balancer from AWS or Cloud Load Balancer from Google.

Location and architecture

 

Location is important, too, and multi-region hosting offers much better latency for end users. This is because apps deployed across multiple regions can not only serve users from more data centers, but also from data centers that are in closer proximity to them. It’s good to not have all your eggs in one basket, especially in case of a DDoS attack. Multi-region hosting is critical with regards to disaster management, as it not only keeps your data safe, but also allows for a backup cloud to pick up the load if one cloud service is attacked or compromised.

 

Scaling out is different from scaling up, and it’s where you add more nodes as opposed to upgrading them. Without the proper application architecture, however, scaling out can lead to a drop in performance as the nodes struggle to communicate with each other. This is especially true for microservice architecture where services communicate with each other in more ways than we ever thought possible. A microservice service mesh like Istio facilitates this inter-service communication by acting as a communication layer for your services. Istio provides a way for developers to seamlessly connect, manage and secure networks of different microservices, regardless of platform.

Simplicity and security

 

Local services apps like TaskRabbit, Handy, and Thumbtack have numerous service options like plumbing, moving and packing, home improvement, and more. The secret to managing this complexity, however, is to keep it all as simple and organized as possible. The more complex your application, the harder it is to scale, so the secret lies in masking all that complexity behind an extremely well thought-out and simple user interface. It’s also important to keep app size down to a minimum. A smaller app not only makes your life as a developer easier, it also takes into account the limited storage capabilities of most mobile phone users.

Online payments are a great way to make the app experience convenient, and more payment options mean a higher conversion rate. Where there’s money involved, the risks of a breach are always higher, so be proactive about security. Encourage users to change passwords frequently, especially when there are digital wallets linked to your app. You also need to be quick to disclose when a data breach happens and keep all user data encrypted to the maximum level.

 

Cloud vendors follow the model of shared responsibility where they are responsible for the security “of” their cloud platform, but you are responsible for security “in” their cloud. Key management services that can encrypt data at various levels both in transit and at rest can give you more control over data access and better security.

 

Lastly, future-proof your app to take into account your industry and the technology you are currently using. Your app will never stop needing enhancements, so don’t get comfortable, or you’ll be a sitting duck for the next startup thinking about “disruption.”

 

Conclusion

 

Software is eating the world, and the gig economy is no exception. While the innovative business models of gig-economy companies may be part of the reason for these companies’ success, the apps that gig-economy companies build are also key — and can be the deciding factor between a successful gig-economy company and a failure. Winning in the gig economy requires an app designed for scalability, security, performance and future-proofing by following the tips outlined above. 

5 Critical Payment Integrations Questions for Your Dev Team

 

Payments were once a standalone process that signaled the end to a sale of a product or service. Today, global payments are an integral part of a customer experience and involve more interactions and transaction opportunities.

 

In this new payments world, traditional web, mobile, and storefront environments are converging. Many payment gateway options have appeared. At the same time, there are growing security concerns.

 

Payment integration has provided a way to bring a wide range of tools together to address these trends and challenges. However, it is not as simple as developing and launching a payment integration platform. Planning involves leveraging payment API options, creating secure and scalable payment processing integrations, and launching to add merchants for payment facilitators.

 

To plan and launch a payment integration solution, there are some critical questions to ask developers. In part one of this two-part series, we tackle five of these payment integration questions.

 

1) How long will a payment integration solution take to develop before we can start onboarding merchants? 

 

Development and launch timing depend on many factors. These include company needs, integrationmodel, availability of a POS, and certification competition. Also, it's important to have proper coding and testing resources.

 

These steps include kickoff followed by development, testing, and certification. Then, it's pre-production, production go-live, and processing go-live.

 

The ability to accelerate merchant onboarding also depends on the development team’s availability and support. Find out what empowers developers to complete these steps.

 

Working with Worldpay can connect developers with a comprehensive set of automated onboarding tools.

 

2) How will you secure cardholder data throughout payment processing?

 

Data security is one of the most pressing issues facing the global payments industry.

 

Since cardholder data is such a tempting and vulnerable target for fraudsters, high-profile security breaches continue at a rampant pace with the liability resting on the shoulders of the company experiencing the breach. 

 

Ask your development team about their experience with security compliance. Find out how they can ensure that information is safe.

 

Worldpay can help tokenize and anonymize data to strengthen your security efforts. Worldpay implementation specialists can also tell you what the https://www.worldpay.com/uk/pci-dss-overview mean for your company.

 

Yet, every company handles data according to applicable regulations as well as to their processes for returns, subscription sign-ups, and similar situations that involve cardholder data.

 

That’s where developers can describe how your company handles those processes so Worldpay can recommend the most appropriate solution to minimize cardholder data risk. 

 

3) Does the payment solution provider’s technology integrate with what we plan to do? If not, how can we use a payment API to achieve payment integration?

 

This is a question where developers will need to be visionary in their responses. That’s because what you plan to do as a company involves the near and distant future. In return, this leads to a more complex environment for payment integration.

 

When asking developers, it's important to find out if the payment solution provider’s technology will scale with the business.

 

This inquiry may lead to other questions like, “Do we want to enable shopping online with in-store pick-up to address the current on-demand trend consumers expect?”

 

Or, do we plan to open more locations that need more payment gateway and security features?

 

It's a lot to consider, especially when trends and expectations are always shifting. That’s when you and the developer team must look outward at trending technology for retail payments and fulfillment.

 

In exploring these trends together and using the developers' insights, you and your payment solution provider can address these changing trends within your current and future payment integration processes.

 

4) Are there tools and resources available if payment integration process issues appear?

 

Your development team has extensive knowledge, experience, and skill. However, even with such talent, they may still need to tap external expertise if they are stuck with the payment integration development process.

 

They will need access to support, tools, and resources should they get stuck with some aspect of the payment integration process now or in the future. This is where developers will need to explain what type of specialized support would help.

 

Knowing what they need in terms of external support enables you to find the right payment integration partner. For example, developers can enjoy 24/7 access  to Worldpay integration specialists and support forums.

 

Documentation and features like searchable/code samples are useful when there is a question. Or, it may help to tap into Worldpay’s Point of sale for XML, JSON, and HTML as well as connect to a knowledge base.

 

5) Are there available payment processing and security features to include as we scale our business? 

 

 

While stakeholder and business leadership define requirements, developers can enable the experience as well as support the plan and vision. Developers also can explain how extra functionality may affect integration performance.

 

You’ll be able to get a better sense of what features could create an enhanced customer experience by turning to the development team. For example, some companies need credit card terminals to accept payments by mail or telephone. Others might seek features that account for gratuities and enable pre-authorizations.

 

Another company may want to know how to better leverage available cardholder data for new insights to drive personalization. Reports and analytics offer a way to identify shopping conversion paths. It can also tell you where buyers are coming from and what type of payment they are using. 

 

Open Communication Equates to Greater Payment Integration Success

 

Ask the integration team, listen to their answers, and direct your payment integration strategy toward their recommendations.

 

Having an open communication process between the technical and strategic components of your company will increase the chances of successful development and implementation now and in the future.

Our top question of the month comes from ptaysavang regarding the SecureNet API being retired. 

 

Check out his question and our answer here

 

 

If you ask or answer a question that helps our community members, you're automatically entered into a contest for a $25 Amazon gift card! 

Payments Developer Insights title card

 

 

We all know why developers are important. They write the software that makes the world run.

 

But how much do we know about who developers actually are? The answer, in many cases, is very little. After all, most developers work behind the scenes, hidden away from end-users. Unlike actors in a movie or authors of a book, developers rarely receive credit for their work. You might stand in line at the grocery store behind the person who wrote code for your email app, or who helped program your smart thermostat, but you’d never know it.

 

That’s part of the reason why Worldpay produced a survey of professional coders to figure out what makes developers tick. The survey doesn’t help raise developers from the anonymity in which they work, but it does provide critical insights into what payments developers are like, why they chose to become programmers, and what interests them.

 

Here’s a summary of key findings from the survey report

 

The path to a coding career

One major focus of the survey was understanding what leads people to become developers, and how they gain the skills necessary to program.

 

Perhaps unsurprisingly, the majority of professional developers said they have been coding at least since they were teenagers. Most also reported that they have been working as coders for at least 10 years.

 

Coloring that finding is the fact that, age-wise, it turns out that most developers are young. Millennials account for the largest share of the coder population today. Millennials also make up the largest portion of today’s workforce overall, so that is probably at least part of the reason why they are well-represented among the coding population.

 

How did all of these developers learn to code? The survey found that about half of developers learned to program via formal schooling. However, self-taught programmers accounted for a large portion (38 percent) of respondents. And somewhat surprisingly, a mere 4 percent of respondents said they learned to code through a programming bootcamp, suggesting that the interest that bootcamps have generated in the media in recent years is not proportionate to the number of people who actually become professional programmers through them.

 

Development tools and strategies

All developers write code, but the way they do it varies widely — and “modern” coding strategies are not as prevalent as you might think.

 

According to the survey, Agile stands out as the most popular approach to coding, with more than 57 percent of developers saying they rely on Agile methods. In contrast, DevOps, which receives lots of press these days, was among the least popular development methodologies, with only 4 percent of respondents saying they use it. Conversational development was the second-most popular approach, with 13 percent of developers embracing it.

 

When it comes to programming languages, Python is the most popular by far, with 39 percent of respondents identifying it as their favorite language. C++ was second, at 26 percent. Ruby and Java were both identified as favorites by only 9 percent of programmers, which I found surprisingly low, given how widely used these languages are.

 

Where developers work

Coders might be in their line of work partly because they like it, but most do it for a paycheck, too. When it comes to earning that paycheck, a majority of developers work solely in an office, although 38 percent said that their teams are allowed to work remotely, too. And while most developers work on small teams of two to five people, about a quarter work alone. (The survey didn’t distinguish between freelance developers and those employed by a company, so it’s hard to say whether developers who work alone are self-employed, or just work solo within a company.)

 

As for company size, the types of organizations that employ developers are spread pretty evenly between small companies with fewer than 10 employees, medium-sized ones and large enterprises, although companies with between 11 and 99 employees had the highest representation among developers surveyed.

 

Integrating payments

One of the more interesting questions on the survey was about how hard it is to integrate payments into an app. That may not be a task that developers think about until they sit down and actually do it, but given how many apps have to process payments today, payment integration has become an important part of coding.

 

On this topic, most developers said it was “somewhat easy” to integrate payments, but about 35 percent said it was somewhat difficult or very difficult.

 

Conclusion

Above are just some of the findings from Worldpay’s developer survey report. For full details and specific data points, as well as some interesting results involving developer preferences regarding cats, dogs and more, check out the report.

Businesses invest a lot of resources in getting consumers to click on ads and drawing visitors to websites or mobile apps. They create amazing product displays to make people like and engage with their product catalog. They even offer irresistible discounts to finally get their products added to the shopping cart.

 

But even if these efforts are successful in attracting clicks and visitors, they don’t necessarily lead to results. A common challenge is the issue of “cart abandonment,” which means potential customers abandon a website or app once they are in the middle of the process of selecting items or paying for them. On average, an online store loses 75%-83.6% of sales to cart abandonment.

 

cart abandonment at 75%

 

Why do customers abandon their digital carts? There could be lots of reasons, of course, but poor user interface or user experience are chief among them, which are both issues that developers can help address.

 

Toward that end, here’s a list of five tips for preventing cart abandonment by improving the mobile flow checkout for their apps.

 

1. Let users check out as a guest

Thirty percent of users abandon the cart if they’re asked to register upfront. Niche players face this challenge more than the Amazons of the world. Customers don't like registering unless it is tied to a benefit (say a coupon code). Sometimes, even existing customers don’t prefer signing in. This is especially true when they forget their passwords and have to go through the password reset flow. These are key reasons why cart abandonment rates are lower with sites that allow users to check out as a guest.

 

good mobile workflow checkout as guest

While some users might like to provide information to get personalized suggestions, others might not like spending time filling out registration forms. So, always give them three options: sign up, sign in, and check out as a guest. This should not be a problem with fulfillment, as you can always add email and contact number fields in the delivery information form.

2. Make data entry a breeze

Most people avoid signing up just because they are too lazy to enter their details. Even when you allow users to check out as a guest, they will have to fill out the delivery form. So keep the forms precise and less boring. You can create a great user experience if you can fill out some of the fields in the delivery form by requesting certain permissions. For example, by requesting access to a user’s Google+ profile, you can fill out the fields like first name, last name, email, etc. Getting access to the user’s device location will help you get fields like state, city, locality, etc, automatically filled. This way, you can dramatically reduce the time your users would otherwise have to spend on a frustrating data entry process.

 

good user workflow data entry

Avoid clearing all fields if there is an error in one (or several) fields. Shoppers get frustrated with having to re-enter the whole thing. Save all the valid information and highlight the invalid information along with an error message. Additionally, display error messages clearly and avoid using generic messages like “invalid information.” The form you get while signing up for a Google account is a great example of a good user interface (UI) design. The form tells you exactly what went wrong and how it should be corrected.

 

mobile workflow how to correct fields

 

3. Make customers feel secure about payments

Not having a particular type of card or mobile wallet should not stop customers from checking out. Give them a lot of payment options. In addition, some customers are concerned about the security of their credit cards. Their fears are sometimes justified by the increasing number of cyber attacks. So always display security badges and make users feel secure about their payment. If possible, provide a delivery (COD) option for customers who don't know enough about security badges and aren’t comfortable with the online world.

4.  Keep the user focused on the checkout

One mistake that most online stores make is promoting other products on their checkout pages. This makes room for a lot of distraction. Customers tend to navigate to other pages hunting for better and better deals. They eventually end up confused looking at the myriad of options. Buyer’s dilemma sets in and results in cart abandonment.

 

You should cross-sell your products, but the checkout page is just not the right platform. Amazon recommends other products on the product page itself, but with a checkbox. This way, the user can buy the recommended products without leaving the main product page.

 

good workflow checkout

 

Keep designs simple, remove unnecessary links, and encourage a closed promo code field. Once a customer has added a product to the cart, your only goal should be getting the product checked out.

5. Avoid lengthy checkout processes

Don’t make the checkout page too long. Avoid less necessary conventional steps like asking “Are you sure about the details entered?” Break up the checkout process into multiple steps and deploy one step per page. Have a prominent progress bar to guide users through the checkout process. The load time of your site directly affects user experience. Fifty-seven percent of visitors abandon their carts if the load time exceeds three seconds. The faster your pages load, the more products you will sell.

Conclusion

Forty-nine percent of people operate their phones using one hand. So design the user interface in such a way that the user can complete the checkout process using one thumb. Make sure that the design works for tablet users as well. Enrich your app with all possible luxuries, and make the checkout flow as convenient as possible. Ensure that customer assistance is readily available. Add an iconic CTA button to call customer support. And offer useful links to FAQs so that users will not have to look for solutions across the Web when they have a problem with checkout. A good user experience is created only when you really care about the comfort of your customer.

 

 

Worldpay hosted payment pages provide websites with a simple and secure way to integrate payments into a site without the additional overhead of PCI compliance and the benefit of access to a multitude of payment types.

 

In this article, we’re going to look at this solution and walk through some tips for troubleshooting when test payments fail. We’ll be using the C# example which is available on GitHub and offers users a demo application which they can configure to use with a test account. We’ll cover setting up a test account below (if you haven’t already set up an account).

 

Browser Requirements

 

The hosted payments solution is added to websites using an iframe or lightbox control. In this article, we’ll be referencing the iframe specifically, but the same applies to the lightbox as well. The solution also makes use of JavaScript, so you’ll want to ensure that the user's browser has JavaScript enabled.

 

If you’re using the demo application, and are unable to click on any of the buttons, this is a good indication that JavaScript is disabled for the site. Using the <noscript> tag is an excellent way to indicate to users that they need to enable JavaScript to checkout using your website.

 

<noscript>
    <style type="text/css">
        .pagecontainer {display:none;}
    </style>
    <div class="noscriptmsg">
        This website requires that Javascript is enabled.
    </div>
</noscript>

  Figure 1. HTML to Detect a Browser that Does Not Have JavaScript Enabled.

 

If you can navigate to the checkout page, but are unable to view the Payment iframe, then it is likely that you haven’t configured the account credentials, there is an error in the configuration, or there was a problem setting up the transaction. If you are using the example application, and view the page source, you may observe an error indicating that iframes are disabled. The disabled iframe message is the default message which is displayed if the page is unable to set up the transaction, or retrieve the iframe from the payment processor.

 

We’ll walk through each of these problems in detail and discuss symptoms and how to resolve them.

 

Setting Up a Test Account

 

Requests to the Hosted Payments Service need to have the following information included:

 

  • Account ID
  • Account Token
  • Acceptor ID
  • Application ID
  • Application Name
  • Application Version

 

Application Name and Version are required, but these fields are for you to add information about your application. The remaining values require you to sign up for a Worldpay test account. You can sign up for a test account here.

 

Figure 1. Creating a Worldpay Test Account

 

Validating Your Configuration

 

When you create your test account, you’ll receive an email similar to the one below that has all the required values for your new account. The email also contains test URLs for your test hosted payments and links to documentation for hosted payments and other services which you’ll use with your test account.

 

Figure 2. Email with Account Information for Worldpay Test Account.

 

If you’re using the C# example, the Web.config file in the root folder of the project contains the Account Configuration. Validate that you have configured all six elements in your project and that values match those for your test account. If Worldpay can’t verify your account, then the iframe cannot be displayed.

 

The Anatomy of a Transaction

 

A complete transaction is a series of steps, which begin before the customer is prompted to enter their information. The first call sets up the transaction. The TransactionSetup is a POST request which includes the account credentials, terminal information, style information for the iframe, and the return URL. The call is handled by the server to prevent account information from being exposed to the end user. Once the transaction is set up, the browser can request the iframe.

 

 

<?xml version="1.0"?>
<TransactionSetup xmlns="https://transaction.elementexpress.com">
  <Credentials>
    <AccountID>#####</AccountID>
    <AccountToken>#####</AccountToken>
    <AcceptorID>#####</AcceptorID>
  </Credentials>
  <Application>
    <ApplicationID>#####</ApplicationID>
    <ApplicationVersion>1.0</ApplicationVersion>
    <ApplicationName>HostedPayments.CSharp</ApplicationName>
  </Application>
  <Terminal>
    <TerminalID>01</TerminalID>
    <CardholderPresentCode>2</CardholderPresentCode>
    <CardInputCode>5</CardInputCode>
    <TerminalCapabilityCode>3</TerminalCapabilityCode>
    <TerminalEnvironmentCode>2</TerminalEnvironmentCode>
    <CardPresentCode>2</CardPresentCode>
    <MotoECICode>1</MotoECICode>
    <CVVPresenceCode>1</CVVPresenceCode>
  </Terminal>
  <Transaction>
    <TransactionAmount>6.55</TransactionAmount>
  </Transaction>
  <TransactionSetup>
    <TransactionSetupMethod>1</TransactionSetupMethod>
    <Embedded>1</Embedded>
    <AutoReturn>1</AutoReturn>
    <ReturnURL>http://localhost:51619/Home/Complete</ReturnURL>
    <CustomCss>body{margin-left: 50px; …}</CustomCss>
  </TransactionSetup>
</TransactionSetup>

Figure 3. XML Request to Set Up a Transaction

 

In response to the request above, the processor returns the following, which includes a transaction number. This number is used by the client or browser to request the iframe.

 

<?xml version="1.0"?>
<TransactionSetupResponse xmlns="https://transaction.elementexpress.com">
  <Response>
    <ExpressResponseCode>0</ExpressResponseCode>
    <ExpressResponseMessage>Success</ExpressResponseMessage>
    <ExpressTransactionDate>20181230</ExpressTransactionDate>
    <ExpressTransactionTime>162113</ExpressTransactionTime>
    <ExpressTransactionTimezone>UTC-06:00:00</ExpressTransactionTimezone>
    <Transaction>
      <TransactionSetupID>
A5EC4889-89870E7CEB97</TransactionSetupID>
    </Transaction>
    <PaymentAccount> 

      <TransactionSetupID>A5EC4889-89870E7CEB97</TransactionSetupID>
    </PaymentAccount>
    <TransactionSetup>
      <TransactionSetupID>
A5EC4889-89870E7CEB97</TransactionSetupID>
      <ValidationCode>068F65440B</ValidationCode>
    </TransactionSetup>
  </Response>
</TransactionSetupResponse>

Figure 4. XML Response with Transaction ID

 

If you enable debugging on your local server and step through the code, you should be able to see the response coming back from the processor. I was able to create a couple of different errors by changing aspects of the request I sent.

 

<?xml version="1.0"?>
<Response xmlns="https://transaction.elementexpress.com">
  <Response>
    <ExpressResponseCode>103</ExpressResponseCode>
    <ExpressResponseMessage>Invalid Request</ExpressResponseMessage>
  </Response>
</Response>

Figure 5. Example of a Response for an Invalid Request

 

In the case above, this was due to not setting the correct headers on the request. For XML requests to the payment processor, the required headers are:

 

  • Content-Type: text/xml
  • Accepts: text/xml

 

<?xml version="1.0"?>
<Response xmlns="https://transaction.elementexpress.com">
  <Response>
    <ExpressResponseCode>103</ExpressResponseCode>
    <ExpressResponseMessage>TargetNamespace required</ExpressResponseMessage>
  </Response>
</Response>

Figure 6. Another Example of a Response for an Invalid Request

 

In the case shown in Figure 6, the namespace was incorrectly set. The XML namespace is set on the parent element and should take the following format.

 

<TransactionSetup xmlns="https://transaction.elementexpress.com">

 

Troubleshooting Client Payment Submission Errors

 

The request from the iframe is synchronous and returns the results of the transaction, and redirects the browser on a successful transaction to the URL which you specified when you set up the transaction. The processor parses user information completeness and validity. Below are some of the results which appear in the browser for missing or invalid data.

 

Figure 7. Missing Information on the Payment Information Form

Figure 8. Invalid Card Information on the Payment Information Form

 

Additional Help

 

If you are still experiencing problems with your test payments, you can visit the Vantiv Developer Portal to see if other developers have experienced similar problems and posted their solutions. You can also reach out to a Worldpay representative here

Offering free trial applications is a useful strategy for helping to attract new users. However, in order to retain those users and turn them into paying customers, you need to deliver a flawless experience that helps your app stand out from the seemingly endless number of free apps available on the Web.

 

free-trial-to-paying-customer-tips-2

 

Lots of considerations factor into this, of course. In this post, we’re going to look at one of the big ones: payment processing. The payment implementation inside your app plays a key role in shaping user experience, and ultimately, in determining whether users remain engaged with your app and your company.

 

In this post, I’ll cover some important best practices to follow in implementing payments for your free trial web application. These best practices will make it easy to turn trial users into paying happy users.

 

Choose a proven payment processor

Your payment processor is probably the most important element in implementing payments for your trial web application. There are several payment processors out there, but it’s critical to get the basics right. In that vein, you’ll want to choose a payment processor that has a strong track record. Worldpay is a prime example. Worldpay is one of the best payment processors in the world, processing over 40 billion transactions annually across most countries.

 

With a proven payment processor as the backbone of your free trial web application, you can focus on delivering great value to users and allow your payment processor to seamlessly transition trial users into paying users.

 

Pick an integration option that matches your web app requirements

Knowing what kind of integration your trial web application needs is important. Do you want a hosted payment page (widget), or do you need fine-grained control over payment with a payment API?

 

A payment widget is easier to set up. It sometimes requires no programming expertise, and is very secure. But a payment widget will not always deliver the best end-to-end experience for your users, as it has limited customization. Additionally, a payment widget may yield slightly higher charges.

 

A payment API offers better integration flexibility. Thus, it requires some expertise and compliance. Your web app requirements will determine which of these options is better. As an example, Worldpay offers several integration options that match any app requirement: JSON API, XML API, and HTML API.

 

The Web is constantly changing. Web technologies quickly become outdated as newer and more secure technologies emerge. It’s imperative to pick integration options that are based on the latest accepted standards for your trial web application. In the world of payments, security is king, so pick wisely.

 

Go for payment options that cover most, if not all, users

A great web app will compel users to pay to keep using it. But if your users can’t pay because of limited payment options, your users will abandon your app. There are a number of alternatives to practically any web application — Some are completely free and open source, and users will quickly switch. To retain your users, ensure your payment system provides support for a variety of payment methods: credit/debit card, mobile payments, bank transfer, PayPal, and even cash.

 

There is a caveat here: Think about the charges associated with each payment method your web app provides, and devise a strategy that works for your users.

 

When you want a variety of payment options, consider Worldpay. Worldpay provides credit card payments, bank transfer, Apple Pay, Samsung Pay, and more.

 

Check out merchant account options

Last but not least, how you process payments from your web app users is crucial. Setting up a merchant account to start receiving payments shouldn’t be an overly sophisticated process. In picking your payment processor, research the required effort to set up a merchant account, and look at all terms and conditions for money transfer, including charges on merchant accounts.

 

Worldpay provides unmatched merchant account options that cater to several demographics, including individuals, small businesses, and enterprises — and you receive payments instantly.

 

Closing thoughts

Implementing payments for your free trial web application shouldn’t be a cumbersome task. An important step is turning casual, non-paying users into return customers who want to pay for your web app. Worldpay is a payment processor that helps businesses reach their goals by streamlining payment processes and allowing businesses to focus on their core values and deliver quality products and services to their customers. Using Worldpay, you can set up and start receiving payments for your web application within minutes.

 

About the Author:

Bruno is a junior at Ashesi University College studying Computer Science. He is interested in leveraging the power of technology to increase productivity. As a big fan of open source technology, he is currently exploring the possibility of using Bitcoin Blockchain to fight corruption in government. 

The Special Supplemental Food Program for Women, Infants, and Children, or WIC, was established in 1972 to provide supplemental nutritional and medical assistance for mothers and young children in low-income families. With the program currently servicing about half of all infants born in the United States, being able to process WIC payments for grocery items is a necessity for retailers.

 

eWIC cash register processing eWIC payments Source: pixabay.com

 

In this article, we’re going to look at some of the considerations involved in processing WIC payments. We’ll also investigate how you can implement the processing of eWIC payments as part of your POS system. While WIC is a federal program, each state is responsible for administering the program for their state. I’ll address the implementation and guidelines in a general fashion, but you should check with your state’s WIC program for more specific information.

 

What is eWIC and How are Payments Processed?

In the past, WIC purchases were completed using a voucher system. The voucher would specify the type and quantity of goods the bearer could purchase. The retailer was responsible for verifying that the purchase matched the voucher, and for recording the total cost on the voucher.

 

Recently, the modernization of systems has seen many states begin using electronic cards to distribute and process WIC payments. Electronic Benefit Transfer or EBT cards are automatically loaded each month, and participants can use the cards to purchase allowable items. This system is called eWIC. Participants need the card and a valid PIN to participate in the program and complete purchases.

 

Participation in WIC and POS Requirements

Retailers who want to participate in the WIC system need to be authorized, which is a process that must be completed with the state. If you are using an integrated payment system, this system needs to be certified by the USDA Food and Nutrition Service. Worldpay Mobile Market+ Select, and Mobile Market+ Register systems already have certification to process eWIC payments. 

 

An Integrated POS allows consumers to checkout with WIC and non-WIC items in the same transaction. The POS should validate WIC-approved products and compare this with the balance on the customers EBT card. When the final transaction is completed using either the EBT card, another form of payment, or a combination of both, it is the responsibility of the system to flag the EBT-eligible items in every transaction.

 

Additional requirements include:

  • No state or local taxes are to be charged on eligible items.
  • The system should accept both swiped and manually entered EBT cards.
  • The remaining balance should always be printed on the customer's paper receipt.

 

We’ll explore the types of receipts which can be generated by the POS concerning a consumer’s EBT card next.

 

Required EBT or eWIC Receipts

During the completion of an eWIC transaction, four different receipts should be available for the consumer to see.

 

  • Balance inquiry which includes the amounts, sizes, and types of foods that the household has available to purchase. The balance inquiry is not technically part of the POS transaction and should be available to consumers whether they are making a purchase or first arriving at the retailer.
  • eWIC Beginning Balance is generated at the beginning of the transaction after the consumer swipes their card and enters their PIN.
  • Proposed eWIC Redemption can be produced mid-transaction and lists the items which are approved for purchase with the eWIC card.
  • eWIC Ending Balance is generated after the transaction is completed and all forms of payment have been tendered. The receipt shows the remaining balance on the eWIC card.

 

ewic requirements

 

Determining Approved Products

Although WIC is a federal program, it’s the state agencies which administer the WIC program that are responsible for determining the types and brands of foods which are authorized for use with the program. Contact the appropriate state agency for access to the current list of approved products.

 

Implementation For EBT Balance Inquiries and Sales Transactions

The Element Express API can accept both SOAP and XML requests. We’ll be focussing on the XML request, as this is the preferred method. The requests for EBT balance inquiries and sales look almost identical, with a few key differences.

 

  • The parent object
    • Balance inquiries use EBTBalanceInquiry
    • Sales use EBTSale
  • The amount
    • Balance inquiries are completed with a $0.00 transaction amount

 

Let’s look at an example XML request and discuss a few of the critical elements.

 

<EBTBalanceInquiry xmlns="https://transaction.elementexpress.com">
    <Credentials>
        <AccountID>######</AccountID>
        <AccountToken>######</AccountToken>
        <AcceptorID>######</AcceptorID>
    </Credentials>
    <Application>
        <ApplicationID>######</ApplicationID>
        <ApplicationVersion>1.0</ApplicationVersion>
        <ApplicationName>Express.Java</ApplicationName>
    </Application>
    <Terminal>
        <TerminalID>01</TerminalID>
        <CardholderPresentCode>2</CardholderPresentCode>
        <CardInputCode>5</CardInputCode>
        <TerminalCapabilityCode>3</TerminalCapabilityCode>
        <TerminalEnvironmentCode>2</TerminalEnvironmentCode>
        <CardPresentCode>2</CardPresentCode>
        <MotoECICode>1</MotoECICode>
        <CVVPresenceCode>1</CVVPresenceCode>
    </Terminal>
    <Card>
        <CardNumber>5076800001111113</CardNumber>
        <ExpirationMonth>12</ExpirationMonth>
        <ExpirationYear>99</ExpirationYear>
        <PINBlock>1234</PINBlock>
        <KeySerialNumber>AAA</KeySerialNumber>
    </Card>
    <Transaction>
        <TransactionAmount>0</TransactionAmount>
        <MarketCode>7</MarketCode>
    </Transaction>
    <EBT>
        <EBTTypeIndex>1</EBTTypeIndex>
    </EBT>
</EBTBalanceInquiry>

Figure 1. XML Request for an EBT Balance Inquiry

 

The two elements which required modification from a typical credit card transaction were the CARD  and the EBT section. As I mentioned above, the transaction amount in the Transaction section should be set to 0 for balance inquiries.

 

EBT cards do not expire, but the API requires a value for these fields . I defaulted mine to arbitrary values, and the system didn’t appear to perform an expiration check.

 

Within the CARD section, the two fields which need to be added are the PINBlock and the KeySerialNumber. The only requirement for a consumer to use an EBT card is possession of the card and a valid PIN. It is illegal to ask for identification from the bearer, or proof that they are the person to whom the card has been assigned. The consumer’s PIN is entered into the PINBlock. The KeySerialNumber is a DUKPT key  which is used for encryption within the EBT system. This key is generated for each transaction and is required by the EBT system.

 

The EBT only has one required field. EBTTypeIndex references an ENUM of EBT types within the Element Express API .

 

Learning More

For more information on the Element Express API, and how you can use it to manage your eWIC or EBT transactions, you can visit the Vantiv Developer Portal. You can also reach out to a Worldpay representative here.

 

About the Author:

Mike Mackrory is a Global citizen who has settled down in the Pacific Northwest - for now.  By day he works as a Lead Engineer on a DevOps team and by night he writes, consults on several web-based projects and runs a marginally successful eBay sticker business.  When he's not tapping on the keys, he can be found hiking, fishing and exploring both the urban and the rural landscape with his kids.  Always happy to help out another developer, he has a definite preference for helping those who bring gifts of gourmet donuts, craft beer and/or Single-malt Scotch.

Is a coding bootcamp worth it?

 

Coding bootcamps have become an increasingly popular way of learning to program. Since the first bootcamp, Code Academy, debuted in 2011, the total number of coding bootcamps has climbed to more than 95 — and that’s only including the full-time options.

 

Most coding bootcamps cost a fair bit of money and require a significant time commitment. That raises the question: Are they worth it? And the answer is: sometimes. Keep reading for tips on determining whether to participate in a coding bootcamp.

 

What is a coding bootcamp?

 

A coding bootcamp is any type of educational program designed to teach aspiring developers how to program in a relatively short period of time.

 

The goal is rarely to teach complete development skills. Instead, they usually focus on communicating the core competencies required to allow someone who has never coded before to gain the basic level of knowledge required to write working code, and to self-teach individuals more advanced programming topics and other programming languages.

 

Coding bootcamps vary considerably in terms of how long they take, how they are organized and which learning strategies they adopt. Some operate totally online, some in brick-and-mortar settings, and some as a combination of the two. Some bootcamps are overseen by traditional higher-education institutions, while others are run by independent companies. Some are not-for-profit, while others are out to make a buck.

 

Should you take a coding bootcamp?

 

Bootcamps are certainly not the only way to learn to code. They’re also not necessarily the fastest, cheapest or most effective way. Whether or not a coding bootcamp is the best fit for you depends on the following factors.

 

How many coding languages do you currently know?

 

As noted above, most coding bootcamps cater to people who have very little or no programming skills. A few, such as Hack Reactor, aim to provide more skills to people already familiar with coding, but they are the exception.

 

Thus, if you’re a CS major who already knows how to write code, or you do basic programming in your job, a bootcamp is probably not going to help you much. On the other hand, if you have no idea how to code and want to learn the fundamentals quickly, you’re a model candidate for a coding bootcamp.

 

Do you have spare time and money?

 

Is a coding bootcamp worth it?

 

The cost of a coding bootcamp (in terms of both money and time) is an obvious factor to consider, but it’s also an essential one. Bootcamps will take up at least several weeks of your life — time that you could spend making money — and the average cost for a full-time bootcamp is more than $11,000, according to Course Report. (That said, some bootcamps, such as General Assembly and C4Q's Access Code, take a cut of your salary after you graduate, which could mean that you end up paying more overall, but you avoid a steep upfront cost.)

 

Only you can decide whether these costs are affordable and acceptable for you. Before making a choice, however, you may wish to keep in mind that post-bootcamp salaries are not as high as you might think; they average only around $65,000. That’s not a bad salary if you’re young and don’t have other educational debt to contend with. But it also means that a coding bootcamp is not the instant on-ramp to a six-figure salary that some folks imagine it to be.

 

Which type of job do you want?

 

Another money-related factor worth bearing in mind is that having a coding bootcamp on your résumé will prove much more beneficial for getting some jobs as opposed to others. If your goal is to work for a large, conservative corporation, the HR gatekeepers you’ll likely need to get past in order to land an interview may not even know what a coding bootcamp is. They may assume that only people with traditional computer-science educations are fit to work in jobs that require programming skills.

 

If, on the other hand, you hope to work for a tech startup, your potential employer is likelier to understand the value of your bootcamp education. Similarly, if you already have a job but want to add programming chops to your résumé in order to seek a promotion, a coding bootcamp can help you to do that effectively, because you’ll be in a position to explain to your bosses what you are doing in the bootcamp and why, if they don’t already have an understanding. (Of course, they’ll have to be comfortable with you attending a bootcamp while employed.)

 

Which programming languages do you want to learn?

 

Most coding bootcamps focus on teaching popular, general-purpose programming languages, like Python, Java or (in some cases) C.

 

That’s great if you want to learn to code in simple, widely used languages. If, on the other hand, you need to learn a less common, special-purpose language (like Fortran, for example) a bootcamp will prove less useful. It might give you the foundation you need to teach yourself obscure programming languages, but it won’t directly lead to the knowledge you are seeking.

 

Do you need to learn more than coding?

 

An important thing to understand about coding bootcamps is that most of them focus on teaching people to code in the narrow sense. (In other words, they teach programming.)

 

What they don’t generally teach is system administration, how to deploy applications, how to test software, and so on. Those are all tasks closely associated with programming. They are important in many IT careers, and because they often involve writing code in one way or another, even if it’s just light scripting, some people might consider them to be forms of coding. But they are not the things you will typically learn at a coding bootcamp.

 

If you seek a broader IT skillset, you may need to pursue more traditional forms of technical education, or at least take a DevOps course.

 

Conclusion

 

Coding bootcamps are a great resource. For many folks, they are a fast and cost-effective way to learn programming and achieve new career goals. But it’s important to keep in mind that they are not the best fit for every person or circumstance. Before enrolling, do a cost-benefit analysis to determine if a coding bootcamp is the best way to achieve your end-goals, whatever they happen to be.

Want to raise my blood pressure? Waste my time. My nervous system reacts negatively to inefficiency in part because I can never get back the time that I’ve lost. If waste gives you the heebie-jeebies, then you’ll love 2 Second Lean – How to Grow People and Build a Lean Culture by business owner Paul Akers. 2 Second Lean was recommended to me by a highly efficient Worldpay software developer, and the book delivered on its promise to offer guidance to leaders of any size organization.

 

Below are what I found to be the most insightful excerpts from the book. For time-saving tips in video format, go to www.fastcap.com, click on the “Video” tab, and then click on “Lean Videos.”

 

  1. Two foundational principles of Lean thinking: eliminating waste and continuous improvement.
  2. Lean thinking presumes that everything can be improved continuously, without end.
  3. Finding the waste component is not a burden, it’s a game — a giant scavenger hunt.
  4. It’s not just about making everything faster, but about improving the quality of everything you do.
  5. Lean is the art of subtraction, not addition.
  6. Lean is about fixing what bugs you.
  7. Toyota was obsessed with building a culture through teaching and training its people.
  8. My goal was to create a culture of the best problem-solvers in the world. So we incorporated into our morning meeting a bit of reading out loud from great books. We are introducing our employees to world-class ideas and innovative leaders in the business world.
  9. The number one way people learn is by making mistakes. If you rob your culture of this experience, you will rob yourself of the boundless innovations that could await you.
  10. Chase waste like your dog chases a cat.
  11. Money suffocates creativity. When money is no object, we abdicate our most powerful resource: our ideas. It just gets too easy to throw money at problems.
  12. Lean is about planning, doing, checking, reevaluating, and improving everything endlessly.
  13. Lean is not an austerity program. Lean is eliminating non-value-added activity.
  14. Pointing fingers at someone else is not a kind thing to do and is definitely not as productive as solving your own problems.
  15. We are very deliberate in the way we hire people. We look for two characteristics – people who are humble and curious.
  16. Lean is hard work that makes everything easy.
  17. We do millions of dollars more in business with a similar size crew and we never work overtime. That is the difference between making continuous improvement a priority and doing it when it is convenient. Improving first not only gives you the improvement, it lightens the load and allows you to keep up with accelerating demand.
  18. Any time you train an individual intensely, you dramatically enhance their ability to perform a job consistently — significantly more so than those people who are only moderately or occasionally trained.
  19. You should not just focus on removing a small amount of waste from a particular step, because that step, in and of itself, might be waste.
  20. Our goal is for everything to be struggle-free – or to have zero struggle in every activity.
  21. The sign of a mature culture is being comfortable asking the questions, “What is it that I need to improve? Where is my waste? What do you see?”

 

 

For more On the Edge content, please visit the Worldpay Partner Advantage website.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of Hire Like You Just Beat Cancer and On The Edge with Jim Roddy.

 

One thing that you learn (the hard way, sometimes) as a developer is that the amount of time and effort you invest in writing an application does not necessarily correlate closely with the amount of functionality you actually build. That’s because there are often tools and resources available that can substantially shorten the time it takes you to achieve a desired programming goal.

 

One prime example of such tools is a Software Development Kit, or SDK. If SDKs don’t feature prominently in your programmer’s toolset, you may be missing out on important opportunities to get more programming done in less time.

 

Let’s take a look at what SDKs do and how they can benefit developers.

 

What Is an SDK?

 

In a nutshell, an SDK is any type of toolset designed to simplify development for a particular platform, or sometimes even a specific application.

 

In other words, SDKs provide resources that make it faster and easier to implement functionality that you’d otherwise have to build from scratch.

 

SDKs can take many forms. It’s common for them to include APIs (in fact, it’s so common that some people use the terms SDK and API interchangeably, though this is somewhat misleading), but SDKs can include more than APIs. They might consist simply of software libraries that make programming faster. They could also include analytics or debugging tools designed to help you build and manage an application within a specific type of environment. They may even include integrations that make it possible to communicate directly with hardware from within an application, without having to build the requisite calls yourself.

 

 

If you like analogies, think of an SDK this way: SDKs are like IKEA furniture packages. They come with many preconfigured components, as well as documentation, that make it possible to build something (a piece of furniture, or a software application) quickly. Sure, you could always go cut down a tree, hew the wood and then use it to build a bedframe by hand. But almost no one does that, because there are much easier and faster solutions available.

 

Why Use an SDK?

 

The most obvious benefit of SDKs is that they save developers time. Instead of reinventing the wheel by creating functionality that someone else has already built into an SDK, programmers can take advantage of pre-built libraries, APIs and other tools that come packaged within SDKs.

 

However, faster and easier development is not the only reason to use an SDK. Consider these other advantages:

 

  • The functionality that you get inside an SDK is often thoroughly vetted — in many cases, by the experts who manage the platform for which you’re building your app. Thus, SDK code is more reliable, generally speaking, than code you’d build yourself.
  • For similar reasons, an SDK can help you to keep your application more secure and more up-to-date, since the functionality that you implement via an SDK often comes from a trusted central source. (Keep in mind that using an SDK does not give you license to ignore potential security vulnerabilities — ultimately, you still need to own security in any app you build — but an SDK can help to reduce some security risks.)
  • SDKs often make it easier to take advantage of optimizations, such as libraries that have been optimized for a specific type of environment or hardware device. In this way, SDKs can lead to better overall app performance.

 

SDK Example: IPC SDK

To place SDKs into a real-world context, let’s take a quick look at one SDK, the Worldpay Total IPC SDK. The IPC SDK is designed to make it easy to build Windows or iOS mobile apps that use card readers and connect to Worldpay’s Integrated Payments Hub for payments processing.

 

Depending on which platform you are developing for (Windows or iOS) you would use the IPC SDK somewhat differently. (In that sense, it’s a good example of how SDKs are not a single specific thing; they’re a broad category of developer toolsets, which can be implemented in many ways.) On Windows, the SDK provides a service that in turn manages the card reader on your device. In contrast, on iOS, the SDK is available as a software library.

 

No matter how you access the IPC SDK or which operating system you’re developing for, however, you get the same core functionality. The SDK manages application access to your users’ devices’ card readers, without you having to worry about drivers or the other technical tedium that you typically have to deal with when you’re building an application that interacts with a specialized hardware device. Plus, the IPC SDK avoids passing data from payment cards through your application, which makes it possible to avoid EMV certification testing.

 

You can get started with the IPC SDK for Windows and iOS by simply downloading the requisite code from GitHub.

Conclusion

 

If you’re a developer, you could live life the hard way and write everything from scratch yourself. But there is rarely a reward for doing things the hard way in the world of programming (at least when you’re building software that people are actually going to use). On the contrary, the developers who achieve the greatest rewards are those who take advantage of tools like SDKs for building applications more quickly, and with fewer performance or security headaches.

These days, payments can be done multiple ways: EMV, credit, mobile wallets (Apple Pay, Android Pay, etc.), to name just a few.

 

This flexibility of payment options is great in most respects, but it creates challenges for developers. How can they write a single app that integrates all payment options? And how can they keep transactions secure, no matter which type of payment method their applications use?

 

The triPOS Cloud API is a tool that can help answer these questions. It provides access to a turnkey payment processing solution that supports all major payment methods, including EMV, credit, PIN debit and mobile wallets (Apple Pay, Android Pay, etc.). The triPOS Cloud interfaces with custom business management software via a REST API.

 

This tutorial provides an overview of integrating with triPOS Cloud payment processing and Express, a server-side web service. You will learn how to quickly process a payment transaction using a specific REST API.

 

The Payment Processing Environment

The triPOS Cloud payment processing environment contains the following elements, as illustrated in Figure 1:

 

  • triPOS Cloud - the API
  • Merchant environment - POS, router and PIN Pad
  • Express Gateway - API gateway

 

By using the API during certification, a physical PIN pad is not necessary. A null simulator can replace the PIN Pad. However, you still need an Express test account to interact with the Express Gateway.

 

Figure 1

 

We will now discuss how you can process a sample sale request within minutes.

 

Step 1: Apply for an Express account

First, apply for an Express test account at http://www.elementps.com/Create-a-Test-Account. This will give you the account information to add to the headers of your API request.

 

After your application is accepted, you will receive the following account information to add to the headers of your API request:

 

  • AccountID
  • AccountToken
  • ApplicationID
  • AcceptorID

 

You will also receive the Express test URLs and other important documentation for working with the triPOS Cloud and Express gateway.

 

Step 2: Build your API request with a REST client

 To build the API request, we will use a third-party REST client: the Advanced REST client (ARC).

 

The triPOS Cloud accepts JSON-formatted request messages and returns responses in the same format as the request.

 

Each request is identified by a transaction type and is accompanied by data elements belonging to the request. Keep in mind that a typical triPOS Cloud request is simpler than an Express request because card information is not included. Card information is obtained downstream via direct interactions between triPOS Cloud and the PIN pad.

 

Each request requires a header with specific fields:

  • If the request is a POST/PUT request, it needs parameters to be sent in the request body.
  • For GET and DELETE, any parameters will be sent up in the URL’s query string.
  • For any type of request, some values such as PaymentType may be sent in the URL. For more info, see the API documentation.

 

In Step 1, you received the values for building the API request header. Build the header as shown in Figure 2 under the ARC Headers tab.

 

 Figure 2

 

To build the API body, you have to switch to the ARC Body tab as shown in Figure 3.

 

Figure 3

 

Construct the request as shown in Figure 3.

Step 3: Run your API request with the REST client

 Run your API request by simply clicking the Send button in the upper right corner.

 

Step 4: Analyze the response

If everything is successful, an HTTP-200 response is returned, as shown in Figure 4.

 

 

Figure 4

 

Now run the request a second time.

 

You will get an HTTP-400 response as shown in Figure 5, because your request-id should be unique with every request you make.

 Figure 5

 

But how can we make a valid request-id/UUID?

With the Online UUID Generator Tool (use version 1) we can retrieve a valid UUID. When adding this in the request it will give a successful response.

 

Let’s change the request URL to the production URL (https://tripos.vantiv.com/api/v1/sale) and run the request again.

 

The response will be an HTTP-401 as seen in Figure 6.

 

Figure 6

 

This is expected because you have a test account, not a production account, and you are therefore not authorized to use the API in production.

 

Conclusion

We successfully processed a sample sale request and also discussed the main error messages you can expect when the sample sale request is not correct. This quick review showed you just a small bit of the triPOS Cloud API. The triPOS cloud API is further described in this Swagger specification.

 

About the Author:

Cordny Nederkoorn is a software testing and marketing consultant with over 10 years of experience in finance, e-commerce and web development. He is also the founder of TestingSaaS, a testing and marketing agency for companies related to Software as a Service (SaaS).

 Adopting a P2PE solution is a great start to securing your retail payments, but it isn’t the end of your security responsibilities as a merchant organization. You still need to enforce best practices for developing in-house applications that interact with the P2PE system, and control the in-store retail experience to ensure security at every level.

 

Here is a checklist that can help merchant organizations and their developers ensure the key parameters are in place when building apps that involve P2PE payment processing: 

 

1. Be familiar with the PIM

The P2PE implementation manual (PIM) is an important document that is provided by a P2PE solution provider to their customers. Across the P2PE lifecycle, the PIM is the key responsibility of the customer. The P2PE provider is responsible for every other step of the payment cycle. Being familiar with the PIM will come in handy not just to troubleshoot minor day-to-day issues that arise, but to also respond quickly in an emergency. Knowing your way around the system is key to responding appropriately to an attack, and the PIM makes this possible.

 

2. Compliance needs real-time monitoring

There are many regulations to adhere to when handling payments. It takes a dedicated compliance process to ensure these regulations are enforced at every point of interaction in the app.

 

This is a challenge in today’s distributed cloud-native apps. There are numerous API-based integrations, and each of them should be reviewed to ensure they are secure. The system is dynamic, with integrations being added and removed on a daily basis. As the system changes, these events should be monitored for compliance. This requires real-time monitoring that takes into account new components as they’re added. Every event and activity that occurs in the app should be reviewed to enforce compliance and stored in an archive for auditing at a later point.

 

3. Update to the latest versions

Security patches are the main reason to keep your application components and PCI-P2PE version updated. With new threats arising frequently, the best thing you can do to enforce security is to keep your system updated. This includes software updates and replacing outdated hardware like PEDs.

 

4. Never store customer information in plain-text format

 

Never ever (ever) store customer data in plain text format

 

The whole point of P2PE is that it enforces strong defaults for encryption and decryption of card data and customer data starting from the PED (PIN Entry Device) and every step thereafter. If by any chance customer data or card data enters your system at any point of the payment cycle, or in any part of the application, it’s important to not store this data in plain-text format. This makes the data open for misuse. Instead, set up a way to monitor these events in real-time, and either encrypt the data or erase it automatically. Remember that these events should also be recorded for auditing purposes.  

 

5. Get certified by an external QSA

Though P2PE systems put the onus of security on the P2PE vendor, you still need to do due diligence to examine your system regularly. An external QSA (Qualified Security Assessor) doesn’t just help to catch potential vulnerabilities, but can also advise on optimizing system performance to quicken transactions, simplify workflows, and reduce the scope of PCI DSS audits.

 

6. Exercise caution with new payment types

With the advancement of mobile technologies, new payment methods like NFC are emerging. They are opportunities to enrich the customer experience, but they also need to be monitored for new types of security threats. Emerging technologies are prime targets for hacking, as there may be loopholes that are yet undiscovered. Appropriate defense requires monitoring with the help of machine learning.

 

7. Leverage machine learning

 

How machine learning algorithms help detect fraud

 

Combating payment industry fraud is all about the use of data. To come out on top, merchant organizations and vendors need to be able to use data better than the criminals. The only way to counter today’s complex attacks is to use machine learning.

 

Machine learning lets merchants and vendors identify attacks from patterns and anti-patterns that emerge from data — which could be a new transaction from a strange location, suspicious IPs, a sudden rise in the number of transactions on a card, and numerous other parameters.

 

ML algorithms can help spot threats and identify the sources as well. When considering a payments vendor, assess their machine learning capabilities and consider using a third-party security solution if required.

 

8. Separate retail and online payments

P2PE is specifically designed for managing retail payments. It is not meant for eCommerce transactions. It’s important that you enforce clear separation of concerns here. If the same product is available in-store and online, you’ll need to maintain inventory status in real-time and system-to-system communication to avoid conflicts between the two channels. Additionally, a data breach in the eCommerce portal may just affect retail, and vice versa. Hence, security measures should be compartmentalized when needed, and comprehensive at other times.

 

In conclusion, P2PE greatly assures security for retail payments, but simply opting for a P2PE vendor doesn’t automatically guarantee security. It takes a shared responsibility between you as a merchant organization and your P2PE vendor. By following this checklist, you can ensure your P2PE lifecycle is compliant and secure end-to-end. 

 

Related: 

Browser frames — also known as iframes — have been around since Netscape introduced them in 1996. Back then, iframes were sometimes used in ways that appear wacky by modern standards, such as for the structuring of content on a web page.

 browser iframes have been around since 1996

 

As a result of practices like these, iframes have gained a negative reputation in some quarters. Some developers dismiss iframes as “the web programming equivalent of the goto statement” — a hack that you use when you have to, but not an elegant solution or a best practice to follow.

 

some developers dismiss iframes 

But such criticisms of iframes are not really fair. It’s true that, like any technology, they can be abused and misused. That does not mean, however, that iframes do not have legitimate uses — some of which make them the best solution to a given web programming challenge.

 

One ideal use case for iframes is the integration of a hosted payments page into a website. Let’s take a look at why iframes are a good solution in this scenario.

 

What is a hosted payment page?

A hosted payment page is any type of web page that allows a user to make a payment online.

 

Hosted payment pages typically have to do three main things:

 

  • Accept payment information from a debit card, credit card or other payment method
  • Pass the payment information securely to a server that processes it
  • Receive and display information about the transaction to the end-user

 

Benefits of using an iframe for hosted payments

What do hosted payments have to do with iframes? The basic answer is that iframes provide an easy way to integrate a payment page into a website with minimal fuss and security risk on the part of the developers who are implementing the website.

 

More specifically, using iframes for hosted payments provides several distinct benefits for developers and end-users alike:

 

  • It’s easy for developers to implement. Typically, they only need to include a small amount of code within their website to insert the payment page within an iframe. They simply set up the iframe; the payment provider handles the rest.
  • End-users never leave the main website. Although they technically pay via a different website (the one running inside the iframe), from their perspective, they remain on the same page and site. This helps to keep users confident about the security of the payment they are issuing, since navigating to a different site could leave them concerned about whether they can trust the payment site. It also simplifies the overall payment experience.
  • Iframes mitigate the risk of users navigating away from a page before payment is complete. If you move users to a new website to submit a payment, they may become confused and press the back button or otherwise navigate away from the new site. Doing so can interrupt the payment process — and it poses an especially greater challenge if the payment is already in progress. By keeping the payment within an iframe on your site, you avoid unintended navigation issues.
  • You can update your website without worrying much about how the changes will impact the hosted payment page. As long as you leave the iframe in place, changes to the rest of the site are unlikely to impact payments processing.
  • Iframes are flexible and easy to configure. A few lines of CSS or element property definitions suffice for defining the size, layout and other features of an iframe. You can therefore easily customize how a hosted payment page appears within your website.
  • You can have the payment page time out without disrupting the overall site. This is useful in cases where a customer starts a payment but does not complete it in time. You don’t want to leave the payment page open indefinitely, because that would be a security risk. But you also don’t want your entire website to time out and shut down automatically, because that would reduce the likelihood that the customer will come back later and complete the payment. By placing the payment page inside an iframe, you can easily have just that element time out, but keep the rest of the site running and ready for the customer to use.
  • Iframes make it easy to support different screen sizes and layouts, without having to worry about the specifics of the payment page content. If your iframe is not large enough to display the entire payment page at once, or your end-user’s screen is too small, the browser will automatically create scroll bars to make content visible. In this way, iframes make it easy to integrate hosted payment pages that work well with a variety of different devices and screen types.

 

The bottom line: Iframes provide an easy, flexible and secure way to make hosted payment pages available with minimal effort on the part of your developers — and they simplify transactions for your customers.

 

About the Author:  

Chris Tozzi has worked as a journalist and Linux systems administrator. He has particular interests in open source, agile infrastructure and networking. He is Senior Editor of content and a DevOps Analyst at Fixate IO. His latest book, For Fun and Profit: A History of the Free and Open Source Software Revolution, was published in 2017.