Enabling Secure Payment Processing on Your Site

A guide to accepting and managing online payments for e-commerce

I. Introduction

Running an online business can be an overwhelming task. Extending a business to the Web and opening an e-commerce storefront requires merchants to master many tasks-not only Web site development and design, but also maintaining the confidentiality and security of consumer data and accepting and processing payments. VeriSign takes the headache out of payment processing by managing a secure, reliable and low-cost solution for accepting payments.

VeriSign's Signio suite of services provides the ideal payment transaction platform for merchants who want to conduct business on the Internet. Your Internet needs may be limited to entering customer orders and processing transactions, or you may be conducting a large-scale e-commerce enterprise solely on the Internet. Regardless of your business's size or demands, VeriSign deliver the right solution: a fast, scalable, and reliable Internet payment platform that enables companies to authorize, process, and manage multiple payment types. VeriSign Signio payment services bring affordability, flexibility, and convenience to Internet payment processing by combining a flat-fee monthly pricing model with a growing menu of services and solutions for merchants, financial institutions, resellers, and developers. As soon as you set up your merchant account and implement VeriSign's services, you will be able to accept payments through credit cards, debit cards, ACH and electronic checks. And as your business expands and changes, VeriSign's portfolio of services lets you adapt your site's payment processes to your changing needs.

This guide explains the key issues related to online payments and describes VeriSign's Signio Payflow payment processing solutions. We invite you to see and try VeriSign Signio payment services at http://www.signio.com/seetrybuy.html.

II. Getting Started: Setting Up Your Internet Merchant Account

The first step toward building an e-commerce site and accepting your customer's payments electronically is to acquire an Internet Merchant Account with an acquiring bank. Following are some tips for merchants who do not already have an Internet Merchant Account.

  1. Identify the acquirer you will work with.
    Not all banks currently support Internet Merchant Accounts. If you don't have an acquirer, check the list of acquirers at http://www.signio.com/getmerchant.html. Expect to pay fees to your acquiring bank when applying for an Internet Merchant Account.

  2. As you consider acquirers, evaluate your current banking relationships.

    • If you have a banking relationship, currently accept credit cards, and would like to accept credit cards over the Internet: You still need to open an Internet-specific merchant account with your bank. Contact your bank to determine if your existing account will allow you to process Internet-based credit card sales. You will need to make sure the bank can set you up to use VeriSign Signio services for credit card processing.
    • If you have a banking relationship, but don't accept credit cards:
      Check with your bank to determine if it can provide you with an Internet Merchant Account.

      When you do set up your merchant account with an acquirer, you may be able to deposit funds into your existing business checking account.

  3. Complete the acquirer's application.
    This will be the longest part of the process. The acquirer may ask for business or personal financial information (i.e. tax returns). To expedite the application process, make sure you provide complete and accurate information.

  4. Have the acquirer set up your account to process payments with VeriSign Signio services.
    Make sure that your bank is able to process credit cards using one of the following processing centers:

    • Paymentech
    • EDS
    • First Data Merchant Services
    • Norwest
    • Nova
    • TeleCheck
    • Vital

  5. Verify your banking information.
    Once your merchant account has been established, verify with your bank that your account has been set up to process online payments using VeriSign Signio services as the payment solution. This will expedite your set-up process.

  6. Register with VeriSign.
    When you receive your Internet Merchant Account, you will be assigned an identification number. This information must be supplied to VeriSign for configuring your account on the VeriSign Signio server. To register visit, http://www.signio.com/buyit.html.
The process for obtaining an Internet Merchant Account can take from two weeks to a month, so plan the process and your deadlines accordingly.

III. Options For Building Your Online Store

Once you've obtained your Internet Merchant Account, the next step is to build your online storefront. To help you get started quickly, VeriSign provides you with several options for building your e-commerce solution and incorporating VeriSign Signio payment processing services within it:

1. Let VeriSign's partners build it for you.
Let one of VeriSign's leading Web development partners build, integrate, and/or host the e-commerce application that best meets your business needs, featuring VeriSign's powerful and secure Internet transaction processing services.

2. Choose a shopping cart or e-commerce platform that incorporates VeriSign Signio payment services.
E-commerce applications and shopping carts get your e-commerce enterprise up and running quickly, with little development effort. Many of the leading solutions integrate VeriSign Signio payment processing services, and can activate payment processing right away.

3. Build payment solution into your own e-commerce application
If you want to maximize control over your customers' e-commerce experience, you require a completely customizable payment processing solution. VeriSign provides a client software payment solution that you can download from the VeriSign Signio Web site, integrate into your storefront, and configure to exactly suit your needs.

Learn more about these options at http://www.signio.com/findpartner.html.

IV. Understanding the Basics of Credit Card Processing

After getting an Internet Merchant Account and building your e-commerce site, you're ready to integrate payment processing services. The steps involved in credit card processing can be complicated. The following description should help to clarify the process.

The VeriSign Signio credit card process flow
The following diagram and list outlines VeriSign's credit card authorization process:

  1. The consumer places an order. The customer places an order at your Internet storefront, using his or her payment method of choice.

  2. The transaction is processed. The VeriSign Signio payment service provides secure, real-time connectivity from your storefront to Signio's Internet payment platform. Signio securely routes the transaction through the financial network to the appropriate banks, ensuring that customers are authorized to make their purchase.

    VeriSign uses a client/server architecture for performing transaction processing. The client is installed on your merchant site and integrated with your e-commerce application. The client is available on all major Web server platforms in a variety of formats to support integration requirements including DLL, COM, Site Server, Java Native Interface, executable binary, or application library. The client is also pre-integrated with several shopping cart and store management systems including Openshop, Mercantec SoftCart, Inex, and Open Market Shopsite.

    For transaction authorization, the VeriSign Signio client software establishes a secure link with the VeriSign Signio processing server over the Internet using an SSL connection, and transmits the encrypted transaction request. The VeriSign Signio server, which is a multi-threaded processing environment, receives the request and transmits it over a private network to the appropriate financial processing network.

  3. The transaction is approved or denied. When the authorization response is received from the financial network, the response is returned via the same session to the client on your site. The client completes the transaction session by transparently sending a transaction receipt acknowledgment to the server before disconnecting the session.

    The whole transaction is accomplished in less than three seconds! This includes confirmation back to the customer and the merchant. If the transaction is approved, funds will be transferred to your merchant account.

  4. The transaction is confirmed. VeriSign confirms that the transaction has been securely routed and processed. As proof of a securely processed transaction, both the customer and you, the merchant, receive a transaction confirmation number and the VeriSign Sigio secure seal.

  5. Use VeriSign's tools to manage your transactions and your site. You can use VeriSign's Signio tools to manage your transaction activities. A suite of features includes a transaction terminal, pre-defined or customized reports, search tools, and much more.
For an overview of the payment process, see http://www.signio.com/seetrybuy.html.

V. Overview: VeriSign Payflow

PayflowSM, part of VeriSign's Signio payment services family, is an Internet service providing high-quality, low-cost payment connectivity between buyers, sellers, and financial networks. The Payflow service brings the Internet's "anyone-to-anyone" ease of connectivity to the payments industry.

Using Payflow, a merchant can connect to any bank, transaction service, or form of payment without worrying about the underlying technology. Customers can pay with a variety of financial instruments, including checking accounts, savings accounts, and credit cards, quickly and simply.

VeriSign's Signio Payflow hides the complexity of payment

On the merchant side, VeriSign's Signio payment connectivity technology works with all major shopping carts and e-commerce systems. Merchants can select the shopping cart system and storefront system that best suits their needs, and be confident that VeriSign can make the connections.

For the merchant, VeriSign offers:

On the processor side, VeriSign works with all of the major processing and bank networks. You can simply select an appropriate shopping cart, e-commerce package, or VeriSign-provided software development kit (SDK) and know that VeriSign will make the necessary connections to the transaction processing services.

VeriSign Signio payment processing services can be accessed three ways:

In all cases, online registration and account management enables you to be up and running in minutes.

Through VeriSign's acquiring bank partners, you can also apply for Internet Merchant Accounts during the registration process.

Payflow-Enabled E-commerce Applications
Many off-the-shelf e-commerce applications are pre-enabled to use Payflow payment services, giving you a complete solution that can be used out-of-the-box. VeriSign's broad third-party support and extensive payment connectivity enable you to independently choose the best e-commerce application and the best payment processor for your business needs.

Payflow Link

VeriSign's Signio Payflow Link allows merchants to connect to VeriSign Signio services using simple Web links.

Payflow Link is a hosted order form service. It allows you to easily incorporate payment processing into your Web site without requiring any programming.

To use Payflow Link, simply add a Web link to the appropriate Web pages at your site. When a customer clicks this link, he or she is brought to a secure order form hosted by VeriSign. Transaction details encoded in the link are used to initialize the form. This includes SKU data, order amount, tax amount, and other order-specific parameters. At the Payflow Link order form, the consumer enters the required payment information and submits the form to execute the order.

Payflow Link, like all Payflow services, can handle a wide variety of payment types:

When orders are submitted, you are notified via e-mail. You can fetch the specifics of new orders from the VeriSign Signio merchant Web site.

Payflow Link is ideal for merchants processing up to 1000 transactions per month. It is especially easy to implement and very affordable, with a low set-up cost and flat-fee billing. There is no long-term obligation.

Payflow Pro

VeriSign's Signio Payflow Pro gives merchants more control.

Payflow Pro gives you direct access to the Payflow payment processing API via a "thin-client" network service. The Payflow Pro client software, installed on your system, is a small (400k footprint) messaging agent that uses SSL and X.509 digital certificate technology to securely communicate with VeriSign's payment servers.

To use Payflow Pro, merchants pass payment transaction data to the client through a set name/value pairs. Here is an example of encoded payment transaction data:


The Payflow client's only job is to securely pass the payment transaction data to VeriSign's payment servers for processing. The Payflow client does not contain any payment-specific logic. This means that VeriSign is able to introduce new services or transaction types at any time without upgrading the Payflow client software. You can take advantage of a new service by simply adding the new parameter values it requires to your transaction requests.

Payflow Pro provides support through a single client interface for the following payment types:

Payflow Pro is ideal for merchants processing more than 5,000 transactions per month. It is robust and scalable up to hundreds of millions of transactions.

Supported Platforms
The Payflow SDK is available for the following operating systems:

Development Language Support
Payflow Pro includes a command line tool that can be called from a variety of applications, command shells, Perl, Web tools, and so on. Although this provides a straightforward means of submitting transactions, the creation of a new process for each payment submission does not scale well to high transaction volume. For tighter control and better performance, Payflow Pro also provides C/C++, Java, and Win32 COM APIs.

VeriSign Signio Merchant Manager
Merchant Manager is the administrative interface for VeriSign merchants. The Payflow Manager Web site provides user authenticated, SSL-based access to the following functions:

Global Currency Support
The Payflow service has been designed to process any type of currency. VeriSign has relationships with processors to provide settlement in multiple currencies. And VeriSign is also developing additional relationships to support offshore deployment for international merchants.

Risk Management and Fraud Screening
Credit card fraud is a significant risk in online commerce. VISA estimates that Internet transactions account for only about 2 percent of its total transactions. However, of all of the fraudulent transactions that VISA handles, 50 percent of those occur in Internet transactions. VeriSign has partnered with HNC, the market leader in risk management and fraud screening for brick-and-mortar merchants, to integrate HNC's Internet eFalcon with Payflow.

HNC's eFalcon uses a state-of-the-art-scoring algorithm to eliminate over 60 percent of fraudulent transactions. The high performance nature of eFalcon (scores are returned in less than 600 ms with dual redundancy) combines well with VeriSign's fast response time and high availability. VeriSign provides an open interface to eFalcon that makes it easy for sophisticated merchants and merchant aggregators to build well-integrated risk management applications.

VeriSign also supports all of the address verification features provided by its processors, such as AVS, CV2 and CVV2.

Customer Service
VeriSign provides free technical support to merchants and e-commerce application developers who are integrating support for VeriSign Signio payment services into their products.

VeriSign's Signio customer service and network operations center is staffed 24x7, with 24-hour email service for all customers. Telephone service is also available either for a per-incident fee or as unlimited calls through a premium service contract at a flat monthly fee.

Premium service includes priority handling of all incidents by telephone or e-mail, proactive notification of planned service outages, customized activity reports, and complimentary tickets to VeriSign user conferences.

For more information about VeriSign Signio Payment services, visit http://www.signio.com.

Copyright © 2000 VeriSign, Inc. All rights reserved. VeriSign, the VeriSign logo, OnSite, and Go Secure! are trademarks and service marks or registered trademarks and service marks of VeriSign, Inc. 2/00