By TrustCommerce | TrustCommerce - May 15, 2013
In this two-part series, we will talk about two popular payment acceptance paths for e-commerce: Embedded API for Direct Post, commonly referred to as transparent redirect, and hosted payment pages. We will look at how the solutions function and things to consider when selecting your preferred method.
Recently, I went to see the Space Shuttle Endeavour at the California Science Center. It is an impressive piece of history to see firsthand. I could not help but think of how often you hear, “This isn’t rocket science.” This actually was rocket science! The complexity and inner workings of this ship are incomprehensible to most of us, a little intimidating, yet awe-inspiring.
The good news is that setting up a secure e-commerce environment doesn’t have to be rocket science, although it may sound like it. Known in the industry as “transparent redirect” or “Embedded API with Direct Post”, TC Trustee API is an elegant e-commerce payment solution that lets merchants do what they do best—manage the web site, user experience and environment—but leave the payment acceptance and security to the experts.
An embedded feature of the merchant-hosted payment form, the TC Trustee API code posts financial transaction field data from the customer browser straight to the TC secure processing platform. It is easy to set up, requiring a small amount of code and basic programming skills.
Merchants choose the TC Trustee API to keep sensitive payment data off their systems and servers. Doing this can reduce exposure and liability in the event of a breach and can reduce PCI DSS scope because web applications fully implementing TC Trustee API do not store, process, transmit, or even see the payment card data.
In addition, TC Trustee API uses tokenization as an added layer of protection. A TrustCommerce issued cryptographic token replaces primary account number (PAN).
How TC Trustee API Works
Here are the primary steps in the payment process:
- Merchant web site displays the check-out page.
- TC Trustee API allows the merchant to send code from its web page to the customer’s browser so that when the payment data is entered into designated payment fields, the customer’s browser posts the payment data directly to TC without it ever passing through the merchant web environment.
- TC processes the transaction with the financial institution of the merchant’s choice and returns a response.
- The response includes the authorization and a token in place of the credit card PAN data.
This solution differs from a secure hosted payment page in that the user is not overtly redirected to another web site to enter payment information.
- Easy to set up and maintain
- Reduced PCI scope
- 100% control of the customer experience
Things to consider:
- Merchant designs and hosts the web page presented to the customer
- Only the sensitive payment data is posted directly from the customer to TrustCommerce
- Set up does not require advanced developer skills