Presentation is loading. Please wait.

Presentation is loading. Please wait.

Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007.

Published byBenjamin Gibbs Modified over 8 years ago

Similar presentations

Presentation on theme: "Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007."— Presentation transcript:

1 Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007

2 About Me Contractor with TEKsystems Current project: Reliant Energy Working with ColdFusion over 4 years

3 Credit Card Processing What are the first items that come to mind when you think of credit card processing? Security Connectivity Components

4 What You Will Leave With 3 key points you will leave with after the meeting An understanding of Payment Card Industry Data Security Standard (PCI DSS) An example of a credit card merchant’s Application Programming Interface (API) An example of credit card components How these skills will help in the future Process credit cards in real time Store credit card information within PCI compliance Create your own final step in a shopping cart

5 Focus  What is PCI compliance?

6 PCI Compliance Secure your business Intellectual and Web property Credit card data/account information protected Transaction information locked Store data in inaccessible areas From locks to scanning devices

7 Payment Card Industry (PCI) PCI History 5 major credit card brands: Visa MasterCard American Express DiscoverCard JCB International PCI Security Council founded in June 2005 Competitor brand-specific requirements intersecting Single standard for protecting credit card data Based on ISO 17799  information security standard There are 12 main requirements

8 PCI Controls 1 of 2 Build and Maintain a Secure Network Install and maintain a firewall configuration to protect cardholder data Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data Protect stored cardholder data Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program Use and regularly update anti-virus software Develop and maintain secure systems and applications

9 PCI Controls 2 of 2 Implement Strong Access Control Measures Restrict access to cardholder data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data Regularly Monitor and Test Networks Track and monitor all access to network resources and cardholder data Regularly test security systems and processes Maintain an Information Security Policy Maintain a policy that addresses information security

10 Focus  What is PCI compliance?  Why use APIs?

11 Application Programming Interface The Application Programming Interface (API) consists of several sets of related methods or functions that specifies how two different computers can communicate Platform independent Facilitates subsequent developers who may need to tap into new services Using the API offers greater advantages into your organization’s business needs

12 API Advantages Easy Order Management —use the online Business Center to review and manage all of your orders from any computer with Internet access Fulfillment —share order data with a fulfillment house or internal dept Data Access —store order or customer data before sending it to CyberSource Security Control —you or your hosting provider control security with an SSL secure server Stability —have your server communicate directly to ours for greater stability than with a Web browser Control and Customization —create your own customized order page and receipt to give you more control over your customer's buying experience Scalability —an API implementation is best if your business volume warrants a high level of order processing automation Flexibility —with an API, you can take advantage of any CyberSource service available with the package you purchase (Tax and line item detail, for example)

13 CyberSource API Choices LinuxSolarisWindows ASP/COM X CX X JavaXXX.NET X PHPX X PerlX X

14 General API Documentation

15 Java API Documentation

16 Focus  What is PCI compliance?  Why use APIs?  Where’s the code?

17 Load the configuration Create properties object Create credit card object Process the results Combine into a transaction object The Process

18 Load the Configuration your merchant ID C:\CFUGMD\secure\certificate false 1.26 CFUGMDkey.p12 urn:schemas-cybersource-com:transaction- data-1.26 true C:\CFUGMD\secure\log cybs.log 10 130 false

19 Parse the Properties // init CyberSource params csMerchantID = this.getSettingsParam("merchantID"); csKeysDirectory = this.getSettingsParam("keysDirectory"); csSendToProduction = this.getSettingsParam("sendToProduction"); csTargetAPIVersion = this.getSettingsParam("targetAPIVersion"); csKeyFilename = this.getSettingsParam("keyFilename"); csServerURL = this.getSettingsParam("serverURL"); csNamespaceURI = this.getSettingsParam("namespaceURI"); csEnableLog = this.getSettingsParam("enableLog"); csLogDirectory = this.getSettingsParam("logDirectory"); csLogFilename = this.getSettingsParam("logFilename"); csLogMaximumSize = this.getSettingsParam("logMaximumSize"); csTimeout = this.getSettingsParam("timeout"); csUseHttpClient = this.getSettingsParam("useHttpClient");

20 Add Merchant-Specific Values // CyberSource-specific values for credit cards csCreditCardType = arguments.creditCard.getCcType(); switch(csCreditCardType){ case "VISA": csCreditCardValue = '001'; break; case "MASTERCARD": csCreditCardValue = '002'; break; case "AMEX": csCreditCardValue = '003'; break; case "DISCOVER": csCreditCardValue = '004'; break; case "JCB": csCreditCardValue = '007'; break; default: csCreditCardValue = ''; }

21 Create Properties Object // create csProps - Properties object and init object constructor csProps = createObject("Java","java.util.Properties"); csProps.put("merchantID",csMerchantID); csProps.put("keysDirectory",csKeysDirectory); csProps.put("sendToProduction",csSendToProduction); csProps.put("targetAPIVersion",csTargetAPIVersion); csProps.put("keyFilename",csKeyFilename); csProps.put("namespaceURI",csNamespaceURI); csProps.put("enableLog",csEnableLog); csProps.put("logDirectory",csLogDirectory); csProps.put("logFilename",csLogFilename); csProps.put("logMaximumSize",csLogMaximumSize); csProps.put("timeout",csTimeout); csProps.put("useHttpClient",csUseHttpClient);

22 Create Credit Card Object // create csRequest - HashMap object csRequest = createObject("Java","java.util.HashMap"); csRequest.put("billTo_city",arguments.creditCard.getCcCity()); csRequest.put("billTo_country",arguments.creditCard.getCcCountry()); csRequest.put("billTo_customerID",1); // optional good for level 2 csRequest.put("billTo_email",arguments.creditCard.getCcEmail()); csRequest.put("billTo_firstName",arguments.creditCard.getCcFirstName()); csRequest.put("billTo_lastName",arguments.creditCard.getCcLastName()); csRequest.put("billTo_postalCode",arguments.creditCard.getCcZip()); csRequest.put("billTo_state",arguments.creditCard.getCcStateProvince()); csRequest.put("billTo_street1",arguments.creditCard.getCcAddress1()); csRequest.put("billTo_street2",arguments.creditCard.getCcAddress2()); csRequest.put("card_accountNumber",arguments.creditCard.getCcNumber()); csRequest.put("card_cardType",csCreditCardValue); csRequest.put("card_cvIndicator","1"); // 0, 1, 2, 9 csRequest.put("card_cvNumber",arguments.creditCard.getCvvCode()); csRequest.put("card_expirationMonth",arguments.creditCard.getCcExpMonth()); csRequest.put("card_expirationYear",arguments.creditCard.getCcExpYear()); csRequest.put("ccAuthService_commerceIndicator","internet"); // internet (default): eCommerce transaction. csRequest.put("ccAuthService_run","true"); csRequest.put("ccCaptureService_run","true"); csRequest.put("comments","Payment made via EFT Module"); csRequest.put("item_0_unitPrice",csAmount); // loop to check the items purchased note: this is the total csRequest.put("merchantID",csMerchantID); csRequest.put("merchantReferenceCode",cookieFacade.getValue("jsessionid")); csRequest.put("purchaseTotals_currency","USD");

23 Combine Objects in Transaction // CREDIT CARD AUTHORIZATION AND CAPTURE REQUEST csReply = createObject("Java","java.util.HashMap"); csReply = createObject("Java","com.cybersource.ws.client.Client"). runTransaction(csRequest,csProps);

24 Code response </cfif

25 Credit Card Components type

26 Your Questions & Comments

27 Key Learning Objectives Security, compliance and the law APIs are the best connectivity Use components

28 BLOGS Phill Nacelli http://www.phillnacelli.net Scott Stroz http://www.boyzoid.com Special Thanks Go To Montreal http://www.montrealoncf.org

Download ppt "Credit Card Processing Gail “Montreal” Shoffey Keeler August 14, 2007."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.

Payment Card Industry Data Security Standard Tom Davis and Chad Marcum Indiana University.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.

Merchant Card Processing (PCI Compliance for Supervisors) Sponsored by UW-Platteville’s Financial Services and The Office of Information Security.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.

2014 PCI DSS Meeting OSU Business Affairs Process Improvement Team (PIT) Robin Whitlock & Dan Hough 10/28/2014.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Property of CampusGuard Compliance With The PCI DSS.

Property of CampusGuard Compliance With The PCI DSS.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
What is Orbital? Our proprietary suite of e-commerce payment solutions Opens the door to easier internet payment card processing support and service Available.

What is Orbital? Our proprietary suite of e-commerce payment solutions Opens the door to easier internet payment card processing support and service Available.
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Copyright Security-Assessment.com 2005 Payment Card Industry Digital Security Standards Presented By Carl Grayson.

Copyright Security-Assessment.com 2005 Payment Card Industry Digital Security Standards Presented By Carl Grayson.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Similar presentations

Ads by Google