Glossary Item Box

Squirrelcart v6.1.0

Connection Methods

Overview

Payment gateways offer different ways to connect to them to submit a transaction. The names for these connection methods are not standard. They are often branded, and are different for each payment gateway.

 

Squirrelcart classifies these connection methods into 5 different types. In Squirrelcart, there is a "Connection Method" field on each payment gateway record that can be set to control how your store will submit transactions to the gateway you've enabled. Some payment gateways support 1, 2, or 3 of these methods.

 

Our connection method names have either one or two parts (separated by a forward slash). They start with a term used to indicate where the payment form is hosted.
Store Hosted indicates that the payment form is hosted on your store's web server.
Gateway Hosted indicates that the payment form is hosted on the payment gateway's web server.

 

The optional second part of the connection method name indicates how the data is sent to the gateway.
Server represents your web server.
Gateway represents the payment gateway's web server.
Browser represents your customer's computer.

The five connection methods are as follows:

 

PCI compliance

PCI compliance is a standard created by the credit card industry to verify that a business is able to securely handle credit card data. If your website handles credit card data, your merchant account provider may require that your website and your business both be PCI compliant. That requirement is only needed if your website is actually handling the credit card data. If you wish to avoid this requirement, you can easily do so by choosing a connection method that does not result in your web site handling credit card data directly.

*The connection methods marked with an asterisk above do not cause your web server to handle credit card data, and as a result exempt you from having to be PCI compliant. If you want to avoid PCI compliance, use one of these connection methods.

 

Each connection method is explained in detail below.

 

 

Store Hosted / Server to Gateway

Website Requirements

This method requires at a minimum that you have an SSL certificate for your website. It also requires CURL OR fsockopen support, and OpenSSL, unless specified otherwise for your particular gateway in "Supported Gateways".

Benefits

 

How it Works

Your customer enters payment information on your secure web page, and submits it to your web server. While the customer is waiting for the next page to load, your web server sends payment information to the payment gateway in the background via SSL (Secure Socket Layer). The payment gateway sends the result back to your web server indicating the transaction status. Your web server then uses that information to determine what message to issue to the customer. In this method, the customer never sees the URL for the Payment Gateway in their browser. The customer never leaves your website.

Server to Server

 

Store Hosted / Browser to Gateway

 Benefits

How it Works

Your customer enters their payment information while on your website. When they submit the form, it is submitted directly by their browser to the payment gateway. It is never sent to your server.

 


Store Hosted / Browser to Gateway (Relay)

Website Requirements

SSL Certificate

 

Benefits

How it Works

Your customer enters their payment information using a secure form on your website. Your web server verifies all information is filled out, and then prompts your customer to continue to the payment gateway to submit the information. The customer then clicks the continue button and sends their payment information to the payment gateway for processing. The payment gateway then sends the customer back to your website to view the result of the transaction, and the thank you page if the transaction was approved. Depending on the payment gateway, the customer may never see the page on payment gateway web site. Most gateways will instantly redirect the customer to your site. Some will also alternatively load the entire thank you page from your website, and show it to the customer. When this happens, the only indication that the customer is not on your website is the URL in the address bar, as it will show the URL for the payment gateway.

Client Side Secure Form POST

Gateway Hosted

Website Requirements

No special requirements.

 

Benefits

Does not require an SSL certificate, CURL, fsockopen, or OpenSSL

 

Disadvantage

Your customer does not remain on your website. While most customers do not mind this, it is better in general to keep the customer on your site if possible. It gives them the sense that the transaction is being handled completely by your company and not a third party.

 

How it Works

This method is used when your website does not have SSL installed. Because of lack of SSL, there is no secure way for your site to gather payment information. The order total is sent via a form POST to a secure URL at the Payment Gateway website. The customer is then presented with a form in which they enter their payment information, and complete the order. Upon completion, most gateways will redirect the customer back to your website. Some may not return the customer, and will leave them at a thank you page at the gateway website.

Client Side Non-Secure Form POST

 

Gateway Hosted (Iframe)

Website Requirements

No special requirements.

 

Benefits

Does not require an SSL certificate, CURL, fsockopen, or OpenSSL.
Customer remains on your website during the transaction.

 

How it Works

During checkout, while still on your website a payment form hosted by your payment gateway is displayed in an iframe. While the payment form resides on the payment gateway's website, the customer never leaves your website. This removes any liability of accepting card data on your website, as your website never receives the card data. It has the benefit of keeping the customer on your site during the transaction. 

 

 

© 2001-2017 Lighthouse Development. All Rights Reserved.