About Credit Cards

I l @ ve RuBoard

Credit card processing is an arcane subject that could easily consume a chapter all by itself. Thankfully for those of us who have to implement credit card handling, it's a lot simpler than it used to be. Until recently, interfacing to a credit card authorization system involved dealing with C-based libraries that had to be coerced to communicate with Java. Now most major players in the authorization business offer native Java interfaces to their systems.

Let's start by talking about the players that take part in a credit card transaction:

  • The merchant ” That's you or your client, the entity (company or individual) that is selling something.

  • The gateway provider ” This is the company providing software and infrastructure to allow you to process charges.

  • The processor ” This is a large company that handles the actual charge against the credit card and transfer of the funds into the merchant's bank.

  • The bank ” This is the place where the money eventually ends up.

When you, as a merchant, want to offer credit card services, you need to set up a business relationship with a processor. At the time of this writing, there were basically four in the United States: First Data, Nova, Visanet, and Paymentech. They all essentially work the same. However, unless you're doing a huge (tens of thousands of transactions a month) volume, they are too expensive to work with directly. So, you should approach a gateway provider, one that aggregates charges for a number of merchants and thus provides larger chunks of business to the processor.

Of course, nothing comes for free. The gateway provider will take another slice of the transaction, in addition to the 2 to 5 percent that the processor takes. It's worth shopping around. I've seen quotes between $200 and $25,000 a month for the same service from different providers.

Another thing to look at when choosing a provider is the quality and simplicity of its API. If a provider doesn't have a native Java API, just walk away from the table. If it does, ask for a test account and try it out.

In your example, a very simple stubbed authorization routine has been done. Listing 13.7 shows a real piece of code from a live e-commerce site interfacing to the API used by Plug & Pay Technologies.

Listing 13.7 An Example of Interfacing to a Credit Card Provider
 public static Properties authorizeCharge(String cardHolder, String cardNumber, String graphics/ccc.gif cardExp,                                          String cardAddress1,String cardAddress2, String graphics/ccc.gif cardCity,                                          String cardState, String cardZip,                                          float amount) {      DecimalFormat df = new DecimalFormat("###0.00");      Properties pairs = new Properties();      pnpapi pnp = new pnpapi();      String cert_dir = sql_bundle.getString("cert_dir");      String publisher_name = sql_bundle.getString("publisher_name");      String publisher_email = sql_bundle.getString("publisher_email");      boolean debug = sql_bundle.getString("mode").equals("debug");      pairs.put("cert_dir", cert_dir);      pairs.put("publisher-name", publisher_name);      pairs.put("mode","auth");      if (debug) {          pairs.put("card-name", "pnptest");      } else {          pairs.put("card-name", cardHolder);      }      pairs.put("card-number", cardNumber);      pairs.put("card-address1", cardAddress1);      pairs.put("card-address2", cardAddress2);      pairs.put("card-city", cardCity);      pairs.put("card-state", cardState);      pairs.put("card-zip", cardZip);      pairs.put("card-country","US");      pairs.put("card-amount", df.format(amount));      pairs.put("card-exp", cardExp);      pairs.put("publisher-email", publisher_email);      Properties results = new Properties();      results = pnp.doTransaction(pairs);      Iterator vals = results.keySet().iterator();      return results;      } 

Listing 13.8 shows the method in action in a JSP page:

Listing 13.8 Using authorizeCharge
 Properties authorization =                 PlugAndPay.authorizeCharge(cardHolder, cardNumber,                 cardExpires, cardAddress1, cardAddress2, cardCity,                 cardState, cardZip, charge_total); if (!authorization.getProperty("success").equals("yes")) {      response.sendRedirect("/jsp/declined.jsp"); } else {      values.put(x.getElement("transaction_id"),                 authorization.getProperty("orderID"));      values.put(x.getElement("transaction_date"),                 authorization.getProperty("auth_date"));      values.put(x.getElement("transaction_id"),                 authorization.getProperty("orderID"));      values.put(x.getElement("charge_amount"),              authorization.getProperty("card-amount")); 

Essentially, all it does is marshal up the information needed for the authorization, hand it to the API, and then demarshal the results afterward.

You usually have the choice of how detailed and specific you want the authorization to be, from a simple card validation all the way up to full address and phone number checks. Remember that the more you check, the more likely that simple, harmless typos will cause the order to fail. On the other hand, the more you check, the less likely someone will run a bogus charge. The amount of caution that you want to take in a "high- turnback " environment ”such as the adult entertainment industry ”is a lot greater than you'd need for an insurance premium application.

You can do other things with most APIs, such as issue credits and get reports . Obviously, you want to make sure that these can't be called spuriously or maliciously.

It's worth writing your code in a somewhat modular fashion so that changing credit card authorization companies doesn't require a complete rewrite of your code. When working on some of my projects, we changed companies three times during development.

I l @ ve RuBoard


MySQL and JSP Web Applications. Data-Driven Programming Using Tomcat and MySQL
MySQL and JSP Web Applications: Data-Driven Programming Using Tomcat and MySQL
ISBN: 0672323095
EAN: 2147483647
Year: 2002
Pages: 203
Authors: James Turner

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net