acdit.com Ltd. provides software and support for ...
Bank-based Payment Gateway systems
Corporate-level online Merchants process credit cards using a "payment gateway" provided by their acquiring bank.
The bank provides the processing software modules, some to be built into the Merchant's website/server and some which the bank hosts on its own secure servers.
These systems normally come in two versions:
Bank-hosted processing - typical scenario
The Merchant's website provides a link to processing pages hosted by the bank website. The code behind this link can transfer data such as the Merchant's bank ID, an order reference and details of the products or services being sold.
The purchaser is presented with the bank's credit card processing page, enters the required data and submits the form.
The bank website processes the transaction and returns the purchaser to the Merchant's website, normally with a message that the transaction was successful.
The Merchant's website can then generate a purchase receipt and continue to expedite the order.
Since the Merchant's website does not collect credit card data, the Merchant does not have to deal with PCI-DSS Compliance.
Psuedo on-site processing - typical scenario
The Merchant's website hosts its own credit card data collection software and can store the data in secure client accounts for convenient later re-use. The Merchant's website and business operation require PCI-DSS Certification.
The Merchant's website makes a server-to-server connection with the bank website to actually process the transaction. This process is invisible to the purchaser, whose browser stays on the Merchant's website for the duration of the procedure.
The bank returns a success-or-failure message, and the Merchant's website can continue to expedite the order accordingly.