Payment Gateway Pipeline Integration
Hi all,
I am a beginner in CS 2007 doing my first CS 2007 project. We as a team are working to customise the CS 2007 Starter Site according to the business needs and to use it to launch as an ecommerce website.
I have read the MSDN for pipeline and using the existing pipeline for payments provided in CS2007 Starter Site, it does not look viable to use it as it is for payments. Some blogs and discussions also redirect to the fact that one has to write their own pipeline for payments and integrate with their payment gateway service provider.
Keeping in mind the deadline which has been given the 1st Dec 2006, we as a team don't think it would be possible. There couple of options that I have thought of
Option 1
Removing the control of CS2007 from the Starter Site only for the section after the checkout, when we come to take the payments. So if any one had just disabled some features in the pipeline or the whole pipeline and just integrated the rest of the process flow from Starter Site to a payment gateway, i.e. Protx's ASP.NET solution. Hence this would no longer have restrictions of the pipeline.
Option 2
Using S/MIME and sending an email from the site which would contain the CC details. Any thoughts or suggestions on this option.
Please forgive me if I might sound typically deadline driven but I am looking for a legally viable, secure and efficient solution.
Please do let me know your thoughts experts.
Many thanks,
Shriroop.
[1517 byte] By [
Shriroop] at [2008-2-13]
Shriroop,
Option 1 seems like a perfectly acceptable approach, but keep in mind that you could end up spending a lot of time integrating your business logic with your payment provider. Considering most payment providers also act as a fraud screen, you're not going to want to ship anything until both you and the payment provider agree that an order is valid. With that in mind, you're going to reduce complexity on your UI/Business Logic, but increase complexity on your integration layer.
I can't say that I agree with option 2 at all, and I'm pretty sure that you're going to have issues with the legality of this (particularly because of mail archival). Encrypting the transmission is important, but you also need to encrypt the actual message for storage, and the very nature of email suggests that this is the wrong messaging format.
Honestly, the most secure solution is to implement secure web service or socket communication with your fulfillment provider. As per efficiency, creating a pipeline component is really the way to go. I can understand that you have an agressive deadline, but this isn't something you can just patch together at the end of build.
Hi Shriroop,
Payment is a part of anyone's order taking business process. Depending on the requirements of your client you could also opt to take payment processing offline all together by accepting the order without authorization of payment. This may create some customer service burdens but it will allow you to export the order using the orders web service, orders adapter, or custom code and deal with it in a more familiar way.
Another approach you could try given the short deadline is to check out CyberSource's payment component. It was built for CS2002 but may still work as there are a number of APIs that still exist in CS2007.
We ended up writing our own wrapper around the CyberSource Simple Order APIs (which use SOAP under the covers). This was mainly to gain a level of control over what data was being sent back and forth (and to enforce business rules on results).
You'll find that you have a number of options with Commerce Server and that none are really right or wrong. At the end you need to pick an easy-to-implement and maintain solution which will protect customer data. With such a tight timeline I would recommend going for something easy but secure. If it means processing outside of the pipeline components because you don't have the skills on the team or the time to do it then go that route. If you want to write your own pipeline component there is a Visual Studio template and sample unit test ready to go on my blog.
Cheers,
Colin
Hi Shiroop,
I have completed one commerce site using cs2002 and I am working on a site witrh cs2007.
I found similar problems integrating the clients selected payment gateway and choose to process the payment immediately before running the order pipeline. Creating and debugging a new pipeline component wasn't practical in the timescales we had and the only disadvantage I could see was that an order might fail after the credit card details had been processed by the payment gateway. To work around that I ensured that all errors in the pipeline created notifications for the customer services team so that they could investigate / refund the purchase. So far all orders have been processed without a problem.
The sequence of events I used was:-
- run the basket pipeline and exit if there were any errors.
- make the payment via the payment gateway and exit if there were any errors
- run the order pipeline (using saveAsOrder)
- check for errors with the order and email/log a message for customer services if the order has failed.
- update the order status in the order object returned from saveAsOrder with any extra information saved from the payment gateway
- save the order
My long term aim is to integrate the C# classes I created for the payment into a pipeline component but it is quite a long way down my list of items to do.
Paul
