E-commerce, for most people, means purchasing an item on the Web. This multistep process involves product selection, payment, and product delivery. This article focuses on the payment process.
What Is Payflow Link?
Payflow Link is a credit card processing system. It integrates with your Web site, allowing customers to make purchases using credit cards. As there are other systems available that do the same thing, why would you want to use Payflow Link? For starters Payflow Link is a low-end system. It's recommended for 1,000 transactions or fewer per month. That being said, it's also cheap. Payflow Link currently costs $179 for setup and $19.95 a month. It's a good solution for a small scale or start-up e-commerce site with a limited budget. Payflow Link is easy to use and secure, and provides a good deal of flexibility for integrating into your site.
How Does It Work?
A Payflow Link transaction starts on your site. Create an order page that links to the secure Payflow processing page. You can use form or URL variables to pass the order information to the Payflow system. Typically these variables are hidden form fields. They contain information that identifies your account and information about the purchase. Once the user is on the secure Payflow page, he or she is asked for personal and credit card information. The credit card transaction is processed and the user is returned to your site. When Payflow returns the user to your site, it passes along information about the transaction, such as whether the credit card transaction succeeded or not.
In addition to processing credit cards, the Payflow system allows you to log in and view information about your account. You can enter your merchant account information, customize your Payflow options, manually process credit card orders, and view credit card transaction reports. Figure 1 shows a sample of orders made through Payflow Link.
Payflow Settings
Integrating Payflow Link with ColdFusion is straightforward since the Payflow system is written in ColdFusion. You can sign up for a free Payflow Link test account on Verisign's Web site, www.verisign.com.
First we need to configure the Payflow Link, which is under the Account Info menu, using the Payflow Link Info option. Payflow Link is very flexible and has a lot of options; I'll only cover some of the more important ones.
The first configuration area is the Form Configuration. This controls which fields the purchase form on the Payflow site will contain and where the user will return to when the purchase is complete.
The first field is the Return Method. Your options are POST and LINK. Select link if you just want to link back to a thank you page. We want to process the data from the transaction so we're going to select post. The next option is the Return URL. This is where the user will be sent when the transaction is complete. I'll be using a thank you page that does some additional processing so I'm going to link back to my site at http://mysite/thankyou.cfm.
Next are the silent post options; however, to keep this example simple, I won't use them. With these options you can post data back to one page on your site while directing users to another page. This is a security option that can help prevent users from trying to manipulate form data to create fake orders, or to bypass the order process. Once you become familiar with the Payflow Link system you should look into these options.
The next fields are for gathering user information. The user has the option of entering his or her name, address, city, state, zip, counter, phone number, and e-mail. We're going to select these options and the editable options for our sample so the user can enter these values. In some cases you may not want these fields editable; for instance, you may want to pass these variables in through the initial form without the user changing them.
The next option is the Transaction Process Mode. If you're in test mode, test is your only option. Once you activate your site for real transactions, you still have the option of setting it to test if you're working on your code.
The next area of customization is the General Display options. I won't go into details, but you have lots of color options and can upload your site's logo. The Receipt Display options area allows you to set information that people will see when their credit card is processed. The E-Mail options area allows you to configure credit receipts to customers and send yourself e-mail alerts when orders are processed.
The final customization area is Security options. We have two options to configure in this area. The first is the Address Verification Service (AVS) provided by credit card services. This service tries to prevent fraud by ensuring that a customer's street address and zip code match the billing address for the credit card. You have the option of using AVS at various levels or turning it off. There's a lot of debate about the value of this system. There are problems with matching addresses exactly and many times it's too slow, which means it times out and accepts a transaction even if the address and zip don't match.
As the merchant you are responsible for credit card transactions, so it's probably a good idea to turn AVS on in at least the lowest level, so you can justify your security to your bank. If you make many purchases online, you'll notice that a lot of sites ask you to enter your zip code along with your credit card number so they can do AVS checking. It's easier to get a match on a zip code than an address.
The second security option is Accepted URLs. You have five fields to enter URLs. These are the only pages that the process form will accept for processing. This protects your purchase system from people creating their own forms that submit to your system. For instance, someone can't create a form to purchase a laptop computer for a dollar. Our sample site is going to use http://mysite/purchase.cfm as the only page to accept links from.
Figure 2 shows the sample processing page I created including a logo that I uploaded.
>
Purchase Page
Listing 1 shows a sample purchase page named purchase.cfm. If this was a real page, the fields would be dynamically generated, but I'm keeping things simple for this example. This page displays a simple table with a list of items purchased and a form with several hidden fields. The form action is https://payflowlink.verisign.com/payflowlink.cfm, which is the Payflow Link processing page. Note that this is a secure page and uses https instead of http.
There are a lot of fields you can use, but we're going to use only six: LOGIN, PARTNER, AMOUNT, TYPE, DESCRIPTION, and USER1. The first four fields are required for all transactions. The LOGIN is your Payflow LOGIN, which is also your vendor ID. The PARTNER is the company that set up your account; if you got it directly from Verisign, it will be Verisign. AMOUNT is the amount of purchase, a number. TYPE is the transaction type.
There are two types of transactions you will generally use - S for authorize and capture and A for authorize only. Authorize marks the customer's card for a deduction of the specified amount. Capture actually transfers the money from the customer's account to yours. Why wouldn't you always use the authorize and capture option? Legally you can't deduct money from a person's account until the order is shipped. If you're selling something that's delivered immediately, such as a subscription to a Web site, you can use the authorize and capture option. However, if you're shipping physical goods you should wait until the item is shipped to capture the charge. Notice I said should. Nothing prevents you from always using the authorize and capture, but you do so at your own risk.
The next two fields are not required, but are nice to have. The first is DESCRIPTION, which describes the purchase. You have a limit of 255 characters for this field, so use it carefully. The other field is USER1, which is a custom field. We can put anything we want in this field. The customer never sees this information, but it's good for passing along data we want to process later. I'm going to put the item purchased in this field.
Thank You Page
Listing 2 contains my sample thank you page named thankyou.cfm. This page simply displays a "Thank you for your purchase" to the user. It also inserts the transaction into our database. We grab the user's information, including name, address, city, state, zip, e-mail, and phone number. In addition, we gather some information about the transaction. The amount of the transaction is stored. Our customer field USER1 contains the item purchased so we store it in the item field.
Another field that's useful to have is the Payflow Link reference number. This is returned as the PNREF variable and is placed into the payflow_id field in the database. You can use this field to cross reference orders in your database with the transactions in the Payflow Link reports.
Conclusion
I've covered just the bare minimum of integrating with Verisign's Payflow Link system, but it should be enough to get you started. Once you get the basics down you can try some of the more advanced features. If you're looking for a cheap and easy way to get your e-commerce site to accept credit cards, Payflow Link is a good solution.
Subscribe to ColdFusion Developer's Journal Email News Alerts
Subscribe via RSS
