Overview

Version 1.0

A fully hosted payment page provides your customers with a quick, simple and effective way to make a payment. It is a low effort integration option and you can easily customise the page by adding your own branding and design elements. Being hosted by our service, your exposure to PCI requirements is minimised as no sensitive cardholder data is passed through your back-office systems.

This guide will help you to get a basic Hosted Payment Page (Secure Acceptance Hosted Checkout) up and running to test a simple ecommerce transaction. This includes a brief overview of the Secure Acceptance Hosted Checkout solution, it’s key features, benefits, integration journey and a step-by-step guide to getting a simple integration up and running.

Creating a hosted payment page does require some integration, but this is kept to a minimum. Getting up and running requires you to:

  • Create a Secure Acceptance profile: Use the Enterprise Business Centre (EBC) portal to create a Secure Acceptance Hosted Checkout profile.
  • Customise the profile: Configure the mandatory and optional settings that define the capabilities, behaviour and branding of your new Secure Acceptance profile.
  • Test the solution: Initiate the creation of a hosted payment page redirect URL by making the appropriate API calls from your back-office systems. Use our sample code for reference to help with your first test integrations.


It is possible to create many different profiles, each with custom configurations and each representing a different hosted payment page.

Key information

  • Low integration overhead
  • Fully hosted, no card data on your servers or network
  • Simple redirect of the customer browser
  • 3D Secure ready, no need to implement separate Payer Authentication flows
  • Accept a wide range of card types such as Visa, Mastercard, American Express
  • Customise look and feel through our servicing portal

Secure Acceptance Hosted Checkout is one integration option available for you to start accepting payments on your site. It exists alongside the other key integration options offered by Smartpay Fuse, each of which offers a subtly different range of capabilities. Before starting an integration, it is important to ensure that the option you select provides the right features to meet your business needs.

The table below compares the key features of Smartpay Fuse and how these are supported by the different integration options.

 Features  Virtual Terminal (in EBC *1)  Plugins (eCommerce platforms)   Hosted Payment Page   Direct API Integration (REST API Only)   Hosted Fields (Flex Microform + REST API) 
 PCI overhead SAQ C-VT Mixed *2 SAQ A SAQ D SAQ A *3
 Transaction Types  
  • Auth only
yes yes (all plugins) yes yes yes *7
  • Auth and capture
yes yes (all plugins) yes yes yes *7
  • Tokenise card (Credentials on file) 
yes yes yes *4 yes yes *7

 CIT (initial/subsequent)

yes yes yes *4 yes yes *7

MIT (continuous authority)

no some *6 no yes yes *7
  • Refund (standalone)
yes *8 some *6 via REST API & EBC*1 yes yes *7
  • Refund (existing transaction)
yes yes (all plugins) via REST API & EBC*1 yes yes *7
  • Reversal
yes yes (all plugins) via REST API & EBC*1 yes yes *7
  • Capture of standalone auth
no yes (all plugins) via REST API & EBC*1 yes yes *7
 3D Secure Payer Authentication (v2)  n/a yes (all plugins) yes yes yes *7
 Account validation / verification n/a some *6 yes yes yes *7
 Basic fraud check rules *5 yes yes (all plugins) yes yes yes *7
 Low value exemptions n/a no yes yes yes *7
 AVS/CSC auto reversal/blocking yes *8 yes *6 *8 yes *8 yes *8 yes *7*8
 Digital wallets / APMs  
  • Apple Pay
n/a some *6 no yes no *7
  • Google Pay
n/a some *6 no yes no *7
 Card types supported  
  • Visa
yes yes yes yes yes
  • Mastercard
yes yes yes yes yes
  • Amex
yes *8 yes *8 yes *8 yes *8 yes *8
 Channels  
  • eCommerce
no yes yes yes yes *7
  • Moto
yes some *6 yes *8 yes yes *7

If the capability you need is not supported by the Secure Acceptance Hosted Checkout, then you should consider one of the alternate integration options.

For more information on each of the options please see the following Quick Start guides:

  •  eCommerce Platform Plugins: easy integration to supported eCommerce platforms
  • Virtual Terminal: no integration required, servicing agents can take payments using our back office portal
  • Hosted Fields: client side tokenization of card details allowing you to use our Direct Integration (REST API) to process transactions with a low PCI overhead
  • Direct Integration: capture the card details yourself and initiate payment from your back-end through our APIs

If you have any questions about the Secure Acceptance Hosted Checkout product or its suitability for your needs then please don’t hesitate to get in contact.

Notes:
*1 - EBC is our back-office servicing portal; the Enterprise Business Center.
*2 - Different plugins use different integration methods. Please see te Hosted Payment Page, Hosted Fields (Flex Microform) and REST API guides for more details on the PCI implications of those integration approaches. If you are in any doubt about PCI, please get in contact.
*3 - SAQ A when using Flex Microforms to tokenize from web-applications.
*4 - Secure Acceptance Hosted Checkout can create tokenise from initial CIT transactions that can be used for subsequent CIT transactions.
*5 - Basic velocity rules via Decision Manager only available to SME clients; advanced fraud check and TRA on a case by case base.
*6 - Only available on some of our plugins, please see individual plugin solution pages.
*7 - Flex Microform simply allows card numbers to be tokenised in a PCI safe way; using the resulting transient token to process or manage the transaction is done with the direct integration REST API.
*8 - These features are not enabled out of the box and need further configuration by support teams, please contact support.

Using the Secure Acceptance Hosted Checkout to take payments can be considered a low effort integration option. The creation of the payment page, capture of card details and handling of 3D secure (Payer Authentication) flows are all taken care of for you. Under this integration option you simply need to initiate the payment process with a small set of customer and order details and redirect the customer browser to the URL that is returned from this initial set-up stage.

The payment flow is browser based and can be implemented full page, within an iFrame, on desktop browsers, mobile browsers or within a mobile app web-view.

The following flow illustrates the stages of the payment flow:

Please see the Getting Started section below for step-by-step instructions on how to use Secure Acceptance Hosted Checkout.

This integration option presents low risk for merchants, as cardholder data does not transit merchant servers or networks. Card details are entered on a customer browser and are sent directly to the Smartpay Fuse payment gateway.

This integration option attracts a PCI SAQ A level of compliance1.

If you have any questions or concerns about the PCI implications of using Secure Acceptance Hosted Checkout then please don’t hesitate to get in contact.

[1] - https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf

Getting started

Further information

The full Secure Acceptance Hosted Checkout integration guide can be found here.

Test card numbers and the testing guide here.

Payer authentication test card numbers and use cases here.

Sample code list: JSP, C#, Ruby, Perl, PHP, VB

If you have any questions about the Secure Acceptance Hosted Checkout product or its suitability to your needs then please don’t hesitate to get in contact.