Overview

Key information

Getting started

Further information

Overview

Version 1.0

A fully hosted payment page provides your customers with a quick, simple and effective way to make a payment. It is a low effort integration option and you can easily customise the page by adding your own branding and design elements. Being hosted by our service, your exposure to PCI requirements is minimised as no sensitive cardholder data is passed through your back-office systems.

This guide will help you to get a basic Hosted Payment Page (Secure Acceptance Hosted Checkout) up and running to test a simple ecommerce transaction. This includes a brief overview of the Secure Acceptance Hosted Checkout solution, it’s key features, benefits, integration journey and a step-by-step guide to getting a simple integration up and running.

Creating a hosted payment page does require some integration, but this is kept to a minimum. Getting up and running requires you to:

  • Create a Secure Acceptance profile: Use the Enterprise Business Centre (EBC) portal to create a Secure Acceptance Hosted Checkout profile.
  • Customise the profile: Configure the mandatory and optional settings that define the capabilities, behaviour and branding of your new Secure Acceptance profile.
  • Test the solution: Initiate the creation of a hosted payment page redirect URL by making the appropriate API calls from your back-office systems. Use our sample code for reference to help with your first test integrations.


It is possible to create many different profiles, each with custom configurations and each representing a different hosted payment page.

Key information

  • Low integration overhead
  • Fully hosted, no card data on your servers or network
  • Simple redirect of the customer browser
  • 3D Secure ready, no need to implement separate Payer Authentication flows
  • Accept a wide range of card types such as Visa, Mastercard, American Express
  • Customise look and feel through our servicing portal

Secure Acceptance Hosted Checkout is one integration option available for you to start accepting payments on your site. It exists alongside the other key integration options offered by Smartpay Fuse, each of which offers a subtly different range of capabilities. Before starting an integration, it is important to ensure that the option you select provides the right features to meet your business needs.

The table below compares the key features of Smartpay Fuse and how these are supported by the different integration options.

 Features  Virtual Terminal (in EBC *1)  Plugins (eCommerce platforms)   Hosted Payment Page   Direct API Integration (REST API Only)   Hosted Fields (Flex Microform + REST API) 
 PCI overhead SAQ C-VT Mixed *2 SAQ A SAQ D SAQ A *3
 Transaction Types  
  • Auth only
 yes yes (all plugins) yes yes yes *7
  • Auth and capture
 yes yes (all plugins) yes yes yes *7
  • Tokenise card (Credentials on file) 
 yes yes yes *4 yes yes *7

 CIT (initial/subsequent)

 yes yes yes *4 yes yes *7

MIT (continuous authority)

 no some *6 no yes yes *7
  • Refund (standalone)
 yes *8 some *6 via REST API & EBC*1 yes yes *7
  • Refund (existing transaction)
 yes yes (all plugins) via REST API & EBC*1 yes yes *7
  • Reversal
 yes yes (all plugins) via REST API & EBC*1 yes yes *7
  • Capture of standalone auth
 no yes (all plugins) via REST API & EBC*1 yes yes *7
 3D Secure Payer Authentication (v2)  n/a yes (all plugins) yes yes yes *7
 Account validation / verification n/a some *6 yes yes yes *7
 Basic fraud check rules *5 yes yes (all plugins) yes yes yes *7
 Low value exemptions n/a no yes yes yes *7
 AVS/CSC auto reversal/blocking yes *8 yes *6 *8 yes *8 yes *8 yes *7*8
 Digital wallets / APMs  
  • Apple Pay
 n/a some *6 no yes no *7
  • Google Pay
 n/a some *6 no yes no *7
 Card types supported  
  • Visa
 yes yes yes yes yes
  • Mastercard
 yes yes yes yes yes
  • Amex
 yes *8 yes *8 yes *8 yes *8 yes *8
 Channels  
  • eCommerce
 no yes yes yes yes *7
  • Moto
 yes some *6 yes *8 yes yes *7

If the capability you need is not supported by the Secure Acceptance Hosted Checkout, then you should consider one of the alternate integration options.

For more information on each of the options please see the following Quick Start guides:

  •  eCommerce Platform Plugins: easy integration to supported eCommerce platforms
  • Virtual Terminal: no integration required, servicing agents can take payments using our back office portal
  • Hosted Fields: client side tokenization of card details allowing you to use our Direct Integration (REST API) to process transactions with a low PCI overhead
  • Direct Integration: capture the card details yourself and initiate payment from your back-end through our APIs

If you have any questions about the Secure Acceptance Hosted Checkout product or its suitability for your needs then please don’t hesitate to get in contact.

Notes:
*1 - EBC is our back-office servicing portal; the Enterprise Business Center.
*2 - Different plugins use different integration methods. Please see te Hosted Payment Page, Hosted Fields (Flex Microform) and REST API guides for more details on the PCI implications of those integration approaches. If you are in any doubt about PCI, please get in contact.
*3 - SAQ A when using Flex Microforms to tokenize from web-applications.
*4 - Secure Acceptance Hosted Checkout can create tokenise from initial CIT transactions that can be used for subsequent CIT transactions.
*5 - Basic velocity rules via Decision Manager only available to SME clients; advanced fraud check and TRA on a case by case base.
*6 - Only available on some of our plugins, please see individual plugin solution pages.
*7 - Flex Microform simply allows card numbers to be tokenised in a PCI safe way; using the resulting transient token to process or manage the transaction is done with the direct integration REST API.
*8 - These features are not enabled out of the box and need further configuration by support teams, please contact support.

Using the Secure Acceptance Hosted Checkout to take payments can be considered a low effort integration option. The creation of the payment page, capture of card details and handling of 3D secure (Payer Authentication) flows are all taken care of for you. Under this integration option you simply need to initiate the payment process with a small set of customer and order details and redirect the customer browser to the URL that is returned from this initial set-up stage.

The payment flow is browser based and can be implemented full page, within an iFrame, on desktop browsers, mobile browsers or within a mobile app web-view.

The following flow illustrates the stages of the payment flow:

Please see the Getting Started section below for step-by-step instructions on how to use Secure Acceptance Hosted Checkout.

This integration option presents low risk for merchants, as cardholder data does not transit merchant servers or networks. Card details are entered on a customer browser and are sent directly to the Smartpay Fuse payment gateway.

This integration option attracts a PCI SAQ A level of compliance1.

If you have any questions or concerns about the PCI implications of using Secure Acceptance Hosted Checkout then please don’t hesitate to get in contact.

[1] - https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf

Getting started

Create a sandbox account

If you haven’t already done so then creating a sandbox account will not only allow you to start programmatic integration but also provides access to the Enterprise Business Centre (EBC) servicing portal. EBC allows you to create and customise Secure Acceptance Hosted Checkout payment pages, features, settings, payment types, branding and security settings.

  1. Visit our sandbox creation page here.
  2. Complete the registration form.
  3. Click submit to create your sandbox account.
  4. Go to Getting Started Step 2 – to create your profile and retrieve your access keys.

Note: on submitting your application, you will receive an automated email from our partner, Cybersource, with first time login and password reset instructions. Be sure to check your junk mailbox if this doesn’t arrive within 2 minutes of clicking Submit.

IMPORTANT: registration with our 3DSv2 Payer Authentication provider usually completes within 24 hours but can take up to 36 hours. During this time, you may see some transactions failing on 3D Secure authentication. These failures will be flagged as Decision Manager failures in the back-office portal transaction search.  

Log in to the Enterprise Business Centre

  1. Log in to the Enterprise Business Centre (at https://admin.smartpayfuse-test.barclaycard/ebc2) using the credentials created in Getting Started Step 1:

  2. Use the username and password you created in Getting Started Step 1 when requesting your sandbox account. Note: you will be asked to set a new password when you first log on to the Enterprise Business Centre.

  3. Once logged in to the Enterprise Business Centre, proceed to Getting Started Step 3 to create a Secure Acceptance Hosted checkout profile.

Create a Secure Acceptance Hosted Payment Page profile

Profiles are created through the Payment Configuration > Secure Acceptance Settings option of the EBC side-bar menu:

Select the “Secure Acceptance Settings” options and follow the steps below to create a profile:

  • Confirm that you are creating a profile for the correct Account and Merchant ID. More complex configurations allow multiple transacting IDs, but when signing up for a sandbox, the transacting ID should match the Merchant ID you specified during registration and that you used to log in to the EBC:

To make life easier, we have created a default profile with many of the basic settings already set-up for you. You can elect to use this default profile or set-up your own from scratch.

Use the Default Profile

If you want to use the default profile created with your account then simply:

  1. Select “Inactive” from the “Profile Status” dropdown on the Secure Acceptance Settings page:

  2. Note the default “SME Hosted Checkout” profile listed in an “Inactive” state:

  3. Open the default profile menu and then select “Edit Profile”:

    Note: you will still need to Edit this default profile and set “SECURITY SETTINGS” and “CUSTOMER RESPONSE” settings. Edit the default profile and go to Step 4 to define the mandatory values for “SECURITY SETTINGS” and “CUSTOMER RESPONSE”.

Create a New Profile

Alternatively, if you want to create a new profile from scratch, start at the “Secure Acceptance Settings” page and follow these steps:

  1.  Select the ‘New Profile’ option at the top right-hand side of the page to create a new Secure Acceptance Hosted Checkout profile:

  2. Fill out the form that appears, completing the following information:
      — Profile Information: key information to identify the new profile; provide a profile name and suitable description for your new profile.
      — Integration Methods: defines the API that you will use to control this new hosted payment page. Please select Hosted Checkout (the Checkout API is not supported by Smartpay Fuse). You will also need to provide your company name here. This will be displayed during the payment flow on your new payment page.
      — Contact Information: enter contact information for the primary owner of the new payment page profile.
      — Added Value Services: enable or disable payment methods you wish to support. Ensure that Decision Manager is enabled when you first create a profile. If you do not enable this feature then you will experience an error when you try to activate and promote your profile.
    Important: Ensure that Decision Manager is enabled and Generate Device Fingerprint is checked when you first create a profile. If you do not enable this feature then you will experience an error when you try to active and promote your profile.

  3. Create the profile by clicking ‘Submit’.

You have now created your Secure Acceptance Hosted Checkout. Proceed to Getting Started Step 4 to configure the profile further.

Configure your Secure Acceptance Hosted Checkout profile

Navigate the profile settings using the tab bar on the profile page:

The GENERAL SETTINGS tab houses the basic settings that you defined in the previous step.

After defining the general profile settings, you can configure additional information to further refine how your integration works. The following sections are mandatory, but we would encourage you to review and explore all available configuration options in each tab:

  • PAYMENT SETTINGS: displays available payment methods and payment management options
      — Card Type: you must select at least one card type to be accepted and at least one accepted currency.
      — Automatic reversal: select if you wish to automatically reverse transactions that fail Card Verification Code (CVC) or Address Verification Service (AVS) checks.
      — PayPal Express: PayPal Express Checkout is not supported by Smartpay Fuse at this time.
  • SECURITY: allows you to create API keys and secrets to initiate and control a hosted payment page from your back-office systems. Select “Create Key” from the security tab and name the key. This generates your active access keys, which must be named, as part of the integration of the profile to your given endpoint. The Access Key and Secret Key generated must be entered within your integration and can only be viewed for a maximum of 120 seconds at any given time. You must keep key detail secret and secured appropriately in your back-office systems.
  • PAYMENT FORM: checkout steps define whether certain information is collected by the hosted payment page form or will be specified by your back-office API when initiating a hosted payment page during a payment flow. Processing transactions through the Smartpay Fuse sandbox requires that consumer First Name, Last Name, Street Address 1, City, Country and Customer Email address are provided; either by your API during the checkout process or captured for you by the hosted checkout payment page. If you are not capturing these details then enable Billing Information in the checkout steps and check the ‘Display’, ‘Edit’ and ‘Require’ boxes for the required fields.
  • CUSTOMER RESPONSE:defines the hosted payment page redirect endpoint to be used after the checkout process is complete. You can choose here to host your own transaction result pages or to allow Smartpay Fuse to host these pages for you. This configuration tab also allows you to restrict the number of attempts that may be made by a cardholder to enter their payment details on the hosted page.

From the profile summary page, you can also view and configure General Settings, customise the number of steps in a payment journey, set webhook URLs for transaction notifications and customise the payment page branding.

Once you are happy with the configuration of your Secure Acceptance Hosted Checkout page then you can promote the profile so that it may be used:

Note: after creation of the profile, it is possible to retrieve Access Keys at a later stage from the security tab in your profile.

You now have everything set-up ready to test your new sandbox hosted payment page, follow the instructions in Getting Started Step 5 to test your new page.

Testing your new Secure Acceptance Hosted Checkout payment page

The profile is now ready to use. You will need to note the Profile ID, Secret Key and Access Key values and use those in any code that you write. It’s now time to test your new Secure Acceptance Hosted Checkout profile using some of our sample code.

Smartpay Fuse has been created in partnership with VISA Cybersource. You may notice some developer resources feature the Cybersource brand – these are still part of connecting to Barclaycard Payments.

We provide sample integration code in a variety of languages to get a basic integration up and running. The code will require modifying to work with your specific payment journey, but the following examples will get your very first Secure Acceptance Hosted Payment page working with the profile you created in the previous steps:

JSP       C#        Ruby     Perl      PHP      VB

We will use the PHP example to demonstrate the necessary steps.

Firstly, prepare your environment:

  1. Deploy your webserver.

  2. Ensure you have PHP installed such that you can successfully run PHP applications.

  3. Unpack the example code and check all file permissions.

  4. Edit payment_form.php and replace the access_key and profile_id placeholder defaults with the values generated when you created and set-up your profile in Getting Started Step 3:

  5. Edit security.php and replace the SECRET KEY with the value you created when setting up your profile:

  6. The Smartpay Fuse sandbox account is configured to require customer billing fields. Note transactions will be rejected if you do not supply these as part of a transaction. You will either need to supply these fields through one of the following routes:

      — Modify payment_form.php to define these fields so dummy values are passed from your PHP test application. Add extra pre-defined input fields to payment_form.php:

    and ensure that these are also reflected in the signed_field_names field:

      — Configure the payment form to capture these fields for you by Enabling “Billing Information” under the “Checkout Steps” section of the “PAYMENT FORM” tab in your Secure Acceptance Hosted Checkout profile.

    Ensure that display, edit and require are checked for First Name, Last Name, Street Address 1, City, Zip/Postal Code, Country and Email.

  7. Upload the edited PHP sample code to your web server, such that you can navigate to the sample code.

  8. Navigate to the URL on which the file payment_form.php is hosted to instigate the payment journey.

  9. If you are using the sample code provided, the following set-up page will load:

  10. Click ‘Default All’ to pre-populate the fields.

  11. Ensure that you change the currency to GBP, the supported currency for Smartpay Fuse.

  12. You will next be presented with a page that summarises the payment details used to initiate the payment page generation request to Smartpay Fuse (note the signed fields used in the HMAC generation):

  13. Click Confirm to request the payment page from Smartpay Fuse. This will redirect you to the payment page for the transaction you just set-up, for example:

Once the test payment has completed, you will be returned to receipt.php on your server/website, this will output the transaction status parameters and other returned name/value pairs to screen.

Please review the Notifications section of your integration Profile to determine how you will handle the returned data as part of your integration and transaction journey. Full details of the range of returned values can be found in the Full Hosted Checkout Integration Guide.

Once you have completed the first test transaction, head over to the Enterprise Business Centre and visit the Transaction Management > Transactions menu to see a list of transactions:

This will list out all recent transactions and as your integration grows, you can search and filter quickly from this view.

Click through to the transaction details by selecting the “Request ID” link on the transaction, which will provide useful information and can be used to perform next-step actions. This transaction detail view is useful when trying to understand why a particular transaction may have failed. For example, the following clearly shows that mandatory fields have not been passed in a transaction:


Whilst the sample code shows a view of how the payment page works in principle, you will need to make the necessary code-level changes to make the integration suitable for your environment and transaction journey.

Congratulations, you should now have processed a transaction using the Secure Acceptance Hosted Checkout using our sample code.

Should you encounter problems with your payment request, please check the debug log data available via Transaction Management > Secure Acceptance. These logs will help you diagnose many common integration issues.

Going live

Once you have tested your integration in the sandbox environment you may want to make the next move towards going live.

If you have not already done so then you will need to apply for a live account with our onboarding team by getting in contact. Our sales team will take you through the application process to set-up your contract and live trading account.

Once on-boarding is complete you will receive log-in details for the live Enterprise Business Centre at https://admin.smartpayfuse.barclaycard/ebc2/, where you can follow the same set-up process as sandbox to configure your Secure Acceptance Hosted checkout page.

You will also need to:

  1. Update your integration credentials: swapping your test Secure Acceptance Hosted Checkout credentials to the live credentials created in your new live production account.
  2. Update the Secure Acceptance hosted checkout URL to the production endpoint from https://testsecureacceptance.Cybersource.com/ to https://secureacceptance.Cybersource.com/.

If you have any questions about the Secure Acceptance Hosted Checkout product or its suitability to your needs then please don’t hesitate to get in contact.

Further information

The full Secure Acceptance Hosted Checkout integration guide can be found here.

Test card numbers and the testing guide here.

Payer authentication test card numbers and use cases here.

Sample code list: JSP, C#, Ruby, Perl, PHP, VB

If you have any questions about the Secure Acceptance Hosted Checkout product or its suitability to your needs then please don’t hesitate to get in contact.