Credit card processing

Richard Miller wow at together.net
Fri Jan 21 11:49:54 EST 2005 

Since posting a related question back in early December, we've signed 
up with Authorize.net to use their card processing payment gateway. We 
need to get credit card information from our Rev application to 
Authorize.net and retrieve the results of the transaction back to our 
app. (We do not have the ability to do any of this from a standard 
browser. It all must all happen from within our Rev application.) 
Configuring the data fields and data stream Authorize needs is not 
difficult. The question is, how to establish and open the secure 
connection.

The following information is from the Authorize.net implementation 
guide. Given this info, it seems we might need to use the Open Secure 
Socket and Encrypt commands to start the process, but we really have no 
idea of the syntax required. Also, how is an SSL certificate involved 
in this process?

Any comments would be greatly appreciated. Thanks.

Richard Miller
Imprinter Technologies

------------------------------------------
How Does AIM Work?

When using AIM, transactions flow in the following way:

    1. The Merchant’s server initiates a secure connection to the 
payment gateway and then initiates an HTTPS POST of the transaction 
data to the gateway server
    2. The payment gateway receives and processes the transaction data
    3. The payment gateway then generates and submits the transaction 
response to the Merchant’s server
    4. The Merchant’s server receives and processes the response
    5. Finally, the Merchant prints a receipt and obtains the 
cardholder’s signature to complete the transaction

What is Required to Implement AIM?

Merchants must be able to perform the following functions in order to 
submit transactions to the gateway using AIM:

    1. Establish a secure socket connection
    2. Provide both server and client side encryption
    3. Develop scripts on a Web server for the integration to the 
gateway (e.g., for submitting transaction data and receiving system 
responses)

AIM Implementation

To implement AIM, a developer would design a script that can do the 
following:

    1. Securely obtain all of the information needed to process a 
transaction
    2. Initiate a secure HTTPS form POST from the merchant’s server to:
                             
https://cardpresent.authorize.net/gateway/transact.dll
    3. Receive the response from the gateway and process the response to 
display the appropriate result to the end user

Note:    For reasons of security, use only port 443 for AIM information 
transfers.

More information about the use-livecode mailing list