PGS is a payment gateway service. It provides the developer with an interface to process credit card information and appropriate requirements and permissions required by PCI to securely execute it through a web application. By default, PGS (v2 and v3) comes as a plugin for CakePHP 2.x & 3.x . In CakePHP 3.x, it’s the default plugin.
The Payment Gateway Interface enables Merchants to facilitate Credit Card transactions on their website without handling or storing sensitive credit card information themselves. It provides a secure way to accept payments over the Internet while maintaining PCI DSS compliance. This means that merchants can offer online payment options while protecting customer data and credit card information.
The plugin’s interface allows you to accomplish the following tasks:
1) Process payments
2) Receive notifications of payment results.
PGS 3.x provides a complete interface that allows developers to process Credit Cards online with ease. It is the preferred choice for any merchant wanting to accept Credit Card payments on their website.
The plugin is not limited to accepting credit cards. You can also use it for processing e-checks, provided your payment gateway supports this method of payment. Some examples are PayPal and Amazon Payments.
Step 1: Accepting Credit Card Payments
The first step in the process is to access your Payment Gateway and begin accepting payments. This has several steps:
Request Access:
Most payment gateways allow for this request via email. There will be two main areas of concern during this phase: Authorization and Gateway Details. These can both be found on your Payment Gateway service site. If the gateway requires any specific information or documents, then you should create them now. For testing purposes, most standard information is generally accepted for account creation. Some gateways are very strict about their requirements, requiring additional information such as business registration numbers, etc. Expect these requirements to be included in the Gateways details if required by yours.
- Authorization
This involves generating an Authorization code to be used in your shopping cart. This is not the same as a transaction identifier. The settings for this are found on the Payment Gateway service page, under Security Settings > Payment Page Setup > Authorize Key. You should ensure that this is turned off after you have tested it.
- Gateway Details
These details will generally include the following information:
i) Merchant ID – This is usually a 9 digit number and can be found anywhere on the gateway website.
ii) Terminal ID – This refers to the terminal you use to process payment transactions through EFT or offline (card swipe machine). It’s not always required, but some gateways may require it for security purposes, so ensure it is available.
iii) Terminal Type – This refers to the type of machine that you are using (PCI Data Entry, EFT, or Offline), it’s not always required, but some gateways may require it for security purposes, so ensure that if your payment method requires this information, then it is effective and readily available.
Once you have these details, log into your shopping cart and begin to configure a new button for a credit card transaction. Ensure that the gateway being used supports this type of transaction as some gateways have limitations on their services. The form should be similar to:
Please note that all fields marked with an asterisk (*) are required by the gateway provider. If you do not include them, there will be a delay in your payment process, as the gateway will attempt to contact you for these details.
ii) Button Details – This refers to how many times a customer can use a credit card that is saved on file with their billing address etc., on record. It is generally set between 1 and 3 by default but can often be increased if needed.
iii) Retry Attempts – If a transaction does not go through on the first try, some gateways allow the user to re-attempt this up to 5 times before an error is shown or the transaction fails. Your shopping cart must be designed to detect when there are too many failed attempts, as some Payment Gateways have limits as to how many attempts can be made before the transaction is locked.
Step 2: Processing Authorisation
This step generally consists of two parts: Authorization Callback & Success Page Setup. The first part will require that an application program interface (API) is called, which will pass through some required information, including transaction ID and any other required data depending on the type of transaction selected.
i) Authorization Callback URL
This field will be visible on your Payment Gateway service page, under Security Settings > Payment Page Setup > Authorization Callback setup. You should ensure that this is set to a unique value. Otherwise, you may find yourself in a situation where the callback fails due to an existing URL.
ii) Transaction ID
The transaction ID generated during step 1 (authorization) and saved into your shopping cart should also be passed through here for verification purposes by the gateway provider. If it does not match, then the process will fail and generate an error.
iii) Additional Data (Variable Details)
Depending on which gateway you are using, additional data such as terminal type or customer name could be passed through. This is required by the gateway and ensures that transactions are processed correctly. Your shopping cart must detect this data and pass it on accordingly for processing during this step.
Step 3: Tracking Transactions & Order Data
At some point, after sending transaction data to the Payment Gateway service, you will be issued with a unique order ID which you should save as a reference for your records. This information may also be called a “receipt number” or “order confirmation number.” It is now up to you how and when this data is stored, but it must remain available to your business and customers for inspection as required by rules set out in your local law (for example, if any disputes arise).
Step 4: Transaction Status Changes & Transaction Data Retrieval
Over time various events could occur which affect transaction statuses and their corresponding order data:
i) Refund – A refund transaction initiated by either the customer or business;
ii) Chargeback – An attempt by a customer to reverse a transaction after goods have been received. If the chargeback is successful, then your business will be liable for refunding money paid by customers if they return or refuse delivery of their order.
iii) Void – A transaction that has been canceled and removed from further processing. This event could occur because the payment was not authorized at all, it occurred in error, or the customer did not receive the product/service that was paid for
iv) Transaction Status Changes – Other administrative events such as a card expiry date being reached after a previous decline or a reversal.
v) Checkout Complete – The final checkout page on your website should contain some form of transaction status checker where customers can view current transaction statuses and their corresponding order data. If a customer wishes to check on the status of a transaction, they should enter their email address and the unique transaction key or PIN number you provided them with at checkout
Step5: Transaction Processing & Order Updates
Suppose your business does not own a bank account. In that case, this service is usually provided by the Payment Gateway as well – make sure you check exactly what services are included with each option before making your choice. Once funds have been successfully received into the Payment Gateway account, the currency will be converted into your local currency (if applicable) and any fees deducted before being transferred into your general business account.
Once funds have been deposited into the general business account, updates to orders can be made if further information is required or needed before carrying out the delivery. If there is a change of address, then funds can be transferred into the customer’s bank account, and this transaction will generate a new order ID which you should update with all changes as necessary.
