Announcement:Materials and articles for ProductCart 5 can be found at our brand new support center.

Create an account to edit articles | See Formatting Syntax for Wiki syntax | We look forward to your contribution!

ProductCart Payment Gateway

Overview

At ProductCart we have been developing ecommerce software for a decade, and we know what merchants need when it comes to payment processing. For example, we know very well how important it is to find a payment solution that combines a seamless checkout experience with advanced features that reduce the scope of PCI compliance. So, in partnership with a leader in the payment processing space, we created the ProductCart Payment Gateway.

  • For more information, and details on features and fees, please see http://www.earlyimpact.com/gateway/
  • To learn more about how the ProductCart Payment Gateway reduces the scope of PCI compliance, click here.
  • If you need not only a payment gateway, but also a merchant account, we can certainly help with that too

In this document, we will use the abbreviation “EIG” to refer to the ProductCart Payment Gateway (or Early Impact Gateway).

The EIG was introduced with ProductCart v4.5.

Signing up for an account

To sign up for an account, contact ProductCart: https://www.earlyimpact.com/about.asp#contacts

Obtaining the EIG credentials

Once you have received confirmation that your EIG account has been setup, you will need to take a few, simple steps to activate the payment gateway in your ProductCart-powered store. The first step is to obtain the credentials you need to complete the activation.

To activate the EIG in ProductCart, you will need your User Name, Password, and Security Key.

  • The User Name and Password are those that you are using to log into your EIG account administration area.
  • To obtain the Security Key, follow these instructions:
    • In the left-side navigation, click on Options > Settings
    • Under Security Options, click on Security Keys
    • The Security Key that you need to use is the long alphanumeric key located in the third column

Activating the EIG in ProductCart

You can now go back to the ProductCart Control panel, select the ProductCart Payment Gateway under Payments > Add New Payment Option and configure the settings as described below:

  • User Name: enter the user name that you use to log into your EIG account
  • Password: enter the password that you use to log into your EIG account
  • Secure Key: enter the Security Key obtained using the instructions listed above
  • Transaction Type. Select a transaction type from the drop-down menu. You can either authorize or authorize & capture funds during a transaction:
    • Sale: the credit card is authorized and debited. In other words, the order amount is immediately captured, and you cannot make changes to it. Since it is a good practice to review orders before they are processed, this method is not recommended.
    • Authorize Only: the credit card is authorized, but not debited. The order amount is not captured at the time the order is placed, which means that you can review the order for accuracy and legitimacy, and make changes to it that affect the order total, if needed.
      • The authorization is valid for 7 days. You will need to capture it within that time period.
      • The transaction is not settled (and therefore funds are not deposited into your back account) until you capture it.
      • Within 7 days, you must either manually capture funds in the EIG account administration area, or automatically capture funds using ProductCart’s batch processing feature.
      • When you select Authorize Only, ProductCart will prompt you to select where you wish to save credit card information. See the section below entitled ”Authorizations, credit card data, and PCI compliance” for details on this important setting.

Authorizations, credit card data, and PCI compliance

When you select Authorize Only as the transaction type, ProductCart saves credit card information so that orders can be processed in the event the final transaction amount exceeds the original authorization amount. Specifically:

  • If the final amount is lower than the initial authorization, it can be captured without any additional authorization.
  • If the final amount - however - is higher than the one initially authorized, ProductCart needs to process a new transaction.

Because of this second scenario, ProductCart needs access to the credit card information used for the purchase in order to process the new transaction.

You have two options with regard to where credit card information is saved.

Saving to the EIG's PCI Compliant Credit Card Vault

To limit the scope of your PCI compliance, you can choose to use the EIG's PCI Compliant Credit Card vault for this purpose. A small additional fee applies when you do so (see the Fees section of the EIG page).

  • Payment information is saved in a Level 1 PCI-compliant credit card storage system
  • Payment information is not stored in ProductCart
  • There is a small additional fee (fees details)
  • A “token” that identifies that information is stored in ProductCart instead

This approach reduces the scope of your PCI compliance: unless you use another payment system for which payment information is handled directly by ProductCart, your store will not be considered a payment application, and therefore you will be able to use the short-form questionnaire (SAQ-A) when self-assessing your PCI compliance (see the PCI Security Standards Web site).

Self-Assessment Questionnaire A can be used by ”[…] merchants who retain only paper reports or receipts with cardholder data, do not store cardholder data in electronic format and do not process or transmit any cardholder data on their systems or premises”. Because of the use of the Three-Way-Redirect method to posting payment information to the payment gateway (where payment information is never posted to your store, but directly to a secure URL hosted by the gateway), and the use of tokenization of credit card records stored in the PCI complaint vault, you - as a merchant - will fall into this category.

Saving to the ProductCart database

If you do not wish to incur the additional fee associated with saving credit card records in the EIG's credit card vault, you can choose to have the data stored in the ProductCart database. Data is stored in an encrypted format and can purged when the order is processed. Please be aware that this does impact the scope of your store's PCI compliance. Specifically:

  • your store is considered a payment application and you will not be able to use the short-form questionnaire when self-assessing PCI compliance
  • you will likely be using SAQ-D
  • since ProductCart is a PA-DSS validated application, you will not need to fill out certain portions of the questionnaire

More on ProductCart and PCI Compliance

See the section on ProductCart and PCI compliance.

Other Settings

  • Currency Code. Enter the currency code for the currency used on your store. To locate the correct currency code, click on the corresponding text link. The default currency code is USD.
  • Require CVV. When you check this option, the security code field is shown on the credit card page. Otherwise, it remains hidden.
  • Accepted Cards. The select the credit card types you accept on your store.
  • Allow customers to save credit card information. See the section below

Saving credit cards for future purchases

How it works

When using the ProductCart Payment Gateway, you can allow customers to securely save their credit card(s) for use during a future purchase. This makes it easier and quicker for them to place orders on your store in the future, if they are repeat customers.

When you activate this feature:

  • Customers are prompted to save their credit card information when they place an order
  • They can add/remove/edit credit card information on file using their customer account area
  • When placing a new order, they can choose a previously saved credit card from a list

Security

Security best practices have been used in the implementation of this feature:

  • Credit card information is not stored in the store database
  • Credit card information is stored in a Level 1 PCI compliant credit card vault
  • Credit card records are tokenized and only the “token” is saved in the store database

Fees

Since the credit card vault is used, a small fee applies when credit card information is added, edited, or deleted. There is no fee for storing the credit card information in the vault. For more details on this, please see the fees section of the ProductCart Payment Gateway overview page.

Test Mode

To place test orders, you can set the EIG in Test Mode. To do so:

When you enable Test Mode, transactions are submitted as test transactions. All transactions appear to be processed as real transactions, with the exception that a payment processor is never contacted, and so all transactions are approved. Please note:

  • You can only enable/disable “Test Mode” from within the ProductCart Payment Gateway administration area. You cannot do it in the ProductCart Control Panel. Remember to disable it once you decide to go live.
  • Invalid card numbers will not be accepted. You can use test numbers (e.g. VISA 4111 1111 1111 1111), as long as they are correct format-wise.
  • For the Expiration Date, use any future date.
  • For the Security Code (CVV) use: 999
  • When you are done testing, you can purge Test Mode transactions and related records, so they don't come up in your reports. To do so, log into the ProductCart Payment Gateway, select Options from the left-side navigation, and then Test Mode under Transaction Options. Locate the area called Flush test transactions.

Other Settings

  • Processing Fee. You can choose whether to charge an additional transaction fee using the Processing Fee field,. The transaction fee can either be a set amount or a percentage of the total order amount (e.g. 2.3% of the total).
  • Payment Name. You can change the description for both the credit card and electronic check payment options. This refers to the description that is shown to your customers during checkout. For example, you could change “Credit Card” to “Visa and MasterCard”.

Processing and Payment Status

  • Processing Status. If you want orders to be processed at the time they are placed, check the corresponding checkbox. It is recommended that you leave the check box unchecked so that you can review orders for accuracy and legitimacy before processing them. When this option is unchecked, orders are Pending when they are placed. Learn more about the order status.
  • Payment Status. Specify which payment status you would like to assign to orders when they are placed. Learn more about the payment status.

Using the EIG Administration Area

Viewing transactions

  • In the left-side navigation, click on Reports under Trans Reports
  • In the Search Transaction section, enter the filters you wish to use, or simply click Submit
  • A list of transactions matching your search criteria will be shown
  • The system shows:
    • Type: e.g. card sale vs. card authorizeation
    • Status: e.g. approved vs. pending capture
    • ID: the transaction ID
    • Customer: the customer name
    • Details: beginning and end of the credit card number
    • Time: time and date of the transaction
    • Amount: amount of the transaction

Capturing authorized transactions

  • Follow the same instructions as above
  • Click on the transaction that you wish to capture
  • Click on Capture
  • Verify the information and click on Capture again to complete the process

Capturing an authorized transaction


QR Code
QR Code ProductCart Payment Gateway (generated for current page)