Skip to end of banner
Go to start of banner

Payments and E-Commerce

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 36 Next »

LearningBuilder can collect payments from end-users in many different ways. Adding integrations for gateways not listed here is generally possible with minor innovation.

Overview

LearningBuilder itself does not handle credit card transactions. Instead, it integrates with a variety of payment processing systems to handle those transactions.

In order to process payments, clients must have an existing merchant account with a supported gateway. If no existing merchant account exists we can assist with the setup, but the merchant account itself is a relationship between the client and their financial institution.

For more information on establishing a merchant gateway, see below.

Supported Gateways

Payflow Payments Pro
(aka PayPal)

This service uses PayPal as the payment gateway and payment processor. PayPal performs all transaction processing prior to depositing into the client's merchant account. Customers using Payflow Payments Pro sign up for PayPal Pro service, which is around $30/month (as of July 2012). PayPal Payments Pro uses the concept of a "sandbox" for performing test transactions and a separate, live site. Payment processing is available through Secure Post mode but refund processing through LearningBuilder is not supported. 

As of February 2021, this gateway is disallowed by policy because it does not support a PCI-compliant payment option. This gateway will be fully removed from the software in an upcoming release.

Payflow Pro

This service uses PayPal as the Payment Gateway but uses a third party payment processor. This interface is the result of PayPal's purchase of Verisign, which first developed the Payflow Pro product. PayPal now uses it for advanced interfaces that use other payment processors. Payments and refunds are both functional, and are supported in both the Secure Post and Hosted Pages iFrame Checkout configurations.

Required Configuration: The client’s gateway account must be configured to use the “Silent Post” feature to prevent orphaned payment records in LearningBuilder. In the Payflow Pro Manager site, configure the account like so:

  • Use Silent Post: enabled

  • Void Transactions That Fail Silent Post: enabled

  • Silent Post URL: blank

See PayflowPro Silent Post for more details.

As of February 2021, using this gateway in “Secure Post” mode is disallowed by policy because it does not support a PCI-compliant payment option. Use “Hosted Pages” mode instead. The “Secure Post” mode will be removed from the software in an upcoming release.

Authorize.Net

Authorize.Net is an alternative gateway to PayPal. If the organization has already established a relationship with Authorize.Net and wishes to use this gateway, LearningBuilder can be configured to support it. Payment processing is available but refund processing through LearningBuilder is not supported. This Payment Gateway is functional in Secure Post and 3-Step Handshake Checkout Modes.

As of February 2021, using this gateway in “Secure Post” mode is disallowed by policy because it does not support a PCI-compliant payment option. Use “3 Step Handshake” mode instead. The “Secure Post” mode will be removed from the software in an upcoming release.

Moolah

Moolah is an alternative gateway which is focused on Non-Profit organizations. The support of this gateway was introduced in LearningBuilder 8.10 and is only functional in the 3-Step Handshake Checkout Mode.

USAePay

USAePay provides a number of payment solutions. Currently, LearningBuilder supports the "2-Step Client-Side" mode only for this gateway.

Alabama Interactive

Alabama Interactive is the gateway used by BELS. LearningBuilder supports the Hosted Pages mode only for this code.

The following App Config values should be obtained from the client:

  • API Key

  • Merchant Code

  • Merchant Key

  • Service Code

There is an AlabamaInteractiveMode setting that can be set to Test or Live.

This setting determines which Credentials and URLs are used. The URLs are also set in App Config, though the Product Defaults should meet your requirements.


Gateway / feature support matrix

Payment gateways support different features. If a feature is not supported, it may be because the gateway does not support it (error), or we have not added support in LearningBuilder for that feature in the gateway (minus).


Vendor


PaymentGateway
App Config value

Checkout Modes
(see below for details)

Supported Features
(follow links for details)

Secure
Post (warning)

Hosted
Pages

Hosted
Pages 
+ iFrame

3 Step
Hand-shake

2 Step
Client-
Side

Full
Refunds

Partial
Refunds

GL
Codes

Discount
Vouchers

Tenant-Specific
Settings

Responsible Party ‘Pending’ Payments (aka Bulk Employer Payments)

Organization ‘Bulk’ Payments

Payflow Payments Pro

PayPal

(tick)

(error)

(error)

(error)

(error)

(minus)

(minus)

(error)

(minus)

(minus)

(tick)

(tick)

Payflow Pro

PayflowPro

(tick)

(error)

(tick)

(error)

(error)

(tick)

(tick)

(tick)

(tick)

(Added with 10.0 Release)

(tick)

((warning) Secure Post Only)

(tick)

(tick)

Moolah

Moolah

(error)

(error)

(error)

(tick)

(error)

(tick)

(minus)

(error)

(minus)

(minus)

(tick)

(tick)

Authorize.Net

AuthNet

(tick)

(error)

(error)

(tick)

(error)

(minus)

(minus)

(error)

(tick)

((warning) 3-Step Handshake)

(minus)

(tick)

(tick)

USAePay

USAePay

(error)

(error)

(error)

(error)

(tick)

(tick)

(tick)

(error)

(minus)

(minus)

(tick)

(tick)

Alabama Interactive

AlabamaInteractive

(error)

(tick)

(minus)

(error)

(error)

(error)

(error)

(error)

(minus)

(minus)

Checkout Modes

The CheckoutMode App Config setting controls the user’s experience during checkout.

For more information about PCI Compliance for each gateway, see the Compliance docs

Method

App Config value for

CheckoutMode

Description / PCI Compliance

Secure Post

SecurePost

Payment forms are hosted by LearningBuilder. Payment card data is transmitted to LearningBuilder, which then submits the payment transaction to the gateway. 

This mode is not PCI compliant and is disallowed by policy in 10.6.0 and later. It will be removed from the software in a future version.

Hosted Pages

HostedPages

When the user begins checkout, their browser is redirected to the payment gateway’s website. The credit card form is hosted by the gateway and the entire transaction occurs externally to LearningBuilder. The user is redirected back to LearningBuilder after the transaction is complete.

This approach is secure because LearningBuilder is entirely removed from the checkout process and has no opportunity to collect or transmit payment card data.

The main drawback to this approach is that the payment gateway’s checkout form often does not look exactly like LearningBuilder, resulting in a disjointed user experience.

On the other hand, innovations made by the gateway to their checkout experience (such as adding support for new payment types) can be immediately available to end users without requiring changes to LearningBuilder.

Hosted Pages
+ iFrame

HostedPagesIFrame

This is similar to Hosted Pages, except that instead of redirecting the user to a 3rd-party checkout process, the 3rd-party checkout form is displayed in an iframe within LearningBuilder.

This often results in a more seamless user experience because the user never leaves the context of the LearningBuilder site.

This approach is secure because the credit card form is hosted by and submitted to the payment gateway. LearningBuilder is not involved in the collection or processing of credit card data in any way.

2 Step Client-Side

TwoStep

In this mode, the checkout process is implemented within LearningBuilder except for the credit card processing. When the user submits the form containing credit card data, the form submits directly to the payment gateway which handles the transaction and then redirects the user back into LearningBuilder.

This mode provides a mostly seamless checkout experience, except that LearningBuilder cannot display a “checkout confirmation” page after the credit card data is entered but before processing the transaction. The card data is submitted directly to the gateway, so the confirmation page, if any, must be handled by the gateway as well.

This approach is secure because the credit card form, though hosted by LearningBuilder, is submitted directly to the gateway for processing. Credit card data is not submitted to or transferred by LearningBuilder in any way.

See the USAePay documentation for more information

3-Step Handshake

ThreeStep

After the user enters their credit card information, LearningBuilder submits that data directly to the payment gateway as a background post. The user’s browser does not navigate away from LearningBuilder.

The gateway securely stores the credit card data, without processing a transaction, and returns a token that can be used to reference those saved credentials at a later time.

The user then finishes the checkout process in LearningBuilder, which includes a “checkout confirmation” page. Once the user confirms their intent, LearningBuilder makes a second background post to the gateway. This post includes the transaction details (amount, etc) plus the token that was received earlier. The payment gateway then uses the stored card data to complete a transaction.

This approach provides a seamless user experience without sacrificing security. It is the recommended approach for many customers.

This approach is secure because no credit card data is submitted to or processed by LearningBuilder in any way. The credit card data is submitted directly to the gateway, which then gives LearningBuilder a secure, one-time-use token for referring to those credentials at a later time. This token cannot be used to “reverse engineer” or compromise the card details.

For more information on this methodology, see this link

PCI Compliance

As of 10.6, LearningBuilder does not support any payment gateways or checkout modes in which payment card data is transmitted to or processed by LearningBuilder. In order to maintain PCI compliance, LearningBuilder cannot have anything to do with credit card details.

Each of the supported gateways conforms to this requirement in a different way, which is documented above.

Additionally, the following implementation details are necessary for PCI Compliance:

  • The EnableCreditCardValidation App Config setting is deprecated and has no impact on a PCI-compliant payment gateway. The credit card data is transmitted directly to the payment gateway and is not examined by LearningBuilder in any way.

  • When using the BACK button to navigate backward from the Review page to the Checkout page, the credit card information is not persisted and must be re-entered.

Obtaining an Internet Merchant Account

To accept credit cards over the Internet, you need a special account called an Internet Merchant Account. If PayPal is your merchant bank, you do not need the Internet Merchant Account. Your account provider or merchant (acquiring) bank works with a PayPal-supported credit card processor. Examples are First Data, TSYS Acquiring Solutions (formerly Vital Processing Services), and Paymentech. To accept live credit cards, provide details about your account to PayPal during the "Go Live" part of enrollment.

An Internet Merchant Account is a different type of merchant account. It has additional risks associated with card-not-present (e-commerce) transactions. It is different from a merchant account used for face-to-face/card-present (in-person) retail transactions. Obtain an Internet Merchant Account even if you already accept credit cards at your location. To apply for an Internet Merchant Account, contact your merchant (acquiring) bank. 


The high-level testing of the Payment Gateway setup process is as follows: 

  1. On a LearningBuilder™ support site, set up the Payment Gateway in a test mode.

    • Attempt an invalid payment (using an expiration date in the past)

    • Attempt a valid `payment (using the special credit card number)

  2. On the LearningBuilder™ support site, set up the Payment Gateway in a live mode.

    • Attempt an invalid payment (using an expiration date in the past)

    • Attempt a valid payment (using a real credit card and a small payment amount; e.g. $0.02)

  3. On the LearningBuilder™ live site, set up the Payment Gateway to match the support site.

    • Attempt an invalid payment (using an expiration date in the past)

  4. On the LearningBuilder™ support site, set the Payment Gateway back into a test mode.

The Fake gateways support three simulated responses:

  • FirstName = "MissingId": This will result in an Approval but no Transaction ID

  • FirstName = "Decline": This will result in a Declined status.

  • FirstName = Anything else: This will result in an approval.

Testing a payment gateway integration

Testing payment gateway settings

If you append "Fake" to the end of the PaymentGateway app config value, the system will simulate connecting to the gateway without actually doing so. This is useful when testing in a non-production environment.

Related Content

  • No labels