Technical info

This section explains the technical factors you need to know about, in order to ensure:

• your customer has a positive experience when shopping on your website
• data can travel successfully between your systems and Barclaycard Business

Why not show this page to your technical support staff, hosting partner or web development agency? We also have approved partners who can help you with integration.

Technical information about the ePDQ Cardholder Payment Interface (CPI)
The CPI is a securely hosted payment page on our Barclaycard Business server.

Once your customer is ready to make payment, your website redirects them to the CPI, so that we take full responsibility for the card details. When the transaction is completed we send the customer back to your site and provide you with the transaction status details so you can fulfil their order.

Summary
The CPI is integrated using HTML and some scripts, and uses standard form Post to transmit the data.

The CPI version of ePDQ requires that the hosting company uses some specific components - ASPTear or XML parser on Windows, PHP version 4 and Perl (with modules) in other environments - to perform an HTML grab from a remote server. You will need to configure Basic Authentication on the server to receive data back from ePDQ once a transaction is complete.

CPI transaction processing details
In order to use the ePDQ CPI, you need a storefront, shopping basket or simple checkout page that:

• Supports HTML 'POST' command
• Can accept returned CGI data

You will also need to make sure you:

• Can support the use of scripts on your web servers to utilise the encryption function of ePDQ.
• Have the facility to install server side components if necessary.

The CPI will process transaction information keyed in by the cardholder. To enable your website to present the screens to your customer you will need to pass some basic information about the transaction to the CPI:

• Type of transaction (authorisation only or authorisation and capture)
• Currency
• Return URL - so that ePDQ can return your customer to your site
• Transaction total
• Your website/trading name
• Unique information which we will provide for you

You may also submit:

• A unique order ID generated by your storefront to aid reconciliation
• The customer address if you wish to improve your customer's buying experience, as this will then appear automatically when they enter their details on the CPI

For more information, view this typical example.

CPI transaction security summary details
A high level of encryption is used - 128 bit SSL encryption. Even if your customers only have 40 bit SSL capable PCs, we automatically upgrade the connection to ensure higher encryption.

We also encrypt stored transaction information, to ensure that it's not tampered with.

We take responsibility for capturing and storing card details on our secure servers, and we always ensure this information is held with the very high levels of security you would expect from a major financial services company.

All transaction data is stored on Barclaycard's servers, so your business does not need secure server certificates. In order to comply with card scheme regulations the only data we do not store is the data collected for the card security code.

CPI browser compatibility
The CPI has been fully tested with these Web browsers:

• Microsoft Internet Explorer 5.0, 5.5, 6.0
• Netscape 6.1, 6.2, 7.02

Other browsers and operating system combinations do work in most cases, but we cannot guarantee the level of service

CPI operating system compatibility
Windows 95, 98, 2000, 2003, ME or XP

CPI minimum screen resolution recommendation
Best viewed at 800 x 600 pixels

Store Administration Tool information
In order to use the Management information tool to review transactions processed online, you will need to access the Store Administration Tool, which supports these web browsers:

• Netscape 4.7.x on HP-UX, Sun Solaris or Microsoft Windows
• Netscape 6.2.x on HP-UX, Sun Solaris or Microsoft Windows
• Internet Explorer 5.5 with Service Pack 2 on Microsoft Windows
• Internet Explorer 6.0 on Microsoft Windows

Browser settings:
Your browser must be configured to accept cookies, and JavaScript must be enabled.

Skills needed to integrate ePDQ CPI successfully
In order to integrate and start using ePDQ CPI for online transaction processing, you will need someone with at least 2-3 years' experience in commercial web development, including:

• HTML
• Client-side scripting
• Server-side scripting
• Order fulfilment and database design/management

If you do not have these skills in your company there are many contractors who can do this work on your behalf. If you do not know of any companies near your offices with the right experience, we have approved a number of partners who can do this on your behalf.

And of course, we also have dedicated technical support analysts available between 9am and 5 pm on weekdays.

Below is a typical example that shows how our card payment interface works.

Typical Example

Summary Overview

Encryption

Step 1
Your customer browses your website, fills their shopping basket and clicks to go to the checkout. The CPI process starts here. A script on your website makes the first call to the encryption server, requesting the encryption of the transaction details. The transaction details include the total price to pay and the order details.
Note: If invalid data is provided the transaction will not process correctly.

Step 2
The encryption tool encrypts the transaction data. This generates an HTML <INPUT> tag containing the encrypted transaction data referred to as epdqdata string.
Note: This HTML needs to be "pulled" back from the epdq server; it will not be posted to you.

Send Data

Step 3
Your script then generates a HTML form. This must include the returned epdqdata string as a variable and the remaining mandatory variables. In addition you may include in the form any extended variables you wish to use. This form is submitted to the CPI payment page. Any extended variables that are included in the form pre-populate the payment page. This avoids the cardholder inputting the data twice, once on your website and once on the payment page.

Receive Data

Step 4
Your customer completes the remaining fields on the CPI payment page, including their credit card number. Once the customer chooses to process with the transaction it is submitted for processing. The customer will be asked to Authenticate at this stage if appropriate.
Once the transaction is processed, the transaction status response and other details of the transaction are posted back to your pre-determined URL. This data allows you to fulfil the transaction and update the outcome of the transaction on your system.

Step 5
The CPI generates a response page which tells the cardholder what the outcome of the transaction was -approved or declined. If the response is a decline there may be a reason displayed to the cardholder. This page has a Continue button which once clicked on redirects the customer back to your website.
The Order ID is also sent across to your website to allow you to identify the customer and link the customer to the detailed information sent in Step 4.