Virtual - Hosted Payment Pages
This is a popular solution mainly due to the ease of integration into the solution and the high level of Security that it provides to merchants.
Introduction to Virtual
The Virtual Payment Solution makes use of Wirecard's hosted payment page. This is a popular solution mainly due to the ease of integration into the solution and the high level of Security that it provides to merchants.
The Virtual Solution also has the ability to be customized to such an extent that your client would feel as though they are on your website while making payment, ensuring peace-of-mind throughout the entire checkout process.
The Virtual solution offers the ability for a merchant to customise the logo, colours and details displayed on the payment page so that the cardholder does not feel that they are leaving the merchants website. The Virtual Payment Page is operating behind TLS (Transport Layer Security) security protocol and all information that is captured on the payment page is encrypted using 128-bit encryption ensuring that your client's credit card details are kept safe.
Virtual Features
- The merchant is not required to implement TLS, therefore saving costs.
- Both the merchants logo and details can be hosted on the payment page.
- CSS Editor allowing full payment page customization.
- Email confirmation can be sent to card holder for successful purchases.
- The Fraud Module can be configured to help reduce fraud.
- Failure and Success Pages can be configured to be displayed by Wirecard.
- Additional detail such as shipping address and purchase items can be displayed on the payment page
- This is a quick and easy method which ensures less programming.
- Basic development skills are required.
Virtual Payment Process
One of the main benefits of utilising the Virtual Solution is the simplicity in which to integrate it into your online website. It requires less development work than other Wirecard Solutions and security measures are already incorporated by Wirecard.
Virtual allows the merchant to utilize the Wirecard payment webpage. This means that your clients will be directed to Wirecard's Payment Page where they will enter their credit card details in order for the transaction to be completed. The payment information which Wirecard requires is posted to Wirecard via a form POST. This POST can be done in any language that supports this method.
Illustration: Virtual Payment Process
Step 1 – Cardholder makes purchase from merchant's website.
Step 2 – Merchant creates form post to Virtual payment page.
Step 3 – Wirecard processes the transaction to the merchant Bank.
Step 4 – The merchant bank processes the transaction and returns a successful or declined message.
Step 5 – Wirecard returns this result and/or error code with error description back to the Merchant
Website address specified in the form POST.
Step 6 – If the functionality is set up (from the Wirecard Web Console) Wirecard will notify the card
holder via email of the transaction details and the merchant via email.
General Requirements for Using Virtual
- Website – You must have a website or shopping cart and have ability to load sample code or shopping cart code to the site.
- Internet Merchant Account – You are required to have an internet merchant account with a bank.
- Internet Connectivity – Internet connectivity is required to post the transaction.
- Internet Service Provider (ISP) – An ISP is required to host your site.
- Wirecard issued Merchant ID and Application ID – Required parameters when sending your form post.
Internet Merchant Account
An Internet Merchant Account is required to accept credit card transactions over the internet. If you have an Internet Merchant Account you need to supply these details to Wirecard before going Live. If you do not have an Internet Merchant Account, Wirecard can assist you with your application to the acquirer (bank).
Note: An Internet Merchant Account is a different type of merchant account than what is used for card present / POS transactions. You will need to apply for an Internet Merchant Account even if you already accept credit card transactions from your store.
Security – Server Passwords
You need to apply security best business practice to ensure that confidential data and card detail are protected while either being stored in the database or while data is being transmitted. It is suggested that you encrypt key information issued to you by Wirecard. This will be things like your User Access, JWT Token Secret and access tokens.
Note: To reduce fraud or potential incidents it is recommended to encrypt any passwords that give access to your server.
TLS
TLS (Transport Layer Security) is a security protocol that ensures that data being captured on Wirecard's payment page cannot be read by encrypting the data using two encryption keys. The Virtual solution does not require a merchant to implement TLS protocol as this is handled by Wirecard.
Integration
Form Post URL
The form post URL is the Wirecard URL used to submit the form post to. Wirecard provides the following URL for both Live and Test.
Test URL : https://staging-apiv2.wirecard.co.za/product/payment/v1/initialisevirtualCopy URL to clipboard
Production URL : https://apiv2.wirecard.co.za/product/payment/v1/initialisevirtualCopy URL to clipboard
Note: Mode has been deprecated and should always be 1. For testing please use the staging url.
Testing
View all ApplicationUIDsFor testing purposes, we have provided a MerchantUID and ApplicationUID's in multiple currencies.
MerchantID: 9ba5008c-08ee-4286-a349-54af91a621b0
JWT Secret: yglTxLCSMm7PEsfaMszAKf2LSRvM2qVW
When going live, these will need to be replaced in your code by using the Wirecard issued MerchantID and ApplicationID. You can retrieve your JWT Secret from the Merchant Portal.
Test Cards
Test Cards are used to perform test authorizations to Wirecard. Test Cards will only work when using the test URL. Test Cards transactions will not go to the acquirer.
Test Card Types
- Visa
- MasterCard
- Amex
- Diner
- Maestro
Note: Test Cards will only work when posting to the test URL.
Non 3D Secure Test Cards
| Visa Successful | |
| Card Name | Joe Soap |
| Card Number | 4111111111111111 |
| Card Type | Visa |
| Expiry Date | Any date in future |
| CVV Number (last 3 digits on back of card) | any cvv |
| Visa Declined | |
| Card Name | Joe Soap |
| Card Number | 4242424242424242 |
| Card Type | Visa |
| Expiry Date | Any date in future |
| CVV Number (last 3 digits on back of card) | any cvv |
| MasterCard Successful | |
| Card Name | Joe Soap |
| Card Number | 5100080000000000 |
| Card Type | MasterCard |
| Expiry Date | Any date in future |
| CVV Number (last 3 digits on back of card) | any cvv |
| MasterCard Declined | |
| Card Name | Joe Soap |
| Card Number | 5404000000000001 |
| Card Type | MasterCard |
| Expiry Date | Any date in future |
| CVV Number (last 3 digits on back of card) | any cvv |
| Amex Successful | |
| Card Name | Joe Soap |
| Card Number | 370000200000000 |
| Card Type | AMEX |
| Expiry Date | Any date in future |
| CVV Number(last 3 digits on back of card) | any cvv |
| Amex Declined | |
| Card Name | Joe Soap |
| Card Number | 374200000000004 |
| Card Type | AMEX |
| Expiry Date | Any date in future |
| CVV Number(last 3 digits on back of card) | any cvv |
| Diners Successful | |
| Card Name | Joe Soap |
| Card Number | 36135005437019 |
| Card Type | Diners |
| Expiry Date | Any date in future |
| CVV Number(last 3 digits on back of card) | any cvv |
| Diners Declined | |
| Card Name | Joe Soap |
| Card Number | 36135182434011 |
| Card Type | Diners |
| Expiry Date | Any date in future |
| CVV Number(last 3 digits on back of card) | any cvv |
| Maestro Successful | |
| Card Name | Joe Soap |
| Card Number | 5641821111166669 |
| Card Type | Maestro |
| Expiry Date | Any date in future |
| CVV Number(last 3 digits on back of card) | any cvv |
| Maestro Declined | |
| Card Name | Joe Soap |
| Card Number | 6759411100000008 |
| Card Type | Maestro |
| Expiry Date | Any date in future |
| CVV Number(last 3 digits on back of card) | any cvv |
3D Secure Test Cards
| Visa Successful | |
| Card Name | Joe Soap |
| Card Number | 4000000000000002 |
| Card Type | Visa |
| Expiry Date | Any date in future |
| CVV Number (last 3 digits on back of card) | any cvv |
| Visa Failed | |
| Card Name | Joe Soap |
| Card Number | 4000000000000010 |
| Card Type | Visa |
| Expiry Date | Any date in future |
| CVV Number (last 3 digits on back of card) | any cvv |
| MasterCard Successful | |
| Card Name | Joe Soap |
| Card Number | 5200000000000007 |
| Card Type | MasterCard |
| Expiry Date | Any date in future |
| CVV Number (last 3 digits on back of card) | any cvv |
| MasterCard Failed | |
| Card Name | Joe Soap |
| Card Number | 5200000000000023 |
| Card Type | MasterCard |
| Expiry Date | Any date in future |
| CVV Number (last 3 digits on back of card) | any cvv |
Test CCV
As additional account security, every credit card comes with a special three or four digit code generally known as a CVV2 or CVV number. Cardholders will be requested to enter this when processing an online payment. An identity thief who has come across credit card information illegally will not have access to the CVV number if they do not have physical access of the card.
Go Live Checklist
Overview
Use the Go Live Check List to make sure that you have completed all necessary tasks before going live. Please ensure that the following criteria have been met:
Configuration
-
Virtual Form Post have been embedded onto your website
-
Merchant Payment Page have been configured in Wirecard Portal
-
Merchant ID and Application ID of the “Merchant” (NOT test Merchant ID and Application ID) is being used in your message type.
Testing
-
Test a Successful Transaction using our Virtual Test Cards
-
Test a Decline transaction using our Virtual Test Cards
-
Test transactions are visible in Wirecard Portal
Go Live
-
Merchant received Go Live email from Wirecard. This email will contain the merchants Customer ID and Merchant ID .
(If not, have merchant contact support.za@wirecard.com) -
Ensure that you are using the Live URL.
-
Perform Live transaction with Live card
Integration Support
Merchants
If you are a merchant that has signed up with Wirecard's Virtual solution, you will have access to Wirecard's Integration Help Desk for telephonic and email support. Telephonic support is available 8am to 5pm GMT +2. Email support is 8am to 5pm GMT + 2 and connects directly to our help desk through our ticketing system.
Developers
If you are a developer that you will have access to Wirecard's Integration Help Desk for email support. Email support is 8am to 5pm GMT + 2 and connects directly to our help desk through our ticketing system.
If you send an email you will immediately be emailed back a reference to track your integration query.
Email: support.za@wirecard.com
JSON Web Token (JWT)
What is JSON Web Token?
"JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed."
You can read more here (https://jwt.io/introduction)
You must implement the JSON Web Token (JWT) in the request to us and validate the response token (_RESPONSE_TOKEN)
We strongly recommend the following validation on the response token:
Confirm the signature of the JWT token is valid
Confirm that the values in the JWT token match with the values for the order.
The values that must get validated are:
mref (Merchant Reference)
amount
auid (Application UID)
cuid (Merchant UID)
Use the result field in the JWT token as your success and failed indicator
Warning: Failure to put the recommended JTW token validations in place could lead to financial losses.
Example JWT
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtdWlkIjoiMzQ4OEJGNzItMDFFNi00REU1LUI2NjAtMUZFQTdGOUE0Q0NBIiwiY3VpZCI6IjM0ODhCRjcyLTAxRTYtNERFNS1CNjYwLTFGRUE3RjlBNENDQSIsImp0aSI6IjUyMjViZmQ1NDExMWFzZGNhM2EiLCJpYXQiOjE1NTI5MTMzOTgsImV4cCI6MTU1Mzk5OTc5OH0.d8uEgDew3SiUxpe-Kyp3NqZJgJo75FlRN5G3AXohk5Y
Request Example
{
"iss": "Dev Center",
"cuid": "9ba5008c-08ee-4286-a349-54af91a621b0",
"auid": "4196b0b8-db88-42e5-a06d-294a5e4ded87",
"amount": "12.00",
"mref": "DEV_xUQ58CeG",
"jti": "QXiY24ZQvuPkwvU6KlDokWIgeX387MlX+M3qF8OrhRY=",
"iat": 1621936758,
"exp": 1621937358
} Decoded Response Example
{
"jti": "[B@51c83aae",
"iat": 1612528158,
"cuid": "BAAB2819-7286-49D3-8AD3-1212B3B40C2A",
"auid": "A50376D2-0CDF-46DF-BDDD-30F0B514D853",
"result": -1,
"transactionIndex": "5bb926df-68ed-4154-bf01-cd1e7f2278a5",
"mref": "DV_LNMnOi8bUn",
"amount": "0.02",
"mode": "1",
"tkn": "",
"puid": "e36bdd6e-c9c1-4aa6-a10d-8f0ce9b6d361",
"exp": 1612528758
} JWT(Token field) can be programatically constructed as follows:
php Example using a standalone php library
require_once('jwt.php');
$SecretKey = 'NFeCMY17FoaDkLe3azMchsNbLOpgkO2Wh58'; //Supplied by Wirecard
$payloadArray = array();
$payloadArray['iss'] = $iss; //The identity of the party that issued the JWT. The claim holds a simple string, of which the value is at the discretion of the issuer
$payloadArray['cuid'] = $MerchantID;
$payloadArray['auid'] = $ApplicationID;
$payloadArray['amount'] = $amount;
$payloadArray['mref'] = $merchantReference;
$payloadArray['jti'] = base64_encode(random_bytes (32));
$payloadArray['iat'] = time() - 60;
$payloadArray['exp'] = time() + 600;
//$Token will be used to populate the Token form field in the POST to our payment page
$Token = JWT::encode($payloadArray, $SecretKey); You can download the above sample code here (Virtual Example with JWT.zip)
You can find more code examples here (https://jwt.io/#libraries-io)
HTML Sample
If you have in‐depth HTML knowledge or web development skills you can create more variables. The below examples could be applied if you have a web application or shopping cart. The Below HTML example shows how your form POST could look when extensive information is getting sent to Wirecard:
The below code can be copied into your code for testing purposes. Please note however, that before going live, you will need to change the details in the above example.
Note: The Virtual solution does not support iframes, if you wish to process payments without the user leaving your website please consider the enterprise solution.
Payment Methods
Overview
Merchants can use Virtual to integrate with any of Wirecard's payment methods. The payment methods that Wirecard offer can be found at https://wirecard.co.za/payment-solutions/alternative-payments/
Examples of these payment methods are:
- Credit Card & Debit Card
- SecureEFT
- Visa Checkout
- Mobicred
Payment Options Page
Process Flow Description for Payment Page
- The merchant begins the process by posting a ‘Request’ to Virtual.
- All the payment methods linked to the application ID used will display in the payment options menu.
- Virtual processes the transaction to the relevant financial service provider.
- Virtual replies immediately by posting back detailed ‘Response’ data. The detailed response will include the payment method that was used to pay.
- In some cases, the payment method chosen will be more suited to an ‘asynchronous’ process. For instance, when the client is given payment instructions by Virtual and these instructions can take some time to complete. If/when Virtual receives a response from the financial service provider, then Virtual will post the ‘Response’ data back to the RedirectSuccessfulURL or RedirectFailedURL provided by the merchant in step 1.
Example of Payment Options Page
Payment Option Page Customization
The payment options page is customizable (example: merchant logo) to maintain the look and feel of the merchant system as far as possible. This is done from within the Wirecard Web Console. Click here to see how to upload logo.
Virtual 1Click
Introduction to 1Click
1Click payments offers the card holder a simplified checkout experience. The solution caters for customers that repeatedly purchase goods or services from a merchant’s website by simplifying the checkout experience. The solution will tokenize the card holder’s details during the initial transaction. For subsequent transactions, the merchant can be configured to allow the cardholder to enter a CVV or not, to process the payment, making the checkout process more simplified. At any point, the card holder can amend card details, which will update the token with the new card information.
For the Virtual 1Click solution, it is possible to store multiple cards, allowing the user the ability to choose the tokenized card they wish to pay with.
1Click Payment Process
One of the main benefits of utilising the 1Click - Virtual Solution is the simplicity in which to integrate it into your online website. It requires less development work than other Wirecard Solutions and security measures are already incorporated by Wirecard.
1Click Process Flow
1) Submit a form POST to the Virtual payment page and include an additional form field in your request <input type = "hidden" name = "puid" value = "3488BF72-01E6-4DE5-B660-1FEA7F9A4CCA">
2) The payment page reads the puid field and does a lookup to see if the token has been registered before:
3) If card detail is not registered yet (Card holders first time making a payment):
- The card holder is required to enter full card details and select "Save and Pay Now".
- Wirecard takes the card details with the token submitted in the form POST and registers the details in the Wirecard's database.
- The transaction is then processed as normal to the bank.
- The transaction results are returned in the message response.
- The PUID is the Profile ID that all tokenized cards are associated with and is returned in the JWT.
4) If card holder is registered (Card holder’s second time making a payment):
- The payment page will display all previously registered cards for the cardholder, with pre-populated fields containing their card details (retrieved from the Wirecard database).
- The card holder is asked for their CVV if required by the merchant (last 3 digits on the back of the card).
- The card holder selects to "Pay Now" at which stage Wirecard processes the transaction and the card holder is debited.
- The results of the transaction are posted back to the website.
5) If card holder is registered and wants to modify their details:
- The payment page will display all previously registered cards for the card holder, with pre- populated fields containing their card details (retrieved from the Wirecard database).
- The card holder chooses a card and selects to "Edit".
- The card holder is then asked for their updated card details.
- The card holder selects "Pay Now" where an update is done on their card details. This updates Wirecard's database to the new card details the card holder entered.
- The transaction is processed to the bank.
- The results of the transaction are posted back to website.
6) If card holder is registered and the card has expired:
- The card holder is displayed a message informing them that their card has expired.
- The card holder is forced to update their card details and are prompted for updated card details.
- The card holder selects "Pay Now" and the card details are updated.
- The transaction is processed and the card holder is debited.
- The results of the transaction are posted back to website.
SecureEFT
SecureEFT is a streamlined version of a traditional EFT. It makes payment of a bank transfer a lot faster and easier by eliminating certain steps such as creating a beneficiary, entering the reference number and amount or provide a proof of payment. SecureEFT only requires a buyer to login to their bank account and authenticate the payment through the banks one time pin or authentication methodology.
SecureEFT Transaction Process
Step 1 - The customer selects the SecureEFT payment option
Step 2 - The customer is prompted to select their bank
Step 3 - The customer would sign into there banking profile using there internet banking details
Step 4 - SecureEFT returns the results of the payment to Wirecard
Step 5 - Wirecard returns these results to the merchant. The merchant can then display the results on the payment confirmation page
Example of SecureEFT Page